Payment service provider

Last updated

A payment service provider (PSP) is a third-party company that allows businesses to accept electronic payments, such as credit card and debit card payments. PSPs act as intermediaries between those who make payments, i.e. consumers, and those who accept them, i.e. retailers. [1]

Contents

They will often provide merchant services and act as a payment gateway or payment processor for e-commerce and brick and mortar businesses. They may also offer risk management services for card and bank based payments, transaction payment matching, digital wallets, reporting, fund remittance, currency exchange and fraud protection. The PSP will typically provide software to integrate with e-commerce websites or point of sale systems. [2]

Operation

PSPs establish technical connections with acquiring banks and card networks, enabling merchants to accept different payment methods without the need to partner with a particular bank. They fully manage payment processing and external network relationships, making the merchant less dependent on banking institutions. [3]

PSP can also offer risk management services for card and bank based payments, transaction payment matching, reporting, fund remittance and fraud protection. Some PSPs provide services to process other next generation methods (payment systems) including cash payments, wallets, prepaid cards or vouchers, and even paper or e-check processing.[ citation needed ]

PSP fees are typically charged in one of two ways: as a percentage of each transaction, or as a fixed cost per transaction. [ citation needed ]

US-based online payment service providers are supervised by the Financial Crimes Enforcement Network (or FinCEN), a bureau of the United States Department of the Treasury that collects and analyzes information about financial transactions in order to combat money laundering, terrorist financiers, and other financial crimes. [ citation needed ]

European payment service providers are supervised based on the European Payment Services Directive. [4]

Security

Each merchant remains responsible for his own actions and must accordingly ensure that the selected provider observes the guidelines, e.g. with regard to data protection. Compliance with PCI DSS guidelines is important. There are four levels of PCI compliance, that must be respected by the PSP. Depending on the volume of transactions as well as other details about the level of risk assessed by payment brands, the payment service provider has to follow higher standards.

The levels are as follows:

Market size

As of 2022, there were more than 900 payment providers in the world. More than 300 offer services just for Europe [6] and North America. The global payment service provider market is expected to reach $US88 billion by 2027 from $US40 billion in 2019. [7]

See also

Related Research Articles

<span class="mw-page-title-main">Tokenization (data security)</span> Concept in data security

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods that render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers. A one-way cryptographic function is used to convert the original data into tokens, making it difficult to recreate the original data without obtaining entry to the tokenization system's resources. To deliver such services, the system maintains a vault database of tokens that are connected to the corresponding sensitive data. Protecting the system vault is vital to the system, and improved processes must be put in place to offer database integrity and physical security.

<span class="mw-page-title-main">Mobile payment</span> Payment services via a mobile device

Mobile payment, also referred to as mobile money, mobile money transfer and mobile wallet, is any of various payment processing services operated under financial regulations and performed from or via a mobile device. Instead of paying with cash, cheque, or credit card, a consumer can use a payment app on a mobile device to pay for a wide range of services and digital or hard goods. Although the concept of using non-coin-based currency systems has a long history, it is only in the 21st century that the technology to support such systems has become widely available.

An e-commerce payment system facilitates the acceptance of electronic payment for offline transfer, also known as a subcomponent of electronic data interchange (EDI), e-commerce payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking.

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payment processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.

A merchant account is a type of bank account that allows businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations. A high-risk merchant account is a business account or merchant account that allows the business to accept online payments though they are considered to be of high-risk nature by the banks and credit card processors. The industries that possess this account are adult industry, travel, Forex trading business, multilevel marketing business. "High-Risk" is the term that is used by the acquiring banks to signify industries or merchants that are involved with the higher financial risk.

An acquiring bank is a bank or financial institution that processes credit or debit card payments on behalf of a merchant. The acquirer allows merchants to accept credit card payments from the card-issuing banks within a card association, such as Visa, MasterCard, Discover, China UnionPay, American Express.

Shopping cart software is a piece of e-commerce software on a web server that allows visitors to have an Internet site to select items for eventual purchase.

Heartland Payment Systems, Inc. is a U.S.-based payment processing and technology provider. Founded in 1997, Heartland Payment Systems' last headquarters were in Princeton, New Jersey. An acquisition by Global Payments, expected to be worth $3.8 billion or $4.3 billion was finalized on April 25, 2016.

The Payment Card Industry Data Security Standard is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:

The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.

The Payment Card Industry Security Standards Council was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on September 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard.

<span class="mw-page-title-main">Credit card fraud</span> Financial crime

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

A payment processor is a system that enables financial transactions, commonly employed by a merchant, to handle transactions with customers from various channels such as credit cards and debit cards or bank accounts. They are usually broken down into two types: front-end and back-end.

Worldpay, Inc. is an American payment processing company and technology provider. In February 2024, it was separated from Fidelity National Information Services (FIS) to become an independent company once again. It is majority owned by private equity firm GTCR. It is headquartered in the greater Cincinnati, Ohio area. Worldpay, Inc., is the largest U.S. merchant acquirer ranked by general-purpose transaction volume.

Ukrainian Processing Center is a Ukrainian company founded in 1997 which provides processing services and software for banks. UPC was the first Ukrainian company within the sphere of processing that received MSP and TPP status in Visa and Mastercard. In April 1997 UPC processed the first ATM EC/MC card transaction. Since 2005 UPC has become part of the Raiffeisen Bank International. The head office of UPC is based in Kyiv. Ukrainian Processing Center provides services to banks in Central and East Europe in the sphere of processing payment cards, merchant acquiring and ATM channel management. UPC also offers integrated IT systems for electronic commerce, card transactions monitoring systems of fraud prevention, card issuing system and SMS banking service. Moreover, UPC was the initiator of the establishment of the united ATM network "ATMoSphere", which consists of payment cards issuing banks. Annually UPC processes more than 400 million of payment card transactions.

Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Payment solutions that offer similar encryption but do not meet the P2PE standard are referred to as end-to-end encryption (E2EE) solutions. The objective of P2PE and E2EE is to provide a payment security solution that instantaneously converts confidential payment card data and information into indecipherable code at the time the card is swiped, in order to prevent hacking and fraud. It is designed to maximize the security of payment card transactions in an increasingly complex regulatory environment.

iVeri is a payments technology company based in Johannesburg, South Africa. Established in 1998, it is South Africa's largest technology provider for both physical and mobile commerce.

<span class="mw-page-title-main">Unified Payments Interface</span> Indian instant payment system

Unified Payments Interface, commonly referred to as UPI, is an Indian instant payment system developed by the National Payments Corporation of India (NPCI) in 2016. The interface facilitates inter-bank peer-to-peer (P2P) and person-to-merchant (P2M) transactions. It is used on mobile devices to instantly transfer funds between two bank accounts. The mobile number of the device is required to be registered with the bank. The UPI ID of the recipient can be used to transfer money. It runs as an open source application programming interface (API) on top of the Immediate Payment Service (IMPS), and is regulated by the Reserve Bank of India (RBI). Indian Banks started making their UPI-enabled apps available on Google Play on 25 August 2016.

The Four Corners model, often referred to as the Four Party Scheme is the most used card scheme in card payment systems worldwide. This model was introduced in the 1990s. It is a user-friendly card payment system based on an interbank clearing system and economic model established on multilateral interchange fees (MIF) paid between banks or other payment institutions.

The Central Electronic System of Payments (CESOP) regime is an automatic exchange of information regime being introduced in the European Union from 1 January 2024. The rules were introduced by Council Directive 2020/284, amending the EU's Value-added tax Directive.

References

  1. "What is a payment service provider?". www.dnb.nl. Retrieved 2022-09-26.
  2. "What Is A Payment Service Provider (PSP)?". Forbes. August 25, 2022.
  3. "What is a PSP or Payment Service Provider? | Definition & Benefits - Zoho Books". Essential Business Guides. 2019-01-24. Retrieved 2022-09-26.
  4. "European Commission Payment Services".
  5. "PCI Compliance Guide Frequently Asked Questions | PCI DSS FAQs".
  6. "European Payments Council Member List".
  7. "Payment Service Provider Market: Share, Market Size, Growth By Top Company, Region, Applications, Drivers, Trends and Forecast: 2022-2031". MarketWatch. Retrieved 2022-09-26.