资源描述
LIABILITY AND ANTIFRAUD INVESTMENT IN FINTECH RETAIL PAYMENT SERVICES KYOUNG-SOO YOON and JOOYONG JUN Motivatedbyrecentlyintroducedretailpaymentschemesusinginformationtechnol- ogy,oftencalled“FinTech,”weexaminetheeffectoffraudliabilityregimeonantifraud investment in a FinTech payment scheme, where the front-end and back-end services areverticallyseparated.InanenvironmentwhereaFinTechpaymentserviceprovider (FPP) covers only thefront-end services, delegating theback-end services toan inte- grated payment service provider (IPP) such as banks and credit card companies, we show that under the IPP liability regime, the IPP invests more in general, while the respective investment depends on the range of the access fee under the FPP liability regime.Specifically,givenasufficientlygreatlossfromaccident,iftheaccessfeeisina certainrange,theFPPliabilityregimeissuperiorintermsofantifraudinvestment.When the FPP makes its indirect revenue from its user base in addition to the revenue from userfees,wecanobservegreaterantifraudinvestmentunderbothliabilityregimes,but theoveralldecreaseinfraudprobabilityishigherundertheIPPliabilityregime.Our results suggest that it might be desirable to induce FPP liability regime, which might necessitateregulatingtheaccessfeetoachievesuchanoutcome.(JELG23,G28,D43, L22) I. INTRODUCTION The retail payments landscape is character- ized by a wide diversity of payment instruments and activities at each stage of the payment pro- cess, from the front-end services with user inter- faces to the back-end services such as settlement and clearing. Retail payment service providers are responsible for completing all stages of the payment chain. The tiered nature of the payment process,however,meansthattheydonotneedall of the necessary facilities and licenses, as these areusuallydelegatedtootherparticipantstocom- plete the process. The provider usually delegates The initial version of this paper was posted as Bank of Korea Working Paper 1612. The authors greatly appreciate valuable comments from Jaejoon Han, Kyusoo Kim, Fran- cisco Rodriguez-Fernandez, and other seminar participants of the WEAI-IBEFA and ASLEA conferences held in 2016. The financial support from the Bank of Korea should also be acknowledged. All errors areourown. Yoon: AssistantProfessor,DepartmentofEconomics,Daegu University, Gyeong-san, Gyeongsangbuk-do 38453, Korea. Phone +82-53-850-6215, Fax +82-53-850-6279, E-mail yoonksdaegu.ac.kr Jun: Corresponding author, Assistant Professor, Depart- ment of Economics, Dongguk University, Jung-gu, Seoul 04620, Korea. Phone +82-2-2260-3310, Fax +82-2-2290-1464,E-mail jooyongdongguk.edu to, or cooperates with, other participants tocom- pletepart ofthe process. The rapid progress in information and com- munication technology (ICT) has changed the landscape.Newparticipantsinpaymentschemes are often nonfinancial institutions, which tradi- tionally provided technical services. However, upon the introduction of enhanced ICT-based retail payments services, which are often termed “FinTech,” their roles have expanded beyond mere technical aspects. Many FinTech payment schemes such as Apple Pay and Samsung Pay have “platform on platform” structures, and pro- vide a broad range of retail payment services, including both offline and online transactions, to their user bases obtained from their platforms: productsorservicessuchasmobiledevices,oper- atingsystems, messaging services, and soon. In many cases, FinTech payment service providers(FPPs)providefront-endservicesonly, whiletherestofthepaymentprocessisprovided ABBREVIATIONS FPP: FinTech PaymentService Provider ICT: InformationandCommunicationTechnology IPP: IntegratedPayment Service Provider VAN: Value AddedNetwork 181 ContemporaryEconomicPolicy (ISSN 1465-7287) Vol. 37, No.1, January 2019,181194 Online Early publication March1, 2018 doi:10.1111/coep.12281 2018Western Economic Association International 182 CONTEMPORARY ECONOMIC POLICY by incumbent payment service providers which canaffordtocarryoutthe“end-to-end”payment services. This cooperation or vertical separation isdifferentfromtheverticalintegrationstructure ofthepast.Theend-to-endorintegratedpayment service providers (IPPs) also worked with third parties such as VANs (value added networks); however,thesethirdpartiesaremerelydelegated to serve specific technical roles for the service, andaremostlyinvisibletoendusers.Incontrast, FPPs directly interact with users, and reap rev- enue from various channels based on their own business models. While FinTech payment services have ben- efited the end users in several ways, they have also in fact complicated the retail payment sys- tem by adding more layers and segments to the payment process. The layered structure brought by the advent of FinTech may have weakened the security of the retail payment scheme. As the number of interinstitutional transfers of information increases, there is a higher chance of incidents such as fraudulent transactions and data breaches. 1 Furthermore, the increase in the number of participants in the payment system has made it difficult to coordinate participants incen- tive regarding ex ante investment (and ex post handling) to reduce the security incidents. As Anderson and Moore (2006) note, the problem- atic consequences of the increase in the number of interinstitutional transfers of information can be reduced with an engineering approach, but the aforementioned complexity in coordination requires an economic approach. Specifically, the economic approach calls for the proper design of an incentive structure that would pro- vide appropriate rights and responsibilities to each participant. The layered structure resulting from the advent of FinTech retail payment services raises questions regarding the liability regime, as who bears the loss from security incidents is one of the most crucial institutional devices that affects the incentive for security investment. In many cases, banks and card companiesIPPs in our modelare mostly responsible in the event of fraud. 1. For example, a sudden increase of fraud related with Apple Pay was a big issue in March 2015. At one point, a mobile payments advisor stated that “6 percent of Apple Pay purchases are completed with stolen cards” (Tsukayama and Halzack 2015) while others dismiss such claims (Paglier 2015). For example, while Apple does not clearly state who is liable for fraudulent transactions with Apple Pay, multiple sources note that the liabilityisontheIPPside,withonecommentator statingthat“Eventually,bankswouldbearthelia- bility for purchases (both face-to-face as well as in-app) made via Apple Pay.” 2 However, Apple isinapositiontoinvestinsecurity:“Whilebanks are ultimately responsible for authorizing a card, Apple could do more to increase security in the verification process.” 3 Another example we can observe is the case of Korea. In Korea, Article 9 of the Electronic Financial Transactions Act states “When a user suffers any loss due to any of the following incidents, the relevant financial company or electronic financial business entity shall be liable for indemnifying him/her for the loss.” Currently, an FPP in Korea is regarded as neither a financial company nor a financial business entity, both of which require a license. Given that both IPPs and FPPs can enhance the security of the payment scheme through invest- ment, which liability regime is better in terms of overall security? To answer the question, this study examines the incentive problem for each participant in a FinTech retail payment scheme with a layered structure,andhowtheliabilityregimeaffectsthe incentives in equilibrium. We first consider the case in which the FPP makes its revenue from user fees (fee-based revenue model). Users pay for the convenience of using the FinTech pay- ment service, and the FPP pays part of the user fee to the IPP for the back-end services. For example, Square, a U.S. mobile payment ser- viceprovider,charges2.75%toretailbusinesses, higher than the 1.95%2.0% average for card processing fees including interchange, assess- ment, and other charges. An FPP needs to pay an access fee to an IPP for the use of the IPPs infrastructure. In an environmentwheretheaccessfeeisexogenously given, either due to market competition or due to regulation, we show that the IPP invests more undertheIPPliabilityregime,butundertheFPP liabilityregime,whowouldinvestmoredepends on the level of access fee and the size of benefit to the user. When the access fee is low, the FPP invests more, and the IPP invests more when it is high. Specifically, when the access fee is in 2. fraud-liability-apple-pay/. 3. apple-pay-fraud-apple-or-banks.html. YOON when the access fee is small, the FPP invests more, while the IPP invests more when the access fee is sufficiently high. When the access fee is in the mid range, the FPP liability regime is superior in terms of antifraud invest- ment and resulting probability of a successful transaction, but its superiority is not definitive in other fee ranges. Finally, it is shown that, whentheFPPcanraiseindirectrevenuefromthe convergenceofthepaymentanditsownplatform business, both the IPP and FPP invest more and consumer welfare is enhanced. However, the increase in investment is greater under the IPP liability regime due to the complementarity of theinvestments. The results provide some policy implications. First, under the FPP liability regime, when the access fee is too high, particularly the FPP chooses a socially suboptimal level of antifraud investment. In this situation, mandating security investment and/or regulating the access fee may be necessary. Second, when the access fee is not so high and the amount of liablity loss is large, the FPP liability regime is superior in 192 CONTEMPORARY ECONOMIC POLICY FIGURE 2 Effect of Indirect Revenue under IPPLiabilityRegime (Left) and FPP LiabilityRegime (Right) AB terms of security investment, and the authorities may need to induce such a liability regime in this case, as the IPP liability regime is the de factostandardasstatedintheintroduction.How- ever, when the FPP raises indirect revenue from its own platform business, the IPPs security investmentmaybesuboptimalasweanalyzedin Proposition 6. In our model, we assume the indirect revenue is constant per consumer. This specification fits well for complementary sales business models such as Samsung Pay and Apple Pay, but may not when the indirect revenue comes from the usage of user information (information-based business models), as is the case with Google Wallet/Android Pay. This is because, in the latter case, the FPP can make differentiated indirect revenue from users, depending on their “type,”orpreferenceforusingFinTechandother ICTservices. For a further discussion, we slightly modify the profit functions to analyze the effect of the type-dependentindirectrevenuefortheFPP.Sup- pose that the indirect revenue per consumer is proportional tothe user benefit as 1 = b b aL(1p) dHC ( p 1 ) , 2 = b b f +ba dHC ( p 2 ) under the IPP liability regime where 01, and 1 = b b adHC ( p 1 ) , 2 = b b f +baL(1p) dHC ( p 2 ) under theFPP liabilityregime. The optimal user fee and corresponding threshold user given the first-stage investments are then f = ( b(1+)k(1p)+a ) (2+), (27) b = ( b+k(1p)+a ) (2+) under theIPPliabilityregime, and f = ( b+(L(1+)k)(1p)+a ) (2+), (28) b = ( b+(L+k)(1p)+a ) (2+) under theFPP liabilityregime. Compared with the result in the case with- out indirect revenue in Lemma 1 and Lemma 2, the user fee is lower and the user base is larger (thethresholdlevelofuserbenefitislower).This implies that the qualitative results in Proposi- tion 6hold inthiscase. YOON &JUN: LIABILITY AND ANTIFRAUD INVESTMENT 193 It is difficult to compare the two indirect revenue cases in terms of antifraud investment, mainly because the marginal revenue depends on relative values of and . However, we can reach one interesting result. Suppose that, for comparison,thetotalrevenuesfromthetwomod- els are the same when all consumers are served, that is, b= 0. Then, we have =b2. With these parameters, the optimal threshold level of userbenefitininformation-basedbusinessmodel (27) and (28) is lower than those in the com- plementary sales business model (17) and (20) under both liability regimes. That is, the user base is larger in the former case than in the latter case. Intuitively, this is because, in the information-based business model, the FPP is at least partly able to discriminate between con- sumers through its own business model, which enables ittoexpand theoptimaluserbase.Then, sincetheIPPcaresabouttheuserbaseonlyunder theconstantaccessfeeenvironment,theconflict- ing interests between IPP and FPP would be less severe in the information-based business model thaninthecomplementarysalesbusinessmodel. The result, however, stands in contrast to the observation from the market. Google Wallet, launched in 2011, has never gained any momen- tum partly because banks are reluctant to share consumerspaymentinformationwithGoogle.In contrast, Apple Pay, launched in 2014, does not keep such information and has been more suc- cessful. 11 One possible explanation is that under theIPPliabilityregime,whichcurrentlyprevails, the information-based business model needs to allowtheFPPtoaccessatleastsomeoftheinfor- mation held by the IPP and thus places a greater burden on the IPP than the complementary sales business model. If this is the case, it would be beneficial to allow parties to choose the FPP lia- bilityregime,andlessentheburdenontheIPP,to make cooperation between the IPP and the FPP more viable. Thereareafewissuesthatwedonotconsider in the theoretical analysis. First, the model in this paper is based on the assumption that the antifraud investments by two service providers are strategic complements. This assumption, however, may not always be applicable. For 11. Like Apple, Google also has its own tokenization technology, called Host Computer Emulation, which isolates thepaymentinformationfromadevice.Googledidnot,how- ever, adopt it until the launch of Android Pay in 2015. Some arguethatGooglesadvertisement-basedbusinessmodelhin- deredtheadoptionoftokenizationtechnology(Hwang,Kim, andLee 2015). example, Varian (2004) considers three ways that efforts exerted by participants of the system affectthesystemreliability:totalefforts,weakest link, and best-shot. We discuss only a version of weakest link case, leaving the other two cases to be applied in future studies. Intuitively, with the best-shot case, the antifraud investments by participants would be strategic substitutes, implying that free-riding problems would be morepronounced. Inaddition,fortractabilityoftheanalysis,we simplifytheverticalstructure,abstractingseveral issues. We assume that the access fee is given, which is the case when there is strong compe- tition between IPPs, or when the fee is regu- lated. If this is not the case, the IP
展开阅读全文