October 2021
The payment industry has witnessed increased disruption from nonbanking players such as technology companies, retailers, start-ups, and telecommunication providers who specialise in niche value-added services in the payment processing chain. Outsourcing has become an extremely popular business strategy in this highly competitive world. It has been looked at as an effective mechanism to increase efficiency for service recipients by reducing costs and enabling a greater focus on core banking activities.
Traditionally, banks have been outsourcing their non-core functions like data centre management, software and hardware, disaster management, call support services, help desk centres and brown/white label ATM operations to third-party service providers. Brown label ATMs are a classic example of outsourcing services to service providers, where the ATM hardware is owned by the service provider, but cash management and network connectivity are provided by the sponsor bank. Several leading banks have also used the outsourcing model to expand their ATM networks using the brown label ATM model.
The payment industry is now witnessing an increased level of disruption from non-banking players who specialise in value-added services in the payment ecosystem. This new generation of players are allowing financial institutions (FIs) and other non-bank players to expand and meet customers’ expectations by offering payment products and services without incurring high upfront investments. This has helped organisations outsource their payment products. FIs are now outsourcing not just their non-core functions but also core functions such as transaction management, payment processing, risk management, and information technology and information security management. Outsourcing of these elements in the payments value chain is referred to as payments as a service (PaaS). PaaS can be seen as a combination of software as a service (SaaS) and infrastructure as a service (IaaS) for the payments domain.
In the last couple of years, PaaS providers have also started offering specialised services such as payment engine hosting, reconciliation and settlement, cross-border payments, and monetary disbursements to FIs/corporates on a cloud platform. These providers are also helping banks address the ever-growing security and fraud concerns and changing regulatory requirements.
For example, the Reserve Bank of India (RBI) has prohibited storage of customer card details by merchants and payment aggregators. As a solution to this, card scheme operators have started offering card-on-file (CoF) tokenisation services in India. This has enabled banking partners to offer end customers the token services on e-commerce platforms. This service is being extended to payment aggregators and merchants as well. Service recipients may use such offerings provided by service providers or may want to build their own infrastructure.
Overall, PaaS offerings today span the entire payment value chain over cloud-based platforms. In order to provide PaaS, service providers may partner with banks, FinTech, insurers, telecoms, e-commerce firms and other industries, and provide access to a cloud-based service to customers. Open APIs can be used by the customer to integrate their solutions with PaaS platforms. Customers can avail PaaS offerings based on their business needs. As PaaS offers scalability, availability and a cost benefit to customers, it has been gaining a lot of traction in the payment domain.
The payment ecosystem is evolving massively. Tightening of regulations and emerging technologies pose challenges for traditional payment businesses. As a result, banks may evaluate two options: (1) own customer and transaction management and outsource payment functions to third-party service providers; (2) tie up with FinTechs, allowing them to own distribution or customer management while the banks retain ownership over product offerings (neobank model). Updating the core system to be a front runner in the market and adhering to regulatory norms require time and upfront capital which impacts the margins of companies.
FIs as well as non-bank entities can improve their payments capabilities by using the PaaS model, which allows them to manage higher transactions volumes more quickly and at lower costs as compared to legacy models. This also helps the organisations to increase their revenues and market share while being compliant and secure.
Technology-focused payment service providers offer their payment technology and operation functions to banks/other institutions. Service providers integrate their payment technology with a bank’s core banking and digital banking system through an API gateway. They may host servers, networks, operating system software, databases and development tools at their data centre.
The offerings can be broadly divided into two models: product technology implementation and operations.
PaaS service offerings are discussed in detail below:
For example, recently, a banking technology provider onboarded 50 urban co-operative banks on the Unified Payment Interface (UPI) platform. The end customers of these co-operative banks can now link their bank accounts to any payment service provider (PSP) app and perform transactions over UPI apps.
In addition, PaaS providers are offering services related to prepaid vouchers.
Another example is that of banks offering transit cards like store value cards and smart cards to transit operators (metro, buses) that are open loop and accepted at multiple touchpoints.
For example, banks are providing a QR code solution to all type of merchants on an acquiring switch hosted by the service provider.
The pricing structure of PaaS offerings varies depending upon the type of product offering based on the client requirements. The key pricing models include the following:
While PaaS has been gaining popularity and has a number of advantages, there are some aspects that need to be considered when an organisation decide to outsource payment services to PaaS providers. Entities should evaluate the need for outsourcing their critical processes and activities and select a PaaS provider based on comprehensive risk assessment. Some of the key considerations are highlighted below:
1. Cost vs benefit analysis
In order to perform a cost-benefit analysis of opting for PaaS, FIs will have to evaluate and understand their on-premise cost structure (dedicated hardware, cost of establishing and managing a data centre, required hardware, and technical, development and support resources). Additionally, a licence fee may have to be paid to authorities for setting up and operating. A majority of these costs are generally paid out in the beginning as capital
expenditure.
If PaaS is opted for, the baggage with the service recipient reduces as the infrastructure and associated costs incurred by PaaS providers are shared among various beneficiaries. As a result, the entities outsourcing activities to PaaS providers have to incur revenue expenditure over a period of time as opposed to the capital expenditure incurred at the beginning of the project. Having said that, before making the decision to outsource services, it is essential that customers evaluate the pricing model of PaaS (cost per transaction/annual fees) and the expected growth in transactions.
Decision making with reference to outsourcing
Generally, if the size of business of the PaaS recipient is small, it would be better to outsource the activities to a PaaS provider as they will have to pay only on a pay-per-use basis instead of making a huge upfront capital investment. In addition, the pay-per-use cost would be lower due to economies of scale and sharing of resources. If the growth rate of transactions is expected to increase over a period of time and the resultant transaction charges payable under the PaaS model would exceed the cost of on-premises set-up/hosted infrastructure, the bank may need to revisit the PaaS model or opt for an on-premises setup.
2. Security and risk concerns
A majority of frauds in the financial services sector are related to payment activity. With the increasing number of innovations and payment rails, security concerns continue to increase. As a result, it becomes essential for FIs to conduct customer onboarding and sanctions screening and also continuously monitor activity for any suspicious transactions. Balancing risk mitigation with a seamless and convenient user experience makes the whole payment process more challenging for PaaS service providers.
FIs have to make sure that security aspects along with fraud concerns and regulatory compliance are taken care of by PaaS service providers.
3. Regulatory compliance
Various countries across the globe have issued specific payment guidelines on open banking, data access and protection, and payment standards. Even for cross-border payment transactions, there is an increased level of complexity due to domestic and international rules. Financial and nonbank entities in the payment sector have to be cautious while engaging in transactions in order to avoid regulatory penalties and fines. When these entities outsource payment services under PaaS, they have to verify that PaaS providers comply with regulations. In addition, there may be regulatory restrictions on activities that are outsourced to PaaS providers.
The RBI, in its “Framework for Outsourcing of Payment and Settlementrelated Activities by Payment System Operators”, prohibits outsourcing of core management functions (including risk management and internal audit), compliance and decision-making functions such as determining compliance with KYC norms to third-party service providers for non bank entities. With this framework in place, entities need to make sure that the outsourcing arrangement is properly managed with clearly written rolesand responsibilities.
With the PaaS model, banks and other FIs have an attractive option for offering customers cutting-edge products and services without committing undue resources to the development of these offerings internally. PaaS providers allow banks and other players to move to a more flexible and agile model: offering best-of-breed products through a cloud-based third-party platform(s). In order to fully realise the potential of the PaaS model, customers and providers of PaaS need to rethink their operating models.
The following could be some of the areas that may lead to successful implementation of PaaS:
Overall, as payments and financial technology innovations continue to grow, we will see more future-oriented start-ups entering the market to provide outsourcing services in the payment chain. We therefore expect PaaS to continue, and perhaps accelerate, the rapid pace of change and innovation in the payment world.
These days, with the emergence of the cloud, open banking and application programming interfaces (APIs), the monikar "as-a-Service" applies to pretty much any business function that is now able to be outsourced to a third party.
You are probably familiar with the term SaaS (software-as-a-Service). However, you may not be well acquainted with PaaS (payments-as-a-Service). PaaS also refers to the platform-as-a-Service, but here we will be exploring payments-as-a-Service.
Banks are facing massively evolving ecosystem when it comes to payments. Not only are regulations tightening but emerging technologies are turning traditional payments on their head.
The payments industry is experiencing exponential growth, but its changing rapidly and becoming more complex. There are many factors that have led to the transformation of the payments sector
In financial services, payments are the underlying activity behind every transaction. Moving funds from one user to another can take place through various methods (or payment rails), each with its own cost and benefits.
Since consumer demands and financial technology have both experienced a considerable amount of change in light of worldwide events, financial institutions are coming under pressure to support traditional payments rails, and the ecosystem the way it is isn’t benefiting anyone.