What are you looking for?

Showing 9 of 94 Results in Payments & Payment Networks

Junkyard Dogs: The Law and Economics of ‘Junk’ Fees

Scholarship Abstract The notion of “junk” fees is a fine piece of rhetoric, but useless as an analytical tool. Many fees identified as junk impose costs . . .


The notion of “junk” fees is a fine piece of rhetoric, but useless as an analytical tool. Many fees identified as junk impose costs on consumers who generate those costs – rather than forcing others to subsidize their behavior. For example, credit card late fees deter late payments and their associated costs while only world travelers pay foreign currency transaction fees. There is no reason for ordinary consumers to subsidize either group. Because information is costly, consumers rationally focus on the elements of price that are most important in their own circumstances. Requirements to disclose everything everywhere will only interfere with this process. Both the structure of pricing, and the level of prices, should be determined by competition in the marketplace. As we observe, the result is detailed fee structures for some products and services, and bundled pricing for others. Attempts to regulate pricing structures by requiring itemized prices increased the costs of real estate settlements. Regulating components of credit card pricing structures led to increases in other fees and reductions in credit availability. Competition over pricing structures is far more likely to satisfy consumer preferences than an inevitably overbroad set of regulatory requirements

Continue reading
Financial Regulation & Corporate Governance

The Consequences of Caps on Cross-Border Payment Fees in Costa Rica

ICLE Issue Brief Executive Summary Under the auspices of Legislative Decree 9831, the Central Bank of Costa Rica (BCCR) has set maximum fees for acquiring and issuing banks . . .

Executive Summary

Under the auspices of Legislative Decree 9831, the Central Bank of Costa Rica (BCCR) has set maximum fees for acquiring and issuing banks in payment-card markets, with maximum acquisition fees (MDR) and interchange fees (IRF). Different fees were set for domestic transactions (i.e., those made using locally issued cards) and for cross-border transactions (i.e., those made using foreign-issued cards).

In November 2022, BCCR issued a proposal to retain the cross-border MDR cap at 2.5% and either to leave the cap on cross-border IRF unchanged at 2%, or to lower it to 1.25%. In the same document, BCCR proposed that the MDR for domestically issued cards would be capped at 2% and the IRF capped at 1.5%.

IRF for cross-border transactions typically are significantly higher than those for domestic transactions, primarily because cross-border transactions carry much higher risk of fraud. If BCCR caps cross-border interchange fees at the lower level it has proposed, foreign issuers are likely to respond by de-risking payment requests from acquirers in Costa Rica. This could take various forms, including rejecting payments from certain merchants, or simply increasing rejections rates across the board. Whatever approach, or mix of approaches, is taken, it is likely to cause problems both for merchants in Costa Rica and for their customers.

Prior to the COVID-19 pandemic, roughly 6.25% of Costa Rica’s gross domestic product (GDP) came from tourism, with a significant proportion of those tourist dollars spent using payment cards. Indeed, in 2021, even without a full resumption of pre-COVID rates of tourism, approximately 16% of credit-card payments in Costa Rica were cross-border. If tourists find that they are unable to make reservations at hotels in Costa Rica using their credit or debit cards because the payment is rejected by their issuer, they may well choose an alternative destination for their trip. Meanwhile, if tourists in Costa Rica are unable to pay for goods and services using their credit and debit cards, many will simply not make those payments. This could have a substantial negative effect on Costa Rica’s tourism and business-travel industries.


Costa Rica Legislative Decree No. 9831—issued March 24, 2020—created a mandate to regulate acquisition fees (commonly known as the “merchant discount rate,” or MDR) and interchange reimbursement fees (IRF) charged by service providers on “the processing of transactions that use payment devices and the operation of the card system.”[1] The legislation’s stated objective was “to promote its efficiency and security, and guarantee the lowest possible cost for affiliates.”

Implementation was delegated to the Central Bank of Costa Rica (BCCR), which was tasked with responsibility to issue regulations and monitor compliance; ensure that the rule is “in the public interest”; and guarantee that fees charged to “affiliates” (i.e., merchants) are “the lowest possible … following international best practices.” Beginning Nov. 24, 2020, BCCR set the maximum IRF for domestic cards at 2.00% and the maximum MDR at 2.50%. These fell to 1.75% and 2.25%, respectively, in an updated regulation published in January 2022, and to 1.5% and 2% in February 2023.

In a study published in May 2022, we reviewed the available evidence regarding interchange fees and argued that it would be contrary to international best practices for Costa Rica to cap acquisition fees and interchange fees.[2] In particular, we raised specific concerns regarding the likely harmful effects of capping fees on cross-border transactions, owing to the higher risks and other costs associated with such transactions.

BCCR developed a technical study that considered the effects of different levels of caps on fees for both domestic and cross-border payment-card transactions and, in November 2022, issued a proposal to retain the cross-border MDR cap at 2.5% and either (1) leave the cap on cross-border IRF unchanged at 2%, or (2) lower the IRF cap for cross-border transactions to 1.25%.

If BCCR leaves the cross-border MDR cap unchanged but reduces the cross-border IRF cap to 1.25%, it might, in principle, appear to solve the immediate problem faced by acquiring banks. It would, however, create new problems for those banks, their customers, and the wider economy. It will also put Costa Rica in the unenviable position of being the only country in the world with a cross-border interchange fee that is below the domestic interchange fee.

This brief considers the international experience with cross-border payment-card transactions, with a focus on issues related to fraud, as well as the negative implications of imposing price caps. It begins with a brief discussion of the economics of interchange fees. Section II describes Costa Rica’s price controls on merchant acquisition and interchange fees. Section III discusses fraud and other costs associated with cross-border and card-not-present transactions. Section IV describes ways in which payment-card networks address issues related to fraud. And Section V assesses the likely implications for Costa Rica of price caps on cross-border interchange fees.

I.        The Economics of Interchange Fees

Payment systems are two-sided markets, with consumers on one side and merchants on the other; the payment network acts as a platform that facilitates interactions between the two sides.7F[3] For such a system to be successful, both merchants and consumers must perceive it as beneficial. If too few merchants accept a particular form of payment, consumers will have little reason to obtain it and issuers will have little incentive to issue it. Likewise, if too few consumers possess a form of payment, merchants will have little reason to accept it.

In any two-sided market, platform operators seek to encourage participation on each side of the market in ways that maximize the joint net benefits of the network to all participants—and to allocate system costs accordingly.8F[4] Among the means they employ to achieve this balance is by setting prices charged, respectively, to participants on each side of the market.9F[5] In the case of payments, if the platform operator sets the price too high for some consumers, they will be unwilling to use the platform; similarly, if the operator sets the price too high for some merchants, they will not be willing to use the platform.

In general, the costs of operating a platform will tend to fall on the party who is least sensitive to such costs (i.e., the party with the lower price elasticity). In the case of payment cards, that party is the merchant.13F[6] Merchants often pay, through transaction fees, not only all the costs of accessing the network, but also effectively subsidize participation by consumers—e.g., through cashback and other rewards programs, insurance, fraud protection, and other cardholder benefits that serve as incentives to card usage.

Merchants are willing to do this because they receive significant benefits from the use of payment cards, including: ticket lift (i.e., higher spending, due to the fact that consumers are not constrained by the cash in their pockets or, in the case of credit cards, the amount of cash currently in their bank accounts), guaranteed payment, reduced cash-management costs, and faster checkout times.

II.      Costa Rica’s Price Controls on Payment Card Fees

Article 14 of Legislative Decree 9831 requires the BCCR to undertake “ordinary reviews” of the price controls on MDR and IRF at least once annually. Its first such review, published in November 2021, set a timetable for maximum domestic-acquisition and interchange fees (see table below) and set maximum cross-border MDR at 2.5% and IRF at 2%.[7]

SOURCE: Banco Central de Costa Rica[8]

BCCR subsequently established a task force to develop proposals for setting payment-card fees. On Nov. 2, 2022, BCCR published the task force’s recommendations, which included, inter alia, the following:[9]

  • Use international comparisons of IRFs and MDRs “as the best technical tool currently available to the BCCR to ensure the lowest possible cost for affiliates, in accordance with Legislative Decree 9831.”
  • Maintain the differentiation of the ceilings on IRF and MDR between local and cross-border payment transactions, in accordance with Article 4 of Legislative Decree 9831, “as this leads to the proper functioning, efficiency and security of the Costa Rican payment system and the lowest cost for affiliates.”
  • For 2023, set maximum fees for local payment transactions at 1.50% for IRF and 2.00% for MDR. This is in line with the proposal made in 2021.
  • Maintain the cap of 2.50% on cross-border MDR, “since the information available in the international comparison does not allow modifications to be made to the limit established since 2020.”
  • Propose two alternative options regarding the maximum cross-border IRF:
    • Option 1: maintain the current maximum, e., 2.00%; or
    • Option 2: reduce the maximum to 1.25%.

The BCCR offers various putative justifications for these proposed caps. For example, it notes that Option 2 would result in a maximum cross-border IRF that is midway between “the minimum cross-border IRF established by Mastercard and Visa card brands for the United States and Canada, as well as Visa for Australia in the case of non-Asia Pacific issuers” (i.e., 1.00%) and the IRF “agreed by Mastercard and Visa card brands for card-not-present payments in the EEA” (i.e., 1.50%).

Such justifications, however, are fundamentally inconsistent with the economics of two-sided markets. The current and proposed price caps thus represent essentially arbitrary interventions. By focusing narrowly on the costs incurred by merchants through IRFs and MDRs, BCCR fails to account adequately for the offsetting benefits that accrue to consumers and merchants—and the costs to provide those benefits.

Legislative Decree 9831 does, however, permit BCCR to take into consideration “[a]ny other element that reasonably allows the Central Bank of Costa Rica to guarantee the efficiency and security of the card systems.”[10] As discussed below, one such element that should be considered by BCCR is the potential effect of regulating international IRFs on merchants in Costa Rica, especially those catering to tourists and business travelers, and the wider effects on the economy.

III.    Fraud Risks Associated with Cross-Border Payments

In comparison to domestic payments, cross-border payments entail significantly higher risks of fraud, as be seen by looking at the incidence of payments fraud in the European Union (EU). Data from the European Central Bank (ECB) show unambiguously that the rates of fraud on cross-border transactions—both between EU member states and from outside the EU—is much higher than fraud on domestic transactions. In its 2021 Report on Card Fraud, the ECB found that, between 2015 and 2019, cross-border transactions represented only 10% of transactions by value but 65% of all fraud by value, as can be seen in Figure I.[11] Thus, in value terms, cross-border fraud represents a risk more than six times greater than domestic fraud.

SOURCE: European Central Bank[12]

For most EU member states, the situation is even more dramatic, with cross-border fraud representing more than 90% of all card fraud, as can be seen in Table II.

SOURCE: European Central Bank[13]

Looking at the types of transaction involved in card fraud, the vast majority (83%) are card-not-present (CNP) fraud, as can be seen in Figure II.

SOURCE: European Central Bank[14]

While these data relate to payments fraud in the EU, they are likely indicative of broader international trends. As such, they suggest that cross-border fraud in general and CNP cross-border fraud in particular is a far more significant problem than domestic fraud of all kinds.

IV.    How Card Networks Address Payment-Card Fraud

Card networks have developed numerous processes and technologies to address payment-card fraud, including the following.

Zero liability protection for cardholders. Card networks’ standard terms and conditions include clauses requiring issuers to protect personal cardholders from unauthorized transactions (subject to certain conditions, such as that cardholders report such transactions promptly to the card issuer).[15] This protection is an important benefit to cardholders, who otherwise might be wary of using their cards, especially for online transactions or in foreign countries.

Liability protection for merchants. Just as cardholders are protected from liability for unauthorized transactions, so too are merchants. Issuers are, by default, liable for unauthorized transactions. This is an important benefit to merchants, who might otherwise be reluctant to accept card-based payments.

Chargebacks. The above liability protections apply only to unauthorized transactions. Where a cardholder has authorized a payment, they will be liable. Meanwhile, if a merchant has processed a payment without obtaining the necessary authorization, and where that payment has been disputed by the cardholder, the issuer may initiate a “chargeback”: effectively reversing the payment.

Authorization, verification, and fraud monitoring. To complement the system of liability protection and chargebacks, payment networks have developed increasingly sophisticated and effective systems for transaction authorization and fraud monitoring, including:

  • Tokenization—which underpins EMV (Europay, Mastercard, and Visa) chips, contactless cards, and smartphone-based payments—uses encrypted data to enable authorization without sharing personal account numbers;
  • Machine-learning-based transaction monitoring, which creates a dynamic model of each cardholder’s transactions and flags as potentially fraudulent those payments that do not fit the model; and
  • Contingent multifactor authentication, whereby transactions flagged as potentially fraudulent result in the cardholder being asked for secondary authentication.

These systems reduce the incidence of fraud and thereby reduce the liability of card issuers. For example, in 2015, payment networks changed the liability rules for U.S. merchants to encourage adoption of EMV cards. Estimates by Visa suggest that merchants that subsequently adopted EMV-compliant point-of-sale (POS) machines experienced an 87.5% reduction in fraud.[16] Nonetheless, as is clear from Section III, fraud remains a problem, especially for cross-border and CNP transactions.

The liability rules summarized above mean that the cost of fraud falls disproportionately on card issuers. In 2020, issuers bore nearly two-thirds of all card fraud losses worldwide.[17] The equitable and economically efficient solution is for issuers to charge higher fees for transactions that are more likely to be fraudulent.

In some cases, it may make sense to pass on some or all of these costs to consumers. In the case of cross-border transactions, some issuers do this by charging foreign-transaction fees on some cards.[18] Such fees can, however, discourage consumers from using their cards, so it may be preferable for merchants to pay higher fees instead. Thus, cards aimed at international travelers typically offer cardholders “no foreign-transaction fee” as a benefit. These cards instead charge a higher interchange fee for foreign transactions. Holders of such premium cards typically spend more, thereby benefiting the merchants (who pay slightly higher fees, if they are not on a blended rate).

V.      Possible Responses to Caps on Cross-Border Interchange Fees

As noted in Section II, the BCCR Task Force made two alternative proposals with respect to cross-border IRFs. The first would leave the current cap unchanged at 2.00%, while the second would reduce the cap to 1.25%.

Even the current cap is lower than the standard IRF charged for many credit cards that offer no foreign-transaction fee. Payments made using such cards in Costa Rica are thus effectively subsidized by merchants in other jurisdictions that do not impose such caps.

At the lower proposed rate, foreign issuers will receive a lower IRF than domestic-card issuers. Given the much higher fraud rate on cross-border payments, this is likely to cause significant problems, especially for premium cards that offer cardholders “no foreign-transaction fee” as well as other benefits, such as vehicle insurance, purchase-protection insurance, and rewards. The IRF revenue simply will not be sufficient to cover these benefits. As such, to reduce fraud, payments using such cards will be subject to greater scrutiny and many may well simply be rejected.

This is a problem not only for the cardholders, who will be frustrated when attempting to make purchases. It is also a problem for Costa Rica’s tourism and business-travel sectors. Consider what might happen when a prospective visitor attempts to book a room at a resort such as Tortuga Lodge, which takes bookings directly on its website and processes payments through its acquirer in Costa Rica.[19] The prospective visitor first tries their World Elite Mastercard and finds that it is rejected; they then try their Visa Infinite card and again find that the payment is rejected. Frustrated but undaunted, they instead decide to book rooms at Tortuga Lodge on Expedia.com, which uses a U.S. acquirer; this time, they have no problem making and paying for the booking, albeit at a higher price than was offered directly by the hotel. When they arrive in Costa Rica, however, they find that, once again, their cards are repeatedly rejected when they attempt to make purchases, whether it be at restaurants, tour agencies, or even an art gallery where they had hoped to buy a beautiful piece of local artwork.

The above scenario might already be happening, because the standard IRF for such transactions on the cards mentioned is higher than the current capped rate of 2.00%.[20] At the alternative lower proposed rate of 1.25%, rejections are a near certainty for at least some travelers. Worse, some prospective travelers who are looking for a more bespoke offering and want to book directly with the hotel are likely to abandon their plans to travel to Costa Rica at all and choose a different destination where they do not encounter such difficulties.

Ironically, prospective visitors who have standard debit or credit cards that charge foreign-transaction fees are much less likely to have their payments rejected.

Some other payment methods are not covered by the caps on MDRs and IRFs: specifically, wire transfers and other bank-to-bank transfers that do not involve the use of payment-card networks. Most likely, there will be a shift toward the use of such payment methods, as a result both of individuals paying directly through such transfers and an increase in payments from overseas agencies. In general, such alternative payment methods involve greater counterparty risk than payments made using cards due to their greater finality, which means it is more difficult to reverse a payment once made, and the lack of purchase insurance. To the extent that visitors to Costa Rica are limited to wire and bank transfers, as a result of their payment cards being declined, they are likely to reduce their spending.

These anecdotes and observations suggest a number of likely effects of the cap on interchange fees:

  • First, booking and payment for accommodation and other pre-bookable tourism activities will shift from Costa Rica-based agents and acquirers to U.S.-based agents and acquirers. This will reduce margins for Costa Rican hotels and other tourism businesses.
  • Second, higher–end tourists will likely spend less in Costa Rica because they will be less able to use their payment cards.
  • Third, there will likely be an overall reduction in high-spending tourists visiting Costa Rica, with a concomitant reduction in total spending.

In 2019, Costa Rica received about 3.1 million visitors who stayed for one night or more, spending about $4 billion, roughly 6.25% of the country’s GDP.[21] The tourism industry employed more than 170,000 people, about 5% of the country’s working-age population.[22] Tourist numbers fell dramatically in 2020 due to the COVID-19 pandemic, leading to a dramatic decline in income and employment. Visitor numbers began to rise again in 2021 and, while total numbers remained below their pre-COVID highs, the number of visitors from the United States (245,000) was not far off the number for 2019 (280,000). In March 2022. Costa Rica announced its national tourism plan for 2022-2027, in which it sought to increase the number of annual visitors to 3.8 million by 2027, targeting tourism revenue of $4.8 billion.[23]

In 2019, Costa Rican merchants processed around 19 million cross-border payment-card transactions, with a total value of around $2 billion—representing about half the total tourism revenue and 16% of the value of all card transactions.[24] After falling in 2020, the number of cross-border payment-card transactions rose in 2021 to nearly 23 million, with a total value of $2 billion, which is consistent with the return of higher-spending tourists from the United States.[25]

If BCCR chooses to cap interchange fees on cross-border transactions at 1.25%, it is likely to impede Costa Rica’s national tourism plan, both by discouraging tourism and, more importantly, by reducing revenue from higher-spending tourists.

VI.    Conclusion

Based on this assessment, there are significant costs associated with caps on cross-border MDRs and IFRs. As noted above, Legislative Decree 9831 permits BCCR to take into consideration such costs to the extent that they affect BCCR’s ability “to guarantee the efficiency and security of the card systems.”[26] As such it is incumbent on BCCR to consider the potential economic harm that is likely to arise if it were to lower the cap on cross-border IFR to 1.25%.

[1] Note, translations from the Spanish original are approximate.

[2] Julian Morris, Regulating Payment Card Fees: International Best Practice and Lessons for Costa Rica, International Center for Law & Economics (May 25, 2022), https://laweconcenter.org/resources/regulating-payment-card-fees-international-best-practices-and-lessons-for-costa-rica.

[3] Jean-Charles Rochet & Jean Tirole, Two-Sided Markets: A Progress Report, 37 Rand J. Econ. 645 (2006); See also Todd J. Zywicki, The Economics of Payment Card Interchange Fees and the Limits of Regulation, International Center for Law and Economics, ICLE Financial Regulatory Program White Paper Series (Jun. 2, 2010), available at http://laweconcenter.org/images/articles/zywicki_interchange.pdf.

[4] Bruno Jullien, Alessandro Pavan, & Marc Rysman, Two-Sided Markets, Pricing, and Network Effects, in Handbook of Industrial Organization (Vol. 4), 485-592 (2021).

[5] Thomas Eisenmann, Geoffrey Parker, & Marshall W. Van Alstyne, Strategies for Two-Sided Markets, Harv. Bus. Rev. (Oct. 2006).

[6] Id., at 33.

[7] Fijación Ordinaria de Comisiones Máximas del Sistema de Tarjetas de Pago 2021, Banco Central de Costa Rica, (Nov. 2021).

[8] Id. at 3.

[9] Alcance No 237 A La Gaceta No 212, Imprenta Nacional de Costa Rica (Nov. 7, 2022).

[10] Decreta: Comisiones Máximas Del Sistema De Tarjetas, No. 9831, Art. 15(j), Legislative Assembly of the Republic of Costa Rica, (“Cualquier otro elemento que razonablemente permita al Banco Central de Costa Rica garantizar la eficiencia y seguridad de los sistemas de tarjetas.”), http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1=1&nValor2=90791&nValor3=119755&strTipM=TC (last visited Apr. 12, 2023).

[11]Seventh Report on Card Fraud, European Central Bank 2022 (Feb. 1, 2022), https://www.ecb.europa.eu/pub/cardfraud/html/ecb.cardfraudreport202110~cac4c418e8.en.html#toc1.

[12] Id. SEPA refers to the Single Euro Payments Area.

[13] Id.

[14] Id. EA19 refers to the 19 EU member states that are members of the Euro zone.

[15] Zero Liability Protection, Mastercard (Oct. 17, 2014), https://www.mastercard.us/en-us/personal/get-support/zero-liability-terms-conditions.html; Zero Liability Policy, Visa, https://usa.visa.com/pay-with-visa/visa-chip-technology-consumers/zero-liability-policy.html (last visited Apr. 12, 2023).

[16] Visa EMV Chip Cards Help Reduce Counterfeit Fraud by 87 Percent, Visa (Sep. 3, 2019), https://usa.visa.com/visa-everywhere/blog/bdp/2019/09/03/visa-emv-chip-1567530138363.html.

[17] Card Issuers Accounted for 65.40% of Gross Losses to Fraud Worldwide in 2020, Nilson Report (Dec. 2021), Issue 1209, at 6.

[18] Jacqueline DeMarco & Poonkulali Thangavelu, A Guide to Foreign Transaction Fees, Bankrate.com (Feb. 24, 2023), https://www.bankrate.com/finance/credit-cards/a-guide-to-foreign-transaction-fees.

[19] Author’s personal communication with reservation specialist at Tortuga Lodge, April 2023.

[20] Mastercard 2022–2023 U.S. Region Interchange Programs and Rates, Effective April 22, 2022, Mastercard (2022), available at https://www.mastercard.us/content/dam/public/mastercardcom/na/us/en/documents/merchant-rates-2022-2023-apr22-2022.pdf; Visa USA Interchange Reimbursement Fees, Visa (Apr. 23, 2022), available at   https://usa.visa.com/content/dam/VCOM/download/merchants/visa-usa-interchange-reimbursement-fees.pdf.

[21] OECD Tourism Trends and Policies 2022: Costa Rica, Organisation for Economic Cooperation and Development (2022), https://www.oecd-ilibrary.org/sites/a99a4da2-en/index.html?itemId=/content/component/a99a4da2-en.

[22] Id.; see also, OECD Economic Surveys: Costa Rica 2023, Organisation for Economic Cooperation and Development (2023), https://www.oecd-ilibrary.org/sites/8e8171b0-en/1/2/2/index.html?itemId=/content/publication/8e8171b0-en&_csp_=0b8e1c4cf7b4fb558e396a4008a8398a&itemIGO=oecd&itemContentType=book.

[23] Plan Nacional de Turismo de Costa Rica 2022-2027, Aprobado en la sesión N° 6210 de la Junta Directiva del Instituto Costarricense de Turismo, Apartado 3.II, celebrada (Mar. 21, 2022),English summary: Costa Rica: National Tourism Development Plan 2022–2027, Tourism Analytics, https://tourismanalytics.com/news-articles/costa-rica-national-tourism-development-plan-2022-2027.

[24] Supra note 9, Table 9. Assumes an average Colones:USD exchange rate during 2019 of 0.0017.

[25] Id. The Colones:USD exchange rate averaged around 0.0016 during 2021.

[26] Decreta: Comisiones Máximas Del Sistema De Tarjetas, No. 9831, Art. 15(j), Legislative Assembly of the Republic of Costa Rica, (“Cualquier otro elemento que razonablemente permita al Banco Central de Costa Rica garantizar la eficiencia y seguridad de los sistemas de tarjetas.”), http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1=1&nValor2=90791&nValor3=119755&strTipM=TC (last visited Apr. 12, 2023).

Continue reading
Financial Regulation & Corporate Governance

UK Payment System Regulator Market Reviews: Initial Concerns

ICLE Issue Brief Introduction The UK Payment System Regulator (PSR) is currently in the process of conducting two market reviews related to card payments. One of the two . . .


The UK Payment System Regulator (PSR) is currently in the process of conducting two market reviews related to card payments. One of the two regards consumer cross-border interchange fees between the United Kingdom and the European Economic Area (EEA),[1] while the other relates to card scheme and processing fees.[2] This brief raises some initial concerns regarding the two reviews.

The most significant concern these market reviews raise is the implied “market” under investigation. By focusing narrowly on two very specific aspects of the overall payment system, the reviews almost by definition rule out a full analysis of the ecosystem. This is most unfortunate. Decades of research shows categorically that payment systems are highly complex multi-sided markets that have evolved over many decades—and continue to evolve—into a delicately balanced, technologically advanced ecosystem.

Payment systems and the thousands of banks that interoperate over them have invested tens of billions of dollars into their development. These investments, and associated innovations in technologies and the rules governing the systems, have been driven by a decades-long process of dynamic competition. That process has involved not only the main payment-system operators, but also many other businesses involved in payments processing. As a result, billions of consumers are now able to use payment cards and millions of merchants accept them. The system’s economic benefits unquestionably far outweigh the costs.

While it is always possible to conceive of models against which extant payment systems may appear “imperfect,” that does not necessarily mean there is any “market failure”; models are not reality. By considering only very narrow questions relating to specific aspects of the operations of payment systems, the PSR is likely to make inappropriate conclusions.

This brief begins with a description of some of the primary benefits that payment-card systems deliver. Section II offers a description of the economics of payment systems. Section III discusses some common misconceptions regarding payment systems, which have arisen due to misunderstanding the economics that underpins them and failing to appreciate the history and nature of the dynamic competition that explains the existing market structure. Section IV considers the market reviews in the context of the PSR’s overall remit. Section V draws some conclusions.

I. The Benefits of Payment-Card Systems

The PSR acknowledges that payment cards “are critical to the smooth running of the UK economy as they enable people to pay for their purchases and merchants to accept payments for goods and services.”[3] But it is worth spelling out why payment cards are so critical. In no small part, this comes down to the numerous inherent advantages that payment cards and their associated systems have over other types of payment, such as cash and checks. These include: [4]

  • They enable consumers to spend more than they have in their wallet at the time of the purchase, which in turn reduces the amount of cash that they need to withdraw from the bank.
  • Credit cards enable consumers to spend more than they have in their bank accounts at the time of the purchase. Because credit-card issuers typically charge no interest if the statement balance is paid by the due date (usually a month after issuance), cardholders are able to smooth their consumption patterns at much lower cost than if they were required to hold cash in their account or use an overdraft facility.
  • By increasing the ability of consumers to spend, payment cards benefit merchants, who sell more goods and services.
  • Merchants also benefit from reduced costs associated with handling cash, including the need for float and the risk of theft.

Payment cards have been essential to the development of e-commerce and were literally a lifeline during the COVID-19 pandemic, both for consumers and for businesses (especially smaller businesses), when millions of people were unable to leave their homes and primarily purchased essential goods through online merchants.

Figure I: Use of Cash in the UK Since COVID-19


Despite these benefits, merchants have for decades complained about the prohibitive cost of processing card transactions. As explained below, these complaints reflect a misunderstanding of the nature and benefits of card-payment systems.

II.      The Economics of Payment Systems

A proper economic assessment of any payment system must account for the fact that both merchants and consumers must perceive benefits for such systems to be successful.  If too few merchants accept a particular form of payment, consumers will have little reason to possess it and issuers will have little incentive to issue it. Likewise, if too few consumers possess a form of payment, merchants will have little reason to accept it.

Conceptually, economists describe such situations as “two-sided markets”: consumers are on one side, merchants on the other, and the payment system acts as the platform facilitating interactions between them.7F[6] Other examples of two-sided markets include newspapers, shopping malls, social-networking sites, and search engines.

The challenge for any two-sided market platform is to attract and retain sufficient participants on one side of the market to persuade participants on the other side to adopt and stay on the platform, thereby making the system self-sustaining and maximising the joint net benefits of the platform to all participants.8F[7] To achieve this, platforms must allocate the costs and benefits of the system among the various parties, which is typically done by charging different fees to the different sets of participants on each side of the market in such a way as to create an equitable and efficient balancing.9F[8] Often this means that participants on one side will pay a larger share of the overall costs than participants on the other side.

Take newspapers, which as noted are a classic example of a two-sided market, with consumers on one side, advertisers on the other, and the newspaper acting as the platform in the middle. In essence, advertisers seek to target their adverts to specific consumers, while consumers are mainly interested in reading news, opinions, and other content. A newspaper thus provides content that appeals to consumers so that they read the paper. By attracting readers who might also view advertisements, the newspaper is able to sell advertisements, which help to cover the costs of producing and distributing the newspaper.

In the case of payment-card systems, the larger the number of holders of cards from a particular system (e.g., Visa, Mastercard, or American Express), the larger will be the number of merchants willing to accept cards on that system. Meanwhile, the larger the number of merchants that accept cards on a particular system, the larger will be the number of consumers who wish to hold cards on that system.

Maintaining such a system is challenging and expensive. In no small part, this is because payments are subject to counterparty risks—in particular, risks of default (non-payment), fraud, and theft. This problem so bedevilled early payment cards that many floundered within a few years.[9] The systems that succeeded did so because they figured out how to encourage adoption by both sides of the market and to limit counterparty risk. This entailed the introduction of effective security systems, setting appropriate liability rules, and charging fees that covered all the costs of operating the system. Perhaps most importantly, the systems that flourished were those that realised merchants had stronger incentives than consumers to bear the costs of the system, due to the significant benefits they receive, and introduced fee structures that reflected those incentives.

In three-party card systems, the merchants’ transaction fee is charged directly by the system operator. In four-party systems, merchants pay acquirers a “merchant service charge” (MSC), which includes the acquirer’s processing costs and the “interchange fee.” The default interchange fee is a charge made by the system operator that is paid to the issuer (in the form of a deduction from the amount sent by the issuer to the acquirer when settling the transaction).[10] In addition, the system operator charges fees to both acquirers and issuers, called “scheme” and “processing” fees, that cover the system costs. Figure II, which is taken from the PSR, provides a simplified schematic of the four-party card system. In practice, there are often other parties involved, including payment gateways and payment processors.[11]

Figure II: Simplified Schematic of Four-Party Card Payment System


As discussed below, the various three- and four-party payment systems have been engaged in a decades-long process of dynamic competition in which each has sought—and continues to seek—to discover how to maximise value to their merchants and consumers. Card-payment systems also compete with other payment methods, including legacy methods such as cash and cheques, as well as the many methods that have emerged more recently, such as online transfers of various kinds. This has involved considerable investment in innovative products, including more effective ways to encourage participation, as well as the identification and prevention of fraud and theft.

Payment-card systems seek to optimise interchange fees to maximise the benefits of the system to participants on both sides of the market. Revenue from these fees thus covers a wide range of things, including: system operations, card issuance, customer service, fraud prevention and resolution, rewards, fraud-protection cover, and car-rental insurance (where these are offered). Moreover, these services are today often offered for free to cardholders (no annual fee) or even at a negative price, such as when rewards are provided. Finance charges on revolving balances also generate substantial revenue, much of which covers the costs of underwriting, servicing, and charge-offs on credit balances.

Similarly, many banks provide free current accounts to those who maintain positive balances (and in some cases even fee-free overdraft facilities up to a limit). The costs of such accounts are covered by other charges, including debit-card interchange fees.

III.    Misunderstanding the Economics of Payment Systems

While it may seem iniquitous for a platform to charge one side of the market more than the other, it is often efficient and ultimately socially beneficial.[13] In the case of payment systems, if the operator sets the price too high for some consumers, they will be unwilling to use the platform; similarly, if the operator sets the price too high for some merchants, they will not be willing to use the platform.

Since one side of the market is typically more price sensitive than the other side, joint net benefits are maximised when participants on the less price-sensitive side of the market incur a greater proportion of the system costs. This enables overall greater participation in the system, thereby achieving greater economies of scale. In the case of card-payment systems, the relatively large benefits merchants receive from accepting cards makes them less price sensitive than consumers, so it makes sense for them to pay a larger share of the transaction fees. This was true even when cards were a tiny fraction of payments and there were few, if any, competing cards for consumers to choose among. This demonstrates that it is not due to any perception among merchants that they lack choice.

The ineluctable benefits of such cross-market subsidies have, unfortunately, often been misconstrued as harmful by regulators, especially in markets where there are few competitors. In many cases, what seems to have happened is that the economies of scale entailed in the development and maintenance of certain systems has meant that only a small number of competing firms can operate efficiently. Regulators typically assume axiomatically, however, that the largest firms in markets with only a small number of competitors have a dominant position that has been created and is reinforced by those firms’ anticompetitive conduct. They thus automatically view all such conduct with suspicion.

Globally, there are many card-payment systems, although most of these operate only at a national level.[14] In the UK, as the PSR notes, two payment systems, Mastercard and Visa, represent the vast majority of consumer-debit and credit-card transactions.[15] But as the history shows, these large market shares were acquired through the development of technologies and rules that limited fraud and other counterparty risk, as well as by improving the efficiency and efficacy of payments, thereby creating enormous benefits to both consumers and merchants. While all markets are imperfect when compared to theoretical models of “perfect competition,” there is simply no evidence of “market failure” that might justify regulatory intervention.

It is also worth noting that, while card payments represent a large proportion of retail payments in the UK, they represent a relatively small fraction of all payments. Table 1 shows the value of payments made using various non-cash methods over the year from November 2021 to October 2022. This excludes higher-value payments settled directly over CHAPS, which accounted for more than £90 trillion in value.[16] As can be seen, the vast majority of payments were made over BACS and the Faster Payments systems, while cards (debit and credit) accounted for only about 11 per cent.

Table 1: Transaction Values of Selected UK Payments Systems, November 2021-October 2022

SOURCES: PayUK[17] and UK Finance[18]

A.      A Brief History of Payment-Card Systems

While merchant-specific charge cards had existed since the early 20th Century, the first multi-merchant payment-card systems in the United States were Diners Club and American Express. These were and in most cases are three-party cards; that is, they operate a closed ecosystem in which they have direct relationships with both merchants and cardholders (Amex now also acts as a third-party provider).[19]

Diners Club began in 1950 as a limited-purpose card that could be used at restaurants.[20] Starting with restaurants in New York City, the card gradually expanded to other cities and other hospitality services before becoming fully multipurpose. In 1953, Diners Club became the first international payment card, with acceptance in the UK, Canada, Cuba, and Mexico. International expansion continued gradually and, by 1967, Diners Club had a presence in 130 countries.

The American Express Card started as an alternative to Travellers’ Cheques, which were an already-popular payment product.[21] From an initial presence in the United States and Canada, American Express expanded its card issuance internationally in 1972.

While numerous banks experimented with their own credit cards, the first truly successful such card venture was BankAmericard, which began in 1958.[22] Initially a three-party card operated exclusively by Bank of America, in 1966, Bank of America began issuing licenses to other banks.[23] In 1970, National BankAmericard became a separate company owned by its member banks and, in 1976, it was rebranded as Visa.[24]

The precursors to Mastercard were regional associations of U.S. banks that had developed in response to restrictions on branch banking in 15 states, which meant that banks could only operate as individual units.[25] In 1966, several of these regional associations formed the Interbank Card Association (ICA), which established the authorisation, clearing, and settlement rules for all the banks in the ICA.[26] In 1969, ICA rebranded its cards as Interbank: the Master Charge card and, in 1979, the ICA became MasterCard.

The history of credit cards in the UK is similar. Finders Services was the first payment-card operator in the nation, launching its charge card here in 1951.[27] In 1962, Finders Services merged with Diners Club, becoming the UK’s first international payment card.[28] Amex followed in 1963.[29] Then, in 1966, Barclays became the first international licensee of BankAmericard, initially launching the Barclaycard as a charge card.[30] The following year, the Bank of England issued the first license to operate a credit card to Barclays and Barclaycard became the UK’s first credit card.[31] Barclaycard became a founding member of International BankAmericard Inc (IBANCO) when that was formed in 1974.[32] In 1977, IBANCO was rebranded Visa.[33] From 1981, Visa International was reorganised into five semi-autonomous international divisions, with their own boards and operational regulations, but subject to framework rules set at headquarters.[34]

The history of Mastercard in the UK is intertwined with Eurocard, which was founded in 1964 in Sweden and moved its corporate base to Belgium in 1965, from where it operated a pan-European not-for-profit association of card-issuing banks.[35] In 1968, Eurocard and the Interbank Card Association formed a strategic alliance. In 1971, Lloyds Bank, Midland Bank, National Westminster Bank, and (slightly later) Royal Bank of Scotland/Williams and Glyn formed a joint venture, the Joint Credit Card Company (JCCC), which launched the Access credit card in 1972.[36] In 1973, Access purchased a 15% share of Eurocard and, the following year, joined the Interbank Card Association.[37] In 1992, MasterCard merged with Europay International (which itself was a merger of Eurocard and Eurocheque).[38] In 1996, MasterCard purchased Access.[39]

B.      Dynamic Competition in Payment Systems

This brief history of the evolution of payment-card systems over the past 70 years shows how those systems gradually expanded. Underpinning that expansion was a process of dynamic competition, with payment networks continuously innovating ways to increase their security, scale, and efficiency. Among the major technological innovations have been:

  • The plastic card (previously, cards had used card stock).
  • Electronic systems for authentication, clearing, and settling transactions.
  • The magnetic stripe (magstripe) and associated data standards, which enabled more secure authentication.
  • The personal identification number (PIN), which was initially developed to enable the use of cards to withdraw cash directly from bank accounts using cash machines.
  • The EMV Chip—developed by a consortium of card networks that initially comprised Eurocard, MasterCard and Visa (EMVCo)—stores card information using public-key encryption technology and sends a one-time token to the POS machine. EMV chips are more difficult to “skim” than magstripes and, because the card number is not shared with the POS machine, dramatically reduce the potential for hackers to steal and use stored card information from merchants.
  • Contactless Tokens (cEMV), which are similar to the tokens produced by EMV Chips and enable similar protections for contactless transactions, whether using a card or a mobile phone.
  • Address verification (AVS), which is mainly used during card-not-present (CNP) transactions, such as telephone and online sales.
  • The card verification code (CVC/CVV), which is a three- or four-digit number unique to the card that is not held in merchant databases, and which is also primarily used during CNP transactions.
  • Two-factor authentication (2FA) entails the use of at least two independent proofs that the card user is legitimate, such as the CVV and a one-time password. 2FA is most commonly used for CNP transactions but is also sometimes used as a second line of defense for point-of-sale (POS) transactions identified as unusual.
  • Machine-learning-based systems that identify potentially fraudulent transactions by comparing transactions in real time with cardholders’ spending patterns, enabling issuers to block transactions.
  • 3D-Secure (3DS), which is an authentication system developed by EMVCo primarily for online transactions. It is a two-stage process: stage one involves using the information sent in the first (authorization) message to check against a cardholder’s profile; if the proposed payment fits the profile, it is permitted, and if not, then the cardholder is asked to complete 2FA on the transaction.[40]

We are now so used to making payments with cards that it is difficult to imagine just how important these innovations have been, let alone the scale of investment that went into them (and the many others, including those that were rejected or discarded). With that in mind, it is worth noting the dramatic impact of the introduction of one of the more recent innovations: contactless cEMV tokens. Over the past decade, these have facilitated a veritable revolution in contactless payments made using cards and cell phones. As Figure III shows, the number of contactless payments in the UK grew from almost nothing to more 1.2 billion by the end of 2021, representing about half of all card-payment-system transactions.

Figure III: Number of Contactless Payment Transactions, UK, 2015-2021 (Millions)

SOURCE: Statista[41]

Contactless payments dramatically reduce the time needed to complete a transaction at checkout, relative to cash or chip and PIN, with clear benefits for both merchants and consumers.[42] During the COVID pandemic, the ability to transact without touching a terminal or signing a payment-authorization slip also reduced the cost and difficulty of complying with rules intended to limit exposure through contact.[43] In addition, cEMV has gradually been integrated into public-transport systems, enabling riders on buses and trains in London, and increasingly across the UK, to use their payment card or mobile phone to tap in and out, eliminating the need for cash or additional transactions.[44]

There have also been many important innovations in incentive systems, the most notable being:

  • Merchant liability for non-authenticated fraudulent transactions above a certain minimum amount, which incentivises merchants to undertake authentication.
  • Prohibiting merchants who accept cards from a payment system from discriminating against that system by imposing surcharges on payments made using that system.
  • Guaranteeing zero liability for card users who have been subject to fraud on certain conditions (such as that the card user has notified the issuer that their card has been stolen).
  • Various forms of insurance, including purchase protection, return protection, extended warranty protection, cell-phone protection, price protection, rental-car liability protection, and travel insurance.
  • Rewards, including cashback and merchant-specific rewards (often on co-branded cards)

By offering these incentives, card issuers encourage adoption and use by cardholders. In addition, merchant-specific rewards encourage loyalty to that merchant. And, importantly, these incentives and technological innovations have been made possible by the system of fees, including most notably the interchange fee but also the scheme fees, processing fees, and acquiring fees.

Furthermore, there have been important business-model innovations over time that have improved the scale efficiency, responsiveness, and effectiveness of the systems. As noted, Visa and Mastercard initially deployed quite different ownership and management models. BankAmericard initially adopted a franchise model and then, from 1970, National BankAmericard/Visa operated as a joint-venture company, thereby overcoming conflicts of interest that arose from one bank acting as an issuer and an acquirer, while also setting the rules of the system for other issuers and acquirers.[45] By contrast, Mastercard and Eurocard both began as non-profit associations, which enabled them rapidly to scale, including by absorbing Access (which until then had operated as a profit-sharing joint venture), but this resulted in management challenges. The merger of Mastercard and Europay International in 1992 addressed some of those problems by creating a more streamlined structure and a more coherent global brand. Then, in 2006, MasterCard reorganised as a for-profit company and listed on the New York Stock Exchange through an initial public offering, enabling more centralised decision-making. In 2008, Visa also listed on the NYSE.

In short, the two largest global-payment systems emerged, survived, and thrived first and foremost by identifying and implementing superior solutions to the challenges of building and maintaining payment systems locally, nationally, regionally, and eventually, globally.

The large market share of these two firms operating at a global level is clearly not a consequence of some pre-existing market structure. On the contrary, the structure of the market for payments is a consequence of dynamic competition in technology, incentives, and business models.

C.      The Ongoing Process of Dynamic Competition

This dynamic competition continues, with innovative technologies and new global players emerging and deploying different business models. For example, PayPal offers users the ability to pay for services and goods purchased online and provides them with some of the same protections offered by credit cards, such as fraud monitoring and purchase protection.[46] PayPal operates a dual model in which users may fund payments either using their payment card or by making an ACH transfer to their PayPal account.[47] PayPal also offers users the ability to “buy-now-pay-later” (BNPL) at some merchants, with options either to make four bi-weekly payments with zero interest, or to spread the payment over a longer period (6, 12, 18, or 24 months), paying an interest rate that currently ranges from 0% to 29.99%, depending on the user’s credit score.[48]

In the past decade, several standalone BNPLs have entered the market, including Afterpay, Affirm, Flexpay, Klarna, Sezzle, Splitit, and Zip.[49] In 2021, merchant-payment-gateway provider Square purchased Afterpay, enabling the use of BNPL for in-store purchases in the United States.[50] In the UK, Square has partnered with BNPL provider ClearPay, enabling it to provide a similar offering.[51] Meanwhile, Stripe, another gateway provider, has partnered with several BNPL companies, enabling it to make similar offerings in several countries, including the UK.[52]

When offering zero-interest payment solutions to consumers, BNPLs typically charge the retailer a transaction fee of between 2% and 8%, depending on the consumer’s credit score and the type of merchant.[53] In the United States, Square/Afterpay charges the purchaser a standard rate of 6% plus a transaction fee of 30c.[54] By contrast, when offering longer-term payment solutions, the merchant pays a transaction fee and the consumer pays the interest.[55]

In addition to consumer-oriented BNPLs, there are business-to-business BNPLs. For example, in the UK, Funding Circle’s Flexipay (not to be confused with Flexpay or Payflex, a South African BNPL) offers loans of between £2,000 and £250,000, with the ability to spread payments over three months at an interest rate of 3% (as of the time of writing).[56]

Another example is real-time payments (RTP) systems, such as the UK’s Faster Payment System, which enable users to make near-instant peer-to-peer payments online and using mobile apps.[57] RTP systems typically do not replicate the fraud-protection and other counter-party risk offerings of traditional payment cards, nor do they enable consumers to defer payment, so they are likely less attractive than payment cards for making payments to merchants—especially when those merchants are unfamiliar and/or the size of the payment is large.[58] While the UK’s Confirmation of Payee system has somewhat reduced problems—such as, as the PSR notes,[59] automated push payment (APP) fraud—APP fraud remains very high, leading the PSR to propose that payment-service providers (PSPs) guarantee refunds for fraudulent payments in excess of £100.[60] Such a requirement would impose considerable additional costs on PSPs. By effectively transferring a considerable proportion of liability to those PSPs, it also would reduce payors’ incentives to undertake due diligence on payees. This, in turn, might lead PSPs to introduce more extensive screening of payments, which could well lead to overinclusive restrictions that harm smaller, less well-known but nonetheless legitimate payees.

At the same time, card issuers and payment systems continue to invest in improved methods for verifying the identity of persons making transactions, including most notably the development and deployment of a range of biometric technologies.[61] Meanwhile, many payment-card issuers are partnering with BNPL operators to provide alternative payment options for cardholders.[62]

IV.    The Market Reviews in the Context of the PSR’s Remit

Unfortunately, there is no evidence that the PSR intends to investigate the broader market for payments in the UK, of which payment cards represent only about 11%.[63] Instead, it has proposed to undertake two discrete reviews of very specific and narrow aspects of payments card systems’ operations, seemingly without any intention to consider the implications on the wider ecosystem. This seems doomed to draw inappropriate conclusions.

This section outlines the PSR’s remit and then discusses the two market reviews in the context of that remit, taking into consideration the foregoing discussion of the nature of payment systems and the dynamic competition that has driven their evolution.

A.      The PSR’s Remit

Section 49 of the Financial Services (Banking Reform) Act 2013 (FSBRA) states that “In discharging its general functions relating to payment systems the Payment Systems Regulator must, so far as is reasonably possible, act in a way which advances one or more of its payment systems objectives.”[64] It then lists three objectives: (a) the competition objective, (b) the innovation objective, and (c) the service-user objective, which are defined in the subsequent sections.[65]

Section 50 (1) of the FSBRA states that: “The competition objective is to promote effective competition in—(a) the market for payment systems, and (b) the markets for services provided by payment systems, in the interests of those who use, or are likely to use, services provided by payment systems.”

Section 50 (2) of the FSBRA states that: “The reference in subsection (1) to promoting effective competition includes, in particular, promoting effective competition— (a) between different operators of payment systems, (b) between different payment service providers, and (c) between different infrastructure providers.”

Section 50 (3) of the FSBRA states that:

The matters to which the Payment Systems Regulator may have regard in considering the effectiveness of competition in a market mentioned in subsection (1) include—

  • the needs of different persons who use, or may use, services provided by payment systems;

  • the ease with which persons who may wish to use those services can do so;

  • the ease with which persons who obtain those services can change the person from whom they obtain them;

  • the needs of different payment service providers or persons who wish to become payment service providers;

  • the ease with which payment service providers, or persons who wish to become payment service providers, can provide services using payment systems;

  • the ease with which payment service providers can change the payment system they use to provide their services;

  • the needs of different infrastructure providers or persons who wish to become infrastructure providers;

  • the ease with which infrastructure providers, or persons who wish to become infrastructure providers, can provide infrastructure for the purposes of operating payment systems;

  • the needs of different operators of payment systems;

  • the ease with which operators of payment systems can change the infrastructure used to operate the payment systems;

  • the level and structure of fees, charges or other costs associated with participation in payment systems;

  • the ease with which new entrants can enter the market;

  • how far competition is contributing to the development of efficient and effective infrastructure for the purposes of operating payment systems;

  • how far competition is encouraging innovation.

Section 51 (1) of the FSBRA states that: “The innovation objective is to promote the development of, and innovation in, payment systems in the interests of those who use, or are likely to use, services provided by payment systems, with a view to improving the quality, efficiency and economy of payment systems.” While Section 51 (2) states that: “The reference in subsection (1) to promoting the development of, and innovation in, payment systems includes, in particular, a reference to promoting the development of, and innovation in, infrastructure to be used for the purposes of operating payment systems.”

Section 52 of the FSBRA states that: “The service-user objective is to ensure that payment systems are operated and developed in a way that takes account of, and promotes, the interests of those who use, or are likely to use, services provided by payment systems.”

It is thus clear that, in principle, the PSR has a broad remit to investigate the functioning of payment systems. As such, it could undertake a broad review that considers the dynamic competition described earlier in this brief.

B.      The Market Reviews

Despite the PSR’s broad remit, it has chosen instead to undertake two very narrow market reviews. There is a grave danger that, in so doing, it will misconstrue the nature of the market for payments.

One is reminded of the rather wonderful 1986 “points of view” TV advertisement for The Guardian newspaper.[66] The ad began with a brief clip, from one angle, of a skinhead apparently running away from something. This was followed by a clip of the skinhead from another angle which shows him apparently trying to steal a besuited gentleman’s briefcase. Then, finally, we were shown an aerial view in which one can see that the skinhead is actually trying to save the other man from being crushed by a pallet of falling bricks. The point being that, if a policeman or other bystander had intervened to stop the skinhead on the presumption that he had committed or was about to commit a crime, based on seeing the situation only from the perspective of the first or second clips, the man in the suit might well have died or been grievously injured. As the advert notes at the end, “It’s only when you get the whole picture you can fully understand what’s going on.”

1.        Market review of UK-EEA cross-border interchange fees

In the case of the market review of UK-EEA consumer cross-border interchange fees, the PSR states:

We want to understand the rationale for and the impact of the rises in CNP IF levels for UK-EEA consumer debit and credit CNP transactions. We are concerned that the ability of Mastercard and Visa to increase these fees is an indication that there are market(s) which are not working well and may not support our statutory competition, innovation or service-user objectives.[67]

Here, the PSR seems to have assumed that an increase in prices is prima facie evidence of market failure. But a mere rise in prices does not provide such evidence. The fact is that, following the introduction of the IFR and prior to Brexit, the IFs were set by the EU, not by the market. Since then, domestic rates have been regulated at the same levels,[68] making it more likely that those IFs were (and, within the EEA, still are) not set at a level that reflects an optimal balance for the payments ecosystem.

Where prices for CNP IFs are set by market participants, they are generally higher than for card-present transactions. This is a straightforward consequence of the higher risks of fraud associated with CNP transactions.[69] Meanwhile, in markets where IFs for international transactions are set by market participants, those IFs include a premium to cover additional costs associated with operating the international system, as well as the higher counterparty risks (fraud and default) associated with such transactions. This leads to two conclusions:

  1. The appropriate prima facie assumption of the PSR, in response to the increase in IFRs for UK-EEA CNP transactions, should have been that it is a sign that the market is working well—e., the very opposite of the assumption that the PSR seems to have made.
  2. To investigate the appropriateness or otherwise of any IFR, it is necessary to understand fully the market in which it is being applied. In this case, the market is the entire global payments system, since UK-EEU transactions are but a tiny fraction of that system, which as discussed above has evolved over decades. At the very least, it entails a full analysis of both CNP and UK-EEA payments systems, not merely the narrow aspect of (and costs associated with) UK-EEA interchange fees.

2.        Market review of card scheme and processing fees.

In the case of the market review of cards’ scheme and processing fees, the PSR states:

We found that scheme and processing fees (which we referred to as ‘scheme fees’ in the market review) paid by acquirers increased significantly over the period 2014 to 2018 as shown in Figure 1.5 We also found that a substantial proportion of these increases are not explained by changes in the volume, value or mix of transactions.[70]

The PSR has decided emphatically to focus narrowly on how Mastercard and Visa set scheme and processing fees:

We will assess the factors that may influence and constrain how Mastercard and Visa set scheme and processing fees, and the impact of this. Such factors may include:

  • The extent of any barriers to entry or network effects involved in setting up and running card payment systems, which alone or in combination may mean that Mastercard and Visa face limited constraints when it comes to setting scheme and processing fees.

  • Whether Mastercard and Visa have a ‘must take’ status for merchants, which may mean that Mastercard and Visa face limited constraints from the ability of merchants (and their acquirers) to exercise choice about their acceptance when setting acquirer scheme and processing fees.[71]

Meanwhile, the PSR has already ruled out any consideration of the wider payments ecosystem, noting:

A number of comments in the consultation asked us to consider extending the market review to charges levied by other participants in the payments ecosystem (other card schemes, and other payment methods, including digital wallets). We agree that constraints from other participants and other payment methods could play an important role in Mastercard’s and Visa’s decisions about card scheme and processing fees. The scope of the market review we proposed in our draft ToR, however, would assess competitive constraints that may arise from other participants than Visa and Mastercard, to the extent this applies. We, therefore, do not think that it is necessary to extend the scope of the market review; and so, our market review will focus on card scheme and processing fees.[72]

This is troubling because, as discussed above, the payment systems in the UK and globally have evolved over many decades in such a way as to balance the two sides of the market: merchants on one side and consumers on the other. The fees charged by payment systems reflect this balance, not only within the card-payments ecosystem but also within the wider payments ecosystem of which card payments are only a relatively small part—about 11% in the UK.[73] Moreover, the scheme fees that appear to be a specific focus of the market review are only a small part of the total fees paid during a transaction. Visa offers the following example: when a consumer purchases a jumper for £30 at a small retailer using a Visa card, the MSC would be around £0.63, of which the scheme fee would be about £0.01.[74] So, the question is: why is the PSR focusing on a fee that makes up only 1.6% of the transaction fee and only 0.03% of the total transaction amount?

By seeking to investigate only a subset of card fees and not all the fees—which would necessitate also considering the effects of any adjustments to such fees on related offerings (such as rewards and cobranded cards, insurance, security upgrades, and new payment modes), let alone the wider payments ecosystem)—the PSR precludes a proper analysis of whether the market is operating efficiently.

In sum, intentionally or otherwise, the statements made by the PSR with respect to the terms of reference (ToR) for both market reviews look very much like the regulator has already decided its conclusions and is now looking for evidence to support its case, while expressly avoiding evidence that might point to other conclusions. They are classic examples of asking the wrong question and therefore getting the wrong answer.

V.      Conclusions

Payment systems have developed through a process of dynamic competition that has led to the emergence of extraordinarily complex and finely balanced ecosystems featuring an increasingly wide array of innovative technologies, incentives, and business models. As such, it is a little odd that the PSR should have chosen to undertake several discrete and very narrow reviews, rather than a more comprehensive review.

If the PSR were to undertake a more comprehensive review of payments, which would be more consistent with its remit under the FSBR, it might extend that to the wider payments ecosystem, of which card payments are only a relatively small part—approximately 11% in the UK, if larger payments made over CHAPS are excluded.

Despite stating—in the final ToR for the market review of card schemes and processing fees—that it does not intend to extend the market review, it left a window open by stating: “We expect our thinking to develop over the course of the market review, including the possibility that further issues or areas of analysis are added (if they relate to potential harm to competition, innovation or service users) or some issues are dropped.”[75] One can only hope that such thinking extends to a fuller examination of the payments ecosystem. If the PSR were to adopt such an approach, it might also drop the even more absurdly narrow market review of UK-EEA consumer cross-border interchange fees, a fuller (proper) review of which would entail looking not only at payments in the UK, but also internationally.


[1] Market Review of UK-EEA Consumer Cross-Border Interchange Fees, Payment System Regulator (Jun. 21, 2022), https://www.psr.org.uk/publications/market-reviews/mr22-2-1-market-review-of-uk-eea-consumer-cross-border-interchange-fees.

[2] Market Review of Card Scheme and Processing Fees, Payment System Regulator (Jun. 21, 2022), https://www.psr.org.uk/publications/market-reviews/mr22-1-1-market-review-of-card-scheme-and-processing-fees.

[3] Id.

[4] Todd J. Zywicki, The Economics of Credit Cards, 3 Chap. L. Rev. 79, 7 (2000), available at https://digitalcommons.chapman.edu/chapman-law-review/vol3/iss1/6.

[5] Snapshot of Payments in the UK Over Time, Payment Systems Regulator (Jan. 2, 2022), available at https://www.psr.org.uk/media/20ob5wee/payments-over-time.pdf.


[6] William F. Baxter, Bank Interchange of Transactional Paper: Legal and Economic Perspectives, 26 J. L. & Econ. 541 (1983); Jean-Charles Rochet & Jean Tirole, Two-Sided Markets: A Progress Report, 37 Rand J. Econ. 645 (2006); see also, Todd J. Zywicki, The Economics of Payment Card Interchange Fees and the Limits of Regulation, International Center for Law & Economics, ICLE Financial Regulatory Program White Paper Series (Jun. 2, 2010), available at http://laweconcenter.org/images/articles/zywicki_interchange.pdf.

[7] Bruno Jullien, Alessandro Pavan, & Marc Rysman, Two-Sided Markets, Pricing, and Network Effects, 4 Handbook of Indus. Org. 485-592 (2021).

[8] Thomas Eisenmann, Geoffrey Parker, & Marshall W. Van Alstyne, Strategies for Two-Sided Markets, Harv. Bus. Rev. (Oct. 2006), https://hbr.org/2006/10/strategies-for-two-sided-markets.

[9] David L. Stearns, Think of it as Money: A History of the VISA Payment System, 1970–1984, PhD Thesis, University of Edinburgh, at 42–43; Timothy Wolters, Carry Your Credit in Your Pocket: The Early History of the Credit Card at Bank of America and Chase Manhattan, 1 Enterprise & Society 315, (2000).

[10] In some cases, the interchange fee is established bilaterally by agreement between issuers and acquirers. The default interchange fee applies when such agreements are not in place.

[11] See, e.g., UK Payment Processing Companies & Merchant Account Providers, MerchantSavvy, https://www.merchantsavvy.co.uk/payment-processors (last visited Feb. 22, 2023).

[12] PSR, supra note 1, at 13.

[13] Zywicki, supra note 6.

[14] For example, 10 EU members had a domestic card scheme in 2018: Card Payments in Europe- Current Landscape and Future Prospects, European Central Bank (Apr. 2019), https://www.ecb.europa.eu/paym/intro/mip-online/2019/html/1904_card_payments_europe.en.html.

[15] PSR, supra note 2, at 7.

[16] Payment and Settlement Statistics, Bank of England (Feb. 16, 2023), https://www.bankofengland.co.uk/payment-and-settlement/payment-and-settlement-statistics.

[17] BACS Monthly Volumes and Values 1990-2022, Pay.uk (2023), https://newseventsinsights.wearepay.uk/media/iyral1oo/historical-monthly-payment-statistics-1990-to-dec-2022.xls.

[18] Card Spending, UK Finance (Feb. 16, 2023), https://www.ukfinance.org.uk/data-and-research/data/card-spending.

[19] Emily Sherman & Holly Johnson, Understanding Third-Party American Express Cards, credicards.com (Mar. 30, 2022), https://www.creditcards.com/card-advice/american-express-third-party-cards.

[20] Diners Club History, Diners Club International, https://www.dinersclub.com/about-us/history (last visited Feb. 22, 2023).

[21] Who We Are, American Express, https://about.americanexpress.com/our-company/who-we-are/who-we-are/default.aspx (last visited Feb. 22, 2023).

[22] Stearns, supra note 9.

[23] Id.

[24] Id.

[25] Dave Ahern, The Amazing Story of Mastercard: History and Making Money, eB (Nov. 10, 2021), https://einvestingforbeginners.com/the-history-of-mastercard-daah/#:~:text=of%20America%2C%20ironically.-,How%20Did%20Mastercard%20Start%3F,became%20known%20globally%20as%20Visa.

[26] Brand History, Mastercard, https://brand.mastercard.com/brandcenter/more-about-our-brands/brand-history.html (last visited Feb. 22, 2023).

[27] 1963: American Express Comes to Britain, BBC, http://news.bbc.co.uk/onthisday/hi/dates/stories/september/10/newsid_3031000/3031968.stm (last visited Feb. 22, 2023).

[28] Id.

[29] Id.

[30] Stearns, supra note 9, at 120.

[31] BBC, supra note 27.

[32] Stearns, supra note 9, at 120.

[33] Id. at 131.

[34] Id. at 180.

[35] Eurocard (Credit Card), Wikipedia, https://en.wikipedia.org/wiki/Eurocard_(credit_card) (last visited Feb. 22, 2023).

[36] History 1966-72, Access, https://www.accesscreditcard.info/history66-72.aspx (last visited Feb. 22, 2023).

[37] History 1973-77, Access, https://www.accesscreditcard.info/history73-77.aspx (last visited Feb. 22, 2023).

[38] Paul Doocey, MasterCard and Europay Merge to Form a Global Payments Company, BankTech (Jul. 16, 2002), https://www.banktech.com/payments/mastercard-and-europay-merge-to-form-a-global-payments-company/d/d-id/1288945.html.

[39] Sean Brierley, Mastercard and UK Banks Strike 40m Access Deal, MarketingWeek (Apr. 19, 1996), https://www.marketingweek.com/mastercard-and-uk-banks-strike-40m-access-deal.

[40] EMV 3-D Secure, EMVCo, https://www.emvco.com/emv-technologies/3-d-secure (last visited Feb. 22, 2023).

[41] Raynor de Best, Total Number of In-Store Debit or Credit Card Payments that Are Contactless, or Done with NFC, in the United Kingdom (UK) from January 2015 to October 2021, Statista (Jan. 11, 2023), https://www.statista.com/statistics/488054/number-of-contactless-cards-transactions-united-kingdom.

[42] David Bounie & Youssouf Camara, Card-Sales Response to Merchant Contactless Payment Acceptance, 119 J. of Banking & Fin. 105938 (Oct. 2020), available at https://www.sciencedirect.com/science/article/abs/pii/S0378426620302004; Emma Marie Fleck & Michael E. Ozlanski, Cash: Never Leave Home with It? 17 The CASE J. 182–201 (2021), available at https://www.emerald.com/insight/content/doi/10.1108/TCJ-06-2019-0055/full/html.

[43] Adrian Buckle, The Impact of Covid-19 on UK Card Payments In 2020, UK Finance (Jun. 16, 2021), https://www.ukfinance.org.uk/news-and-insight/blogs/impact-covid-19-uk-card-payments-2020.

[44] UK’s First Major Rollout of CEMV Outside of London Commences in Oxfordshire, VIX Technology (Nov. 14, 2016), https://vixtechnology.com/press-release/uks-first-major-rollout-of-cemv-outside-of-london-commences-in-oxfordshire; Dan Balaban, UK Transit Agency Plans London-Style Multimodal Contactless System with Fare Capping, Mobility Payments (Sep. 12, 2022), https://www.mobility-payments.com/2022/09/12/uk-agency-plans-london-style-multimodal-contactless-system-with-fare-capping.

[45] Stearns, supra note 9.

[46] Protection You Need, Peace of Mind You Deserve, PayPal, https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security (last visited Feb. 22, 2023).

[47] Add Cards and Banks, PayPal, https://www.paypal.com/us/digital-wallet/ways-to-pay/add-payment-method (last visited Feb. 22, 2023).

[48] Buy Now, Pay Later with PayPal, PayPal, https://www.paypal.com/us/digital-wallet/ways-to-pay/buy-now-pay-later (last visited Feb. 22, 2023).

[49] Erin Gregory, How Does Buy Now Pay Later (BNPL) Work for Businesses?, Techradar (Mar. 4, 2022), https://www.techradar.com/features/how-does-buy-now-pay-later-bnpl-work-for-businesses; Jaros?aw ?ci?lak, Top 10 Buy Now Pay Later Companies to Watch in 2022, Code & Pepper (May 8, 2022), https://codeandpepper.com/buy-now-pay-later-2022.

[50] Square, Inc. Announces Plans to Acquire Afterpay, Strengthening and Enabling Further Integration Between Its Seller and Cash App Ecosystems, Square (Aug. 1, 2021), https://squareup.com/us/en/press/square-announces-plans-to-acquire-afterpay; Bring in More Business with Buy Now, Pay Later, Square, https://squareup.com/us/en/buy-now-pay-later (last visited Feb. 22, 2023).

[51] John Stewart, As Consumers Embrace BNPL, Square Brings It to the U.K. Across All Platforms, Digital Transactions (Aug. 23, 2022), https://www.digitaltransactions.net/as-consumers-embrace-bnpl-square-brings-it-to-the-u-k-across-all-platforms.

[52] Buy Now, Pay Later, Stripe, https://stripe.com/docs/payments/buy-now-pay-later (last visited Feb. 22, 2023).

[53] Id.

[54] Bring in More Business with Buy Now, Pay Later, Square, https://squareup.com/us/en/buy-now-pay-later (last visited Feb. 22, 2023).

[55] Id.

[56] Free Your Cash Flow with Flexipay, Funding Circle, https://www.fundingcircle.com/uk/payments/flexipay (last visited Feb. 22, 2023).

[57] £1 Million Faster Payments Now Possible, Pay.UK (Feb. 10, 2022), https://newseventsinsights.wearepay.uk/media-centre/press-releases/1-million-faster-payments-now-possible.

[58] Julian Morris, Is Pix Really the End of Credit Cards?, Truth on the Market (Sep. 28, 2022), https://truthonthemarket.com/2022/09/28/is-pix-really-the-end-of-credit-cards.

[59] PSR Finalizes Plans for Wider Implementation of Fraud Prevention Tool, Confirmation of Payee, Payment Systems Regulator, https://www.psr.org.uk/news-and-updates/latest-news/news/psr-finalises-plans-for-the-wider-implementation-of-fraud-prevention-tool-confirmation-of-payee/#:~:text=account%20to%20another.-,Confirmation%20of%20Payee,details%20provided%20by%20a%20payer (last visited Feb. 22, 2023).

[60] PSR Sets Out Proposals to Give Greater Protection Against APP Scams, Payment Systems Regulator (Nov. 25, 2022), https://www.psr.org.uk/news-and-updates/latest-news/news/psr-sets-out-proposals-to-give-greater-protection-against-app-scams.

[61] MasterCard Biometric Card Driving Cardholder Security and Convenience, MasterCard, https://www.mastercard.us/en-us/business/overview/safety-and-security/authentication-services/biometrics/biometrics-card.html (last visited Feb. 22, 2023); Fingerprint Authentication Moves from Phones to Payment, Visa, https://usa.visa.com/visa-everywhere/security/biometric-payment-card.html (last visited Feb. 22, 2023).

[62] Kimberly Palmer & Melissa Lambarena, Buy Now, Pay Later Already Comes Standard on Many Credit Cards, Nerdwallet (Dec. 9, 2022), https://www.nerdwallet.com/article/credit-cards/buy-now-pay-later-is-already-standard-on-some-credit-cards.

[63] Supra Section III.

[64] Financial Services (Banking Reform) Act 2013, c. 33, §49 (UK).

[65] Id.

[66] The Guardian, Cannes Lion Award-Winning “Three Little Pigs Advert”, YouTube (Feb. 29, 2012), https://www.youtube.com/watch?v=_SsccRkLLzU.

[67] PSR, supra note 1, at 7.

[68] The Interchange Fee (Amendment) (EU Exit) Regulations 2019, SI 2019/284, https://www.legislation.gov.uk/uksi/2019/284/contents.

[69] Board of Governors of the Federal Reserve System, Changes in U.S. Payments Fraud from 2012 to 2016, Federal Reserve (Oct. 2018), https://www.federalreserve.gov/publications/2018-payment-systems-fraud.htm.

[70] PSR, supra note 2, at 5.

[71] Id. at 10.

[72] Id. at 7.

[73] See Section III above.

[74] Paying with Visa: How Retailers and Consumers Benefit, Visa (Oct. 22, 2020), https://www.visa.co.uk/visa-everywhere/blog/bdp/2020/10/20/what-happens-when-1603211979840.html.

[75] PSR, supra note 1, at 11.

Continue reading
Financial Regulation & Corporate Governance

ICLE Comments on Proposed FTC Consent Agreement; Mastercard Incorporated

Regulatory Comments Comment on Mastercard Incorporated; Matter No. 201 0011 Commissioners, I am an expert on the law & economics of payment cards and have written extensively . . .

Comment on Mastercard Incorporated; Matter No. 201 0011


I am an expert on the law & economics of payment cards and have written extensively the subject.[1] I am submitting this comment on behalf of the International Center for Law & Economics (ICLE) because we have concerns regarding the effects that the consent order may have on the functioning of and innovation in payment systems.

Among there are that the agreement will undermine the security of payments made using single-message systems; set a precedent that, if applied more broadly, would undermine the security of payments more generally; and discourage investment in innovation, especially in the development of new, secure, tokenized payment systems that have the potential to reduce fraud, theft, and other forms of counterparty risk. Such an outcome would be, in our view, entirely detrimental to the future of the U.S. payment system.

To elaborate those concerns, we attach a paper we recently produced that discusses the regulation of single-message payment systems and, in particular, the regulation of routing on such networks. We hope this work will help to inform your deliberations on the matter.

[1] See, e.g., Julian Morris & Todd J. Zywicki, Regulating Routing in Payment Networks, International Center for Law & Economics (Aug. 18, 2022), https://laweconcenter.org/resources/regulating-routing-in-payment-networks; Julian Morris, Central Banks and Real-Time Payments: Lessons From Brazil’s Pix, International Center for Law & Economics (Jun. 1, 2022), https://laweconcenter.org/resources/central-banks-and-real-time-payments-lessons-from-brazils-pix; Julian Morris, Regulating Payment-Card Fees: International Best Practices And Lessons For Costa Rica, International Center for Law & Economics (May 25, 2022), https://laweconcenter.org/resources/regulating-payment-card-fees-international-best-practices-and-lessons-for-costa-rica; Todd J. Zywicki, Julian Morris, & Geoffrey A. Manne, The Effects Of Price Controls On Payment-Card Interchange Fees: A Review And Update, International Center for Law & Economics (Mar. 4, 2022), https://laweconcenter.org/resources/the-effects-of-price-controls-on-payment-card-interchange-fees-a-review-and-update.


Continue reading
Financial Regulation & Corporate Governance

Todd Zywicki Discusses the Durbin Amendment with NAFCU

Presentations & Interviews ICLE Academic Affiliate Todd Zywicki joined NAFCUtv, the news program distributed by the National Association of Federal Credit Unions, to discuss the history of the . . .

ICLE Academic Affiliate Todd Zywicki joined NAFCUtv, the news program distributed by the National Association of Federal Credit Unions, to discuss the history of the Dodd-Frank Act’s so-called “Durbin amendment,” which established interchange price caps, as well as the recent Credit Card Competition Act and an overview of the market for credit cards and consumer payments. The full video is embedded below.

Continue reading
Financial Regulation & Corporate Governance

Banco Central Erra en su Enfoque Sobre Comisiones de Tarjetas

Popular Media El Banco Central de Costa Rica (BCCR) interpreta la regulación de las comisiones por el uso de tarjetas de crédito o débito como una justificación . . .

El Banco Central de Costa Rica (BCCR) interpreta la regulación de las comisiones por el uso de tarjetas de crédito o débito como una justificación para establecer topes máximos, de tal forma que los emisores recuperen únicamente los costos operacionales y estáticos del sistema.

Continue reading
Financial Regulation & Corporate Governance

Regulación a las comisiones de tarjetas de pago

Scholarship [The attached was published by La Academia de Centroamérica, a private, nonprofit research center based in Costa Rica, as an adaptation of the ICLE issue . . .

[The attached was published by La Academia de Centroamérica, a private, nonprofit research center based in Costa Rica, as an adaptation of the ICLE issue brief “Regulating Payment-Card Fees: International Best Practices and Lessons for Costa Rica.” Translation by Juan Carlos Hidalgo.]

Resumen Ejecutivo

Continue reading
Financial Regulation & Corporate Governance

Comments of the International Center for Law & Economics, ‘Ensuring Responsible Development of Digital Assets’

Regulatory Comments We thank the U.S. Treasury Department for the opportunity to participate in this Request for Comment on “Ensuring Responsible Development of Digital Assets.” Docket No. TREAS-DO-2022-0018 Submitted: November 3, 2022

I. Introduction

We thank the U.S. Treasury Department for the opportunity to participate in this Request for Comment on “Ensuring Responsible Development of Digital Assets.”[1] Our response most directly addresses part “B” of the Request for Comments, focusing particularly on the following questions:

  • “What additional steps should the United States government take to more effectively deter, detect, and disrupt the misuse of digital assets and digital asset service providers by criminals?” (B1)
  • “Are there specific areas related to AML/CFT and sanctions obligations with respect to digital assets that require additional clarity?” (B2)
  • “What additional steps should the U.S. government consider to address the illicit finance risks related to mixers and other anonymity-enhancing technologies?” (B7)
  • “What steps should the U.S. government take to effectively mitigate the illicit finance risks related to DeFi?” (B8)

Agencies whose primary function is law enforcement are chiefly concerned with the effectiveness of that mission and may not have the resources to properly consider the costs of actions that appear to promise effectiveness. We thus welcome the whole-of-government approach to the responsible development of digital assets adopted in Executive Order 14067, which invites a rigorous assessment of costs and benefits across various policy objectives.[2] The principal policy objectives set out in the Executive Order cover both law-enforcement and national-security concerns, while supporting technological advances and promoting access to safe and affordable financial services. Given the Order’s broad scope, some ways of pursuing its diverse policy objectives may be in tension. Our aim in this response is to shed light on two important areas of such tension.

First, policymakers must determine which entities in the crypto ecosystem are the most appropriate targets for law-enforcement and national-security efforts. We suggest that the costs of targeting crypto’s infrastructural or “base” layer may to a disproportionate extent impede the attainment of other policy objectives.

Second, it is important to determine the appropriate policy response to privacy-enhancing crypto technologies. As Treasury seeks to forward the goals of consumer and investor protection, promotion of access to finance, support of technological advances, and reinforcement of U.S. leadership, all point in favor of facilitating responsible use of privacy-enhancing technologies, including so-called “privacy coins.”

II. Targeting the ‘Base Layer’

Crypto’s “base layer” is in some important ways analogous to the basic infrastructure of the Internet and of traditional finance. We understand the base layer to include:

  • The “infrastructural” participants of blockchain networks—g., miners, validators, and node operators;[3] and
  • Service providers that directly serve the former—g., private relay operators like Flashbots and specialized node-hosting services[4] like Infura, Alchemy, or even Google.[5]

One approach to prevent and counteract undesirable activity “on top” of crypto’s infrastructure layer would be to lay legal duties on base-layer participants to mitigate such activity, particularly where they may, in even some remote sense, have facilitated it. This approach will often be inappropriate, however, either because it is bound to be ineffective or because it will impose disproportionate costs relative to its benefits.

Infrastructural participants of blockchain networks are not often in the best position to apply rules like anti-money-laundering (“AML”) and combating-the-financing-of-terrorism (“CFT”) obligations because they do not have direct relationships with end users. They therefore do not possess the information needed and, even if they do act, cannot offer redress to the affected users. Moreover, in open networks like Ethereum and Bitcoin, imposing legal duties on U.S.-based actors (e.g., miners or validators) is very likely to be ineffective, as many network participants will be located in other jurisdictions. Finally, some base-layer participants may simply find it impossible to comply with some legal duties, which could prompt them to leave U.S. jurisdiction.

Recent enforcement actions arising from the strict-liability duty not to facilitate transactions with entities sanctioned by the U.S. Treasury Department help to illustrate the concerns that attend imposing such duties on base-layer participants. In August 2022, a number of Ethereum addresses deployed by Tornado Cash were added to the Specially Designated Nationals and Blocked Persons List (“SDN”).[6] Following this designation—out of an abundance of caution and adopting an expansive interpretation of the law—some base-layer participants of Ethereum (validators, block builders, proposers, and relay operators) began to filter out transactions that interacted with SDN-listed Ethereum addresses, so that they would not contribute to including those transactions on the blockchain. While it appears that a fairly large segment of the base layer joined in this effort, it has been—and will very likely remain—ineffective at stopping transactions with sanctioned entities from being included on the blockchain.

One reason the filtering effort has been ineffective is that it was focused on blockchain addresses, which is what base-layer participants have access to. But sanctioned entities can create new addresses and use other methods to obfuscate their identities in transactions. The scope of filtering could theoretically be broadened, also using on-chain analysis, but this would likely be overinclusive.[7] It would therefore threaten to harm other users; potentially leave filtering base-layer operators less competitive than non-filtering ones; and likely hasten the development of changes to Ethereum to bypass such filtering.

There are, to be sure, examples of situations where it would be difficult to use a new address to circumvent filtering. Some designated blockchain addresses (e.g., the addresses of autonomous smart contracts deployed by Tornado Cash) are not controlled by anyone and thus cannot “move” to new addresses on their own. But even where a smart contract is autonomous, its original deployers—or, in the case of open-source code, anyone—could copy the code and deploy a new smart contract that would perform the same functions as the original. The need to redeploy smart contracts to new addresses often would create significant friction and costs for all who relied on the original smart contract, but as we will note in a moment, there are also cases where redeployment may not be necessary.

Even if the scope of filtering is broadened, one reason that filtering efforts may remain ineffective is that even a relatively small number of validators—including those located outside the United States—can ensure that any transaction be included on the blockchain, albeit with some delay. The extent of that delay will be proportionate to how many non-filtering validators there are among the universe of all validators. Importantly, the Ethereum addresses included on the Tornado Cash SDN list largely do not represent the kinds of smart contracts that require rapid communication.[8]

With more time-sensitive transactions—e.g., smart contracts used to liquidate on-chain collateral—delays could significantly affect utility. In cases where such delays could harm users, there would be a strong incentive to swiftly redeploy contracts to new addresses. Moreover, were the addresses of such time-sensitive smart contracts ever included on the SDN list, it would likely prompt changes to the Ethereum protocol to render base-layer filtering impossible. Indeed, development work in this direction was already underway prior to the Tornado Cash designation and may have accelerated in its aftermath. The proposed changes would involve the introduction of privacy-enhancing solutions to Ethereum, which we will discuss in the next section.

Here, we wish to focus on what these technical changes could mean for U.S. sanctions law if a determination is made that it is, indeed, illegal (on a strict-liability basis, i.e., irrespective of intent) for a U.S.-based Ethereum validator to propose (or perhaps even “attest to”) a block containing transactions with sanctioned entities.[9] If changes to the Ethereum protocol render the contents of transactions hidden from validators, then those validators could never be certain that they are in compliance with the prohibitions. This would effectively force validators (and other base-layer operators) to leave the United States. Ethereum would likely continue to function and remain accessible to U.S.-based users, but the technological and economic position that the United States currently holds in the base layer of the ecosystem would be diminished significantly.

To this point, our comments have concerned targeting the base layer for undesirable activity that happens “on top” of it—i.e., for facilitating the actions of others. It is, however, also possible for base-layer participants to engage in illicit activity in their own right. In such cases, it would certainly be appropriate that they be a target of law enforcement. For example, node operators could use their privileged access to private information about pending securities or commodities transactions in ways that would constitute market manipulation under the Securities Exchange Act or the Commodity Exchange Act.[10] Validators could also engage in potentially illegal market manipulation through some forms of “MEV extraction.”[11]

An alternative to targeting the base layer is to target the application layer—i.e., services built on top of the base layer, with the primary function of interacting with end users.[12] Of particular interest in this space are services that intermediate between crypto assets and the rest of the financial system—i.e., “on-ramps” and “off-ramps.”[13] Due to their user-facing role, such services tend to already possess—and can more easily acquire—information needed for effective compliance with legal obligations related to user activity, such as AML/CFT and sanctions obligations. Because these services have direct relationships with users, they also can ask for additional information and provide redress opportunities in certain cases—e.g., where a user is mistakenly flagged as high risk by automated tools. Moreover, crypto on- and off-ramps have been regulated as money transmitters or under analogous regulatory regimes in certain other jurisdictions.[14]

Targeting the base layer of permissionless blockchain networks may have symbolic value, but it is unlikely to achieve genuine law-enforcement or national-security goals. Imposing rules with which it would be impossible for base-layer operators to comply will simply push those operators to other jurisdictions. More effective targeting of the base layer is possible in permissioned blockchain networks, but requiring blockchain networks to be permissioned would run counter to the goal of reinforcing U.S. financial and economic leadership. It would amount to giving up on the promise of permissionless blockchains like Ethereum and Bitcoin. Finally, targeting the base layer is unnecessary, as the application layer presents a more appropriate target for legal obligations.

A.   Recommendation addressing ‘specific areas related to AML/CFT and sanctions obligations with respect to digital assets that require additional clarity’ (RFC question B2)

As we note above, base-layer efforts to filter transactions with sanctioned entities are currently ineffective and are likely to become impossible, given in-progress technological developments. We also noted that the application layer is the more appropriate target for sanctions law. The primary effect of the prevailing uncertainty surrounding the potential legal exposure of base-layer participants of public blockchains like Ethereum and Bitcoin has been to threaten U.S. technological and economic leadership in digital assets.

The U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) could address this uncertainty by offering a public statement—perhaps in its sanctions FAQs—that it does not regard any of the following as the prohibited facilitation of a transaction with a designated entity, either on public blockchains in general or, at least, on Ethereum and Bitcoin:

  1. To include such a transaction in a block, by mining or validating (“proposing”);
  2. To accept such a transaction and the block in which it was included as valid for the purposes of adding new blocks referencing the first block; or
  3. To receive and retransmit such a transaction for inclusion by potential miners or validators (g., by a node, a block builder, or a relay).

We stress that this issue is independent from any evaluation of either the propriety or legality of sanctioning any particular entity, or of the inclusion of addresses of autonomous smart contracts on the SDN list.[15]

III. Privacy-Enhancing Technologies

Ethereum and Bitcoin—the most widely used public blockchains—were not designed with user privacy in mind. Pseudonymity of blockchain addresses is easily broken, for example, whenever a user discloses their identity to make a purchase. The effect of breaking pseudonymity is that the other party will likely be able to discover the entirety of that user’s past activity on the blockchain. It is akin to a user giving someone access to their entire history of bank or credit-card transactions. The risk of so massive a breach of financial privacy—potentially exposing users to targeting by thieves and fraudsters—is inimical to the goal of “access to safe and affordable financial services” that President Biden set out in Executive Order 14067.[16]

The lack of privacy on blockchains like Ethereum and Bitcoin has proven convenient for law enforcement, who have leveraged it to prosecute crimes.[17] But it would be mistaken to regard the current level of transparency as a benchmark either for “responsible” public blockchains or for services built atop them. Safe and accessible public blockchains of the near future—including planned changes to Ethereum—will not offer the same transparency on which today’s criminals and law enforcement alike rely.

It is useful to examine the now-sanctioned Tornado Cash within this context. Tornado Cash was arguably the most effective “on-chain” tool to protect user privacy.[18] For some use cases, users can enjoy similar privacy-protecting effects by routing their transactions through regulated exchanges like Coinbase, FTX, or Binance, but this comes at the expense of having to trust one of those third parties. The tradeoffs involved in going “off-chain” to achieve “on-chain” privacy include additional risk, friction, and delays, which could at least partially negate the point of using a public permissionless blockchain. If public blockchains are an innovation worth preserving and supporting, as the Executive Order implies, then a solution should be found that does not erase their primary salutary features.

Fortunately, there are technological solutions to preserve user privacy that simultaneously enable effective mitigation of illicit activity. One such solution is selective disclosure.[19] Even where the pseudonymous identifiers of senders and recipients—or the contents of a blockchain message (transaction)—are hidden, users may nonetheless be able to selectively disclose in a non-falsifiable way that, for example, they control the account from which a certain transaction was made. This would allow on- and off-ramp services between crypto-assets and the rest of the economy to serve as gatekeepers that perform appropriate AML/CFT or sanctions screening of customers who wish to exchange their “private coins” for fiat currency or other goods. To be sure, service providers and law enforcement would likely have access to less information under this sort of blockchain analysis than they do today, especially regarding the transactions of parties other than the customer in question (although service providers may have access to disclosed transactions from many customers). As we noted above, however, the current level of transparency poses a regrettable risk to user privacy and safety and thus cannot serve as a normative benchmark.

Tornado Cash, Zcash, and Monero all offer forms of selective disclosure.[20] While the transaction volume in these protocols is small relative to Ethereum or Bitcoin, it would be worthwhile to devote resources toward developing rules and guidance—especially for money transmitters and financial institutions—on how to facilitate transactions with those protocols responsibly. A pragmatic reason for this investment is that public blockchains and the services built on them are moving in the direction of increased privacy. Thus, the issue of privacy cannot be adequately addressed by blunt instruments like sanctioning an entire protocol, as happened with Tornado Cash. Even today, the hypothetical prohibition of Ethereum or Bitcoin would cause immense economic damage. Soon, such action could jeopardize the stability of the global economy.

As public blockchains grow, they will become more attractive both for lawful uses and for illicit uses. While illicit use may remain small as a percentage of total transactions, the volume of illicit transactions will likely rise in absolute numbers.[21] The anticipated improvements in crypto privacy will cause significant tension for the prevailing law-enforcement and national-security approaches to digital assets. In this context, Treasury’s Digital Asset Action Plan may not be entirely adequate.[22]

It is, to start, puzzling why the Digital Asset Action Plan adopted the label “anonymity-enhancing technologies,” rather the commonly used “privacy-enhancing technologies.”[23] This focus on “anonymity” rather than “privacy” directs attention away from the tension among important policy objectives set out in Executive Order 14067. The importance of privacy and the aim to strengthen it (while also countering illicit activities) is mentioned 10 times in the Executive Order. Anonymity is not mentioned.

The Action Plan itself also refers to the goal of strengthening privacy several times. It is notable, however, that Priority Action 5 (“Holding Accountable Cybercriminals and Other Illicit Actors”) does not. It is in this section that the Action Plan singles out “mixing services” as an area of “primary concern.” Treasury’s recent enforcement actions—notably the branding of Tornado Cash as a “notorious (…) mixer”[24]—suggest that the term “mixing services” is meant to refer to some of the popular privacy-enhancing technologies upon which both law-abiding Americans and foreign nationals alike have been relying.

In other words, rather than balancing the goals of strengthening privacy and mitigating illicit finance, as set out in the Executive Order, Priority Action 5 suggests a near-exclusive exclusive focus on the latter.[25] Furthermore, it is hard to avoid the impression that, in a further departure from the Executive Order, the Action Plan treats strengthening privacy as chiefly a research concern (and thus assigns it primarily to the National Science Foundation) and not an issue to be given considerable weight in law-enforcement or national-security missions.

A.   Recommendation: ‘additional steps the U.S. government should consider to address the illicit finance risks related to mixers and other anonymity-enhancing technologies’ (RFC question B7)

Given the value of both preserving and strengthening financial privacy, as well as the pragmatic concern that the largest public blockchains are moving in the direction of greater privacy, we suggest that a more constructive law-enforcement approach is needed with respect to the already-deployed privacy-enhancing technologies. This approach could include reversing the designation of Tornado Cash, combined with offering guidance for money transmitters and financial institutions on how to approach transactions with tools like Tornado Cash in a responsible manner. These guidelines could rely, among other mechanisms, on selective-disclosure functionalities built into privacy-enhancing tools.


[1] Ensuring Responsible Development of Digital Assets; Request for Comment, TREAS-DO-2022-0018-0001, 87 FR 57556, U.S. Dep’t of the Treasury (Sep. 20, 2022), https://www.federalregister.gov/d/2022-20279.

[2] Executive Order on Ensuring Responsible Development of Digital Assets, White House (Mar. 9, 2022), https://www.whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets (hereinafter, “Executive Order”).

[3] Mikolaj Barczentewicz, Base Layer Regulation, Regulation of Crypto-Finance, https://cryptofinreg.org/projects/base-layer-regulation. Some operators (e.g., Infura) act both as infrastructural network participants in their own right (e.g., as node operators) and also offer services to infrastructural participants.

[4] Id.

[5] Amit Zavery & James Tromans, Introducing Blockchain Node Engine: Fully Managed Node-Hosting for Web3 Development, Google Cloud (Oct. 27, 2022), https://cloud.google.com/blog/products/infrastructure-modernization/introducing-blockchain-node-engine.

[6] U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash, U.S. Dep’t of the Treasury (Aug. 8, 2022), https://home.treasury.gov/news/press-releases/jy0916.

[7] @ElBarto_Crypto, Twitter (Aug. 13, 2022, 8:21 AM), https://twitter.com/ElBarto_Crypto/status/1558428428763815942 (“[W]hile only 0.03% of addresses received ETH from tornado cash, almost half the entire ETH network is only two hops from a tornado cash receiver.”).

[8] All but one designated Ethereum addresses deployed by Tornado Cash represent smart contracts, but the SDN list also includes Ethereum addresses that do not represent smart contracts, which are associated with other sanctioned entities.

[9] For an argument that it is not illegal, see Rodrigo Seira, Amy Aixi Zhang, & Dan Robinson, Base Layer Neutrality: Sanctions and Censorship Implications for Blockchain Infrastructure, Paradigm (Sep. 8, 2022), https://www.paradigm.xyz/2022/09/base-layer-neutrality.

[10] Mikolaj Barczentewicz & Anton Wahrstätter, How Transparent Is Ethereum and What Could This Mean for Regulation?,  Regulation of Crypto-Finance, https://cryptofinreg.org/projects/public-data-supervision.

[11] Mikolaj Barczentewicz & Alexander F. Sarch, Shedding Light in the Dark Forest: A Theory of Liability for Cryptocurrency “MEV” Sandwich Attacks, available at SSRN (Oct. 5, 2022), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4187752.

[12] Autonomous smart contracts that do not rely on off-chain cooperation and also are not controlled are not part of the application layer, as we understand it here. From the perspective of asserting legal control, they are functionally part of the base layer (e.g., to “remove” such a smart contract from the blockchain, it would require the cooperation of an overwhelming majority of validators). Also, strictly speaking, end users may also interact with some base-layer participants, e.g., by submitting transactions directly to a node’s remote-procedure-calls (RPC) interface.

[13] See also Miles Jennings, Regulate Web3 Apps, Not Protocols, a16z (Sep. 29, 2022), https://a16zcrypto.com/web3-regulation-apps-not-protocols.

[14] Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies, Financial Crimes Enforcement Network (May 9, 2019), https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models.

[15] There has been some controversy regarding the legality of sanctioning the autonomous smart contracts deployed by Tornado Cash. See Paul Grewal, Sanctions Should Target Bad Actors. Not Technology., Coinbase (Sep. 8, 2022), https://www.coinbase.com/blog/sanctions-should-target-bad-actors-not-technology; Jerry Brito & Peter Van Valkenburgh, Coin Center Is Suing OFAC Over Its Tornado Cash Sanction, Coincenter (Oct. 12, 2022), https://www.coincenter.org/coin-center-is-suing-ofac-over-its-tornado-cash-sanction; Steve Engel & Brian Kulp, OFAC Cannot Shut Down Open-Source Software, Dechert LLP (Oct. 18, 2022), https://ipfs.io/ipfs/QmTC9q5yidSWoM2HZwyTwB3VbQLVbG5cpDSBTaLP8voYNX.

[16] Executive Order, supra note 3, at Sec. 1; On cryptocurrencies’ promise for financial inclusion, including in situations especially needing privacy (e.g., domestic violence, authoritarian regimes), see, e.g., Alex Gladstein, Finding Financial Freedom in Afghanistan, Bitcoin Magazine (Aug. 26, 2021), https://bitcoinmagazine.com/culture/bitcoin-financial-freedom-in-afghanistan; Charlene Fadirepo, Why Bitcoin Is a Tool for Social Justice, CoinDesk (Feb. 17, 2022), https://www.coindesk.com/layer2/2022/02/16/why-bitcoin-is-a-tool-for-social-justice; How Cryptocurrency Meets Residents’ Economic Needs in Sub-Saharan Africa, Chainanalysis (Sep. 29, 2022), https://blog.chainalysis.com/reports/sub-saharan-africa-cryptocurrency-geography-report-2022-preview.

[17] See, e.g., Andy Greenberg, Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site, Wired (Apr. 7, 2022), https://www.wired.com/story/tracers-in-the-dark-welcome-to-video-crypto-anonymity-myth.

[18] For an explanation of Tornado Cash’s functionality, see Alex Wade, Michael Lewellen, & Peter Van Valkenburgh, How Does Tornado Cash Work?, Coincenter (Aug. 25, 2022) https://www.coincenter.org/education/advanced-topics/how-does-tornado-cash-work.

[19] See also Peter Van Valkenburgh, Open Matters: Why Permissionless Blockchains Are Essential to the Future of the Internet, Coincenter (December 2016) https://www.coincenter.org/open-matters-why-permissionless-blockchains-are-essential-to-the-future-of-the-internet.

[20] Zooko Wilcox & Paige Peterson, The Encrypted Memo Field, Electric Coin Co. (Dec. 5, 2016), https://electriccoin.co/blog/encrypted-memo-field; View Key, Moneropedia, https://www.getmonero.org/resources/moneropedia/viewkey.html; Wade, Lewellen, & Van Valkenburgh, supra note 18.

[21] Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity, Chainanalysis (Jan. 6, 2022), https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction.

[22] Action Plan to Address Illicit Financing Risks of Digital Assets, U.S. Dep’t of the Treasury (Sep. 20, 2022), https://home.treasury.gov/system/files/136/Digital-Asset-Action-Plan.pdf.

[23] A query for “anonymity-enhancing technologies” in the Google Scholar database returns about 40 results, while a query for “privacy-enhancing technologies” returns more than 30,000 results. See https://scholar.google.com/scholar?q=%22anonymity-enhancing+technologies%22 (accessed Oct. 28, 2022); https://scholar.google.com/scholar?q=%22privacy-enhancing+technologies%22 (accessed Oct. 28, 2022).

[24] U.S. Department of the Treasury, supra note 6.

[25] U.S. Department of the Treasury, supra note 22.

Continue reading
Data Security & Privacy

A webinar briefing on the Credit Card Competition Act

Senators Richard Durbin (D-Ill.) and Roger Marshall (R-Kan.) recently introduced the Credit Card Competition Act, which would effectively enable merchants to route credit card transactions . . .

Senators Richard Durbin (D-Ill.) and Roger Marshall (R-Kan.) recently introduced the Credit Card Competition Act, which would effectively enable merchants to route credit card transactions over a network other than the main one affiliated with the card. The sponsors say that this will increase “competition” and reduce costs for merchants, who will pass on the savings to consumers.

But are Durbin and Marshall being overly optimistic? Have they perhaps missed some predictable but unintended consequences that might cause their act to harm rather than help consumers?

We hope you will join our esteemed colleagues Julian Morris and Todd Zywicki for a timely discussion of this proposed legislation.

Continue reading
Financial Regulation & Corporate Governance