What are you looking for?

Showing 9 of 92 Results in Payments & Payment Networks

UK Payment System Regulator Market Reviews: Initial Concerns

ICLE Issue Brief Introduction The UK Payment System Regulator (PSR) is currently in the process of conducting two market reviews related to card payments. One of the two . . .


The UK Payment System Regulator (PSR) is currently in the process of conducting two market reviews related to card payments. One of the two regards consumer cross-border interchange fees between the United Kingdom and the European Economic Area (EEA),[1] while the other relates to card scheme and processing fees.[2] This brief raises some initial concerns regarding the two reviews.

The most significant concern these market reviews raise is the implied “market” under investigation. By focusing narrowly on two very specific aspects of the overall payment system, the reviews almost by definition rule out a full analysis of the ecosystem. This is most unfortunate. Decades of research shows categorically that payment systems are highly complex multi-sided markets that have evolved over many decades—and continue to evolve—into a delicately balanced, technologically advanced ecosystem.

Payment systems and the thousands of banks that interoperate over them have invested tens of billions of dollars into their development. These investments, and associated innovations in technologies and the rules governing the systems, have been driven by a decades-long process of dynamic competition. That process has involved not only the main payment-system operators, but also many other businesses involved in payments processing. As a result, billions of consumers are now able to use payment cards and millions of merchants accept them. The system’s economic benefits unquestionably far outweigh the costs.

While it is always possible to conceive of models against which extant payment systems may appear “imperfect,” that does not necessarily mean there is any “market failure”; models are not reality. By considering only very narrow questions relating to specific aspects of the operations of payment systems, the PSR is likely to make inappropriate conclusions.

This brief begins with a description of some of the primary benefits that payment-card systems deliver. Section II offers a description of the economics of payment systems. Section III discusses some common misconceptions regarding payment systems, which have arisen due to misunderstanding the economics that underpins them and failing to appreciate the history and nature of the dynamic competition that explains the existing market structure. Section IV considers the market reviews in the context of the PSR’s overall remit. Section V draws some conclusions.

I. The Benefits of Payment-Card Systems

The PSR acknowledges that payment cards “are critical to the smooth running of the UK economy as they enable people to pay for their purchases and merchants to accept payments for goods and services.”[3] But it is worth spelling out why payment cards are so critical. In no small part, this comes down to the numerous inherent advantages that payment cards and their associated systems have over other types of payment, such as cash and checks. These include: [4]

  • They enable consumers to spend more than they have in their wallet at the time of the purchase, which in turn reduces the amount of cash that they need to withdraw from the bank.
  • Credit cards enable consumers to spend more than they have in their bank accounts at the time of the purchase. Because credit-card issuers typically charge no interest if the statement balance is paid by the due date (usually a month after issuance), cardholders are able to smooth their consumption patterns at much lower cost than if they were required to hold cash in their account or use an overdraft facility.
  • By increasing the ability of consumers to spend, payment cards benefit merchants, who sell more goods and services.
  • Merchants also benefit from reduced costs associated with handling cash, including the need for float and the risk of theft.

Payment cards have been essential to the development of e-commerce and were literally a lifeline during the COVID-19 pandemic, both for consumers and for businesses (especially smaller businesses), when millions of people were unable to leave their homes and primarily purchased essential goods through online merchants.

Figure I: Use of Cash in the UK Since COVID-19


Despite these benefits, merchants have for decades complained about the prohibitive cost of processing card transactions. As explained below, these complaints reflect a misunderstanding of the nature and benefits of card-payment systems.

II.      The Economics of Payment Systems

A proper economic assessment of any payment system must account for the fact that both merchants and consumers must perceive benefits for such systems to be successful.  If too few merchants accept a particular form of payment, consumers will have little reason to possess it and issuers will have little incentive to issue it. Likewise, if too few consumers possess a form of payment, merchants will have little reason to accept it.

Conceptually, economists describe such situations as “two-sided markets”: consumers are on one side, merchants on the other, and the payment system acts as the platform facilitating interactions between them.7F[6] Other examples of two-sided markets include newspapers, shopping malls, social-networking sites, and search engines.

The challenge for any two-sided market platform is to attract and retain sufficient participants on one side of the market to persuade participants on the other side to adopt and stay on the platform, thereby making the system self-sustaining and maximising the joint net benefits of the platform to all participants.8F[7] To achieve this, platforms must allocate the costs and benefits of the system among the various parties, which is typically done by charging different fees to the different sets of participants on each side of the market in such a way as to create an equitable and efficient balancing.9F[8] Often this means that participants on one side will pay a larger share of the overall costs than participants on the other side.

Take newspapers, which as noted are a classic example of a two-sided market, with consumers on one side, advertisers on the other, and the newspaper acting as the platform in the middle. In essence, advertisers seek to target their adverts to specific consumers, while consumers are mainly interested in reading news, opinions, and other content. A newspaper thus provides content that appeals to consumers so that they read the paper. By attracting readers who might also view advertisements, the newspaper is able to sell advertisements, which help to cover the costs of producing and distributing the newspaper.

In the case of payment-card systems, the larger the number of holders of cards from a particular system (e.g., Visa, Mastercard, or American Express), the larger will be the number of merchants willing to accept cards on that system. Meanwhile, the larger the number of merchants that accept cards on a particular system, the larger will be the number of consumers who wish to hold cards on that system.

Maintaining such a system is challenging and expensive. In no small part, this is because payments are subject to counterparty risks—in particular, risks of default (non-payment), fraud, and theft. This problem so bedevilled early payment cards that many floundered within a few years.[9] The systems that succeeded did so because they figured out how to encourage adoption by both sides of the market and to limit counterparty risk. This entailed the introduction of effective security systems, setting appropriate liability rules, and charging fees that covered all the costs of operating the system. Perhaps most importantly, the systems that flourished were those that realised merchants had stronger incentives than consumers to bear the costs of the system, due to the significant benefits they receive, and introduced fee structures that reflected those incentives.

In three-party card systems, the merchants’ transaction fee is charged directly by the system operator. In four-party systems, merchants pay acquirers a “merchant service charge” (MSC), which includes the acquirer’s processing costs and the “interchange fee.” The default interchange fee is a charge made by the system operator that is paid to the issuer (in the form of a deduction from the amount sent by the issuer to the acquirer when settling the transaction).[10] In addition, the system operator charges fees to both acquirers and issuers, called “scheme” and “processing” fees, that cover the system costs. Figure II, which is taken from the PSR, provides a simplified schematic of the four-party card system. In practice, there are often other parties involved, including payment gateways and payment processors.[11]

Figure II: Simplified Schematic of Four-Party Card Payment System


As discussed below, the various three- and four-party payment systems have been engaged in a decades-long process of dynamic competition in which each has sought—and continues to seek—to discover how to maximise value to their merchants and consumers. Card-payment systems also compete with other payment methods, including legacy methods such as cash and cheques, as well as the many methods that have emerged more recently, such as online transfers of various kinds. This has involved considerable investment in innovative products, including more effective ways to encourage participation, as well as the identification and prevention of fraud and theft.

Payment-card systems seek to optimise interchange fees to maximise the benefits of the system to participants on both sides of the market. Revenue from these fees thus covers a wide range of things, including: system operations, card issuance, customer service, fraud prevention and resolution, rewards, fraud-protection cover, and car-rental insurance (where these are offered). Moreover, these services are today often offered for free to cardholders (no annual fee) or even at a negative price, such as when rewards are provided. Finance charges on revolving balances also generate substantial revenue, much of which covers the costs of underwriting, servicing, and charge-offs on credit balances.

Similarly, many banks provide free current accounts to those who maintain positive balances (and in some cases even fee-free overdraft facilities up to a limit). The costs of such accounts are covered by other charges, including debit-card interchange fees.

III.    Misunderstanding the Economics of Payment Systems

While it may seem iniquitous for a platform to charge one side of the market more than the other, it is often efficient and ultimately socially beneficial.[13] In the case of payment systems, if the operator sets the price too high for some consumers, they will be unwilling to use the platform; similarly, if the operator sets the price too high for some merchants, they will not be willing to use the platform.

Since one side of the market is typically more price sensitive than the other side, joint net benefits are maximised when participants on the less price-sensitive side of the market incur a greater proportion of the system costs. This enables overall greater participation in the system, thereby achieving greater economies of scale. In the case of card-payment systems, the relatively large benefits merchants receive from accepting cards makes them less price sensitive than consumers, so it makes sense for them to pay a larger share of the transaction fees. This was true even when cards were a tiny fraction of payments and there were few, if any, competing cards for consumers to choose among. This demonstrates that it is not due to any perception among merchants that they lack choice.

The ineluctable benefits of such cross-market subsidies have, unfortunately, often been misconstrued as harmful by regulators, especially in markets where there are few competitors. In many cases, what seems to have happened is that the economies of scale entailed in the development and maintenance of certain systems has meant that only a small number of competing firms can operate efficiently. Regulators typically assume axiomatically, however, that the largest firms in markets with only a small number of competitors have a dominant position that has been created and is reinforced by those firms’ anticompetitive conduct. They thus automatically view all such conduct with suspicion.

Globally, there are many card-payment systems, although most of these operate only at a national level.[14] In the UK, as the PSR notes, two payment systems, Mastercard and Visa, represent the vast majority of consumer-debit and credit-card transactions.[15] But as the history shows, these large market shares were acquired through the development of technologies and rules that limited fraud and other counterparty risk, as well as by improving the efficiency and efficacy of payments, thereby creating enormous benefits to both consumers and merchants. While all markets are imperfect when compared to theoretical models of “perfect competition,” there is simply no evidence of “market failure” that might justify regulatory intervention.

It is also worth noting that, while card payments represent a large proportion of retail payments in the UK, they represent a relatively small fraction of all payments. Table 1 shows the value of payments made using various non-cash methods over the year from November 2021 to October 2022. This excludes higher-value payments settled directly over CHAPS, which accounted for more than £90 trillion in value.[16] As can be seen, the vast majority of payments were made over BACS and the Faster Payments systems, while cards (debit and credit) accounted for only about 11 per cent.

Table 1: Transaction Values of Selected UK Payments Systems, November 2021-October 2022

SOURCES: PayUK[17] and UK Finance[18]

A.      A Brief History of Payment-Card Systems

While merchant-specific charge cards had existed since the early 20th Century, the first multi-merchant payment-card systems in the United States were Diners Club and American Express. These were and in most cases are three-party cards; that is, they operate a closed ecosystem in which they have direct relationships with both merchants and cardholders (Amex now also acts as a third-party provider).[19]

Diners Club began in 1950 as a limited-purpose card that could be used at restaurants.[20] Starting with restaurants in New York City, the card gradually expanded to other cities and other hospitality services before becoming fully multipurpose. In 1953, Diners Club became the first international payment card, with acceptance in the UK, Canada, Cuba, and Mexico. International expansion continued gradually and, by 1967, Diners Club had a presence in 130 countries.

The American Express Card started as an alternative to Travellers’ Cheques, which were an already-popular payment product.[21] From an initial presence in the United States and Canada, American Express expanded its card issuance internationally in 1972.

While numerous banks experimented with their own credit cards, the first truly successful such card venture was BankAmericard, which began in 1958.[22] Initially a three-party card operated exclusively by Bank of America, in 1966, Bank of America began issuing licenses to other banks.[23] In 1970, National BankAmericard became a separate company owned by its member banks and, in 1976, it was rebranded as Visa.[24]

The precursors to Mastercard were regional associations of U.S. banks that had developed in response to restrictions on branch banking in 15 states, which meant that banks could only operate as individual units.[25] In 1966, several of these regional associations formed the Interbank Card Association (ICA), which established the authorisation, clearing, and settlement rules for all the banks in the ICA.[26] In 1969, ICA rebranded its cards as Interbank: the Master Charge card and, in 1979, the ICA became MasterCard.

The history of credit cards in the UK is similar. Finders Services was the first payment-card operator in the nation, launching its charge card here in 1951.[27] In 1962, Finders Services merged with Diners Club, becoming the UK’s first international payment card.[28] Amex followed in 1963.[29] Then, in 1966, Barclays became the first international licensee of BankAmericard, initially launching the Barclaycard as a charge card.[30] The following year, the Bank of England issued the first license to operate a credit card to Barclays and Barclaycard became the UK’s first credit card.[31] Barclaycard became a founding member of International BankAmericard Inc (IBANCO) when that was formed in 1974.[32] In 1977, IBANCO was rebranded Visa.[33] From 1981, Visa International was reorganised into five semi-autonomous international divisions, with their own boards and operational regulations, but subject to framework rules set at headquarters.[34]

The history of Mastercard in the UK is intertwined with Eurocard, which was founded in 1964 in Sweden and moved its corporate base to Belgium in 1965, from where it operated a pan-European not-for-profit association of card-issuing banks.[35] In 1968, Eurocard and the Interbank Card Association formed a strategic alliance. In 1971, Lloyds Bank, Midland Bank, National Westminster Bank, and (slightly later) Royal Bank of Scotland/Williams and Glyn formed a joint venture, the Joint Credit Card Company (JCCC), which launched the Access credit card in 1972.[36] In 1973, Access purchased a 15% share of Eurocard and, the following year, joined the Interbank Card Association.[37] In 1992, MasterCard merged with Europay International (which itself was a merger of Eurocard and Eurocheque).[38] In 1996, MasterCard purchased Access.[39]

B.      Dynamic Competition in Payment Systems

This brief history of the evolution of payment-card systems over the past 70 years shows how those systems gradually expanded. Underpinning that expansion was a process of dynamic competition, with payment networks continuously innovating ways to increase their security, scale, and efficiency. Among the major technological innovations have been:

  • The plastic card (previously, cards had used card stock).
  • Electronic systems for authentication, clearing, and settling transactions.
  • The magnetic stripe (magstripe) and associated data standards, which enabled more secure authentication.
  • The personal identification number (PIN), which was initially developed to enable the use of cards to withdraw cash directly from bank accounts using cash machines.
  • The EMV Chip—developed by a consortium of card networks that initially comprised Eurocard, MasterCard and Visa (EMVCo)—stores card information using public-key encryption technology and sends a one-time token to the POS machine. EMV chips are more difficult to “skim” than magstripes and, because the card number is not shared with the POS machine, dramatically reduce the potential for hackers to steal and use stored card information from merchants.
  • Contactless Tokens (cEMV), which are similar to the tokens produced by EMV Chips and enable similar protections for contactless transactions, whether using a card or a mobile phone.
  • Address verification (AVS), which is mainly used during card-not-present (CNP) transactions, such as telephone and online sales.
  • The card verification code (CVC/CVV), which is a three- or four-digit number unique to the card that is not held in merchant databases, and which is also primarily used during CNP transactions.
  • Two-factor authentication (2FA) entails the use of at least two independent proofs that the card user is legitimate, such as the CVV and a one-time password. 2FA is most commonly used for CNP transactions but is also sometimes used as a second line of defense for point-of-sale (POS) transactions identified as unusual.
  • Machine-learning-based systems that identify potentially fraudulent transactions by comparing transactions in real time with cardholders’ spending patterns, enabling issuers to block transactions.
  • 3D-Secure (3DS), which is an authentication system developed by EMVCo primarily for online transactions. It is a two-stage process: stage one involves using the information sent in the first (authorization) message to check against a cardholder’s profile; if the proposed payment fits the profile, it is permitted, and if not, then the cardholder is asked to complete 2FA on the transaction.[40]

We are now so used to making payments with cards that it is difficult to imagine just how important these innovations have been, let alone the scale of investment that went into them (and the many others, including those that were rejected or discarded). With that in mind, it is worth noting the dramatic impact of the introduction of one of the more recent innovations: contactless cEMV tokens. Over the past decade, these have facilitated a veritable revolution in contactless payments made using cards and cell phones. As Figure III shows, the number of contactless payments in the UK grew from almost nothing to more 1.2 billion by the end of 2021, representing about half of all card-payment-system transactions.

Figure III: Number of Contactless Payment Transactions, UK, 2015-2021 (Millions)

SOURCE: Statista[41]

Contactless payments dramatically reduce the time needed to complete a transaction at checkout, relative to cash or chip and PIN, with clear benefits for both merchants and consumers.[42] During the COVID pandemic, the ability to transact without touching a terminal or signing a payment-authorization slip also reduced the cost and difficulty of complying with rules intended to limit exposure through contact.[43] In addition, cEMV has gradually been integrated into public-transport systems, enabling riders on buses and trains in London, and increasingly across the UK, to use their payment card or mobile phone to tap in and out, eliminating the need for cash or additional transactions.[44]

There have also been many important innovations in incentive systems, the most notable being:

  • Merchant liability for non-authenticated fraudulent transactions above a certain minimum amount, which incentivises merchants to undertake authentication.
  • Prohibiting merchants who accept cards from a payment system from discriminating against that system by imposing surcharges on payments made using that system.
  • Guaranteeing zero liability for card users who have been subject to fraud on certain conditions (such as that the card user has notified the issuer that their card has been stolen).
  • Various forms of insurance, including purchase protection, return protection, extended warranty protection, cell-phone protection, price protection, rental-car liability protection, and travel insurance.
  • Rewards, including cashback and merchant-specific rewards (often on co-branded cards)

By offering these incentives, card issuers encourage adoption and use by cardholders. In addition, merchant-specific rewards encourage loyalty to that merchant. And, importantly, these incentives and technological innovations have been made possible by the system of fees, including most notably the interchange fee but also the scheme fees, processing fees, and acquiring fees.

Furthermore, there have been important business-model innovations over time that have improved the scale efficiency, responsiveness, and effectiveness of the systems. As noted, Visa and Mastercard initially deployed quite different ownership and management models. BankAmericard initially adopted a franchise model and then, from 1970, National BankAmericard/Visa operated as a joint-venture company, thereby overcoming conflicts of interest that arose from one bank acting as an issuer and an acquirer, while also setting the rules of the system for other issuers and acquirers.[45] By contrast, Mastercard and Eurocard both began as non-profit associations, which enabled them rapidly to scale, including by absorbing Access (which until then had operated as a profit-sharing joint venture), but this resulted in management challenges. The merger of Mastercard and Europay International in 1992 addressed some of those problems by creating a more streamlined structure and a more coherent global brand. Then, in 2006, MasterCard reorganised as a for-profit company and listed on the New York Stock Exchange through an initial public offering, enabling more centralised decision-making. In 2008, Visa also listed on the NYSE.

In short, the two largest global-payment systems emerged, survived, and thrived first and foremost by identifying and implementing superior solutions to the challenges of building and maintaining payment systems locally, nationally, regionally, and eventually, globally.

The large market share of these two firms operating at a global level is clearly not a consequence of some pre-existing market structure. On the contrary, the structure of the market for payments is a consequence of dynamic competition in technology, incentives, and business models.

C.      The Ongoing Process of Dynamic Competition

This dynamic competition continues, with innovative technologies and new global players emerging and deploying different business models. For example, PayPal offers users the ability to pay for services and goods purchased online and provides them with some of the same protections offered by credit cards, such as fraud monitoring and purchase protection.[46] PayPal operates a dual model in which users may fund payments either using their payment card or by making an ACH transfer to their PayPal account.[47] PayPal also offers users the ability to “buy-now-pay-later” (BNPL) at some merchants, with options either to make four bi-weekly payments with zero interest, or to spread the payment over a longer period (6, 12, 18, or 24 months), paying an interest rate that currently ranges from 0% to 29.99%, depending on the user’s credit score.[48]

In the past decade, several standalone BNPLs have entered the market, including Afterpay, Affirm, Flexpay, Klarna, Sezzle, Splitit, and Zip.[49] In 2021, merchant-payment-gateway provider Square purchased Afterpay, enabling the use of BNPL for in-store purchases in the United States.[50] In the UK, Square has partnered with BNPL provider ClearPay, enabling it to provide a similar offering.[51] Meanwhile, Stripe, another gateway provider, has partnered with several BNPL companies, enabling it to make similar offerings in several countries, including the UK.[52]

When offering zero-interest payment solutions to consumers, BNPLs typically charge the retailer a transaction fee of between 2% and 8%, depending on the consumer’s credit score and the type of merchant.[53] In the United States, Square/Afterpay charges the purchaser a standard rate of 6% plus a transaction fee of 30c.[54] By contrast, when offering longer-term payment solutions, the merchant pays a transaction fee and the consumer pays the interest.[55]

In addition to consumer-oriented BNPLs, there are business-to-business BNPLs. For example, in the UK, Funding Circle’s Flexipay (not to be confused with Flexpay or Payflex, a South African BNPL) offers loans of between £2,000 and £250,000, with the ability to spread payments over three months at an interest rate of 3% (as of the time of writing).[56]

Another example is real-time payments (RTP) systems, such as the UK’s Faster Payment System, which enable users to make near-instant peer-to-peer payments online and using mobile apps.[57] RTP systems typically do not replicate the fraud-protection and other counter-party risk offerings of traditional payment cards, nor do they enable consumers to defer payment, so they are likely less attractive than payment cards for making payments to merchants—especially when those merchants are unfamiliar and/or the size of the payment is large.[58] While the UK’s Confirmation of Payee system has somewhat reduced problems—such as, as the PSR notes,[59] automated push payment (APP) fraud—APP fraud remains very high, leading the PSR to propose that payment-service providers (PSPs) guarantee refunds for fraudulent payments in excess of £100.[60] Such a requirement would impose considerable additional costs on PSPs. By effectively transferring a considerable proportion of liability to those PSPs, it also would reduce payors’ incentives to undertake due diligence on payees. This, in turn, might lead PSPs to introduce more extensive screening of payments, which could well lead to overinclusive restrictions that harm smaller, less well-known but nonetheless legitimate payees.

At the same time, card issuers and payment systems continue to invest in improved methods for verifying the identity of persons making transactions, including most notably the development and deployment of a range of biometric technologies.[61] Meanwhile, many payment-card issuers are partnering with BNPL operators to provide alternative payment options for cardholders.[62]

IV.    The Market Reviews in the Context of the PSR’s Remit

Unfortunately, there is no evidence that the PSR intends to investigate the broader market for payments in the UK, of which payment cards represent only about 11%.[63] Instead, it has proposed to undertake two discrete reviews of very specific and narrow aspects of payments card systems’ operations, seemingly without any intention to consider the implications on the wider ecosystem. This seems doomed to draw inappropriate conclusions.

This section outlines the PSR’s remit and then discusses the two market reviews in the context of that remit, taking into consideration the foregoing discussion of the nature of payment systems and the dynamic competition that has driven their evolution.

A.      The PSR’s Remit

Section 49 of the Financial Services (Banking Reform) Act 2013 (FSBRA) states that “In discharging its general functions relating to payment systems the Payment Systems Regulator must, so far as is reasonably possible, act in a way which advances one or more of its payment systems objectives.”[64] It then lists three objectives: (a) the competition objective, (b) the innovation objective, and (c) the service-user objective, which are defined in the subsequent sections.[65]

Section 50 (1) of the FSBRA states that: “The competition objective is to promote effective competition in—(a) the market for payment systems, and (b) the markets for services provided by payment systems, in the interests of those who use, or are likely to use, services provided by payment systems.”

Section 50 (2) of the FSBRA states that: “The reference in subsection (1) to promoting effective competition includes, in particular, promoting effective competition— (a) between different operators of payment systems, (b) between different payment service providers, and (c) between different infrastructure providers.”

Section 50 (3) of the FSBRA states that:

The matters to which the Payment Systems Regulator may have regard in considering the effectiveness of competition in a market mentioned in subsection (1) include—

  • the needs of different persons who use, or may use, services provided by payment systems;

  • the ease with which persons who may wish to use those services can do so;

  • the ease with which persons who obtain those services can change the person from whom they obtain them;

  • the needs of different payment service providers or persons who wish to become payment service providers;

  • the ease with which payment service providers, or persons who wish to become payment service providers, can provide services using payment systems;

  • the ease with which payment service providers can change the payment system they use to provide their services;

  • the needs of different infrastructure providers or persons who wish to become infrastructure providers;

  • the ease with which infrastructure providers, or persons who wish to become infrastructure providers, can provide infrastructure for the purposes of operating payment systems;

  • the needs of different operators of payment systems;

  • the ease with which operators of payment systems can change the infrastructure used to operate the payment systems;

  • the level and structure of fees, charges or other costs associated with participation in payment systems;

  • the ease with which new entrants can enter the market;

  • how far competition is contributing to the development of efficient and effective infrastructure for the purposes of operating payment systems;

  • how far competition is encouraging innovation.

Section 51 (1) of the FSBRA states that: “The innovation objective is to promote the development of, and innovation in, payment systems in the interests of those who use, or are likely to use, services provided by payment systems, with a view to improving the quality, efficiency and economy of payment systems.” While Section 51 (2) states that: “The reference in subsection (1) to promoting the development of, and innovation in, payment systems includes, in particular, a reference to promoting the development of, and innovation in, infrastructure to be used for the purposes of operating payment systems.”

Section 52 of the FSBRA states that: “The service-user objective is to ensure that payment systems are operated and developed in a way that takes account of, and promotes, the interests of those who use, or are likely to use, services provided by payment systems.”

It is thus clear that, in principle, the PSR has a broad remit to investigate the functioning of payment systems. As such, it could undertake a broad review that considers the dynamic competition described earlier in this brief.

B.      The Market Reviews

Despite the PSR’s broad remit, it has chosen instead to undertake two very narrow market reviews. There is a grave danger that, in so doing, it will misconstrue the nature of the market for payments.

One is reminded of the rather wonderful 1986 “points of view” TV advertisement for The Guardian newspaper.[66] The ad began with a brief clip, from one angle, of a skinhead apparently running away from something. This was followed by a clip of the skinhead from another angle which shows him apparently trying to steal a besuited gentleman’s briefcase. Then, finally, we were shown an aerial view in which one can see that the skinhead is actually trying to save the other man from being crushed by a pallet of falling bricks. The point being that, if a policeman or other bystander had intervened to stop the skinhead on the presumption that he had committed or was about to commit a crime, based on seeing the situation only from the perspective of the first or second clips, the man in the suit might well have died or been grievously injured. As the advert notes at the end, “It’s only when you get the whole picture you can fully understand what’s going on.”

1.        Market review of UK-EEA cross-border interchange fees

In the case of the market review of UK-EEA consumer cross-border interchange fees, the PSR states:

We want to understand the rationale for and the impact of the rises in CNP IF levels for UK-EEA consumer debit and credit CNP transactions. We are concerned that the ability of Mastercard and Visa to increase these fees is an indication that there are market(s) which are not working well and may not support our statutory competition, innovation or service-user objectives.[67]

Here, the PSR seems to have assumed that an increase in prices is prima facie evidence of market failure. But a mere rise in prices does not provide such evidence. The fact is that, following the introduction of the IFR and prior to Brexit, the IFs were set by the EU, not by the market. Since then, domestic rates have been regulated at the same levels,[68] making it more likely that those IFs were (and, within the EEA, still are) not set at a level that reflects an optimal balance for the payments ecosystem.

Where prices for CNP IFs are set by market participants, they are generally higher than for card-present transactions. This is a straightforward consequence of the higher risks of fraud associated with CNP transactions.[69] Meanwhile, in markets where IFs for international transactions are set by market participants, those IFs include a premium to cover additional costs associated with operating the international system, as well as the higher counterparty risks (fraud and default) associated with such transactions. This leads to two conclusions:

  1. The appropriate prima facie assumption of the PSR, in response to the increase in IFRs for UK-EEA CNP transactions, should have been that it is a sign that the market is working well—e., the very opposite of the assumption that the PSR seems to have made.
  2. To investigate the appropriateness or otherwise of any IFR, it is necessary to understand fully the market in which it is being applied. In this case, the market is the entire global payments system, since UK-EEU transactions are but a tiny fraction of that system, which as discussed above has evolved over decades. At the very least, it entails a full analysis of both CNP and UK-EEA payments systems, not merely the narrow aspect of (and costs associated with) UK-EEA interchange fees.

2.        Market review of card scheme and processing fees.

In the case of the market review of cards’ scheme and processing fees, the PSR states:

We found that scheme and processing fees (which we referred to as ‘scheme fees’ in the market review) paid by acquirers increased significantly over the period 2014 to 2018 as shown in Figure 1.5 We also found that a substantial proportion of these increases are not explained by changes in the volume, value or mix of transactions.[70]

The PSR has decided emphatically to focus narrowly on how Mastercard and Visa set scheme and processing fees:

We will assess the factors that may influence and constrain how Mastercard and Visa set scheme and processing fees, and the impact of this. Such factors may include:

  • The extent of any barriers to entry or network effects involved in setting up and running card payment systems, which alone or in combination may mean that Mastercard and Visa face limited constraints when it comes to setting scheme and processing fees.

  • Whether Mastercard and Visa have a ‘must take’ status for merchants, which may mean that Mastercard and Visa face limited constraints from the ability of merchants (and their acquirers) to exercise choice about their acceptance when setting acquirer scheme and processing fees.[71]

Meanwhile, the PSR has already ruled out any consideration of the wider payments ecosystem, noting:

A number of comments in the consultation asked us to consider extending the market review to charges levied by other participants in the payments ecosystem (other card schemes, and other payment methods, including digital wallets). We agree that constraints from other participants and other payment methods could play an important role in Mastercard’s and Visa’s decisions about card scheme and processing fees. The scope of the market review we proposed in our draft ToR, however, would assess competitive constraints that may arise from other participants than Visa and Mastercard, to the extent this applies. We, therefore, do not think that it is necessary to extend the scope of the market review; and so, our market review will focus on card scheme and processing fees.[72]

This is troubling because, as discussed above, the payment systems in the UK and globally have evolved over many decades in such a way as to balance the two sides of the market: merchants on one side and consumers on the other. The fees charged by payment systems reflect this balance, not only within the card-payments ecosystem but also within the wider payments ecosystem of which card payments are only a relatively small part—about 11% in the UK.[73] Moreover, the scheme fees that appear to be a specific focus of the market review are only a small part of the total fees paid during a transaction. Visa offers the following example: when a consumer purchases a jumper for £30 at a small retailer using a Visa card, the MSC would be around £0.63, of which the scheme fee would be about £0.01.[74] So, the question is: why is the PSR focusing on a fee that makes up only 1.6% of the transaction fee and only 0.03% of the total transaction amount?

By seeking to investigate only a subset of card fees and not all the fees—which would necessitate also considering the effects of any adjustments to such fees on related offerings (such as rewards and cobranded cards, insurance, security upgrades, and new payment modes), let alone the wider payments ecosystem)—the PSR precludes a proper analysis of whether the market is operating efficiently.

In sum, intentionally or otherwise, the statements made by the PSR with respect to the terms of reference (ToR) for both market reviews look very much like the regulator has already decided its conclusions and is now looking for evidence to support its case, while expressly avoiding evidence that might point to other conclusions. They are classic examples of asking the wrong question and therefore getting the wrong answer.

V.      Conclusions

Payment systems have developed through a process of dynamic competition that has led to the emergence of extraordinarily complex and finely balanced ecosystems featuring an increasingly wide array of innovative technologies, incentives, and business models. As such, it is a little odd that the PSR should have chosen to undertake several discrete and very narrow reviews, rather than a more comprehensive review.

If the PSR were to undertake a more comprehensive review of payments, which would be more consistent with its remit under the FSBR, it might extend that to the wider payments ecosystem, of which card payments are only a relatively small part—approximately 11% in the UK, if larger payments made over CHAPS are excluded.

Despite stating—in the final ToR for the market review of card schemes and processing fees—that it does not intend to extend the market review, it left a window open by stating: “We expect our thinking to develop over the course of the market review, including the possibility that further issues or areas of analysis are added (if they relate to potential harm to competition, innovation or service users) or some issues are dropped.”[75] One can only hope that such thinking extends to a fuller examination of the payments ecosystem. If the PSR were to adopt such an approach, it might also drop the even more absurdly narrow market review of UK-EEA consumer cross-border interchange fees, a fuller (proper) review of which would entail looking not only at payments in the UK, but also internationally.


[1] Market Review of UK-EEA Consumer Cross-Border Interchange Fees, Payment System Regulator (Jun. 21, 2022), https://www.psr.org.uk/publications/market-reviews/mr22-2-1-market-review-of-uk-eea-consumer-cross-border-interchange-fees.

[2] Market Review of Card Scheme and Processing Fees, Payment System Regulator (Jun. 21, 2022), https://www.psr.org.uk/publications/market-reviews/mr22-1-1-market-review-of-card-scheme-and-processing-fees.

[3] Id.

[4] Todd J. Zywicki, The Economics of Credit Cards, 3 Chap. L. Rev. 79, 7 (2000), available at https://digitalcommons.chapman.edu/chapman-law-review/vol3/iss1/6.

[5] Snapshot of Payments in the UK Over Time, Payment Systems Regulator (Jan. 2, 2022), available at https://www.psr.org.uk/media/20ob5wee/payments-over-time.pdf.


[6] William F. Baxter, Bank Interchange of Transactional Paper: Legal and Economic Perspectives, 26 J. L. & Econ. 541 (1983); Jean-Charles Rochet & Jean Tirole, Two-Sided Markets: A Progress Report, 37 Rand J. Econ. 645 (2006); see also, Todd J. Zywicki, The Economics of Payment Card Interchange Fees and the Limits of Regulation, International Center for Law & Economics, ICLE Financial Regulatory Program White Paper Series (Jun. 2, 2010), available at http://laweconcenter.org/images/articles/zywicki_interchange.pdf.

[7] Bruno Jullien, Alessandro Pavan, & Marc Rysman, Two-Sided Markets, Pricing, and Network Effects, 4 Handbook of Indus. Org. 485-592 (2021).

[8] Thomas Eisenmann, Geoffrey Parker, & Marshall W. Van Alstyne, Strategies for Two-Sided Markets, Harv. Bus. Rev. (Oct. 2006), https://hbr.org/2006/10/strategies-for-two-sided-markets.

[9] David L. Stearns, Think of it as Money: A History of the VISA Payment System, 1970–1984, PhD Thesis, University of Edinburgh, at 42–43; Timothy Wolters, Carry Your Credit in Your Pocket: The Early History of the Credit Card at Bank of America and Chase Manhattan, 1 Enterprise & Society 315, (2000).

[10] In some cases, the interchange fee is established bilaterally by agreement between issuers and acquirers. The default interchange fee applies when such agreements are not in place.

[11] See, e.g., UK Payment Processing Companies & Merchant Account Providers, MerchantSavvy, https://www.merchantsavvy.co.uk/payment-processors (last visited Feb. 22, 2023).

[12] PSR, supra note 1, at 13.

[13] Zywicki, supra note 6.

[14] For example, 10 EU members had a domestic card scheme in 2018: Card Payments in Europe- Current Landscape and Future Prospects, European Central Bank (Apr. 2019), https://www.ecb.europa.eu/paym/intro/mip-online/2019/html/1904_card_payments_europe.en.html.

[15] PSR, supra note 2, at 7.

[16] Payment and Settlement Statistics, Bank of England (Feb. 16, 2023), https://www.bankofengland.co.uk/payment-and-settlement/payment-and-settlement-statistics.

[17] BACS Monthly Volumes and Values 1990-2022, Pay.uk (2023), https://newseventsinsights.wearepay.uk/media/iyral1oo/historical-monthly-payment-statistics-1990-to-dec-2022.xls.

[18] Card Spending, UK Finance (Feb. 16, 2023), https://www.ukfinance.org.uk/data-and-research/data/card-spending.

[19] Emily Sherman & Holly Johnson, Understanding Third-Party American Express Cards, credicards.com (Mar. 30, 2022), https://www.creditcards.com/card-advice/american-express-third-party-cards.

[20] Diners Club History, Diners Club International, https://www.dinersclub.com/about-us/history (last visited Feb. 22, 2023).

[21] Who We Are, American Express, https://about.americanexpress.com/our-company/who-we-are/who-we-are/default.aspx (last visited Feb. 22, 2023).

[22] Stearns, supra note 9.

[23] Id.

[24] Id.

[25] Dave Ahern, The Amazing Story of Mastercard: History and Making Money, eB (Nov. 10, 2021), https://einvestingforbeginners.com/the-history-of-mastercard-daah/#:~:text=of%20America%2C%20ironically.-,How%20Did%20Mastercard%20Start%3F,became%20known%20globally%20as%20Visa.

[26] Brand History, Mastercard, https://brand.mastercard.com/brandcenter/more-about-our-brands/brand-history.html (last visited Feb. 22, 2023).

[27] 1963: American Express Comes to Britain, BBC, http://news.bbc.co.uk/onthisday/hi/dates/stories/september/10/newsid_3031000/3031968.stm (last visited Feb. 22, 2023).

[28] Id.

[29] Id.

[30] Stearns, supra note 9, at 120.

[31] BBC, supra note 27.

[32] Stearns, supra note 9, at 120.

[33] Id. at 131.

[34] Id. at 180.

[35] Eurocard (Credit Card), Wikipedia, https://en.wikipedia.org/wiki/Eurocard_(credit_card) (last visited Feb. 22, 2023).

[36] History 1966-72, Access, https://www.accesscreditcard.info/history66-72.aspx (last visited Feb. 22, 2023).

[37] History 1973-77, Access, https://www.accesscreditcard.info/history73-77.aspx (last visited Feb. 22, 2023).

[38] Paul Doocey, MasterCard and Europay Merge to Form a Global Payments Company, BankTech (Jul. 16, 2002), https://www.banktech.com/payments/mastercard-and-europay-merge-to-form-a-global-payments-company/d/d-id/1288945.html.

[39] Sean Brierley, Mastercard and UK Banks Strike 40m Access Deal, MarketingWeek (Apr. 19, 1996), https://www.marketingweek.com/mastercard-and-uk-banks-strike-40m-access-deal.

[40] EMV 3-D Secure, EMVCo, https://www.emvco.com/emv-technologies/3-d-secure (last visited Feb. 22, 2023).

[41] Raynor de Best, Total Number of In-Store Debit or Credit Card Payments that Are Contactless, or Done with NFC, in the United Kingdom (UK) from January 2015 to October 2021, Statista (Jan. 11, 2023), https://www.statista.com/statistics/488054/number-of-contactless-cards-transactions-united-kingdom.

[42] David Bounie & Youssouf Camara, Card-Sales Response to Merchant Contactless Payment Acceptance, 119 J. of Banking & Fin. 105938 (Oct. 2020), available at https://www.sciencedirect.com/science/article/abs/pii/S0378426620302004; Emma Marie Fleck & Michael E. Ozlanski, Cash: Never Leave Home with It? 17 The CASE J. 182–201 (2021), available at https://www.emerald.com/insight/content/doi/10.1108/TCJ-06-2019-0055/full/html.

[43] Adrian Buckle, The Impact of Covid-19 on UK Card Payments In 2020, UK Finance (Jun. 16, 2021), https://www.ukfinance.org.uk/news-and-insight/blogs/impact-covid-19-uk-card-payments-2020.

[44] UK’s First Major Rollout of CEMV Outside of London Commences in Oxfordshire, VIX Technology (Nov. 14, 2016), https://vixtechnology.com/press-release/uks-first-major-rollout-of-cemv-outside-of-london-commences-in-oxfordshire; Dan Balaban, UK Transit Agency Plans London-Style Multimodal Contactless System with Fare Capping, Mobility Payments (Sep. 12, 2022), https://www.mobility-payments.com/2022/09/12/uk-agency-plans-london-style-multimodal-contactless-system-with-fare-capping.

[45] Stearns, supra note 9.

[46] Protection You Need, Peace of Mind You Deserve, PayPal, https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security (last visited Feb. 22, 2023).

[47] Add Cards and Banks, PayPal, https://www.paypal.com/us/digital-wallet/ways-to-pay/add-payment-method (last visited Feb. 22, 2023).

[48] Buy Now, Pay Later with PayPal, PayPal, https://www.paypal.com/us/digital-wallet/ways-to-pay/buy-now-pay-later (last visited Feb. 22, 2023).

[49] Erin Gregory, How Does Buy Now Pay Later (BNPL) Work for Businesses?, Techradar (Mar. 4, 2022), https://www.techradar.com/features/how-does-buy-now-pay-later-bnpl-work-for-businesses; Jaros?aw ?ci?lak, Top 10 Buy Now Pay Later Companies to Watch in 2022, Code & Pepper (May 8, 2022), https://codeandpepper.com/buy-now-pay-later-2022.

[50] Square, Inc. Announces Plans to Acquire Afterpay, Strengthening and Enabling Further Integration Between Its Seller and Cash App Ecosystems, Square (Aug. 1, 2021), https://squareup.com/us/en/press/square-announces-plans-to-acquire-afterpay; Bring in More Business with Buy Now, Pay Later, Square, https://squareup.com/us/en/buy-now-pay-later (last visited Feb. 22, 2023).

[51] John Stewart, As Consumers Embrace BNPL, Square Brings It to the U.K. Across All Platforms, Digital Transactions (Aug. 23, 2022), https://www.digitaltransactions.net/as-consumers-embrace-bnpl-square-brings-it-to-the-u-k-across-all-platforms.

[52] Buy Now, Pay Later, Stripe, https://stripe.com/docs/payments/buy-now-pay-later (last visited Feb. 22, 2023).

[53] Id.

[54] Bring in More Business with Buy Now, Pay Later, Square, https://squareup.com/us/en/buy-now-pay-later (last visited Feb. 22, 2023).

[55] Id.

[56] Free Your Cash Flow with Flexipay, Funding Circle, https://www.fundingcircle.com/uk/payments/flexipay (last visited Feb. 22, 2023).

[57] £1 Million Faster Payments Now Possible, Pay.UK (Feb. 10, 2022), https://newseventsinsights.wearepay.uk/media-centre/press-releases/1-million-faster-payments-now-possible.

[58] Julian Morris, Is Pix Really the End of Credit Cards?, Truth on the Market (Sep. 28, 2022), https://truthonthemarket.com/2022/09/28/is-pix-really-the-end-of-credit-cards.

[59] PSR Finalizes Plans for Wider Implementation of Fraud Prevention Tool, Confirmation of Payee, Payment Systems Regulator, https://www.psr.org.uk/news-and-updates/latest-news/news/psr-finalises-plans-for-the-wider-implementation-of-fraud-prevention-tool-confirmation-of-payee/#:~:text=account%20to%20another.-,Confirmation%20of%20Payee,details%20provided%20by%20a%20payer (last visited Feb. 22, 2023).

[60] PSR Sets Out Proposals to Give Greater Protection Against APP Scams, Payment Systems Regulator (Nov. 25, 2022), https://www.psr.org.uk/news-and-updates/latest-news/news/psr-sets-out-proposals-to-give-greater-protection-against-app-scams.

[61] MasterCard Biometric Card Driving Cardholder Security and Convenience, MasterCard, https://www.mastercard.us/en-us/business/overview/safety-and-security/authentication-services/biometrics/biometrics-card.html (last visited Feb. 22, 2023); Fingerprint Authentication Moves from Phones to Payment, Visa, https://usa.visa.com/visa-everywhere/security/biometric-payment-card.html (last visited Feb. 22, 2023).

[62] Kimberly Palmer & Melissa Lambarena, Buy Now, Pay Later Already Comes Standard on Many Credit Cards, Nerdwallet (Dec. 9, 2022), https://www.nerdwallet.com/article/credit-cards/buy-now-pay-later-is-already-standard-on-some-credit-cards.

[63] Supra Section III.

[64] Financial Services (Banking Reform) Act 2013, c. 33, §49 (UK).

[65] Id.

[66] The Guardian, Cannes Lion Award-Winning “Three Little Pigs Advert”, YouTube (Feb. 29, 2012), https://www.youtube.com/watch?v=_SsccRkLLzU.

[67] PSR, supra note 1, at 7.

[68] The Interchange Fee (Amendment) (EU Exit) Regulations 2019, SI 2019/284, https://www.legislation.gov.uk/uksi/2019/284/contents.

[69] Board of Governors of the Federal Reserve System, Changes in U.S. Payments Fraud from 2012 to 2016, Federal Reserve (Oct. 2018), https://www.federalreserve.gov/publications/2018-payment-systems-fraud.htm.

[70] PSR, supra note 2, at 5.

[71] Id. at 10.

[72] Id. at 7.

[73] See Section III above.

[74] Paying with Visa: How Retailers and Consumers Benefit, Visa (Oct. 22, 2020), https://www.visa.co.uk/visa-everywhere/blog/bdp/2020/10/20/what-happens-when-1603211979840.html.

[75] PSR, supra note 1, at 11.

Continue reading
Financial Regulation & Corporate Governance

ICLE Comments on Proposed FTC Consent Agreement; Mastercard Incorporated

Regulatory Comments Comment on Mastercard Incorporated; Matter No. 201 0011 Commissioners, I am an expert on the law & economics of payment cards and have written extensively . . .

Comment on Mastercard Incorporated; Matter No. 201 0011


I am an expert on the law & economics of payment cards and have written extensively the subject.[1] I am submitting this comment on behalf of the International Center for Law & Economics (ICLE) because we have concerns regarding the effects that the consent order may have on the functioning of and innovation in payment systems.

Among there are that the agreement will undermine the security of payments made using single-message systems; set a precedent that, if applied more broadly, would undermine the security of payments more generally; and discourage investment in innovation, especially in the development of new, secure, tokenized payment systems that have the potential to reduce fraud, theft, and other forms of counterparty risk. Such an outcome would be, in our view, entirely detrimental to the future of the U.S. payment system.

To elaborate those concerns, we attach a paper we recently produced that discusses the regulation of single-message payment systems and, in particular, the regulation of routing on such networks. We hope this work will help to inform your deliberations on the matter.

[1] See, e.g., Julian Morris & Todd J. Zywicki, Regulating Routing in Payment Networks, International Center for Law & Economics (Aug. 18, 2022), https://laweconcenter.org/resources/regulating-routing-in-payment-networks; Julian Morris, Central Banks and Real-Time Payments: Lessons From Brazil’s Pix, International Center for Law & Economics (Jun. 1, 2022), https://laweconcenter.org/resources/central-banks-and-real-time-payments-lessons-from-brazils-pix; Julian Morris, Regulating Payment-Card Fees: International Best Practices And Lessons For Costa Rica, International Center for Law & Economics (May 25, 2022), https://laweconcenter.org/resources/regulating-payment-card-fees-international-best-practices-and-lessons-for-costa-rica; Todd J. Zywicki, Julian Morris, & Geoffrey A. Manne, The Effects Of Price Controls On Payment-Card Interchange Fees: A Review And Update, International Center for Law & Economics (Mar. 4, 2022), https://laweconcenter.org/resources/the-effects-of-price-controls-on-payment-card-interchange-fees-a-review-and-update.


Continue reading
Financial Regulation & Corporate Governance

Todd Zywicki Discusses the Durbin Amendment with NAFCU

Presentations & Interviews ICLE Academic Affiliate Todd Zywicki joined NAFCUtv, the news program distributed by the National Association of Federal Credit Unions, to discuss the history of the . . .

ICLE Academic Affiliate Todd Zywicki joined NAFCUtv, the news program distributed by the National Association of Federal Credit Unions, to discuss the history of the Dodd-Frank Act’s so-called “Durbin amendment,” which established interchange price caps, as well as the recent Credit Card Competition Act and an overview of the market for credit cards and consumer payments. The full video is embedded below.

Continue reading
Financial Regulation & Corporate Governance

Banco Central Erra en su Enfoque Sobre Comisiones de Tarjetas

Popular Media El Banco Central de Costa Rica (BCCR) interpreta la regulación de las comisiones por el uso de tarjetas de crédito o débito como una justificación . . .

El Banco Central de Costa Rica (BCCR) interpreta la regulación de las comisiones por el uso de tarjetas de crédito o débito como una justificación para establecer topes máximos, de tal forma que los emisores recuperen únicamente los costos operacionales y estáticos del sistema.

Continue reading
Financial Regulation & Corporate Governance

Regulación a las comisiones de tarjetas de pago

Scholarship [The attached was published by La Academia de Centroamérica, a private, nonprofit research center based in Costa Rica, as an adaptation of the ICLE issue . . .

[The attached was published by La Academia de Centroamérica, a private, nonprofit research center based in Costa Rica, as an adaptation of the ICLE issue brief “Regulating Payment-Card Fees: International Best Practices and Lessons for Costa Rica.” Translation by Juan Carlos Hidalgo.]

Resumen Ejecutivo

Continue reading
Financial Regulation & Corporate Governance

Comments of the International Center for Law & Economics, ‘Ensuring Responsible Development of Digital Assets’

Regulatory Comments We thank the U.S. Treasury Department for the opportunity to participate in this Request for Comment on “Ensuring Responsible Development of Digital Assets.” Docket No. TREAS-DO-2022-0018 Submitted: November 3, 2022

I. Introduction

We thank the U.S. Treasury Department for the opportunity to participate in this Request for Comment on “Ensuring Responsible Development of Digital Assets.”[1] Our response most directly addresses part “B” of the Request for Comments, focusing particularly on the following questions:

  • “What additional steps should the United States government take to more effectively deter, detect, and disrupt the misuse of digital assets and digital asset service providers by criminals?” (B1)
  • “Are there specific areas related to AML/CFT and sanctions obligations with respect to digital assets that require additional clarity?” (B2)
  • “What additional steps should the U.S. government consider to address the illicit finance risks related to mixers and other anonymity-enhancing technologies?” (B7)
  • “What steps should the U.S. government take to effectively mitigate the illicit finance risks related to DeFi?” (B8)

Agencies whose primary function is law enforcement are chiefly concerned with the effectiveness of that mission and may not have the resources to properly consider the costs of actions that appear to promise effectiveness. We thus welcome the whole-of-government approach to the responsible development of digital assets adopted in Executive Order 14067, which invites a rigorous assessment of costs and benefits across various policy objectives.[2] The principal policy objectives set out in the Executive Order cover both law-enforcement and national-security concerns, while supporting technological advances and promoting access to safe and affordable financial services. Given the Order’s broad scope, some ways of pursuing its diverse policy objectives may be in tension. Our aim in this response is to shed light on two important areas of such tension.

First, policymakers must determine which entities in the crypto ecosystem are the most appropriate targets for law-enforcement and national-security efforts. We suggest that the costs of targeting crypto’s infrastructural or “base” layer may to a disproportionate extent impede the attainment of other policy objectives.

Second, it is important to determine the appropriate policy response to privacy-enhancing crypto technologies. As Treasury seeks to forward the goals of consumer and investor protection, promotion of access to finance, support of technological advances, and reinforcement of U.S. leadership, all point in favor of facilitating responsible use of privacy-enhancing technologies, including so-called “privacy coins.”

II. Targeting the ‘Base Layer’

Crypto’s “base layer” is in some important ways analogous to the basic infrastructure of the Internet and of traditional finance. We understand the base layer to include:

  • The “infrastructural” participants of blockchain networks—g., miners, validators, and node operators;[3] and
  • Service providers that directly serve the former—g., private relay operators like Flashbots and specialized node-hosting services[4] like Infura, Alchemy, or even Google.[5]

One approach to prevent and counteract undesirable activity “on top” of crypto’s infrastructure layer would be to lay legal duties on base-layer participants to mitigate such activity, particularly where they may, in even some remote sense, have facilitated it. This approach will often be inappropriate, however, either because it is bound to be ineffective or because it will impose disproportionate costs relative to its benefits.

Infrastructural participants of blockchain networks are not often in the best position to apply rules like anti-money-laundering (“AML”) and combating-the-financing-of-terrorism (“CFT”) obligations because they do not have direct relationships with end users. They therefore do not possess the information needed and, even if they do act, cannot offer redress to the affected users. Moreover, in open networks like Ethereum and Bitcoin, imposing legal duties on U.S.-based actors (e.g., miners or validators) is very likely to be ineffective, as many network participants will be located in other jurisdictions. Finally, some base-layer participants may simply find it impossible to comply with some legal duties, which could prompt them to leave U.S. jurisdiction.

Recent enforcement actions arising from the strict-liability duty not to facilitate transactions with entities sanctioned by the U.S. Treasury Department help to illustrate the concerns that attend imposing such duties on base-layer participants. In August 2022, a number of Ethereum addresses deployed by Tornado Cash were added to the Specially Designated Nationals and Blocked Persons List (“SDN”).[6] Following this designation—out of an abundance of caution and adopting an expansive interpretation of the law—some base-layer participants of Ethereum (validators, block builders, proposers, and relay operators) began to filter out transactions that interacted with SDN-listed Ethereum addresses, so that they would not contribute to including those transactions on the blockchain. While it appears that a fairly large segment of the base layer joined in this effort, it has been—and will very likely remain—ineffective at stopping transactions with sanctioned entities from being included on the blockchain.

One reason the filtering effort has been ineffective is that it was focused on blockchain addresses, which is what base-layer participants have access to. But sanctioned entities can create new addresses and use other methods to obfuscate their identities in transactions. The scope of filtering could theoretically be broadened, also using on-chain analysis, but this would likely be overinclusive.[7] It would therefore threaten to harm other users; potentially leave filtering base-layer operators less competitive than non-filtering ones; and likely hasten the development of changes to Ethereum to bypass such filtering.

There are, to be sure, examples of situations where it would be difficult to use a new address to circumvent filtering. Some designated blockchain addresses (e.g., the addresses of autonomous smart contracts deployed by Tornado Cash) are not controlled by anyone and thus cannot “move” to new addresses on their own. But even where a smart contract is autonomous, its original deployers—or, in the case of open-source code, anyone—could copy the code and deploy a new smart contract that would perform the same functions as the original. The need to redeploy smart contracts to new addresses often would create significant friction and costs for all who relied on the original smart contract, but as we will note in a moment, there are also cases where redeployment may not be necessary.

Even if the scope of filtering is broadened, one reason that filtering efforts may remain ineffective is that even a relatively small number of validators—including those located outside the United States—can ensure that any transaction be included on the blockchain, albeit with some delay. The extent of that delay will be proportionate to how many non-filtering validators there are among the universe of all validators. Importantly, the Ethereum addresses included on the Tornado Cash SDN list largely do not represent the kinds of smart contracts that require rapid communication.[8]

With more time-sensitive transactions—e.g., smart contracts used to liquidate on-chain collateral—delays could significantly affect utility. In cases where such delays could harm users, there would be a strong incentive to swiftly redeploy contracts to new addresses. Moreover, were the addresses of such time-sensitive smart contracts ever included on the SDN list, it would likely prompt changes to the Ethereum protocol to render base-layer filtering impossible. Indeed, development work in this direction was already underway prior to the Tornado Cash designation and may have accelerated in its aftermath. The proposed changes would involve the introduction of privacy-enhancing solutions to Ethereum, which we will discuss in the next section.

Here, we wish to focus on what these technical changes could mean for U.S. sanctions law if a determination is made that it is, indeed, illegal (on a strict-liability basis, i.e., irrespective of intent) for a U.S.-based Ethereum validator to propose (or perhaps even “attest to”) a block containing transactions with sanctioned entities.[9] If changes to the Ethereum protocol render the contents of transactions hidden from validators, then those validators could never be certain that they are in compliance with the prohibitions. This would effectively force validators (and other base-layer operators) to leave the United States. Ethereum would likely continue to function and remain accessible to U.S.-based users, but the technological and economic position that the United States currently holds in the base layer of the ecosystem would be diminished significantly.

To this point, our comments have concerned targeting the base layer for undesirable activity that happens “on top” of it—i.e., for facilitating the actions of others. It is, however, also possible for base-layer participants to engage in illicit activity in their own right. In such cases, it would certainly be appropriate that they be a target of law enforcement. For example, node operators could use their privileged access to private information about pending securities or commodities transactions in ways that would constitute market manipulation under the Securities Exchange Act or the Commodity Exchange Act.[10] Validators could also engage in potentially illegal market manipulation through some forms of “MEV extraction.”[11]

An alternative to targeting the base layer is to target the application layer—i.e., services built on top of the base layer, with the primary function of interacting with end users.[12] Of particular interest in this space are services that intermediate between crypto assets and the rest of the financial system—i.e., “on-ramps” and “off-ramps.”[13] Due to their user-facing role, such services tend to already possess—and can more easily acquire—information needed for effective compliance with legal obligations related to user activity, such as AML/CFT and sanctions obligations. Because these services have direct relationships with users, they also can ask for additional information and provide redress opportunities in certain cases—e.g., where a user is mistakenly flagged as high risk by automated tools. Moreover, crypto on- and off-ramps have been regulated as money transmitters or under analogous regulatory regimes in certain other jurisdictions.[14]

Targeting the base layer of permissionless blockchain networks may have symbolic value, but it is unlikely to achieve genuine law-enforcement or national-security goals. Imposing rules with which it would be impossible for base-layer operators to comply will simply push those operators to other jurisdictions. More effective targeting of the base layer is possible in permissioned blockchain networks, but requiring blockchain networks to be permissioned would run counter to the goal of reinforcing U.S. financial and economic leadership. It would amount to giving up on the promise of permissionless blockchains like Ethereum and Bitcoin. Finally, targeting the base layer is unnecessary, as the application layer presents a more appropriate target for legal obligations.

A.   Recommendation addressing ‘specific areas related to AML/CFT and sanctions obligations with respect to digital assets that require additional clarity’ (RFC question B2)

As we note above, base-layer efforts to filter transactions with sanctioned entities are currently ineffective and are likely to become impossible, given in-progress technological developments. We also noted that the application layer is the more appropriate target for sanctions law. The primary effect of the prevailing uncertainty surrounding the potential legal exposure of base-layer participants of public blockchains like Ethereum and Bitcoin has been to threaten U.S. technological and economic leadership in digital assets.

The U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) could address this uncertainty by offering a public statement—perhaps in its sanctions FAQs—that it does not regard any of the following as the prohibited facilitation of a transaction with a designated entity, either on public blockchains in general or, at least, on Ethereum and Bitcoin:

  1. To include such a transaction in a block, by mining or validating (“proposing”);
  2. To accept such a transaction and the block in which it was included as valid for the purposes of adding new blocks referencing the first block; or
  3. To receive and retransmit such a transaction for inclusion by potential miners or validators (g., by a node, a block builder, or a relay).

We stress that this issue is independent from any evaluation of either the propriety or legality of sanctioning any particular entity, or of the inclusion of addresses of autonomous smart contracts on the SDN list.[15]

III. Privacy-Enhancing Technologies

Ethereum and Bitcoin—the most widely used public blockchains—were not designed with user privacy in mind. Pseudonymity of blockchain addresses is easily broken, for example, whenever a user discloses their identity to make a purchase. The effect of breaking pseudonymity is that the other party will likely be able to discover the entirety of that user’s past activity on the blockchain. It is akin to a user giving someone access to their entire history of bank or credit-card transactions. The risk of so massive a breach of financial privacy—potentially exposing users to targeting by thieves and fraudsters—is inimical to the goal of “access to safe and affordable financial services” that President Biden set out in Executive Order 14067.[16]

The lack of privacy on blockchains like Ethereum and Bitcoin has proven convenient for law enforcement, who have leveraged it to prosecute crimes.[17] But it would be mistaken to regard the current level of transparency as a benchmark either for “responsible” public blockchains or for services built atop them. Safe and accessible public blockchains of the near future—including planned changes to Ethereum—will not offer the same transparency on which today’s criminals and law enforcement alike rely.

It is useful to examine the now-sanctioned Tornado Cash within this context. Tornado Cash was arguably the most effective “on-chain” tool to protect user privacy.[18] For some use cases, users can enjoy similar privacy-protecting effects by routing their transactions through regulated exchanges like Coinbase, FTX, or Binance, but this comes at the expense of having to trust one of those third parties. The tradeoffs involved in going “off-chain” to achieve “on-chain” privacy include additional risk, friction, and delays, which could at least partially negate the point of using a public permissionless blockchain. If public blockchains are an innovation worth preserving and supporting, as the Executive Order implies, then a solution should be found that does not erase their primary salutary features.

Fortunately, there are technological solutions to preserve user privacy that simultaneously enable effective mitigation of illicit activity. One such solution is selective disclosure.[19] Even where the pseudonymous identifiers of senders and recipients—or the contents of a blockchain message (transaction)—are hidden, users may nonetheless be able to selectively disclose in a non-falsifiable way that, for example, they control the account from which a certain transaction was made. This would allow on- and off-ramp services between crypto-assets and the rest of the economy to serve as gatekeepers that perform appropriate AML/CFT or sanctions screening of customers who wish to exchange their “private coins” for fiat currency or other goods. To be sure, service providers and law enforcement would likely have access to less information under this sort of blockchain analysis than they do today, especially regarding the transactions of parties other than the customer in question (although service providers may have access to disclosed transactions from many customers). As we noted above, however, the current level of transparency poses a regrettable risk to user privacy and safety and thus cannot serve as a normative benchmark.

Tornado Cash, Zcash, and Monero all offer forms of selective disclosure.[20] While the transaction volume in these protocols is small relative to Ethereum or Bitcoin, it would be worthwhile to devote resources toward developing rules and guidance—especially for money transmitters and financial institutions—on how to facilitate transactions with those protocols responsibly. A pragmatic reason for this investment is that public blockchains and the services built on them are moving in the direction of increased privacy. Thus, the issue of privacy cannot be adequately addressed by blunt instruments like sanctioning an entire protocol, as happened with Tornado Cash. Even today, the hypothetical prohibition of Ethereum or Bitcoin would cause immense economic damage. Soon, such action could jeopardize the stability of the global economy.

As public blockchains grow, they will become more attractive both for lawful uses and for illicit uses. While illicit use may remain small as a percentage of total transactions, the volume of illicit transactions will likely rise in absolute numbers.[21] The anticipated improvements in crypto privacy will cause significant tension for the prevailing law-enforcement and national-security approaches to digital assets. In this context, Treasury’s Digital Asset Action Plan may not be entirely adequate.[22]

It is, to start, puzzling why the Digital Asset Action Plan adopted the label “anonymity-enhancing technologies,” rather the commonly used “privacy-enhancing technologies.”[23] This focus on “anonymity” rather than “privacy” directs attention away from the tension among important policy objectives set out in Executive Order 14067. The importance of privacy and the aim to strengthen it (while also countering illicit activities) is mentioned 10 times in the Executive Order. Anonymity is not mentioned.

The Action Plan itself also refers to the goal of strengthening privacy several times. It is notable, however, that Priority Action 5 (“Holding Accountable Cybercriminals and Other Illicit Actors”) does not. It is in this section that the Action Plan singles out “mixing services” as an area of “primary concern.” Treasury’s recent enforcement actions—notably the branding of Tornado Cash as a “notorious (…) mixer”[24]—suggest that the term “mixing services” is meant to refer to some of the popular privacy-enhancing technologies upon which both law-abiding Americans and foreign nationals alike have been relying.

In other words, rather than balancing the goals of strengthening privacy and mitigating illicit finance, as set out in the Executive Order, Priority Action 5 suggests a near-exclusive exclusive focus on the latter.[25] Furthermore, it is hard to avoid the impression that, in a further departure from the Executive Order, the Action Plan treats strengthening privacy as chiefly a research concern (and thus assigns it primarily to the National Science Foundation) and not an issue to be given considerable weight in law-enforcement or national-security missions.

A.   Recommendation: ‘additional steps the U.S. government should consider to address the illicit finance risks related to mixers and other anonymity-enhancing technologies’ (RFC question B7)

Given the value of both preserving and strengthening financial privacy, as well as the pragmatic concern that the largest public blockchains are moving in the direction of greater privacy, we suggest that a more constructive law-enforcement approach is needed with respect to the already-deployed privacy-enhancing technologies. This approach could include reversing the designation of Tornado Cash, combined with offering guidance for money transmitters and financial institutions on how to approach transactions with tools like Tornado Cash in a responsible manner. These guidelines could rely, among other mechanisms, on selective-disclosure functionalities built into privacy-enhancing tools.


[1] Ensuring Responsible Development of Digital Assets; Request for Comment, TREAS-DO-2022-0018-0001, 87 FR 57556, U.S. Dep’t of the Treasury (Sep. 20, 2022), https://www.federalregister.gov/d/2022-20279.

[2] Executive Order on Ensuring Responsible Development of Digital Assets, White House (Mar. 9, 2022), https://www.whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets (hereinafter, “Executive Order”).

[3] Mikolaj Barczentewicz, Base Layer Regulation, Regulation of Crypto-Finance, https://cryptofinreg.org/projects/base-layer-regulation. Some operators (e.g., Infura) act both as infrastructural network participants in their own right (e.g., as node operators) and also offer services to infrastructural participants.

[4] Id.

[5] Amit Zavery & James Tromans, Introducing Blockchain Node Engine: Fully Managed Node-Hosting for Web3 Development, Google Cloud (Oct. 27, 2022), https://cloud.google.com/blog/products/infrastructure-modernization/introducing-blockchain-node-engine.

[6] U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash, U.S. Dep’t of the Treasury (Aug. 8, 2022), https://home.treasury.gov/news/press-releases/jy0916.

[7] @ElBarto_Crypto, Twitter (Aug. 13, 2022, 8:21 AM), https://twitter.com/ElBarto_Crypto/status/1558428428763815942 (“[W]hile only 0.03% of addresses received ETH from tornado cash, almost half the entire ETH network is only two hops from a tornado cash receiver.”).

[8] All but one designated Ethereum addresses deployed by Tornado Cash represent smart contracts, but the SDN list also includes Ethereum addresses that do not represent smart contracts, which are associated with other sanctioned entities.

[9] For an argument that it is not illegal, see Rodrigo Seira, Amy Aixi Zhang, & Dan Robinson, Base Layer Neutrality: Sanctions and Censorship Implications for Blockchain Infrastructure, Paradigm (Sep. 8, 2022), https://www.paradigm.xyz/2022/09/base-layer-neutrality.

[10] Mikolaj Barczentewicz & Anton Wahrstätter, How Transparent Is Ethereum and What Could This Mean for Regulation?,  Regulation of Crypto-Finance, https://cryptofinreg.org/projects/public-data-supervision.

[11] Mikolaj Barczentewicz & Alexander F. Sarch, Shedding Light in the Dark Forest: A Theory of Liability for Cryptocurrency “MEV” Sandwich Attacks, available at SSRN (Oct. 5, 2022), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4187752.

[12] Autonomous smart contracts that do not rely on off-chain cooperation and also are not controlled are not part of the application layer, as we understand it here. From the perspective of asserting legal control, they are functionally part of the base layer (e.g., to “remove” such a smart contract from the blockchain, it would require the cooperation of an overwhelming majority of validators). Also, strictly speaking, end users may also interact with some base-layer participants, e.g., by submitting transactions directly to a node’s remote-procedure-calls (RPC) interface.

[13] See also Miles Jennings, Regulate Web3 Apps, Not Protocols, a16z (Sep. 29, 2022), https://a16zcrypto.com/web3-regulation-apps-not-protocols.

[14] Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies, Financial Crimes Enforcement Network (May 9, 2019), https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models.

[15] There has been some controversy regarding the legality of sanctioning the autonomous smart contracts deployed by Tornado Cash. See Paul Grewal, Sanctions Should Target Bad Actors. Not Technology., Coinbase (Sep. 8, 2022), https://www.coinbase.com/blog/sanctions-should-target-bad-actors-not-technology; Jerry Brito & Peter Van Valkenburgh, Coin Center Is Suing OFAC Over Its Tornado Cash Sanction, Coincenter (Oct. 12, 2022), https://www.coincenter.org/coin-center-is-suing-ofac-over-its-tornado-cash-sanction; Steve Engel & Brian Kulp, OFAC Cannot Shut Down Open-Source Software, Dechert LLP (Oct. 18, 2022), https://ipfs.io/ipfs/QmTC9q5yidSWoM2HZwyTwB3VbQLVbG5cpDSBTaLP8voYNX.

[16] Executive Order, supra note 3, at Sec. 1; On cryptocurrencies’ promise for financial inclusion, including in situations especially needing privacy (e.g., domestic violence, authoritarian regimes), see, e.g., Alex Gladstein, Finding Financial Freedom in Afghanistan, Bitcoin Magazine (Aug. 26, 2021), https://bitcoinmagazine.com/culture/bitcoin-financial-freedom-in-afghanistan; Charlene Fadirepo, Why Bitcoin Is a Tool for Social Justice, CoinDesk (Feb. 17, 2022), https://www.coindesk.com/layer2/2022/02/16/why-bitcoin-is-a-tool-for-social-justice; How Cryptocurrency Meets Residents’ Economic Needs in Sub-Saharan Africa, Chainanalysis (Sep. 29, 2022), https://blog.chainalysis.com/reports/sub-saharan-africa-cryptocurrency-geography-report-2022-preview.

[17] See, e.g., Andy Greenberg, Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site, Wired (Apr. 7, 2022), https://www.wired.com/story/tracers-in-the-dark-welcome-to-video-crypto-anonymity-myth.

[18] For an explanation of Tornado Cash’s functionality, see Alex Wade, Michael Lewellen, & Peter Van Valkenburgh, How Does Tornado Cash Work?, Coincenter (Aug. 25, 2022) https://www.coincenter.org/education/advanced-topics/how-does-tornado-cash-work.

[19] See also Peter Van Valkenburgh, Open Matters: Why Permissionless Blockchains Are Essential to the Future of the Internet, Coincenter (December 2016) https://www.coincenter.org/open-matters-why-permissionless-blockchains-are-essential-to-the-future-of-the-internet.

[20] Zooko Wilcox & Paige Peterson, The Encrypted Memo Field, Electric Coin Co. (Dec. 5, 2016), https://electriccoin.co/blog/encrypted-memo-field; View Key, Moneropedia, https://www.getmonero.org/resources/moneropedia/viewkey.html; Wade, Lewellen, & Van Valkenburgh, supra note 18.

[21] Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity, Chainanalysis (Jan. 6, 2022), https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction.

[22] Action Plan to Address Illicit Financing Risks of Digital Assets, U.S. Dep’t of the Treasury (Sep. 20, 2022), https://home.treasury.gov/system/files/136/Digital-Asset-Action-Plan.pdf.

[23] A query for “anonymity-enhancing technologies” in the Google Scholar database returns about 40 results, while a query for “privacy-enhancing technologies” returns more than 30,000 results. See https://scholar.google.com/scholar?q=%22anonymity-enhancing+technologies%22 (accessed Oct. 28, 2022); https://scholar.google.com/scholar?q=%22privacy-enhancing+technologies%22 (accessed Oct. 28, 2022).

[24] U.S. Department of the Treasury, supra note 6.

[25] U.S. Department of the Treasury, supra note 22.

Continue reading
Data Security & Privacy

A webinar briefing on the Credit Card Competition Act

Senators Richard Durbin (D-Ill.) and Roger Marshall (R-Kan.) recently introduced the Credit Card Competition Act, which would effectively enable merchants to route credit card transactions . . .

Senators Richard Durbin (D-Ill.) and Roger Marshall (R-Kan.) recently introduced the Credit Card Competition Act, which would effectively enable merchants to route credit card transactions over a network other than the main one affiliated with the card. The sponsors say that this will increase “competition” and reduce costs for merchants, who will pass on the savings to consumers.

But are Durbin and Marshall being overly optimistic? Have they perhaps missed some predictable but unintended consequences that might cause their act to harm rather than help consumers?

We hope you will join our esteemed colleagues Julian Morris and Todd Zywicki for a timely discussion of this proposed legislation.

Continue reading
Financial Regulation & Corporate Governance

Should Congress Swipe Left on the Credit Card Competition Act?

Presentations & Interviews Sens. Richard Durbin (D-Ill.) and Roger Marshall (R-Kan.) recently introduced the Credit Card Competition Act, which would effectively enable merchants to route credit card transactions . . .

Sens. Richard Durbin (D-Ill.) and Roger Marshall (R-Kan.) recently introduced the Credit Card Competition Act, which would effectively enable merchants to route credit card transactions over a network other than the main one affiliated with the card. The sponsors say that this will increase “competition” and reduce costs for merchants, who will pass on the savings to consumers.

But are Durbin and Marshall being overly optimistic? Have they perhaps missed some predictable but unintended consequences that might cause their act to harm rather than help consumers?

The International Center for Law & Economics hosted an Oct. 25, 2022, webinar panel to offer a timely discussion of the proposed legislation, moderated by ICLE Director of Innovation Policy Kristian Stout and featuring Senior Scholar Julian Morris and Academic Affiliate Todd Zywicki.


Continue reading
Financial Regulation & Corporate Governance

US-EU Data-Privacy Framework

TL;DR On Oct. 7, President Joe Biden signed an executive order to implement the U.S.-EU data-privacy framework.


On Oct. 7, President Joe Biden signed an executive order to implement the U.S.-EU data-privacy framework. The order had been awaited since March, when U.S. and EU officials reached an agreement in principle on a new framework, which EU officials insist must address concerns about surveillance practices by U.S. agencies. An earlier data-privacy framework was invalidated in 2020 by the Court of Justice of the European Union (CJEU) in its Schrems II judgment.


The European Commission will now consider whether to issue an “adequacy decision” for the U.S. This is urgent, because national data-protection authorities in the EU have been using a strained interpretation of the EU General Data Protection Regulation (GDPR) to prosecute various workarounds that companies have employed to transfer data between the U.S. and the EU. Like prior U.S.-EU arrangements, the order is likely to be challenged before the EU courts, but preliminary legal analysis suggests that this one has a greater chance of being upheld.

Read the full explainer here

Continue reading
Data Security & Privacy