# LIABILITY AND ANTIFRAUD INVESTMENT IN FINTECH RETAIL PAYMENT SERVICES.

I. INTRODUCTIONThe retail payments landscape is characterized by a wide diversity of payment instruments and activities at each stage of the payment process, from the front-end services with user interfaces to the back-end services such as settlement and clearing. Retail payment service providers are responsible for completing all stages of the payment chain. The tiered nature of the payment process, however, means that they do not need all of the necessary facilities and licenses, as these are usually delegated to other participants to complete the process. The provider usually delegates to, or cooperates with, other participants to complete part of the process.

The rapid progress in information and communication technology (ICT) has changed the landscape. New participants in payment schemes are often nonfinancial institutions, which traditionally provided technical services. However, upon the introduction of enhanced ICT-based retail payments services, which are often termed "FinTech," their roles have expanded beyond mere technical aspects. Many FinTech payment schemes such as Apple Pay and Samsung Pay have "platform on platform" structures, and provide a broad range of retail payment services, including both offline and online transactions, to their user bases obtained from their platforms: products or services such as mobile devices, operating systems, messaging services, and so on.

In many cases, FinTech payment service providers (FPPs) provide front-end services only, while the rest of the payment process is provided by incumbent payment service providers which can afford to carry out the "end-to-end" payment services. This cooperation or vertical separation is different from the vertical integration structure of the past. The end-to-end or integrated payment service providers (IPPs) also worked with third parties such as VANs (value added networks); however, these third parties are merely delegated to serve specific technical roles for the service, and are mostly invisible to end users. In contrast, FPPs directly interact with users, and reap revenue from various channels based on their own business models.

While FinTech payment services have benefited the end users in several ways, they have also in fact complicated the retail payment system by adding more layers and segments to the payment process. The layered structure brought by the advent of FinTech may have weakened the security of the retail payment scheme. As the number of interinstitutional transfers of information increases, there is a higher chance of incidents such as fraudulent transactions and data breaches. (1)

Furthermore, the increase in the number of participants in the payment system has made it difficult to coordinate participants' incentive regarding ex ante investment (and ex post handling) to reduce the security incidents. As Anderson and Moore (2006) note, the problematic consequences of the increase in the number of interinstitutional transfers of information can be reduced with an engineering approach, but the aforementioned complexity in coordination requires an economic approach. Specifically, the economic approach calls for the proper design of an incentive structure that would provide appropriate rights and responsibilities to each participant.

The layered structure resulting from the advent of FinTech retail payment services raises questions regarding the liability regime, as who bears the loss from security incidents is one of the most crucial institutional devices that affects the incentive for security investment. In many cases, banks and card companies--IPPs in our model--are mostly responsible in the event of fraud.

For example, while Apple does not clearly state who is liable for fraudulent transactions with Apple Pay, multiple sources note that the liability is on the IPP side, with one commentator stating that "Eventually, banks would bear the liability for purchases (both face-to-face as well as in-app) made via Apple Pay." (2) However, Apple is in a position to invest in security: "While banks are ultimately responsible for authorizing a card, Apple could do more to increase security in the verification process." (1) Another example we can observe is the case of Korea. In Korea, Article 9 of the Electronic Financial Transactions Act states "When a user suffers any loss due to any of the following incidents, the relevant financial company or electronic financial business entity shall be liable for indemnifying him/her for the loss." Currently, an FPP in Korea is regarded as neither a financial company nor a financial business entity, both of which require a license. Given that both IPPs and FPPs can enhance the security of the payment scheme through investment, which liability regime is better in terms of overall security?

To answer the question, this study examines the incentive problem for each participant in a FinTech retail payment scheme with a layered structure, and how the liability regime affects the incentives in equilibrium. We first consider the case in which the FPP makes its revenue from user fees (fee-based revenue model). Users pay for the convenience of using the FinTech payment service, and the FPP pays part of the user fee to the IPP for the back-end services. For example, Square, a U.S. mobile payment service provider, charges 2.75% to retail businesses, higher than the 1.95%-2.0% average for card processing fees including interchange, assessment, and other charges.

An FPP needs to pay an access fee to an IPP for the use of the IPP's infrastructure. In an environment where the access fee is exogenously given, either due to market competition or due to regulation, we show that the IPP invests more under the IPP liability regime, but under the FPP liability regime, who would invest more depends on the level of access fee and the size of benefit to the user. When the access fee is low, the FPP invests more, and the IPP invests more when it is high. Specifically, when the access fee is in a certain range and the amount of liability loss from a transaction accident is sufficiently large, the FPP liability regime is superior in terms of antifraud investment and the resulting fraud risk.

The FPP may make its revenue indirectly, in addition to and/or apart from the user fee, especially when it has its own business model apart from traditional payment service fees. That is, when the FPP plays a role of "platform on platform" in a layered payment structure, the FPP makes its profit from the convergence of platforms rather than from the traditional user fee. In this case, the FPP's main objective is to increase the user base of its own platform and to utilize the platform base smartly. Two of the most prominent business models in this category are (1) complementary sales that contribute to an increase in device sales revenue (e.g., Apple Pay, Samsung Pay) and (2) use of user information derived from the payment service usage data for the platform business (e.g., Google Wallet/Android Pay).

For cases in which indirect revenue is generated, we show that under the IPP liability regime, both service providers affect the revenue of each other and increase antifraud investment. The range of the access fee that enables superior antifraud investment under the FPP liability regime also expands. However, under the FPP liability regime, the indirect revenue is a nonfactor in the IPP's decision, and thus, the level of antifraud investment does not increase as much as under the IPP liability regime.

As for the investment decisions by participants of a "system," Varian (2004) is one of the first to analyze the reliability of information systems using a public-good, game-theoretic framework, following the model of Hirshleifer (1983), known as "weakest link or best shot." Varian adds a third approach, "total effort," and shows that it is the best while the weakest link is the worst, concluding that as more agents are added, systems become more reliable in the total effort case, but less reliable in the weakest link case. We adopt a version of the weakest link approach and propose how the externalities in information security can be reduced when a FinTech payment service provider exists as a front-end, or downstream, service provider.

Several theoretical studies investigate welfare effects of data breach incidents, and mostly predict that welfare is not maximized without regulation in equilibrium. Schreft (2007) examines whether markets could limit the risk that identity theft poses to the payment system, and finds that they fail to curtail this risk due to existing market imperfections. Kahn and Roberds (2008) study "identity" and its use in credit transactions to find the equilibrium incidence of identity theft, which represents a trade-off between controlling transaction fraud and avoiding intrusive monitoring of individuals. Their results indicate that advances in technology will not diminish this trade-off in equilibrium. Roberds and Schreft (2009) explore the implications of networks' collection of personal information data, data security, and the costs of identity theft using a monetary-theoretic model. They find that the amount of data collection was excessive while the security was well below the efficient level. Anderson and Moore (2006) and Sullivan (2013) also consider similar issues.

Results from previous literature on investment incentives in a vertically separated firms and downstream competition often, although not always, connote negative implications for investment. For example, Sanyal and Ghosh (2013) and Papaioannou (2017) find that increased downstream competition yields a negative impact on investment incentives. Still, Buehler, Schmutzler, and Benz (2004) predict ambiguous effects on quality under linear access prices. We note that in these studies, the burden of competition and the burden of innovation are separated and isolated between upstream and downstream, which is not applicable in our settings.

Our study is most similar to the analysis of Creti and Verdier (2014), who also examine the effects of liability regimes on antifraud investment. They show that the price structure is biased toward participants without liability, and social welfare is maximized when consumers are without liability. The results are derived from the assumption that antifraud investment can only be made by the merchant, while liability is imposed either on the platform or on the consumer. The noticeable difference between issues raised by Creti and Verdier (2014) and our paper is that we consider a vertically separated payment scheme and the allocation of liability among service providers, not between the service provider and the consumer. The effects of electronic payment systems are investigated in Rochet and Tirole (2003, 2011), Rochet (2007), and Armstrong (2006). More recently, Jun and Yeo (2016) focus on vertical separation and investigate the impact of the introduction of FinTech services. While the focus of these studies is on the changes in competitive environments in retail payments markets, we focus more on security investment and welfare, and, for this purpose, abstract the "two-sidedness" feature for tractability.

II. MODEL

In a vertically structured FinTech retail payment service, two service providers participate: j = 1 indicates an IPP that can provide integrated payment services, and j = 2 denotes an FPP that directly provides front-end services to consumers and merchants. The IPP is capable of providing the retail payment service by itself, while the FPP cannot cover core back-end functions such as clearing and settlements, and turns to the IPP for completing the payment process. We assume that the IPP and FPP incur no costs in providing their services, an assumption that does not affect the qualitative results of the paper.

From each transaction using the FinTech payment service, a consumer enjoys a benefit from the payment service, which we denote by b. The benefit is mainly owing to the enhanced user experience and the reduction in the transaction cost. The benefit is assumed to be distributed uniformly on [0, b] (4) H(b) indicates the distribution of b. (5) We also assume a "perfect pass-through" of per-transaction processing fee f imposed on merchants to the consumers, and there is no cross-platform externality in the use of a FinTech payment service. This implies that the two sidedness of the payment service can be ruled out, and it makes no difference whether a user fee is imposed on consumers or on merchants. (6)

The revenue of the FPP depends on its business model. We consider two business models. In the fee revenue business model, the only source of revenue for the FPP is the fee f for using the FinTech payment service. In case of the indirect revenue business model, in addition to revenue from the user fee, additional revenue raised proportional to the size of the user base. Let [gamma] be the (averaged) indirect revenue per user ([gamma] > 0) from selling a product with a FinTech payment service. Given the user fee /, the revenues for the FPP without transaction accident for the fee-based model and indirect revenue model are

[mathematical expression not reproducible]

respectively.

The revenue of the IPP from providing the FinTech payment service is from the access fee 0 < a < b, which it charges the FPP per transaction for the use of core back-end function the IPP provides. The access fee is assumed to be determined exogenously, either by regulation or by market competition. Considering that the revenue in the case of the indirect revenue model is unknown to the IPP, and the access fee is mostly uniform in real world, we assume the access fee is identical in all business models.

For each transaction with a FinTech payment service, there is the probability that the security or integrity of the transaction is breached, a risk potentially exacerbated by the use of the Fintech payment service. Some transaction accidents can be prevented when participants invest in payments security. We assume that the users have no option to invest in transaction security. Let p([e.sub.1], [e.sub.2]) be the probability that the transaction is completed without transaction accident given investment [e.sub.j] (J [member of] {1, 2}) by participating payment service providers. We assume the probability is multiplicably separable and so can be represented by p([e.sub.1], [e.sub.2]) = [p.sub.1]([e.sub.1])[p.sub.2]([e.sub.2]). By assuming separability, we implicitly adopt the weakest link case of Varian (2004). The specification also reflects the fact that as the relevant service provider is added to the vertical retail payment service system, the probability of accident increases. In addition, we assume [mathematical expression not reproducible], where p indicates the default probability of successful transaction without any antifraud investment, and [mathematical expression not reproducible]. Together with the monotonicity of p.-, the investments by two service providers are complementary.

From the assumptions on [p.sub.j] ([e.sub.j]) we can regard [p.sub.j] as a choice variable for the service provider j, and analyze the model in terms of [p.sub.j] instead of [e.sub.j]. (7)

The cost function C(p) is now assumed to be the same for both parties and shows the following properties: C (p) 1 =0, C' > 0, C" > 0, and [lim.sub.p[right arrow]1], C = [infinity]. We naturally assume further that [lim.sub.p[right arrow]p] C" (p) = 0, [lim.sub.pj[right arrow]1] C' ([p.sub.j]) = [infinity], and C' ([p.sub.j]) is convex. (8)

We consider the full liability regimes: both the IPP liability regime and FPP liability regime. The participant who has the liability is fully responsible for the recovery of the actual ex post loss. Let the expected loss L > 0. Then, L(l--p) is the expected loss per transaction for a liable participant.

Although the consumer who is involved in a transaction accident is not responsible for the recovery of the loss, she suffers from ensuing disutility, which reflects nonmonetary costs such as the time required for the recovery from financial loss and other inconveniences. The expected disutility depends on the probability of the accident 1-p, and for simplicity, we assume the disutility is linear in the probability of the accident, or k(l-p), where k is a positive constant and less than L. (9)

Regarding the parameters of the model, we assume that L > [bar.b] > a, [bar.b] > k, and p is sufficiently high. The assumptions imply that the loss from a fraudulent transaction is higher than the user benefit, the access fee is smaller than the maximal user benefit, the disutility of consumer from the fraud is sufficiently small, and the default probability of a successful transaction is bounded below.

The timing of the game is as follows: the liability regime, access fee, and the business model of the FPP are given ex ante. In the first period, participants decide the amount of investment, and thus the probability of no accident [p.sub.1] and [p.sub.2], simultaneously. After observing the investments, the FPP decides the user fee in the second period. Finally, the revenue is realized and the access fee is paid by the FPP according to the predetermined rule, and if an accident occurs, settlement is made according to the liability rule. We adopt a subgame perfect Nash equilibrium as the solution concept.

III. ANTIFRAUD INVESTMENT AND LIABILITY REGIME

We first examine the case where the FPP charges users explicit per-transaction fees, which are the FPP's only source of revenue. We analyze the equilibrium fee and antifraud investment for each liability regime. We first examine the IPP liability regime.

A. IPP Liability Regime

Under the IPP liability regime, the profits of the IPP and the FPP are as follows:

(1) [mathematical expression not reproducible]

(2) [mathematical expression not reproducible]

Applying backward induction, we first consider the second-stage game. After observing the probability of no accident p determined in the first stage, given a user fee f, the consumer compares the benefit from the use of the FinTech payment service with the cost of the user fee and the increased risk of fraud combined. The FPP confronts the trade-off between the decrease in the number of FinTech payment service users and the increase in fee revenue. We have the following lemma. (10)

LEMMA 1. Under the IPP liability regime, given a fixed access fee a and the probability of no accident P=[p.sub.1][p.sub.2], the second-stage Nash equilibrium is the optimal fee f* and threshold consumer b* which yields

(3) f* = (b-k(1-p) + a)/2,

and

(4) b* = (b + k(l-p) + a\/2

in equilibrium.

Now, consider the first-stage game. From the equilibrium fee f*(p) derived in the second-stage game, the profits of each service provider are

[mathematical expression not reproducible]

The respective first-order conditions are then

[mathematical expression not reproducible]

As the marginal benefit for service provider j is linear in its own choice of [p.sub.j] while the marginal cost [C'.sub.j] is convex, the optimal choice given [p.sub.-j] is uniquely determined under a sufficient condition b > 2k + a. In this case, as [p.sub.-j] increases, the marginal benefit for j moves upward, which implies that the best response function for j increases in [p.sub.-j]. This is illustrated in Figure 1. Proposition 1 provides the equilibrium conditions for the antifraud investment and shows the existence and uniqueness of the equilibrium.

PROPOSITION I. Suppose that 1 is sufficiently large to satisfy b > 2k + a. Under the 1PP liability regime, there exists a Nash equilibrium [mathematical expression not reproducible] which satisfies the following system of equations:

(7) [mathematical expression not reproducible]

(8) [mathematical expression not reproducible]

Proposition 1 leads to a few comparative statics. As b and L increase, the marginal benefit for j increases given [p.sub.-j] which implies that the best response functions for both service providers move upward. This leads to increases in [p.sub.1] and [p.sub.2] in equilibrium, that is, both the FPP and IPP invest more. Similarly, as a increases, the best response functions move downward, leading to low [p.sub.1] and [p.sub.2] in equilibrium. The effect of k, however, is ambiguous because it increases the slope of the marginal benefit but reduces the initial value at p. The results are presented in the following corollary without formal proof.

COROLLARY 1. Under the IPP liability regime, the equilibrium investment increases in maximal user benefit [bar.b] and size of liability loss L, but decreases in access fee a.

B. FPP Liability Regime

Under the FPP liability regime, the profits of the IPP and the FPP are as follows:

[mathematical expression not reproducible]

In the second stage, the FPP solves the following problem to obtain the optimal fee f* and corresponding threshold consumer b*:

[mathematical expression not reproducible]

The following lemma, which we present without proof, shows the second-stage optimal fee under the FPP liability regime.

LEMMA 2. Under the FPP liability regime, given a fixed access fee a and the probability of no accident p=[p.sub.1][p.sub.2], the second-stage Nash equilibrium is the optimal fee f and threshold consumer b* as

(9) f = (b + (L-k)(1-p) + a)/2, and

(10) b* = (b + (L + k)(1 -p) + a)/2.

Then, in the first stage, the IPP and the FPP solve the following problems respectively:

[mathematical expression not reproducible]

The first-order conditions for the problems are as follows:

(11) [mathematical expression not reproducible]

(12) [mathematical expression not reproducible]

The first-stage equilibrium of the probabilities of successful transactions is in Proposition 2.

PROPOSITION 2. Under the FPP liability regime, if there exists a Nash equilibrium [mathematical expression not reproducible] with interior values [mathematical expression not reproducible] > p and [mathematical expression not reproducible] > p, it satisfies the following system of equations:

(13) [mathematical expression not reproducible]

(14) [mathematical expression not reproducible]

The conditions under which the first-stage game has an interior solution are quite restrictive compared with the IPP liability regime. The problem of the IPP, given [p.sub.2], is uniquely determined as the marginal benefit is fixed. The FPP's marginal benefit, given [p.sub.1], is linear in [p.sub.2] with positive slope, which is

[mathematical expression not reproducible]

at [p.sub.2] = p. Note, however, that its sign may be negative. Whether it has an interior solution, given [p.sub.2] depends on the shape of C' ([p.sub.2]) and parameter values. When b--a is small and/or L + k is large, with C' ([p.sub.2]) being relatively less convex, the marginal cost may be higher than the marginal benefit for small [p.sub.1], in which case, the FPP does not invest at all and [mathematical expression not reproducible] can be p. A sufficient condition under which the subgame perfect Nash equilibrium with positive investments by both service providers exists is C that is sufficiently convex and satisfies 0 = C' (p) < [mathematical expression not reproducible]

Propositions 1 and 2 show that the incentives for antifraud investment still differ between the IPP and the FPP even after controlling the liability. This asymmetry is closely related to the fact that the FPP has the option to choose the user fee. To see this intuitively, note first that the antifraud investment, or raising the probability of a successful transaction, has two effects. On one hand, it expands the user base (indirect effect), and on the other hand, for the liable participant only, it reduces the expected loss from fraudulent transactions (direct effect). The indirect effect is, however, different between participants because, as the user base expands due to the reduction of fraud risk, the IPP's profit increases linearly, but that of FPP increases quadratically. That is, the marginal indirect effect is constant for the IPP but positively linear for the FPP. This result implies that under the IPP liability regime, both participants' marginal benefit increases in their own investment: for the IPP due to the direct effect, and for the FPP due to the indirect effect. However, under the FPP liability regime, the marginal benefit for the IPP is constant. This difference results in the difference in the best response functions, and thus the equilibrium.

From Proposition 2, it is straightforward to reach the following corollary:

COROLLARY 2. Under the FPP liability regime, the equilibrium investment increases in maximal user benefit b and size of liable loss L, but decreases in access fee a.

C. Analysis

We already know that consumer welfare is greater under the IPP liability regime from the value of equilibrium user fee f* and threshold type b* given identical probabilities of a successful transaction. We now compare the investments, or the probability of successful transactions, between the two regimes. Under the IPP liability regime, as expected, as long as the mount of the liability is sufficiently large, the IPP invests more. This result is due to the fact that the marginal benefit of the IPP is higher than that of the FPP given the other service provider's level of investment, which leads to the higher best response function of the IPP compared to that of the FPP. The following proposition summarizes the results.

PROPOSITION 3. Suppose that L is sufficiently large, the cost function is symmetric, and parameters in the model satisfy the conditions required in Proposition I. Then, under the IPP liability regime, the IPP makes more antifraud investment than the FPP.

In contrast to the IPP liability regime, the answers for who would invest more and which regime would lead to more investments are not determined uniquely under the FPP liability regime. Let us compare [mathematical expression not reproducible] and [mathematical expression not reproducible] in Equations (11) and (12). [mathematical expression not reproducible] for [p.sub.2] = p has a higher slope than [mathematical expression not reproducible] (p) for p} = p, while

[mathematical expression not reproducible] has a higher slope than [mathematical expression not reproducible]. Thus, the relative values of [mathematical expression not reproducible] and [mathematical expression not reproducible] are not determined in a simple way, contrary to the case of the IPP liability regime in Proposition 3.

The order of equilibrium investment, or the probability of a successful transaction, by regime and provider can be easily analyzed when p is sufficiently high but strictly lower than 1. In this case, the equilibrium probability of a successful transaction [mathematical expression not reproducible] would approach 1, but C' ([mathematical expression not reproducible]) would change greatly with a small change in p . The results of the analysis are presented in the following proposition.

PROPOSITION 4. Suppose that p is sufficiently high but strictly lower than 1 and b/2 > [k.sup.2]/L. Let [mathematical expression not reproducible]. and [mathematical expression not reproducible] (J = 1, 2) be the equilibrium probabilities of a successful transaction under the IPP and the FPP liability regime, respectively. If the probabilities are all interior, then they are determined based on the value of a as follows:

(i) [mathematical expression not reproducible]

(ii) [mathematical expression not reproducible]

(iii) [mathematical expression not reproducible]

The amounts of investment are sufficiently greater under the FPP liability regime in case (ii), and undeterministic in cases (i) and (iii).

Proposition 4 shows that the incentive for antifraud investment is aligned with the liability imposed under the IPP liability regime, but not always under the FPP liability regime. When the access fee is extremely high, it is possible that the IPP invests more even under the FPP liability regime. This is due to the asymmetry between participants due to the FPP's ability to choose the user fee f, as discussed in Proposition 5. Note also that when the access fee is too high, there is a possibility that the equilibrium lies at the corner, in which case, the FPP does not invest at all.

Proposition 4 also sheds some light on the overall welfare effect of the liability regime. When the access fee is too high or low, the FPP liability regime would not be desirable for cases where, for example, one participant has strong bargaining power over the other. In contrast, when the access fee is not too high or low, each participant's level of investment would be higher under the FPP liability regime under some conditions, which are easily satisfied when the size of liability L is sufficiently high relative to k. In this case, the overall probability of a successful transaction, p = [p.sub.1][p.sub.2], is higher under the FPP liability regime. Given that the level of antifraud investment is mostly socially suboptimal under the IPP liability regime, we can argue that the FPP liability regime is superior in terms of reducing the fraud risk in this case.

IV. EFFECTS OF INDIRECT REVENUE

Most FinTech payment service providers gain revenue in addition to, or sometimes other than from, user fees, either from complementary sales of their products (e.g., Apple, Samsung), or from utilization of the payment/transaction information of the users (e.g., Google, Alipay in China). In these cases, the FPP would be more interested in increasing the user base of its service than increasing the fee revenue, which may affect the incentive to invest in reducing fraudulent transactions.

We assume that the indirect revenue is constant per transaction, which is denoted by y. We first consider the IPP liability regime. Under the IPP liability regime, the profits of the two service providers are as follows:

(15) [mathematical expression not reproducible]

(16) [mathematical expression not reproducible]

In the second stage, the FPP solves the following problem given p:

[mathematical expression not reproducible]

Assuming [gamma] < b + k (1--p) so that the problem has the interior solution of b* [greater than or equal to] 0, the optimal user fee and corresponding threshold level of user benefit are as follows:

(17) [mathematical expression not reproducible]

Note that given the same p, the optimal fee is lower and the user base is bigger than those of the fee-based revenue case in Lemma 1. This result is not unintuitive in that the FPP puts more emphasis on increasing the user base with the indirect revenue model. In the first stage, the

IPP and FPP solve the following problems for p-given [p.sub.-j]:

[mathematical expression not reproducible]

The first-order condition gives (18) [mathematical expression not reproducible]

(19) [mathematical expression not reproducible]

The equilibrium of the first-stage game [mathematical expression not reproducible] is determined by the first-order conditions above.

Now, consider the FPP liability regime. Under this regime, the profits for each service provider are

[mathematical expression not reproducible]

[mathematical expression not reproducible]

and the second-stage optimal fee f* and the threshold level of user benefit b* are

(20) [mathematical expression not reproducible]

respectively. The first-stage problems for each service provider are

[mathematical expression not reproducible]

The first-order conditions, which lead to the first-stage equilibrium, are then

(21) [mathematical expression not reproducible]

(22) [mathematical expression not reproducible]

The analysis up to now is summarized in the following proposition:

PROPOSITIONS. Suppose that the assumptions in Proposition 1 and Proposition 2 are satisfied. Then, under the IPP liability regime, there exists a Nash equilibrium [mathematical expression not reproducible], which satisfies

(23) [mathematical expression not reproducible]

(24) [mathematical expression not reproducible]

Under the FPP liability regime, if the equilibrium [mathematical expression not reproducible] is interior, it satisfies

(25) [mathematical expression not reproducible]

(26) [mathematical expression not reproducible]

The effect of indirect revenue is basically the same as the increase of maximal user benefit b. In this line, the conditions for interior equilibrium are more easily satisfied with indirect revenue than without it. Thus, the proof of Proposition 5 is the same as that of Proposition 1 and Proposition 2. Note, however, that under the FPP liability regime, even in the case of the corner solution for the FPP without indirect revenue [mathematical expression not reproducible], it is possible that we have an inner solution with indirect revenue, that is, [mathematical expression not reproducible].

To see the effect of indirect revenue under the IPP liability regime, compare first-order conditions (5) and (6) with (18) and (19). With indirect revenue, the marginal benefits for j, [mathematical expression not reproducible] and [mathematical expression not reproducible], increase given [p.sub.-j] which implies that the best response function moves upward with the indirect revenue. This results in increases in equilibrium probability choices [mathematical expression not reproducible] and [mathematical expression not reproducible] respectively. However, under the FPP liability regime, when comparing first-order conditions (11) and (12) with (21) and (22), the marginal benefit for the FPP increases but does not change for the IPP. Thus, the best response function for the FPP moves upward but stays the same for the IPP. Still, as the best response function for the IPP has a positive slope, the equilibrium probability [mathematical expression not reproducible] is higher with indirect revenue than without it, but the effect would be smaller under the IPP liability regime. The effect of indirect revenue under different liability regimes is illustrated in Figure 2. BR: is the best response function for j without indirect revenue, [BR.sub.j] is with indirect revenue, and E and E are the corresponding equilibria. The arrow indicates the effect of indirect revenue on equilibrium [mathematical expression not reproducible].

The discussion so far leads to the following proposition.

PROPOSITION 6. When the FPP makes revenue other than from the user fee, under both liability regimes, both the IPP and FPP invest more. The degree to which the investment increases is higher under the IPP liability regime than under FPP liability regime.

V. CONCLUSION

In this paper, we have analyzed a model of a vertically separated payment platform to characterize antifraud investment decisions in equilibrium. The model reflects an industry environment where the user fee is determined by an FPP, which in turn pays a fixed access fee to an IPP. We also specify the model so that the probability of a security incidence increases with the FPP's involvement in the FinTech payment service, adding an additional layer to the payment scheme makes the system more vulnerable to security incidence.

We show that under the IPP liability regime, both service providers make some investments within a reasonable range of parameters, and the IPP generally invests more. In contrast, under the FPP liability regime, a range of outcomes from no investment by the IPP to more investments by both providers can be observed, depending on the level of the access fee and/or the size of liability loss.

We also find that under the IPP liability regime, the IPP generally invests more, but under the FPP liability regime, who invests more depends crucially on the access fee the IPP receives; when the access fee is small, the FPP invests more, while the IPP invests more when the access fee is sufficiently high. When the access fee is in the mid range, the FPP liability regime is superior in terms of antifraud investment and resulting probability of a successful transaction, but its superiority is not definitive in other fee ranges. Finally, it is shown that, when the FPP can raise indirect revenue from the convergence of the payment and its own platform business, both the IPP and FPP invest more and consumer welfare is enhanced. However, the increase in investment is greater under the IPP liability regime due to the complementarity of the investments.

The results provide some policy implications. First, under the FPP liability regime, when the access fee is too high, particularly the FPP chooses a socially suboptimal level of antifraud investment. In this situation, mandating security investment and/or regulating the access fee may be necessary. Second, when the access fee is not so high and the amount of liablity loss is large, the FPP liability regime is superior in terms of security investment, and the authorities may need to induce such a liability regime in this case, as the IPP liability regime is the de facto standard as stated in the introduction. However, when the FPP raises indirect revenue from its own platform business, the IPP's security investment may be suboptimal as we analyzed in Proposition 6.

In our model, we assume the indirect revenue is constant per consumer. This specification fits well for complementary sales business models such as Samsung Pay and Apple Pay, but may not when the indirect revenue comes from the usage of user information (information-based business models), as is the case with Google Wallet/Android Pay. This is because, in the latter case, the FPP can make differentiated indirect revenue from users, depending on their "type," or preference for using FinTech and other ICT services.

For a further discussion, we slightly modify the profit functions to analyze the effect of the type-dependent indirect revenue for the FPP. Suppose that the indirect revenue per consumer is proportional to the user benefit as

[mathematical expression not reproducible]

[mathematical expression not reproducible]

under the IPP liability regime where 0<8< 1, and

[mathematical expression not reproducible]

[mathematical expression not reproducible]

under the FPP liability regime.

The optimal user fee and corresponding threshold user given the first-stage investments are then

(27) [mathematical expression not reproducible]

under the IPP liability regime, and

(28) [mathematical expression not reproducible]

under the FPP liability regime.

Compared with the result in the case without indirect revenue in Lemma 1 and Lemma 2, the user fee is lower and the user base is larger (the threshold level of user benefit is lower). This implies that the qualitative results in Proposition 6 hold in this case.

It is difficult to compare the two indirect revenue cases in terms of antifraud investment, mainly because the marginal revenue depends on relative values of y and 8. However, we can reach one interesting result. Suppose that, for comparison, the total revenues from the two models are the same when all consumers are served, that is, b = 0. Then, we have [gamma] = b[delta]/2. With these parameters, the optimal threshold level of user benefit in information-based business model ((27) and (28)) is lower than those in the complementary sales business model ((17) and (20)) under both liability regimes. That is, the user base is larger in the former case than in the latter case. Intuitively, this is because, in the information-based business model, the FPP is at least partly able to discriminate between consumers through its own business model, which enables it to expand the optimal user base. Then, since the IPP cares about the user base only under the constant access fee environment, the conflicting interests between IPP and FPP would be less severe in the information-based business model than in the complementary sales business model.

The result, however, stands in contrast to the observation from the market. Google Wallet, launched in 2011, has never gained any momentum partly because banks are reluctant to share consumers' payment information with Google. In contrast, Apple Pay, launched in 2014, does not keep such information and has been more successful. (11) One possible explanation is that under the IPP liability regime, which currently prevails, the information-based business model needs to allow the FPP to access at least some of the information held by the IPP and thus places a greater burden on the IPP than the complementary sales business model. If this is the case, it would be beneficial to allow parties to choose the FPP liability regime, and lessen the burden on the IPP, to make cooperation between the IPP and the FPP more viable.

There are a few issues that we do not consider in the theoretical analysis. First, the model in this paper is based on the assumption that the antifraud investments by two service providers are strategic complements. This assumption, however, may not always be applicable. For example, Varian (2004) considers three ways that efforts exerted by participants of the system affect the system reliability: total efforts, weakest link, and best-shot. We discuss only a version of weakest link case, leaving the other two cases to be applied in future studies. Intuitively, with the best-shot case, the antifraud investments by participants would be strategic substitutes, implying that free-riding problems would be more pronounced.

In addition, for tractability of the analysis, we simplify the vertical structure, abstracting several issues. We assume that the access fee is given, which is the case when there is strong competition between IPPs, or when the fee is regulated. If this is not the case, the IPP may have market power to increase the access fee above the competitive level. Then, the double marginalization problem may occur, which would result in narrower user base and suboptimal level of investment. In another situation, the IPP and FPP bargain over the access fee, and the surplus from the FinTech payment service is divided between the IPP and FPP.

We also abstract the two sidedness of the payment platform by assuming no cross externality and perfect pass through. With this abstraction, we leave out the analysis on the effect of the fees charged on consumers and/or merchants, as research on the inefficiency that ensues due to price distortion, which is one of the most important issues in payment systems, is beyond our primary focus. We leave these issues for future research.

REFERENCES

Anderson, R., and T. Moore. 'The Economics of Information Security." Science 314(5799), 2006, 610-13.

Armstrong, M. "Competition in Two-Sided Markets." The RAND Journal of Economics, 37(3), 2006, 668-91.

Buehler, S., A. Schmutzler, and M.-A. Benz. "Infrastructure Quality in Deregulated Industries: Is There an Underinvestment Problem?" International Journal of Industrial Organization, 22(2), 2004. 253-67.

Creti, A., and M. Verdier. "Fraud, Investments, and Liability Regimes in Payment Platforms." International Journal of Industrial Organization, 35, 2014, 84-93.

Hirshleifer, J. "From Weakest-Link to Best-Shot: The Voluntary Provision of Public Goods." Public Choice, 41, 1983, 371-86.

Hwang, S., D. Kim, and S. Lee. Industry Issue: FinTech Industry. Seoul, Korea: Kyobo Securities Research Center, 2015.

Jun, J., and E. Yeo. "Entry of FinTech Firms, and Competition in the Retail Payments Market." Asia-Pacific Journal of Financial Studies, 45, 2016, 159-84.

Kahn, C, and W. Roberds. "Credit and Identity Theft." Journal of Monetary Economics, 55, 2008, 251-64.

Paglier, J. "Apple and Banks Dismiss Apple Pay Fraud Worries." CNN Money, March 18, 2015.

Papaioannou, S. K. "ICT Diffusion across US and EU Industries: Does Upstream Regulation Matter?" Economics Utters, 156,2017, 102-5.

Roberds, W., and S. L. Schreft. "Data Breaches and Identity Theft." Journal of Monetary Economics, 56(7), 2009, 918-29.

Rochet, J.-C. "Competing Payment Systems: Key Insights from the Academic Literature." Payments System Review Conference. Reserve Bank of Australia and the Centre for Business and Public Policy, Melbourne Business School, 2007, 5-18.

Rochet, J.-C, and J. Tirole. "An Economic Analysis of the Determination of Interchange Fees in Payment Card Systems." Review of Network Economics, 2(2), 2003, 95-124.

--. "Must-Take Cards: Merchant Discounts and Avoided Costs." Journal of the European Economic Association, 9(3), 2011,462-95.

Sanyal, P., and S. Ghosh. "Product Market Competition and Upstream Innovation: Evidence from the US Electricity

Market Deregulation." Review of Economics and Statistics, 95(1), 2013,237-54.

Schreft, S. L. "Risks of Identity Theft: Can the Market Protect the Payment System?" Economic Review, 2007, 5-40.

Sullivan, R. J. "The US Adoption of Computer-Chip Payment Cards: Implications for Payment Fraud." Economic Review, 2013.

Tsukayama, H., and S. Halzack. "Apple Pay's Pitch: Simpler Is Better. But Some Security Experts Disagree." Washington Post, March 26, 2015.

Varian, H. R. "System Reliability and Free Riding," in Economics of Information Security, edited by L. J. Camp and S. Lewis. New York: Springer Verlag, 2004, 1-15.

SUPPORTING INFORMATION

Additional supporting information may be found online in the Supporting Information section at the end of the article.

Appendix S1. Proofs

KYOUNG-SOO YOON and JOOYONG JUN (*)[iD]

(*) The initial version of this paper was posted as Bank of Korea Working Paper 16-12. The authors greatly appreciate valuable comments from Jaejoon Han. Kyusoo Kim, Francisco Rodriguez-Fernandez, and other seminar participants of the WEAI-IBEFA and ASLEA conferences held in 2016. The financial support from the Bank of Korea should also be acknowledged. All errors are our own.

Yoon: Assistant Professor, Department of Economics, Daegu University, Gyeong-san, Gyeongsangbuk-do 38453, Korea. Phone +82-53-850-6215, Fax +82-53-850-6279, E-mail yoonks@daegu.ac.kr

Jun: Corresponding author, Assistant Professor, Department of Economics, Dongguk University, Jung-gu. Seoul 04620, Korea. Phone +82-2-2260-3310, Fax +82-2-2290-1464, E-mail jooyong@dongguk.edu

ABBREVIATIONS

FPP: FinTech Payment Service Provider

ICT: Information and Communication Technology

IPP: Integrated Payment Service Provider

VAN: Value Added Network

(1.) For example, a sudden increase of fraud related with Apple Pay was a big issue in March 2015. At one point, a mobile payments advisor stated that "6 percent of Apple Pay purchases are completed with stolen cards" (Tsukayama and Halzack 2015) while others dismiss such claims (Paglier 2015).

(2.) https://letstalkpayments.com/banks-ready-take-fraud-liability-apple-pay/.

(3.) https://www.cnbc.com/2015/03/04/whos-at-fault-in-apple-pay-fraud-apple-or-banks.html.

(4.) For a more general specification of the user benefit, see Rochet and Tirole (2003) and Rochet and Tirole (2011).

(5.) We want to emphasize that b is not probabilistic, but is an idiosyncratic benefit usually found in models of vertical differentiation. Let the cumulative distribution function of b be H(b) = (1 / b) 1 \0,[bar.b]\ where 1(*) is the indicator function. Then, H(b) is equivalent to [bar.b][??](b). We cannot normalize the size of the benefit [bar.b] because it would affect the "total" benefit created and the decisions of market participants. We appreciate an anonymous referee for this clarification.

(6.) In reality, it is rare for consumers to explicitly pay the surcharge for using the payment service. We interpret the user fee as being paid by merchants, which is eventually reflected in the price under the complete pass-through assumption.

(7.) The early version of the paper presented the model with a more general probability function p([e.sub.1], [e.sub.2]) without separability. The simplified assumptions help us to derive a closed form solution and clear implications from the results. Note, however, that the early version differs from this paper in the revenue sharing rule as well.

(8.) Most results hold with the quasi-convexity of C instead of its convexity.

(9.) It would be more natural to assume the disutility is increasing convex (d > 0, d > 0) because as the probability of such accident increases, the reliability of the payment system may be increasingly disrupted. However, the linear assumption, which is introduced for simpler analysis, does not affect the qualitative results.

(10.) The formal proofs of this result and all other results are available in Appendix S1, Supporting information.

(11.) Like Apple, Google also has its own tokenization technology, called Host Computer Emulation, which isolates the payment information from a device. Google did not, however, adopt it until the launch of Android Pay in 2015. Some argue that Google's advertisement-based business model hindered the adoption of tokenization technology (Hwang, Kim. and Lee 2015).

doi: 10.1111/coep.12281

Printer friendly Cite/link Email Feedback | |

Author: | Yoon, Kyoung-Soo; Jun, Jooyong |
---|---|

Publication: | Contemporary Economic Policy |

Article Type: | Report |

Date: | Jan 1, 2019 |

Words: | 7733 |

Previous Article: | THE REGULATION OF MORTGAGE SERVICING: LESSONS FROM THE FINANCIAL CRISIS. |

Next Article: | IS FULL EFFICIENCY ACHIEVABLE? AN EMPIRICAL STUDY OF THE BANKING INDUSTRY IN TAIWAN. |

Topics: |