10 min read

The evolution of P2P transactions: a comprehensive guide

Banking

Big Data

eCommerce

FinTech

Trends

Modern technology has made transferring money much easier – now, shopping globally is a matter of a couple of button-taps.

And it’s not just FinTech startups and eCommerce platforms that offer more convenient experiences. Legacy banks are also seeking ways to transform the landscape of monetary transactions, simplifying and revolutionizing how we handle money.

But the field is not without its challenges. So today, we break it all down – the mechanisms, challenges, and innovations that shape P2P transactions worldwide today.

A closer look at the transaction process

Before we talk about more complex ideas, let’s see how P2P transactions work. Contrary to the logical belief, it’s more complicated than just taking money from one bank account and placing it into the other.

P2P, or peer-to-peer transactions, represent a direct exchange of funds between individuals (peers), bypassing traditional financial intermediaries. The process includes two parts: clearing and settlement, which help to keep clear records of transactions and accurately transfer funds from countless transactions happening throughout the day.

Clearing

Clearing is the process of validating transactions’ details, which includes identity verification, liquidity checks, and data aggregation. Since the banks handle many transactions throughout any period of time, most of them are consolidated into a single amount during the clearing process. Let’s break it down in more detail:

Initiation. During this stage, bank A initiates the transfer to bank B through a request from a client of bank A to send funds to a client of bank B;
Verification. The banks validate the transaction, making sure that their customers have sufficient funds in their accounts and confirming their identities;
Transmission of instructions. Bank A sends a payment instruction to bank B, which includes all relevant details such as the amount to be transferred, account numbers, and any other necessary information;
Interbank communication. Two banks communicate through a secure network on transaction details. This way, they can check if they have consistent and accurate information.

Settlement

Having all the required information, the banks can exchange funds. That process is called settlement, where the banks use aggregated transaction data through a set period and just exchange the difference of those transactions. It happens through several stages:

Fund transfer. Settlement is the actual transfer of funds from bank A to bank B. Bank A will debit its account and send instructions to the central bank to credit the account of bank B. For instance, if bank A had to transfer the total amount of 300 to bank B for the day, and bank B had to transfer the 350 to bank A, bank B just sends the difference – 50 – to bank A.
Transfer confirmation. Once the central bank processes the instructions, bank A’s account is credited with the amount. Bank A then confirms the receipt of the funds.
Account update. Both banks update their customer accounts accordingly. Bank A will credit its customer’s account, and bank B will debit its customer’s account.
Transaction finalization. The transaction is finalized once all the above steps are completed successfully. Both banks maintain transaction records for reconciliation, auditing, and regulatory compliance.

The exchange of information between banks and other financial institutions is facilitated by the advanced technological infrastructure. Many big organizations use SWIFT – The Society for Worldwide Interbank Financial Telecommunication – to deliver transaction reports in a secure and standardized manner.

However, various countries have developed their own systems for P2P transactions, reflecting unique market demands and regulatory environments. For example, the UPI system in India allows instant P2P transfers via mobile platforms.

As we can see, clearing and settlement include a lot of information flowing between the actors. The complex nature of those processes is where many issues of P2P transactions stem from.

Navigating international P2P transaction challenges

International P2P transactions face numerous hiccups due to complex global financial infrastructures. The differences in technology and security standards of financial institutions across the globe contribute to transaction issues, increasing the time it takes for the funds to get to the recipient’s account and adding to the workload for finance professionals. Here’s a more detailed breakdown of the prominent P2P transaction challenges:

Data format discrepancies. Banks worldwide store their data in different formats, which they need to reinterpret to communicate with other banks. Because of that, misinterpretations and delays frequently occur;
Compliance complexity. To protect people from fraud, national governments impose security rules, which the local banks must comply with. When transferring money across countries, the banks have to conduct compliance checks, adding another layer of complexity to the whole endeavor;
Time zone constraints. By definition, international banks process transactions coming from different time zones. Given that they process them only during their working hours, customers often have to wait longer for the funds to reach the recipient;
Legacy technology. Many banks still rely on outdated technology to handle their workflows. Since they serve thousands of clients, from private individuals to large corporations, they cannot tolerate the downtime required to update their systems;
High funding cost. To perform a transaction, both parties involved need to have sufficient funds, which means banks are required to have substantial liquidity;
Intermediary inefficiency. Sometimes, a transaction might involve multiple intermediaries in a transaction chain, and that may lead to errors and delays;
Absent competition. There’s not much competition in interbank communication against institutions like SWIFT, Visa, and MasterCard. That means they have little incentive to evolve at a quicker pace.

Ensuring security in peer-to-peer transactions

Further technological developments and the COVID-19 pandemic have made organizations and customers more accepting towards all things digital. Businesses have built online stores or set up shops on social media platforms to reach their customers through geographical barriers. At the same time, more customers embraced the benefits of getting their food, entertainment, and goods online.Thanks to that shift, digital transactions between businesses and consumers are now ubiquitous, which has many fraudsters jumping at an opportunity. The data also reflects that: after costing at around $29 billion in 2019 and 2020, the value lost to card fraud grew to $33.45 billion in 2022, up by 15%. With more users getting affected by fraud, ensuring the security of P2P payments becomes paramount, and all actors involved in the financial operations take measures to protect the users.

PCI Security Standards Council

The Payment Card Industry Security Standards Council (PCI SSC) is a global organization that maintains, evolves, and promotes PCI standards for the safety of cardholder data across the globe. The council was founded by major financial institutions like Visa, Mastercard, American Express, Discover, and JCB in 2006 as a response to growing concerns around payment card security.The Council defines operational and technical requirements for organizations that handle branded credit cards, educates the stakeholders on the importance of protecting the cardholder data, provides security training, and works with the community to update the standards so that they can respond to new threats effectively. In terms of software development, PCI SSC also has a set of requirements for developers to comply with if they build apps that support online payments.

Payment Application Data Security Standard

The Payment Application Data Security Standard (PA-DSS) is a set of requirements that helps software vendors develop secure payment applications. The standards define the types of data the developers can and cannot store and allow them to comply with the Payment Card Industry Data Security Standard (PCI DSS).The standard prohibits the developers from storing sensitive cardholder data, including full magnetic stripe, CVV2, or PIN. It also requires the developers to regularly update the software to protect it from ever-emerging vulnerabilities, encrypt the cardholders’ data, limit businesses’ access to said data, monitor access to system components, and respond to suspicious activity.

Point-to-point encryption

Point-to-point encryption, or P2PE, helps protect the data from unauthorized access as it travels across data points. As cardholders make purchases, they transmit their information across bank and merchant networks, making it vulnerable to interception by third parties. Encryption makes the data unreadable as it travels to a secure decryption environment.Here’s a brief breakdown of how the P2PE process works:

Encryption at the point of sale. As soon as the cardholder swipes or taps their card on a payment terminal, P2PE technology encrypts their data. The sensitive data is converted into a complex code that is not easily decipherable;
Secure transmission. The encrypted data travels to the payment processor through the merchant’s network. Encryption guarantees that the data will not be compromised even if it is intercepted during this transmission;
Controlled access to decryption keys. Encrypted data requires decryption keys. The keys are kept in a highly secure, controlled environment, often managed by a third-party service provider. So, if a merchant’s system is compromised, the attacker won’t gain access to the keys and won’t be able to read the data;
Decryption in a secure environment. Just as the decryption keys are kept separately, the data is also decrypted only in a separate and secure environment. Usually, it happens within the payment processor or a similarly secure entity. The access to the environment is strictly controlled to prevent data leaks;
Data use and storage. After the decryption, the payment processors can use the data to handle payment. Their routine for handling and storing the cardholder data is also controlled by PCI DSS.

Overall, one of the main benefits of P2PE for merchants is that it significantly reduces the scope of their PCI DSS compliance. Since the cardholder data is encrypted and never exposed in their systems, they have fewer requirements to meet for a secure payment environment.

The abundance of P2P transaction methods

The evolution of P2P transactions has given users various ways to transmit funds. Each method can boast its own set of features, use cases, and conveniences, but it also comes with distinct security considerations.

Card-based transactions

Cards are among the most convenient cashless payment methods. As they continued to evolve, the ways of storing and transmitting cardholder data across merchant networks also changed, intending to strengthen payment security. The payment cards store the data on three carriers: magnetic strip, EMV chip, and RFID chip.

Magnetic strip cards. The card stores the data on a magnetic strip alongside it and transmits the information upon swiping the card on a POS terminal. These are less secure due to easy cloning of data;
EMV chip cards. The data is stored on a much more secure chip, which includes a cryptogram key that protects the cardholder’s data. The cryptogram key facilitates identity checks for the card and approval from the card issuer. Only the card issuer has access to the cryptogram key, which makes fraud significantly harder;
RFID chip cards. RFID chips allow for contactless payments, i.e. transmitting the data throughout the transaction without direct physical contact with a POS terminal. The data travels from the card to the merchant network when the card is in close vicinity (up to 4 cm or 1,5 inches) to the terminal. Systems like PayWave and PayPass use RFID or NFC technology for secure and fast transactions.

Tokenized transactions

With smartphones becoming the primary computing devices for a significant part of the world, FinTech vendors are looking for ways to make handling one’s finances even more seamless. Online banking is already a given for many people, but with certain technologies becoming more accessible, the world of P2P transactions is also catching up.

Modern smartphones and wearables from almost any budget come with an NFC (Near Field Communication) chip built into the motherboard. It enables data transmission in close vicinity between devices, just like RFID chips that you find on debit and credit cards. The hardware paved the way for the adoption of tokenized transactions, and now users can do away with their cards completely and pay for things by just tapping the POS terminal with their smartphone or watch.

Among the most popular tokenized payment systems are Apple Pay and Google Pay. However, many regional FinTech companies and banks offer their solutions primarily on Android, as it doesn’t restrict access to NFC for third-party applications. With tokenized transactions, users create a clone of their credit card stored on their phone or wearable. Each transaction is assigned a unique, encrypted token, ensuring that actual card details are not shared with the merchant.

Point of sale (POS) innovations

There is also the other end of peer-to-peer transactions to talk about. Point of Sale (POS) technology has seen significant technological innovations in recent years: hardware POS systems developed to support a growing variety of payment options, and Contactless Payments on COTS (Commercial Off-The-Shelf) solutions, also known as CPoC, emerged as an alternative. These innovations have transformed the way businesses conduct transactions and interact with customers.

Hardware POS

Hardware POSs are separate devices meant to receive and validate transaction information. Over the years, they have acquired several hardware components that allow them to receive payments from multiple sources: strip readers to interact with magnetic strips, EMV readers to recognize EMV chips, and NFC chips to receive tokenized transactions from smartphones and wearables. The downside of hardware POSs is the cost of the entire system: it ranges from $20 up to $1000 for an individual device and from $260 to $3400 for the device kit. In addition, the software that runs the whole thing must also be purchased for upwards of $400.

CPoC solutions

CPoC solutions are software-based POS systems that offer cost-effectiveness but vary in security and compliance needs. The concept includes using a separate device, like a tablet or a phone, with dedicated software installed that processes transactions. An NFC chip is utilized to read tokenized transactions, while credit card payments require a separate card reader that attaches to the device.

Software-based POSs are easily integrable so that retailers can build their payment ecosystem with contactless payment capabilities at a lower up-front cost. They can also benefit from vast customization options and support for on-the-go payments.

Alternative payment technologies

FinTech vendors also developed alternative payment methods for users’ diverse needs and preferences. These methods offer innovative ways to conduct transactions, leveraging technology to make payments more convenient and accessible.

Mobile-based solutions

In some regions, mobile phones use SIM cards as virtual EMV chips for transactions. Users can load their payment card details onto the SIM card and make contactless payments by tapping their smartphones on compatible POS terminals.

USSD-based payments

USSD (Unstructured Supplementary Service Data) is a protocol that allows users to access services through text-based menus on their mobile phones. Users can initiate payments, check balances, and perform other financial operations by sending USSD codes. The method enables transactions without an internet connection, which is crucial in less connected areas.

QR codes and 2D barcodes

QR codes and barcodes are widely used for payments in many Asian countries. Customers scan the code displayed by the merchant using their mobile banking apps or other payment apps to initiate transactions. It is a more accessible alternative to tokenized transactions: while they require an NFC chip to initiate a transaction, which many smartphones might not have, you only need a camera to scan the QR code. Using QR codes and barcodes, payment software providers cover a larger user base.

Sound-based payments

Sound-based payment methods use ultrasonic or audible sounds emitted by devices to transmit payment information. Users can make payments by placing their smartphones near the emitting device. This emerging technology is useful in areas with low smartphone penetration.

Open-source financial platforms

Open-source platforms, like Mifos-based payment hub, are engineered to empower organizations to quickly set up and manage their financial operations, providing customers with streamlined P2P transaction experience. Unlike traditional financial systems, which often involve lengthy and complex integration processes, open-source platforms can be implemented quickly. Relying on community-developed software, organizations can avoid the hefty fees of proprietary systems.

Conclusion: towards a seamless financial future

Peer-to-peer transactions continue to evolve to stay relevant in the dynamic field of consumer-oriented finance. From SWIFT-based international transfers to innovative FinTech solutions, the methods continue to adapt to offer customers convenient ways to pay and exchange money.

On the other end, the finance world has made significant investments in its infrastructure to prevent fraud. Continuous education, the establishment of up-to-date security standards, and technology like encryption have made leaps in securing customers’ funds. Still, staying on top of emerging vulnerabilities in this arms race is paramount to a safe financial environment. As the technology moves forward, the continued evolution of financial systems will make P2P transactions and financial services more accessible, secure, and efficient.

FAQ

How have P2P transactions evolved with technology?

P2P transactions have transitioned from direct funds exchanges to digitally facilitated transfers. The advent of technology has enabled instant, global transactions without the need for traditional banking intermediaries. Innovations like blockchain and mobile payment apps have further streamlined the process, making P2P transactions more secure, efficient, and accessible to a broader audience.

What role does the PCI Security Standards Council play?

The PCI Security Standards Council plays a critical role in enhancing cardholder data security across the globe. It develops and enforces standards, such as the PCI DSS (Payment Card Industry Data Security Standard), so that all entities that process, store, or transmit credit card information maintain a secure environment.

What future trends can we expect in the evolution of P2P transactions?

The future P2P transaction trends likely to shape this evolution include increased use of blockchain technology for enhanced security and transparency, greater integration of AI and machine learning for fraud detection, and the expansion of mobile payment solutions. Additionally, the rise of digital and central bank digital currencies (CBDCs) may offer new avenues for P2P transactions, further reducing dependency on traditional banking systems.

How can consumers and businesses stay secure while engaging in P2P transactions?

To stay secure while engaging in P2P transactions, consumers and businesses should prioritize using trusted platforms that implement robust security measures, such as encryption and two-factor authentication. Regularly updating software, being on the lookout for phishing attacks, and using strong passwords are also crucial practices. Additionally, it’s essential for businesses and software developers to be informed about the latest security recommendations provided by the PCI Security Standards Council.

Dmitry Nazarevich CTO

Date: Mar 25, 2024

Rate this article:

★★★★★ 4/5

4.8/5 (45 reviews)

Contact us

What happens next?

Having received and processed your request, we will get back to you shortly to detail your project needs and sign an NDA to ensure the confidentiality of information.

After examining requirements, our analysts and developers devise a project proposal with the scope of works, team size, time, and cost estimates.

We arrange a meeting with you to discuss the offer and come to an agreement.

We sign a contract and start working on your project as quickly as possible.

The evolution of P2P transactions: a comprehensive guide