NACHA’s Phixius is a new service for the exchange of the information about a payment between the sender and receiver. Take a listen to Payments on Fire® host George Peabody as he discusses Phixius with NACHA Advisor Peter Tapling. He helps us understand Phixius, how it works and where it applies. It’s a compelling idea.

One of the long standing shortcomings in payments systems has been the degree to which the data about a payment can be shared. If we can share the data about the payment, to have it run alongside the payment instructions, then we can do things like:

  • Streamline bill payment
  • Streamline supply chain payments
  • We are able to get away from sharing bank account information
  • We can check the status of accounts, regardless of financial institution

One of the advantages of check payments is that, when physically mailed, the letter can contain the check as well as an explanation of what that check is paying for, perhaps including copies of all the invoices. That data is hugely important to the supplier.

This payments metadata, the data that describes what a payment is for and all of the conditions around a transaction, is hugely valuable. Both the sender and receiver need it. It is used by every accounts payable and receivable department. Sure, it’s great to get paid. But without the metadata, it can be difficult to know the account to credit or to know which invoice, or invoices, the payment applies to.

Communication of payment metadata has been a bear. Some payment rails, wires for instance, have little or no ability to carry data beyond what’s needed for the payment itself. The card rails have only limited descriptive capability. ACH messages have some data carrying capability but usage has been limited.

Many of today’s realtime system like the UK’s Faster Payments and the RTP Network in the US use the rich encoding capability of ISO 20022 to represent the metadata. That’s a big improvement on how to represent payment metadata.

Another reason communicating this information has been difficult is the reality that today, when this data is shared, it happens as a result of a bilateral connection via API. A service provider attempting to bridge this data gap would have to have dozens and dozens of these bilateral API relationships, if not hundreds, to reach all participants in a major industry segment such as automobile or aircraft manufacturing. That’s impossible.

NACHA, rule making body of the US ACH system, has a role to play here because the ACH carries 62% of payment volume, excluding wires of course, and 66% of supplier payment volumes.

Recognizing that role, NACHA has made an out-of-model move with the introduction of its Phixius services. NACHA is now the operator of a system that carries payment metadata regardless of which payment system actually moves the money. Phixius could be useful in wires, RTP Network, Zelle, ACH, and even cards.

Phixius sits in between financial institutions, payments services providers, and others that provide payment services, to serve as a hub for the sharing of payment information. Each party connects to Phixius just once, eliminating the need for one-to-one integrations. Phixius refers to these stakeholders as credentialed service providers.

Phixius is defining operating rules and data requirements for individual uses cases.

Phixius uses distributed ledger technology to build trust among its participants in the data shared over the system. Phixius itself does not store the data nor does the distributed ledger contain the data about the transaction. It only contains a unalterable mathematical representation of the fact that the sending and receiving parties vouch for the data and agree on how it is used. The ledger can be audited by Phixius and the two parties involved in the transaction. But another node on the network could not interrogate the ledger to determine who is trading with whom.

So, it’s refreshing to see an instance of blockchain technology doing useful work, at scale, that has nothing to do with cryptocurrencies.

NACHA designed Phixius. It recruited important users of the system. Phixius is live in pilot and a broader rollout is scheduled in Q4 or Q1 of 2021.

NACHA is not a well heeled organization with tons of money to market the Phixius brand to the fintech and financial institution communities. The idea is compelling but, as a network build, faces an adoption curve that will be climbed on the strength of that idea.

Direct download: EP131_Phixius.mp3
Category:general -- posted at: 5:43pm EST

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

 

Privacy.

It’s a huge issue. Many of us are concerned as individuals with how our personal data - our personally identifiable information or PII - is shared by social media and throughout today’s massive data ecosystem without our knowledge or without our case by case granting of permission.

As a result of those concerns, various jurisdictions around the work have enacted privacy-focused legislation that has teeth. The EU’s General Data Privacy Regulation (GDPR) focuses on data protection and privacy where consent for PII is required. It also addresses data domicility, where the data about an EU system must reside. GDPR applies to entities doing business in Europe - i.e. it applies to thousands of US companies.

In the US, one of the leading regulatory steps is on the ballot this year in California. Its proposed data privacy regulation, the California Consumer Privacy Act (CCPA), would provide for:

* The right to know about the personal information a business collects about them and how it is used and shared;
* The right to delete personal information collected from them (with some exceptions);
* The right to opt-out of the sale of their personal information; and
* The right to non-discrimination for exercising their CCPA rights.

Any business doing business in CA will be affected by the CCPA, including data brokers.

These regulations are an attempt to return a measure of control to individuals over the sea of personal data that makes it possible, for instance, for an entity to correlate the data of a handful of payment transactions to identify an individual with high confidence.

The ramifications of these regulations are many. In this podcast, we hear of how a Midwest bank, that does not business itself in the EU, became subject to GDPR regulations because of the activities of one of its clients.

We are living in a world where the social implications of wide data sharing are obvious.

What’s not so clear are the business ramifications of privacy regulations and the data custodianship they demand.

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

We are at the beginning of a decades long evolution of how privacy is supported and data is managed. Shaping that path will be regulations, the decisions reached through multiple lawsuits, and the response by technology and data providers.

Direct download: EP130_Spirion.mp3
Category:general -- posted at: 2:18pm EST

1