Multi-sided payment platform using Blockchain and Open banking

(1)

EXAMENSARBETE INOM GRUNDNIVÅ, 15HP

STOCKHOLM, SVERIGE 2019

MULTI-SIDED PAYMENT PLAT- FORM USING BLOCKCHAIN AND OPEN BANKING

GEMENSAM

BETALNINGSPLATTFORM, MED HJÄLP AV BLOCKKEDJA OCH ÖPPEN BANKTEKNOLOGI

HAADI FEISAL

ULSBOLD ALTANGEREL

KTH

SKOLAN FÖR KEMI, BIOTEKNOLOGI OCH HÄLSA

(2)

(3)

Multi-sided payment platform using Block- chain and Open banking

Gemensam betalningsplatform, med hjälp av blockkedja och öppen bankteknologi

HAADI FEISAL

ULSBOLD ALTANGEREL

Examensarbete inom Datateknik

Grundnivå, 15 hp

Handledare på KTH: Anders Lindström Examinator: Ibrahim Orhan

TRITA CBH-GRU-2019:121 KTH

Skolan för kemi, bioteknologi och hälsa 141 52 Huddinge, Sverige

(4)

(5)

Abstract

There are various large competitors, dominating the digital payment market. These competitors acquire most of the customers, maintaining their dominant influence in the market by charging customers and merchant’s fees for mobile payments. The purpose of this study is to investigate and develop a payment system that connects various payment applications and bank services. This system is developed with the help of blockchain and open banking technology. The blockchain system is utilized as a secure universal database, while the open banking technology is used for transactions.

This study proposes an architecture for a multi-sided payment platform. The architecture follows the microservice design pattern which allows the components of the system to be individually developed and maintained. A prototype system was developed as a proof of concept for the architecture, proving the possibility of a multi- sided payment platform. The “ICA Handla” payment application and Nordea (open banking) system were used to connect to the prototype through gateway programs.

The purpose of gateway programs is to connect a mobile payment application or a bank service with the blockchain system. The multi-sided payment application creates opportunities in the digital payment market.

Keywords

Blockchain, open banking technology, mobile payment, TPP, multi-sided payment platform, real-time payment

(6)

(7)

Sammanfattning

Det finns flera dominerande konkurrenter på den digitala betalningsmarknaden.

Dessa företag har en majoritet av kunderna och upprätthåller sitt dominerande inflytande på marknaden genom att ta avgifter från kunder och handlare för mobila betalningar. Syftet med denna studie är att utveckla ett betalningssystem som ansluter olika betalningsapplikationer och banksystem med hjälp av blockkedjeteknik och öppen bankteknologi. Blockkedja-systemet används som en säker universell databas, medan den öppna banktekniken används för transaktioner.

Denna studie utvecklade en arkitektur för en gemensam betalningsplattform.

Arkitekturen följer ett mikro-tjänst designmönster vilket tillåter systemets komponenter att utvecklas och underhållas individuellt. En prototyp utvecklades som en konceptvalidering för arkitekturen, vilket bevisar möjligheten till en gemensam betalningsplattform. Betalningsapplikationen “ICA Handla” och Nordea öppen bankteknologi är anslutna till prototypsystemet via ett gateway program.

Syftet med gateway programmet är att ansluta mobila betalningsapplikationer eller banktjänster med en blockkedja-system. Den gemensamma betalningsapplikationer skapar möjligheter på den digitala betalningsmarknaden.

Nyckelord

Blockkedja, Öppen bankteknologi, mobil betalning, TPP, gemensam betalningsplattform, direktbetalning

(8)

(9)

Acknowledgement

We would like to give a special thanks to the people who have assisted us during this thesis. From Royal Institute of Technology, we would like to thank Anders Lindström, who have acted as our mentor and Ibrahim Orhan who is our examinator.

We would also like to thank Henrik Gradin from Centiglobe, who have assisted us whenever we needed help.

(10)

(11)

Glossary

PSD2 Revised Payment Service Directive TPP Third Party Provider

PIS Payment initiation Services Providers (PISPs) REST Representational State Transfer

JSON Javascript Object Notation

Client-Id The client ID is used to identify your application Client-Secret A secret generated string for the client.

External services Mobile payment applications, Open banking APIs EC2 Amazon Elastic Compute Cloud

MSP Multi-sided platform B2C Business-to-Consumer P2P Peer-to-peer

DLT Distributed Ledger Technology QR code Quick response code

(12)

(13)

1 Introduction

This chapter will cover the background, purpose and delimitations of this thesis.

1.1 Problem statement

The mobile payment industry is undergoing a technological expansion and is revo- lutionizing the method of payments. However, the digital payment market is domi- nated by large competitors. The following large competitors dominate the digital market in their respective country: AliPay in China, MobilePay in Denmark, Swish in Sweden and Pingit in the United Kingdom. These competitors acquire most of the customers, maintaining their dominant influence in the market by charging customers and merchant’s fees for mobile payments. These large players can charge any transaction fee, due to this, smaller payment applications find it harder to support their systems and compete in the market.

1.2 Purpose

The purpose of this study is to propose an alternative payment system that connects various mobile payment applications and banking services into one payment system with the help of blockchain and open banking technology. A prototype will be developed as a proof of concept for the proposed architecture.

1.3 Delimitations

The practical work of this thesis is limited to Nordea open banking technology. How- ever, the study will investigate other banks open banking technology.

This work will only cover the integration of the mobile payment application ICA Handla. The work will prove the concept that if it is possible to integrate with one application, then it is possible to integrate with other applications.

The application will not handle cryptocurrency. Centiglobe’s blockchain will be used and there will not be an implementation of a new blockchain system.

This study will not go into depth of investigating security in mobile payment solutions or open banking technology due to the broad area of the subject.

(16)

(17)

3

2 Teori och bakgrund

This chapter presents background and theoretical information necessary to review and comprehend this study.

2.1 Related works

This chapter will review related works done in the digital payment field with. There is a lack of previous work in purely technical integration of the blockchain technology combined with mobile payment platform and open banking. However, there are several studies and articles regarding those technologies individually.

2.1.1 Analysis of use cases of blockchain technology in legal transactions

The author U. Gallersdörfer of the study “Analysis of Use Cases of Blockchain Tech- nology in Legal Transactions” from the University of Munich [1], asked experts in the field of blockchain technology the advantages the blockchain technology brings. Ac- cording to the study, distributed ledger technology could prevent forgery. Transac- tions and information stored in the public ledger are immutable. Compared to a traditional payment provider, the blockchain technology process payments faster due to the absence of intermediaries. The transaction takes place within the blocks unlike traditional payment providers, the payment processed by various intermediaries.

The provider of the blockchain can offer lower payment fee, due to the absence of the intermediaries. However, some blockchain consensus algorithms result in waste of energy when computers solve complex mathematical problems in order to add a block to the blockchain. Computers require strong processing power to solve blockchain mathematical riddles, electricity is wasted in form of heat.

2.1.2 Blockchain technology in the financial markets

“Blockchain technology in the financial markets” is a study done by Gvidas Černeckis from Linköping University [2]. The purpose of the study is to increase the under- standing of distributed ledger technology and analyze whether or how the blockchain technology could streamline certain functions within the transaction chain regarding financial instrument. Financial instrument includes trading, clearing, settlement and account management. Below is a list of some possible efficiency enhancements the distributed ledger technology could contribute to the transaction chain regarding financial instruments [2]:

● Security

● Immediate settlement and reduced counterparty risks.

Database responsibility and delivery of information can be distributed to all participants within the DLT network, an attack against a node would not affect the system functionality, which reduces issue with single point of failure. Information registered inside a block within the blockchain technology cannot be changed afterwards, which makes it nearly impossible to corrupt the registered information in a form of cyber- attack.

(18)

DLT can improve safety in terms of registration of transactions and possibly prevent cyber-attacks. Settlement of transactions could be done faster in a DLT platform than the traditional two banking days. A distributed ledger technology could streamline settlement of financial transactions by shortening the clearing phase, in a normal bank transfer many parties are involved in conducting and approving transactions.

By excluding these parties, shorter settlement time is achieved.

The study mentions legal issues regarding the blockchain implementation in Swe- den. For example, responsibility and governance issues are important when considering a DLT solution. Intermediaries in today’s systems provide a clear role and responsibility. If a party makes a mistake that party becomes liable for the damages.

However, DLT is based on decentralization of systems without any central point that can be held responsible for system errors.

2.1.3 Mobile payment adoption

There are several mobile payment applications in the Swedish mobile digital payment market. However, over the years, due to competition in the digital market and customers reluctant to adopt to those services, some experienced bankruptcy and others taken out of service. David Lilliecrona & Fabian Sundelin, University of Borås [3] investigated beneficial factors that could increase consumer adoption of mobile payment services, in their study “Factors to consider when adapting to mobile payment”. For a mobile payment application reach a high volume of users, unique solution is expected. According to the study, if these factors are implemented, they will positively influence the consumer adoption of mobile payments [3]:

● Easy: Ease of use.

● Fast: Fast payment experience.

● Security: Increase of security, eliminate all threats and fraud.

● Payment option: Offer multiple payment options.

● Offer reasonable prices on services.

2.1.4 Platform design: market entry

Erol Kazan and Jan Damsgaard from Copenhagen Business School conducted a re- search digital payment application [4]. The study introduced a framework for digital payment applications. The goal of this framework is to fit digital payment platform designs and configurations on a comprehensive scale. Furthermore, the study analyzed digital payment market entry for digital payment applications. Erol and Jan implemented multiple comparative-case studies in a European setting with the pro- duced framework to analyze the market entry conditions. The study concluded an entry in the market is achieved through a good strategic platform design (platform development and API service distribution) and technology design (issuing evolution- ary and revolutionary payment instruments). Furthermore, the study concludes the connection between the core and adjacent platform markets can be bridged with API payment services. In doing so, the platform strengthens the market position in their respective core markets.

(19)

5

2.2 Mobile payment

Mobile payment is a payment service operated under the financial regulation. One of the main goals with the mobile payment system is to eliminate the necessity to pay with cash, cheque or bank card. Additionally, the consumer can purchase a wide va- riety of services, digital and hard goods by using the mobile device.

In developing nations, the financial services are extending due to the deployment of mobile payment solutions. Mobile payments are becoming key instrument for market participants, resulting in new growth of opportunities [5].

2.2.1 Multi-sided platforms

Multi-sided platforms (MSP) is a concept used to distinguish interactions between one or multiple customer groups with a system [6]. There is clear distinction between one-sided (enabling interactions between participants of one distinct group), two- sided (enabling interactions between participants of two distinct groups) and multi- sided (interactions between participants of more than two distinct groups) platforms.

Payment cards are traditionally launched and function as a two-sided platform that enable interaction between the merchant and the consumer. Mobile payments are a digital platform, facilitating interactions between various customers. One-sided mobile payment platforms facilitate interactions between peers (P2P). Two-sided mobile payment platforms facilitate interactions between consumer and business (B2C).

Unlike the payment cards platforms, the mobile payment platform is extremely scalable with high development costs and low marginal cost [6]. This means that when the payment platform is developed, the cost for implementing additional services is low. Hence the additional adoption of another platform affects positively on the value of the platform for the all affiliated constituencies [7].

As the platform enables multiple interactions and gains participants, the value of MSP increases [7]. The concept of same-side network effect is when consumers may find a service useful if similar consumers use the service as well. The concept of cross- side network effect is when users value the presence of another distinct group. For example, payment cards are two-sided platform due to interaction between the merchant and the card holder. More merchants will adopt this form of payment if the number of card holders increase.

2.2.2 Peer-to-peer mobile solutions

One-sided platforms facilitate interactions in one distinct group. Each user account is bound to user’s personal bank account. When a payment is executed the balance of the account is updated. In order to execute a payment, the sender must have suf- ficient funds in their personal account and access the recipient's address.

(20)

Swish enable transactions between two personal bank accounts. To complete a payment, the sender needs the recipient's phone number. The P2P payment functionality of the Swish application is one-sided. Swish has a same-side network effect.

Figure 2.1: Peer-to-peer payment.

The main challenge of a one-sided platform is to gain critical mass of users [6]. One- sided platforms tend to offer limited number of functionalities. Thus, due to the weak position, one-sided platforms are vulnerable to competition [8]. Without enough lock-in effects, the durability of one-sided platforms poses significant threat. On the contrary, if one-sided platforms gain critical mass of users, other platforms would want to gain access to the participants affiliated to the platform.

Failure during the authentication process is a common risk for P2P systems [9]. The user account may be accessed by an attacker, either by security breach or compromised phone. The attacker can transfer any value from the compromised account to another account. To reduce the risk for a compromised account, the platform may implement risk mitigation measures. Swish requires the user to verify their identity before transferring funds.

2.2.3 Business-to-consumer mobile solutions

Two-sided platforms facilitate interaction between a business and a consumer. Each user account is bound to user’s personal bank account. The balance of the user account is updated whenever a payment is done. In order perform a payment, the merchant is required be equipped with a hardware that is compatible with the consumers software.

Swedish retail business, ICA is equipped with QR-codes that is compatible with the ICA payment application. To complete a payment, the consumer scans the QR-code with the phone. Another example is a near field communication (NFC), where the

(21)

7

consumers device is required to be in range of the merchant hardware in order to perform a payment. These follow the cross-side network effect.

Figure 2.2: Business-to-consumer payment

Two-sided platforms face few other challenges due to the complexity of the platform design. One of the critical issues is to create new functionalities and services to create a strong lock-in effect to the first affiliated group of participants. The demand on one side tend to vanish without the demand on the other side, regardless price [10]. The platform needs innovation and offerings to ensuring and strengthening the platforms position.

2.2.4 Platform design: platform development and service distribution

The platforms can have open or closed development for third parties [11]. Closed development platforms exclude third parties from platform modification. Open development allow participation of third parties.

The service distribution of the platform can be moderated or unmoderated [11].

Moderated service distribution allows only authorized third parties from accessing the platforms API’s. Unmoderated service distribution allows third parties to access the platforms API without the platform’s approval.

(22)

In order to strengthen the platform, the platform owner can share the platform with third parties. To expand the services offered by the platform, third parties may access the API services after getting approval from the platform.

2.3 Open banking

Open banking technology is described as transition from closed to open systems. By sharing financial information with third parties, customers receive innovative banking services which will increase the digitalization within the banking sector [12]. In short, open banking is a bridge between third party providers and banks, open APIs are used to transmit financial data and services between the two entities. By relying on networks instead of centralization, open banking aims to diminish banks monopoly on customers data. Banks opening their APIs will increase competition in the market, this allows third party providers to develop innovative payment services that banks could not offer before [13]. Third party providers include [13]:

● Payment initiation services providers (PISPs): These can initiate payments on behalf of the customer. For example, a PIS allows consumers to pay companies through credit transfer directly from your bank account instead of using your debit or credit card. The credit transfer payment method used by PIS is much cheaper for the company receiving the payment than a credit card payment [14].

● Aggregators and account information service providers (AISPs): These can access customers bank information to analyze users spending behavior, give advice on how to manage their money and give an overview of available accounts and balances from different banks.

In 2015, the EU presented a new directive PSD2 (revised payment service directive) which obligates banks to grant third party providers access to customers financial data and payment infrastructure through open API’s. PSD2 was implemented 13 January 2018. Nevertheless, according to the government offices, PSD2 was delayed in Sweden and will be applicable latest May 2018 due to legislation issues [15]. The new directive focus is on improving innovation and facilitating payments. The goal is to secure and reduce expenses for consumers purchases in Europe [16]. PSD2 aims to give consumers better experience in the EU retail payment market.

2.3.1 Open API

Organizations with published open API documentation tend to simplify the access of customer data for developers. As mentioned in chapter 2.3, banks are legally obliged to open their APIs earliest May 2018 as the PSD2 regulations is implemented in Swe- den. Various banks have published documentations regarding the open banking technology. These documentations can be used by developers to gain a deeper un- derstanding on how the banks interface operates and functionalities that are available.

2.3.2 Nordea

Nordea was one of the first banks in Europe to consider the opportunities offered by the PSD2. Nordea launched their open banking in 2017 and has gained a lot of attention from developers [17]. Nordea open API is in production. Test data is available to

(23)

9

the public through a sandbox environment where developers can try existing and upcoming functionalities of the open API [18]. Furthermore, it allows developers to test and develop applications before requesting production access for the application in order to go live [18]. However, only few TPPs have access to live data of the open API. The bank must follow a timetable set by the PSD2 regulation in order to provide live data to all TPPs.

Nordea API utilizes REST, representational state transfer as a web service. Request towards the REST endpoint and response are sent in JavaScript Object Notation (JSON) format. The API consists of payment initiation services (PIS), account information services (AIS) and access authorization APIs. These services allow developers to initiate payments, get access to account list, account details and transaction history [18].

Nordea open banking has a rate limit of 5000 requests per day in total for all API endpoints. Each endpoint also has a specific request and time limit. Below is a list of limits [18]:

● Endpoint: /authentication Rate limit: 10 requests/minute.

● Endpoint: /accounts Rate limit: 100 requests/second.

● Endpoint: /assets Rate limit: 100 requests/second.

● Endpoint: /payments Rate limit: 100 requests/second.

2.3.2.1 Authentication and authorization

Security is an essential aspect for an API, it protects the API from attacks and elimi- nates threats. Nordea’s Open API is powered with well tested authentication and authorization schemes. Nordea’s Open API is built on OAuth [19]. OAuth is a standard authentication system that allows third party providers, with the permission of the resource owners (customers), to access their data without their credentials [19].

Figure 2.3: The OAuth 2.0 flow [20].

(24)

In order to consume the AIS and PIS API endpoints, the client (developer) need an access token. The client receives an access token, after the resource owner has au- thenticated and granted authorized access to their data. With the access token, the client can either initiate a payment or preview account details. For every request the client makes to the API, a set of headers must be included. The headers are, the Cli- ent-Id, Client-Secret and access token. The access token is used by the API to authenticate the client. The communication can’t be established without an access token [18]. The communication between the client and the API is secured by a transport layer security, which uses encryption to protect the privacy and integrity of the transmitted data.

2.3.3 Swedbank

In 2017, Swedbank released a BETA version of their open banking platform. The open banking platform went live on the 24th of January 2019, with over 2000 registered developers and third-party providers [21]. Like Nordea’s open banking platform, Swedbank authenticates and authorizes clients through the OAuth 2.0 model.

Swedbank support payment initiation API for PISP and account information API for AISP [21]. Swedbank’s open API is also implemented as a REST interface. Requests are sent and received in JSON format. A sandbox environment is available for developers to test their ideas. Developers can partner up with Swedbank to scale their application through production data.

2.3.4 SEB

SEB open API is like Nordea and Swedbank open API, licensed third-party providers can initiate payments and access data, used in statistics. SEB utilizes the OAuth 2.0 for authentication and authorization. SEB open API utilizes REST as an API interface and JSON-format for exchange of data. SEB also offers an API sandbox environment for developers to test and verify their applications. Developers can apply for access to production data [22].

2.3.5 Handelsbanken

Handelsbanken has not implemented an interface for open API. Like the bank services, mentioned above, Handelsbanken provides a sandbox environment for developers. Handelsbanken supports AIS and PIS operations and provides a REST interface alongside JSON-format for message exchange [23].

2.3.6 Other banks

Open banking is a worldwide movement. In Europe, numerous financial services have opened their API’s. The deadline for remaining banks to publish open API is set to September 2019. Countries across the border have also introduced the open banking initiative. To name a few, Canada, USA, The United Kingdom, and Australia.

All major banks mentioned above use similar techniques and operations for developers to integrate with their services. For example:

● OAuth 2.0 for Authentication and Authorization.

● A sandbox environment, for developers to test their data before requesting for production data.

(25)

11

● REST interface.

● JSON data format.

● Payment and Account API. However, not all banks provide access to Payment API yet.

SOAP and XML are alternative techniques used by the open banking technology.

However, due to the simplicity and wide acceptance, REST and JSON are used often.

2.4 Blockchain

Blockchain is a distributed database of records or a public ledger. The public ledger holds information on transactions or digital events that have been performed and shared among participating parties. Each transaction in the ledger is verified by the majority of the participants in the system. The blockchain saves every verified and confirmed record of a transaction made. The saved information becomes immutable.

The blockchain technology is applicable to every digital asset transaction made online [24].

Figure 2.4: A transaction getting registered on the blockchain.

Every participant, also known as nodes, in the blockchain network has the same ver- sion of the blockchain system. The blockchain system becomes decentralized. The decentralized system lacks a central point of control, this leads to better security and the system becomes reliable [24]. The blockchain technology enables distributed

(26)

consensus where every online transaction, past and present, involving digital assets can be verified without compromising the asset and parties involved. Each transaction is broadcasted to every node in the system and recorded in a public ledger after verification.

The blockchain system orders transactions by placing them in groups called blocks and links them together creating a chain of blocks. The blocks are linked in chrono- logical order with every block containing hash of the previous block [24]. The transactions in a block are executed at the same time. Due to various blocks being created by different nodes only one block is added to the chain. In order to add the block to the blockchain, the generating node must put enough computing resources into solv- ing a mathematical puzzle. This concept is called proof of work [25].

2.5 Comparison between centralized (Swish) and decentralized (blockchain) payment system

Swish is a mobile payment application, developed by the largest financial institutions of Sweden (Danske bank, Handelsbanken, Länsförsäkringar bank, Nordea, Spar- bankerna, Swedbank and SEB). The mobile solution was introduced in 2012 and quickly became popular. Swish functions as one application, however, the participating banks have the discretion to determine its own rules regarding fees, payment limit and age limits. Furthermore, users need their respective banks to register. De- spite these variations, the application is identical to all users regardless of which bank they are customers. Thus, Swish functionalities and features are negotiated upon by all participating banks. When agreed, the updates are released simultane- ously to all users. The need for coordination of the participating banks makes the process to introduce new features cumbersome and time-consuming. This restricts the platforms ability to introduce new services for the users.

The blockchain system can be viewed as a decentralized database or a public ledger.

The system registers public events or transactions as an immutable record in a block.

The block is connected to all previous blocks and is shared among all participating blockchain nodes on the network. The blockchain technology can be utilized as a decentralized payment system.

Compared to a centralized system such as Swish, a decentralized system is less prone to attacks. In order to tamper with the chain of blocks, the attacker must attack at least 51% [26] of the nodes and rewrite every block. This takes a large amount of time and resources. Lastly, compared to the blockchain as a payment system, Swish is regulated by the financial institutions and requires the cooperation of international banks in order to process international payments.

(27)

13

3 Method

This chapter presents and describes the possible methods and the method chosen for this thesis.

Three methods were considered. The first method of solution could be an extended literature study, where the study is based upon a large quantity of researched information. The second method of solution could be carried out by interviewing different blockchain and mobile payment companies and base the solution upon the inter- views. The third method of solution is to make a literature study and produce a prototype. In this study, the third method of solution will be used as it provides a con- crete result in a neutral environment. The first and second method of solution were disregarded as it only provides theoretical results.

3.1 System overview

Components were identified in order to break down the complexity of the payment system into manageable parts. In order to develop a multi-sided payment platform, the following are required: a gateway program, payment application and banking services. The gateway program is responsible for integrating various digital payment applications and banks with the blockchain system.

External services are various services that integrates with the multi-side payment platform. For instance, ICA Handla and Nordea open banking can be considered as external services. These services each represents a business use case, which is why a separate gateway program is required. Each gateway program needs to be loosely coupled and independently maintained. It’s important to reduce the risk that a change in one gateway program will not create unnecessary change in another.

The blockchain technology is utilized as a universal database. The security in the blockchain system prevents attackers to tamper with the history of transactions. The multi-sided payment platform must be capable of handling large amount of payment applications, both locally and international. Additionally, digital payment applications must trust that the multi-sided payment platform is a fair, secure and beneficial platform. Thus, the blockchain technology contains the solutions for the requirements.

3.2 Architecture

To develop a stable and scalable payment system, the architecture of the application is an essential point to consider. Due to the complexity and size of the potential payment system, the system must be organized. When selecting an architecture for the system, it’s important to take into consideration different aspects such as scalability, maintainability and economic (as these are essential to a payment system), these aspects help organize the software system. Below is a list that describes such aspects:

● Scalability: The system’s ability to be scaled across multiple servers and handle an increase of user request.

● Maintainability: The ability to modify the system or extend it.

(28)

● Economic: The expense of building and maintaining the system.

● The architecture must also fit the description of the system overview in the previous section.

3.3 Prototype

To support the architecture, a prototype was developed. This chapter will provide information regarding the prototype.

3.3.1 ICA API

ICA Handla is a Swedish digital payment application. This application will be used to integrate with the prototype system as an external service. ICA Handla uses REST service and JSON as a data exchange format. ICA Handla has a moderated service.

A proxy server was used to intercept and map privately owned data from ICA Handla API in order to analyze the API endpoints needed to make a payment.

3.3.2 Gateways

The task of the gateway system is to facilitate interaction between banking systems and payment applications with the multi-sided payment platform. In this prototype system, two separate gateway systems will be developed, representing ICA Handla application and Nordea open banking technology. The gateway systems run on an Apache tomcat 9 server.

In order to handle requests from the ICA Handla and banking system, a server-side REST API was developed. The gateway system responds to requests from the server- side endpoint. In the prototype, Spring boot was utilized. Compared to JAX-RS, Spring boot contains detailed documentation. REST client was developed to send response to external services. In this prototype, a retrofit library was used. Retrofit was used due to the simplicity of sending and receiving JSON data through a REST based web service.

It is important to note that REST service was used in the prototype system. The architecture of the multi-sided payment platform needs to be able to handle any API service.

The prototype system used Centiglobe, companies blockchain in order to store the transactions. Communication with the Centiglobes blockchain system is processed with remote procedure call (RPC).

3.3.3 Mobile client application

In order to facilitate the interaction with the multi-sided payment platform, a client mobile application was developed. The aim of the application is to provide the customer with a user interface. It is important to note that the mobile client application was developed by using React native.

(29)

15

4 Result

This chapter presents the result of this study.

The result of this study is a multi-sided payment platform, integrated with various payment applications and banking systems. This system was developed to tackle issues in the digital payment market and create new possibilities. The multi-sided payment platforms main component is the blockchain system. The blockchain system is connected to various gateway programs.

The blockchain system is a vital component in the multi-sided payment platform.

The blockchain system stores immutable records of transactions in a universal database. This immutability makes it harder for attackers to tamper and access the records. Due to the distributed consensus, fraudulent attacks are reduced. Thus, the blockchain is a secure platform for digital payment applications and banking systems. The gateways facilitate the communication between the blockchain and various digital payment applications.

4.1 System architecture

The blockchain is an independent decentralized system and do not require the presence of different digital payment applications. Therefore, the connection needs to be independent. In this architecture, gateways are utilized as microservices. Every platform that integrates with the blockchain will have its own representative gateway.

Each gateway system (microservices) is independent and loosely coupled. This results in quicker scalability and easier maintainability of the gateways.

In order to perform a payment, the customer contacts the blockchain with a payment code, retrieved from a merchant or a peer. After receiving the request, the blockchain redirects the customer to a corresponding gateway and the payment can be initiated.

The system architecture is independent on the external data structure. Thus, various data structures can be utilized. Every digital payment application decides upon its own data structure and the API service. Therefore, the task of the java gateway program is to parse and handle the data correctly. This solution simplifies a platforms integration with a multi-sided platform. Figure 4.1 presents an overview on the system architecture.

(30)

Figure 4.1: System architecture of a multi-sided payment platform.

4.1.1 Scalability, economic and maintainability

Scalability is an important factor to consider in designing a dependable and stable architecture. The multi-sided payment platform follows a microservice architectural style. Each service in the multi-side payment platform is a separate component. The architecture of the system works with loosely coupled services, these services can be individually developed, deployed and scaled without affecting the system. Reducing the complexity of the multi-side payment platform result in cost savings. Each gateway service represents a single business use-case, facilitating the deployment of the gateway system on multiple servers. This results in increased availability and performance without affecting the performance and functionality of other gateways.

Due to the dependability of each component, the system becomes easy to upgrade, change and replace. Services lose the ability to affect each other in case a service shuts down. This simplifies maintenance and increases efficiency.

The architecture of the payment system requires method for controlling access and authorization of a gateway system. Therefore, each gateway system is implemented with an authentication and authorization protocol.

4.1.2 Mobile payment solutions

The internal communication structure varies, depending on the digital payment application. Each digital payment application decides respectively on the internal data structure. Therefore, the API is different for each application. However, there are few similarities within the different payment applications.

In two-sided platforms (B2C), the customer initiates a payment by interacting with a hardware. The merchant requests price from the merchant server and sends it back

(31)

17

to the customer. The customer approves the payment, the customers bank transfers funds to the merchant’s bank. The merchant is notified.

In one-sided platforms (P2P), the customer initiates a payment by interacting with a peer. The sender types in the address of the receiver to start the communication.

The sender approves the payment, the bank transfers funds from the sender to the receiver. The receiver is notified.

These similarities make it possible to develop similar gateway systems respectively for B2C and P2P platforms. However, due to the dissimilarities in the platform API, the gateway systems will handle the platforms services differently. Therefore, the gateway systems cannot be identical for every payment application added to the system.

4.1.3 Gateway

In order to initiate and perform a transaction, the gateway is notified. The task of a gateway is to facilitate communication between two participants regardless of what platform the participants originate from. The gateway is an important component of the multi-sided payment platform architecture. As stated in chapter two, the additional cost of developing and adding a gateway is covered by the value gained from introducing a new platform to the system.

The banking gateway system facilitates the payment process between two parties. As a security measure, the banking gateway only regulates its own gateway bank account and is not aware of the participating party’s bank accounts. The banking gateway system verifies and notifies performed transactions. The banking gateways are manipulated to induce real time payment.

4.1.4 Open banking

The client application utilizes open banking technology to transfer funds to gateway system bank accounts. The banking gateway utilizes the open banking services to verify and send transactions. This technology enables transactions.

4.1.5 Blockchain

The multi-sided payment platform stores transactions as immutable records in a universal database, the blockchain. The blockchain hinders attacker’s ability to tamper with or access the transactions. The attacker must attack majority of the nodes in order to gain access to the transactions. This requires a large amount of time and resources. Due to the decentralization, the nodes in the blockchain can be extended and function independently. This results in secure, available and scalable system for integrating third parties (digital payment application). The blockchain is a vital

(32)

component in the multi-sided payment platform architecture as it oversees the gateway systems and the integrated platforms

The blockchain utilities the gateways as means to introduce the digital payment applications to the system. Compared to creating a new platform and populating it with customers, the integration with the blockchain system can be considered as time- and cost-efficient solution. This potential solution extends the platforms ability to handle multiple groups of distinct participants and the ability to reach out to customers.

Figure 4.2: Blockchain keeps track of all the gateways and payment platforms in the system.

4.1.6 Real-time payment

Figure 4.3 represents a transaction flow, from account A to account B. The holder of account B accepts the currency in USD. The blockchain system redirects account A to a gateway system. The gateway system holds account D and has same bank as the redirected user. Account A performs a payment to account D, the currency is in euro.

This payment is performed in real time, as both accounts have the same bank.

The gateway notifies the blockchain and the payment is stored. When the payment has been verified and confirmed, the recipient gateway system is notified. This gateway system has the same bank as account B. This gateway systems performs a payment to account B; the currency is in USD. Thus, the banking gateways are manipulated to induce real-time payment.

(33)

19

Figure 4.3: Real time payment [27].

4.2 Prototype: ICA handla and Nordea open banking

This chapter presents the prototype system. This prototype was developed as proof of concept.

Figure 4.4: Prototype architecture

In order to initiate and process a payment, a mobile client application is developed.

The purpose of the client applications provides with a user interface and facilitate incoming requests. The blockchain system oversees digital payment applications and banking systems. Furthermore, the blockchain system stores transactions in a universal database. Separate gateway systems, ICA Java Gateway and Nordea Java

(34)

Gateway, were developed in order to handle the communication with ICA Handla and Nordea.

The customer takes an image of a QR code, provided by the hardware of ICA (B2C).

The client application sends this to the blockchain system. The blockchain system redirects the customer to a corresponding gateway, ICA Java Gateway system.

As figure 4.5 shows, the client application scans the QR code from the merchant and establishes communication with the ICA Java Gateway. The mobile client application retrieves the price of the retail product from the ICA Java Gateway and displays it for the user. When the user approves the payment, the open banking technology is used to transfer funds to Nordea Java Gateway bank account from the user bank account. Once the Nordea Java Gateway receives the transaction, the ICA java gateway is notified, and the payment is approved. The user receives a receipt and the payment is performed. REST service is used for the communication.

Figure 4.5: Payment flow of the prototype.

(35)

21

5 Analysis and discussion

In this chapter, the result and the method will be analyzed. Furthermore, this chapter will discuss aspects regarding the multi-sided payment platform.

5.1 Analysis of prototype

The prototype integrates with Nordea and ICA Handla as a proof of concept for the proposed architecture. ICA Handla has a moderated API service, meaning, ICA does not provide documentation regarding their API interface for third-party providers.

However, the purpose of the prototype is to serve as a proof and not for commercial use. Thus, various transactions supplied with privately owned data were analyzed and the ICA Handla API interface could be mapped. It is important to note that the privately-owned data were personally generated by the authors of this thesis.

In order to access live data from Nordea, a license is required. This had various effects on the prototype system. Due to the sandbox environment, provided by Nordea, the open banking technology were supplied with static data (immutable). Thus, the visuality of the prototype was downgraded as the account balance could not be updated. However, this was an insignificant issue as transactions could be verified and confirmed. Another issue with the sandbox environment is the time-delay of the authorization process, which was approximately 4 seconds. The step 6 in figure 4.5, contains the steps in figure 2.3. However, the time-delay is reasonable, as in reality the payment is initiated and approved by a customer and not by a prototype system.

Thus, the result could be an achievement regardless of the sandbox environment of the open banking technology provided by Nordea.

The blockchain system was provided by the Centiglobe company and the transactions were stored and retrieved from the blockchain system. Due to the small size of the prototype system, the effects of the blockchain system could not be determined.

In theory, security is one of the top qualities of a blockchain system. There are noted instances of globally successful blockchain systems, such as its utilization in the cryptocurrency market. Thus, one could argue about the same possibilities for other digital funds regarding the blockchain technology.

The prototype system is integrated and connected to Nordea and ICA Handla with gateway systems. However, the prototype system can be extended by adding multiple digital payment applications and banking systems. There are no requirements of the origination of these systems, hence global presence is possible. Thus, the prototype fulfilled the purpose and the concept is proven, a multi-sided payment platform is possible.

5.2 Analysis of the proposed architecture

The subcomponents of the multi-sided payment platform are designed to function independently to remove workload from the core component. Hence, the gateway system is developed as a microservice and is an essential component in the system.

Without the workload, the core component prioritizes other tasks. The blockchain system is the core component of the multi-sided payment platform. The core system

(36)

component stores and secures transactions. Additionally, various digital payment applications and banking services are overseen by the blockchain system.

The cost to maintain and improve increases as the payment platforms size grows. In order to prevent bankruptcy, the payment system must be profitable, consistent and sustainable. However, this requires that a payment system has a strong market presence and an ample size. The multi-sided payment platform aims to integrate with international digital payment applications and banking systems. Therefore, a centralized global payment system may not be a viable solution. Cryptocurrency utilizes blockchain technology and has obtained a global presence. However, this is only true for cryptocurrency. Thus, it might be a sustainable and viable solution to combine blockchain technology with other digital assets in order to create a global payment system.

5.2.1 Contribution of the multi-sided payment platform

One of the major issues in the digital payment market is the lack of customers. Bank- ruptcy is common, which results in large competitors dominating the market, gain- ing monopoly and acquiring all the customers. After obtaining a dominant position, large competitors can regulate the payment fees. This is not beneficial to the customers. Even with a small percentage of a payment fee, this is not a beneficial solution.

Without competition, the level of innovation decreases. Thus, competition is necessary and vital for society. In a competitive market, better services and prices are con- stantly offered by the competitors.

Due to the strong market position of the competitors, it may be difficult for other start-up companies to gain a foothold on the market. Thus, the integration of the multi-sided payment platform may present to be a beneficial option for smaller companies. This approach benefits any digital payment application, start-up or existing, as it is a cost-efficient solution to obtain the necessary number of customers and to gain the ability to extend the range of their applications. For existing customers, this approach is a way to experience innovation and additional services, as it creates a strong lock-in effect.

In order to obtain a sustainable profit, the multi-sided payment platform must pay close attention to the same-side and cross-side network effect. These network effects represent the balance of customers and merchants. Without one side, the other would not exist. Therefore, by charging an agreeable sum of a payment fee, the platform controls the balance. Thus, it is certain that the payment fee will be low.

With the help of blockchain and open banking technology, the multi-sided payment platform can obtain a global presence. Thus, this is an alternative solution to process payment without cryptocurrency. It is an easy and simple approach to process payments across the globe.

5.2.2 Security

In the financial market, any system that engages with the assets must have good security. Thus, the usage of blockchain technology is important. The transactions are stored in blocks and can be considered as immutable records. This requires an im- mense amount of computing power (resources) and time to mine through the blocks

(37)

23

in order to alter the records. This must also be done on at least 51% of the nodes in the blockchain network. Therefore, it is challenging for an attacker to access the blockchain system. However, this is valid for the blockchain technology. Unlike a decentralized server, an attacker can access the history of transactions by infiltrating a centralized server. The attacker can tamper with the history of transactions and claim the sum of funds that do not exist. Thus, securing the history of transactions is a critical factor in a payment system.

In the multi-sided payment platform, various gateway systems are deployed. These gateway systems are vulnerable compared to the blockchain system, as an attack requires less computing power and time. Thus, these gateways need to be designed with strong security. The implementation of cryptography would strengthen the security. In the cryptography technical aspect, one of the most used techniques is asymmetric cryptography (private and public keys), which can be used to verify and approve transactions. This prevents eavesdropping and false messages, as the participants would need to authenticate themselves.

5.2.3 Scalability

The scalability of the blockchain technology and the gateway systems result in multi- sided payment platforms growth. This enables the possibility of the payment system to reach a global presence. In some cases, it may be difficult to become an international payment platform due to heavy regulations of financial institutions (Swish).

However, blockchain technology is used by cryptocurrency. Depending on the cryptocurrency, a global presence is obtainable. Therefore, blockchain technology can also be utilized for non-cryptocurrency assets, achieving the same effect.

5.2.4 Social and economic aspects

A shorter settlement time for the multi-side payment platform results in less counterparty risk and increases efficiency. The architecture of the multi-side payment platform is designed to scale. Services in the payment system can be deployed on multiple servers to keep costs as low as possible which also increases availability and performance. From an economic perspective, other businesses that integrate their digital payment services with the multi-side payment platform will gain revenue. In the study “Analysis of Use Cases of Blockchain Technology in Legal Transactions”, U. Gallersdörfer writes that the blockchain provider can offer a lower cost as the intermediaries are no longer needed. Traditionally, many parties are involved in conducting and approving transactions. Today, credit card companies charge fees when processing transactions. However, with the multi-side payment platform, the receiver of the payment receives the funds through account to account bank transfer with the help of the gateways. This is a cost effective payment option for both parties since no unnecessary payment fee is charged.

The blockchain component utilizes the proof of stake algorithm to reach a distributed consensus. Compared to other blockchain mining algorithms, the proof of stake algorithm is energy efficient and thus, it is more environmentally friendly.

(38)

5.3 Jurisdictions on the open banking technology

The jurisdictions regarding open banking technology depend on the country that the implementation takes place in. Every country has their respective rules on obtaining a license. In Europe, only licensed third providers can operate and implement open banking technology. In order to extend the range of the multi-sided payment platform service to multiple countries, the platform must acquire a passport license from those countries. In Sweden, as mentioned in section 2.3.1, financial institutions provide a live version of the PSD2 API to the licensed third-party providers. This creates new opportunities and possibilities for financial institutions and businesses to extend the range of their services, both locally (Sweden) and in Europe.

None-European countries are starting to implement open banking technology. The countries that have not initiated the implementation are still considering the technology. Like the PSD2 regulation, these countries are required to have a license in order to use open banking technology.

There are legal questions when a customer inserts a certain amount of funds into bank accounts. For instance, it is not possible to insert funds without knowing where the money was sent from. It becomes more complicated when a bank is associated with a blockchain system, as it is decentralized. The decentralization makes it harder to track the responsible party of the system. There are possibilities that funds are used for illegal activities such as money laundering. In such cases, there’s a high chance of government authorities being involved in the process. It is important to note that in this study, the technical part is covered. The legal part is hard to mention as it changes quickly.

5.4 Suggestions for further work

Due to the short amount of time and the wide field work. This study can be improved.

To obtain more precise data regarding the multi-sided payment platform, there are a few paths that can be applied:

1. Extend the integrated digital payment applications in the prototype system.

2. Integrate with international digital payment applications.

It is important to note that the multi-sided payment platform needs to be observed for a longer period. However, this study leaves this work for future studies.

(39)

25

6 Conclusion

The multi-sided payment platform is a way for mobile payment applications and banking systems to enter the digital payment market. The systems are integrated with the multi-sided payment system through a gateway program. The blockchain system is used as a secure universal database while the open banking is used to enable transactions. The prototype system was used as a proof of concept, proving the possibility of a multi-sided payment platform. The value and the presence of the multi-sided payment platform increases as the platform integrate with various digital payment applications, both locally and international. Thus, a payment system with a global presence is possible.

This can be considered as a time and resource efficient solution for both financial institutions and digital payment applications. Moreover, this solution increases the number of customers and expands the range of their services. Thus, the multi-sided payment platform creates new opportunities in the digital payment market as it re- moves monopoly and enforces competition. With competition, there will be fair prices and innovation in the digital payment market. For further work, the multi- sided payment platform can be deployed globally and analyzed for a longer period.

(40)

(41)

27

7 Bibliography

[1] U. Gallersdörfer, “Analysis of Use Cases of Blockchain Technology in Legal Trans- actions”. Published: 2017-05-15 Retrieved: 2019-04-27

[2] G.Černeckis, “Blockchain technology in the financial markets”, http://www.diva- portal.org/smash/get/diva2:1196582/FULLTEXT01.pdf Published 2018-04-11. Re- trieved 2019-04-06

[3] D.Lilliecrona, F.Sundelin, Linköping University, “Factors to consider when

adapting to mobile payment”, http://www.diva-por-

tal.org/smash/get/diva2:1163008/FULLTEXT01.pdf Published 2017-12-29. Re- trieved 2019-04-09

[4] K. Erol, D. Jan,Copenhagen Business School, “Towards a market entry framework for digital payment platforms”, https://aisel.aisnet.org/cgi/viewcon- tent.cgi?article=3949&context=cais Published: 2016-05 Retrieved: 2019-03-20 [5] FinancialAccess.org, “Half the World is Unbanked”, https://web.ar- chive.org/web/20141222020037/http://www.financialaccess.org/sites/de-

fault/files/publications/Half-the-World-is-Unbanked.pdf Published: 2010. Re- trieved: 2019-01-23

[6] S. Staykova Kalina, D. Jan, “Adoption of mobile payment platforms: Managing Reach and Range”, https://scielo.conicyt.cl/pdf/jtaer/v11n3/art06.pdf Published:

2016-06-01, Retrieved: 2019-03-18

[7] E. Thomas, P Geoffrey, Van A. Marshall, “Platform envelopment”, https://pdfs.semanticscholar.org/7ad8/fcb272de54b32814cafa4f369712cdbbe- acf.pdf Published: 2007-05-17, Retrieved: 2019-03-18

[8] L. Gonzalo, M. Juan, Polytechnic University of Madrid, ”Multisided Platforms and Markets: A Literature Review”. https://www.researchgate.net/profile/Juan_Manuel_Sanchez-Cartas/publication/325225786_Multisided_Plat- forms_and_Markets_A_Literature_Re-

view/links/5c598d03299bf1d14cadb3b9/Multisided-Platforms-and-Markets-A- Literature-Review.pdf Published: 2019-01, Retrieved: 2019-03-19

[9] C. Nikil, “A survey and risk analysis of selected non-bank retail payments systems”, https://www.econstor.eu/bitstream/10419/66955/1/589159801.pdf Pub- lished: 2008-11-17, Retrieved: 2019-03-20

[10] S. Evans David, Bank of Canada, “How catalysts ignite: The economics of platform-based start-ups”, https://www.pymnts.com/assets/Shared/Evans-How-Cata- lysts-Ignite-051008.pdf Published: 2008-09, Retrieved: 2019-03-19

(42)

[11] K. Erol, D. Jan, Copenhagen business school, “ Towards a market entry framework for digital payment platforms”, https://aisel.aisnet.org/cgi/viewcon- tent.cgi?article=3949&context=cais Published: 2016-05, Retrieved: 2019-03-20 [12] MIT Technology, Oracle, Open banking: The race to deliver banking as a service.

https://www.oracle.com/a/ocom/docs/dc/open-banking-final.pdf?el-

qTrackId=016f47d7931d4986bf5bfbfcae825727&elqaid=74424&elqat=2 Published 2018. Retrieved 2018-01-06

[13] European fact sheet: Payment Services Directive (PSD2): Regulatory Technical Standards (RTS) enabling consumers to benefit from safer and more innovative elec- tronic payments. http://europa.eu/rapid/press-release_MEMO-17-4961_en.htm Published: 2017-11-27 Retrieved: 2019-01-22

[14] BEUC: The European consumer organisation. “Consumer-friendly open banking access to consumers’ Financial data by third parties”, https://www.beuc.eu/publications/beuc-x-2018-082_consumer-friendly_open_banking.pdf Published: 2018 Retrieved: 2019-01-24

[15] Government offices. “The implementation of the second payment service directive, PSD2, is delayed”, https://www.regeringen.se/artiklar/2017/09/ge- nomforandet-av-det-andra-betaltjanstdirektivet-psd2-ar-forsenat/ Retrieved:

2019-01-23

[16] European Comission, Press Release Database, “Payment Service Directive: Fre- quently asked questions”, http://europa.eu/rapid/press-release_MEMO-15- 5793_en.htm?locale=en Published: 2018-01-12 Retrieved: 2019-01-21

[17] Nordea, “Open banking goes live in Sweden”, https://mb.cision.com/Main/434/2618153/909097.pdf Published 2018. Retrieved 1/13/2019

[18] Nordea: Developer documentation. https://developer.nordeaopenbank- ing.com/app/documentation Retrieved: 2019-01-23

[19] Nordea Developer documentation: https://developer.nordeaopenbank- ing.com/app/documentation?api=Access%20Authorization%20API&ver-

sion=4.0#access_authorization_api Retrieved: 2019-01-23

[20] “The OAuth 2.0 Authorization Framework” https://tools.ietf.org/html/rfc6749 Published: 2012-10 Retrieved 2019-04-10

[21] Swedbank: Open Banking Platform goes

live https://www.swedbank.com/openbanking/index.htm#!/CID_2822879 Re- trieved: 2019-02-15

[22] SEB: Developer Portal https://developer.sebgroup.com/node/3254 Retrieved:

2019-09-19

(43)

29

[23] Handelsbanen Developer Portal https://developer.handelsbanken.com/ Re- trieved: 2019-09-19

[24] C. Micheal, Nachiappan, P. Pradhan, V. Sanjeev, K. Vignesh, berkeley university of California, “Blockchain Technology Beyond Bitcoin”, https://scet.berkeley.edu/wp-content/uploads/BlockchainPaper.pdf Published: 2015-10-16. Re- trieved: 2019-01-26

[25] W. Aaron, D. F Primavera, ”Decentralized blockchain technology and the rise of lex cryptographia”, https://www.intgovforum.org/cms/wks2015/uploads/pro- posal_background_paper/SSRN-id2580664.pdf Published: 2015-03-12. Re- trieved: 2019-01-26

[26] B. Kamanashi, M. Vallipuram, “Securing smart cities using Blockchain Technol- ogy”, Australian Catholic University & Griffith University, https://www.researchgate.net/profile/Kamanashis_Biswas/publication/311716550_Secur-

ing_Smart_Cities_Using_Blockchain_Technol-

ogy/links/5a2682d5a6fdcc8e866becfb/Securing-Smart-Cities-Using-Blockchain- Technology.pdf Retrieved: 2019-03-18

[27] H. Gradin, Centiglobe “Fast, Open and Secure Global Payments”. Retrieved:

2019-03-10.

(44)

(45)

(46)

TRITA CBH-GRU-2019:121

www.kth.se

Multi-sided payment platform using Blockchain and Open banking

MULTI-SIDED PAYMENT PLAT- FORM USING BLOCKCHAIN AND OPEN BANKING

GEMENSAM

BETALNINGSPLATTFORM, MED HJÄLP AV BLOCKKEDJA OCH ÖPPEN BANKTEKNOLOGI

HAADI FEISAL

ULSBOLD ALTANGEREL

Multi-sided payment platform using Block- chain and Open banking

Gemensam betalningsplatform, med hjälp av blockkedja och öppen bankteknologi

HAADI FEISAL

ULSBOLD ALTANGEREL

Abstract

Sammanfattning

Acknowledgement

Contents

1 Introduction

2 Teori och bakgrund

3 Method

4 Result

5 Analysis and discussion

6 Conclusion

7 Bibliography