Wirecard Acquiring is ‘Dead’: Who Will be Next?

Image Credit: CNBC

Wirecard has gone: one of the biggest card acquirers in Europe and elsewhere too. It was a major ‘new tech’ company in Germany, and only last year planned its bid to buy the 150 year old Deutsche Bank. We now know this was part of the deliberate ruse.

In 2019, the UK Financial Times reported the Wirecard fraud and how it had taken several years for its auditors to expose what had been detailed as a ‘financial reporting’ fraud – i.e. a company that said it had €1.9 billion more in cash than the auditors could find!

But why did it fail? Why do other acquirers fail? Why did this one struggle? And what makes acquirers succeed?

But more importantly, who will be next?

Card acquirers fail each year, typically doing so quietly, and as a result of national regulator actions, card scheme sanctions or pressure. Once a regulator or the card schemes ‘get their teeth into’ these companies: it most certainly signals ‘the start of the end’.

Many acquirers struggle to make profits, because of a combination of:

  • High processing costs and thereupon small margins,
  • The need to employ sales agents that take large cuts from the margins,
  • The need to spread fixed costs across a broad/ wide number of merchant businesses,
  • A hard and very competitive market, where acquirers undercut one another and seek to acquire volumes at the expense of profits,
  • Increasing card scheme fees, that cannot always be quickly passed on to merchants.

Card acquirers must then:

  1. a) have a ‘volume business acquisition’ strategy to distribute the ‘costs of being an acquirer’ over large numbers of customers and/or
  2. b) Identify and choose a higher-margin, higher-risk business that they are likely to be able to service well, manage well, and where they control and understand the risks.

This brings serious challenges. In the case of Wirecard, we know from the reporting that:

  1. a) Control mechanisms and governance controls were not strong. The incoming chairman in 2020 was appalled at what he found. The key executives were able to hide this: which demonstrates the significant failings of the independent board members along with second/third lines of defense in corporate governance. The fact that the CEO and COO (and others?) were able to hide a €1.9 Billion ‘hole’, to control their independent board members and to control the ‘message and direction’ should never, ever happen. Equally and potentially, Wirecard were able to ‘bully’ and/or deceive the national regulators (BaFin especially), auditors and card schemes. So even though these people did not have their ‘fingerprints on the daggers’ they were all clearly also culpable.
  2. b) Safeguarding: It is clear that customer funds were NOT safeguarded: up to a staggering €1.9 billion. Does the ‘buck stop’ with the CEO. Of course, but the auditors again failed to ‘get to the bottom of this’ for several years. So did the rest of the Wirecard board and certainly the independent directors. There are a lot more people that are culpable here and more than just the CEO: some of whom should also go to jail. It seems that everyone else that might also be culpable: will surely now make sure that it is the CEO that is blamed and will be the only one that will be ‘left swinging’.
  3. c) National Competent Authorities, i.e. the regulators, along with the card schemes should also not be too easily exonerated. It is clear that whatever they did know or should have known: the size of the Wirecard business, and the sheer gall of the executives (older and newer alike) allowed Wirecard ‘certain privileges’ that permitted it to continue trading where and when others would have failed. It seems that Wirecard was probably deemed ‘too big to fail’ for too long.
Image Credit: Reuters

Wirecard had such a sizable portfolio, and such a significant gap in its financials: that we can only start to speculate the full extent of the dishonesty, deception and incompetence. We now know from the Wirecard auditors that the EU business was loss-making and that the Asia/Pacific business was ‘seemingly’ profitable (but also where the alleged ‘missing funds’ were supposedly located). So we must look for signs: which we need to remember were always present; even if it is to review the ‘Zatarra papers’ that are increasingly proving to have been correct in more and more places.

These documents named and detailed culprits several years ago, and were consistently attacked by Wirecard when various allegations therefrom were picked up in the media. We should hope that these are now being looked at by the ‘prosecutors’, and consider whether even those who were behind the publication of these papers were they implicated too. Maybe they were not just stock-shorters as alleged by Wirecard: but insiders that did not ‘do their duty’ to formally raise and report concerns. Or where they people who were uncomfortable put under pressure not to act, so they took an anonymous stance?

Our speculation must therefore lead us to:

  1. a) The board and the CEO/ COO that must have amongst them known exactly where and what the losses were; and conspired to conceal the losses. In theory, they could have been utterly stupid, which we should clearly dismiss: given their repeated investigations and dismissal of them, and ultimate findings that the money clearly did not exist.
  2. b) Conclude that the Wirecard business in Europe was either:
  3. Priced to undercut the competitors in search of volume business.
  4. Priced poorly, OR, much more likely and possible to evidence:
  • Inaccessible to other acquirers in the market because of the dubious nature of this business – i.e. not fully scheme compliant, potentially illegal, breaching AML law through significant cross-regional transactional laundering.

And the profitability of the business is Asia? Was this business really profitable?

There are far too many unknowns and also too much that will yet be revealed (or ultimately veiled to protect the financial systems and reputation of regulators and card payment schemes) in relation to this case. But we know that there is so much and so many aspects of this case that simply ‘do not add-up’.

Industry mutterings and speculations indicate that the key people at Wirecard (again the CEO and COO but others too?):

  1. Allowed or conspired to aid and abet, cross-continental transaction laundering. This has been the inference in the reporting that has appeared either the official ‘reporting’ or the often under-recognised Zatarra documents: all of which has kept surfacing over the last five years.
  2. Somehow elicitly involved executives and/or counterparty claw-offs (knowingly or passively?) for acquiring loss-making merchants, illegal transactions and money laundering processing where others could not do so. This is a problem that will now challenge us as a heavily regulated industry and will quickly be transferred to other acquirers and continue to haunt our industry into the future. Every regulator and card scheme should now be worried about:
    1. Where the more questionable Wirecard customers will have moved to next. Industry insiders will have witnessed a ‘feeding frenzy’ from the Wirecard portfolio,
    2. Which acquirers will require additional supervision. This is very concerning.
Image Credit: Bloomberg

Every acquirer across Europe should be aware, but who will have no chair ‘when the music next stops’?

The writers have a high level of confidence in the regulators – BaFin and also in the card schemes. They will now ‘follow the money’ and establish who the next acquirers are that start to process, to find and track the illegal money laundering now that Wirecard is no longer a vehicle. But will the card schemes and regulators move more assertively now, or allow ‘another Wirecard’. “Wirecard, jailed executives, fail to learn, then repeat” perhaps?

Who will take-over now that Wirecard ‘has left the party’?

We are aware that there are key individuals who know where this business is going. There are agents that are busily and knowingly ‘placing this business’ with the next, and the not so diligent acquirers around the globe. It is really a matter of how long it will take the card schemes, the regulators and then for law enforcement to act. They have the tools now and do know where and how the traffic is travelling. They just need to now act assertively and not be frightened-off by the ‘next bully’ who processes this business.

Hopefully, the Wirecard events will educate us all, deter some, frighten others and drive a few more people towards reporting these matters appropriately to the right authorities, and hopefully in a more public way than we saw in the ‘Zatarra papers’.

We will continue to monitor regulatory and payment network progress as we learn more about this case and hopefully everyone will be more observant and challenging going forward. Failure to do so will lead to serious and more fundamental questions on the effectiveness of those who should ensure that as an industry, that we have a legal, compliant, competitive and transparent payment system.

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring.

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy. Riskskill.com is a global GARS Reviewer for Visa. For more information visit website at www.riskskill.com

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

Time for Next ‘Killer Punch’ from EU Regulators on Interchange?

Key legal challenges – what happened?

Five years ago, EU regulators devised the controversial Interchange Fee Regulations (IFR), capping Mastercard and Visa consumer-card interchange fees.

The EU Regulators cited their experience in regulating anti-competitive practices: to fuel innovation and change. The EU now needs to assess what has been achieved against its 2015 aspiration. The regulatory review process is underway, but what has it concluded to date including next steps?

How will the EU regulators act with interchange in a post IRF / PSD2 Europe? Here comes IRF2?

What did the IFR review achieve?

Initially, the IFR quelled concerns of EU and national Regulators and those of key merchant lobbying groups across Europe. It challenged the interchange rate levels, the methods of calculation, and it simplified the complex card scheme qualification criteria in place at that time.

Mastercard and Visa brought legal challenges but struggled to present robust defences. Some believe they missed the opportunity to explain more eloquently that even cash has a cost. But in the end, some common-sense prevailed, leading to interchange fee rate reductions.

Consumer debit (and prepaid) rates decreased to 0.20%, even in markets where typically this had been a fixed fee. Consumer credit rates lowered to 0.30%. But there were challenges:

  • Mastercard and Visa presented different timelines for fee reduction.
  • Acquirer systems were not ready, which led to manual workarounds.
  • Merchants were concerned by the changes (fixed fee to ad valorem and in how caps and different cards were treated.
  • Merchants were not prepared for ‘interchange plus plus’ pricing and did not like manual workarounds.
  • Issuers across the EU were not prepared for the revenue reductions.
  • Commercial cards and other consumer card brands were excluded.

These challenges were compounded by other high-profile legal actions against the schemes by the EU and national regulatory bodies too, as well as from merchant groups.

An additional change for merchants in October 2019 seemed positive when Mastercard and Visa reduced interregional rates for consumer POS transactions to 0.2% and 0.3%, and additionally inter-regional CNP transactions accepted in Europe down to 1.15% for consumer debit/prepaid and to 1.50% for consumer credit. Again, commercial cards were excluded.

Has it worked?

As with Schrödinger’s work, the IFR review has ‘worked’ and also ‘not worked’ depending upon your perspective. It has undoubtably introduced unintended consequences and controversy.

Yes, it worked….

IFR debates have led to global changes in the approach to interchange fees; and led to greater scrutiny of acquirer and scheme fees. It contributed to the PSD2/Open Banking initiative and evolved greater trust and transparency and new payments thinking. More recently, it led to the UK Payment Systems Regulator (PSR) undertaking a market review of card acceptance costs (reporting H1 2020) along with other EU National Competent Authority reviews.

But in reality…… no, it really has not worked….

The IFR review has led to years of delays and destructive legal cases between the EU regulators, major merchants and the international payment networks. The result appears to be a reduction in interchange fees but has been largely ‘cancelled-out’ by increased scheme fees and ergo acquirer fees. As these were outside the IFR scope, these many ‘new fees’ have been passed onto the merchant. Merchants blame acquirers, as their card processing costs increased, as have the revenues and profits of some acquirers and the card schemes.

Card issuers lost revenues as the result of lower interchange rates, replacing these in many cases with card fees, account fees and transaction fees, higher borrowing rates and reduced ‘free borrowing / repayment periods’; along with removing or weakening many cash-back / reward programmes.

Next steps 

We now need to complete and assess the findings of another regulatory review:

Strategic considerations?

  • What price changes have consumers seen from any Merchant cost changes?
  • Has competition, choice and innovation in European payments been realised, as originally sought by EU regulators?
  • Has the reduction in interchange rates, as part of the overall merchant commission, been simply replaced by other fees, that were and remain out of scope of the original IRF?
  • Have regulatory bodies learnt any more about the true costs of cash and other non-card payment methods?
  • Have the IRF reductions undermined the European Regulator promotion of PSD2 initiatives and alternative payment methods? Is there viable competition to cards now, e.g. account to account payments / credit transfers and PISPs?
  • Is there greater transparency on merchant fees?
  • Has individual country National Competent Authority (NCA) enforcement/ guidance been seen and sufficient?
  • What have we learnt from loopholes, vagueness and omissions in EU IRF regulatory language?

Impact on card usage?

  • Has IFR led directly to increased consumer card spending?
  • What has the effect been upon displacing cash at merchants?
  • Has the prohibition of surcharging on cards been simply replaced by discounts for cash, merchant steering of consumer payments and/or minimum purchase amounts?
  • Where surcharging on cards outside of scope is permitted, how has this been performed and what was the effect?
  • Has interchange fee reduction derived benefits such as increasing contactless payments across Europe?

Regulator next steps?

  • The EU regulator should now see a clear way to make further sweeping changes.
  • A cap should be considered for the total fees (including interchange) paid per transaction, especially poignant for higher-value card transactions?
  • The regulator should rule also on commercial card rates
  • Further regulation, including broader review of acquirer pricing and scheme fees to issuing and acquiring clients should now be proposed?

We should not be satisfied with the EU regulator actions of five years ago either. The European Commission was tasked in 2015 to assess the IFR effectiveness by 2019, They struggled to find and appoint research consultants, only appointing Ernst & Young (EY) in late 2018. The long-awaited review and publication of results has been delayed until 2020.

Back in 2015, when EU regulators pulled this programme together, they and we did not know what we know, see and experience now. We still have uncertainty, lack of clarity on what benefits have been achieved, the unintended consequences of these changes and continued marketplace evolution.

The EU regulators really must act. They have no choice. What we can be assured of though, is that we WILL be surprised, changes will be significant, complex and ever more impactful, and as ever stakeholders will fight and then find ways around restrictions. The payments marketplace will both continue and evolve. So, let’s have some fun with the journey!

Riskskill.com is a leading Europe-based payments and risk management consultancy, with an impressive international track record of helping payments businesses to find and mitigate payments challenges and risks, competing in a fierce world and dealing with regulatory and scheme changes. Riskskill.com works with clients to put in place strategies and programmes of work to make payments businesses or functions more profitable, less susceptible to losses, risks and regulatory issues and compliance problems. Its people are widely accepted as some of Europe’s leading payments and risk experts and they are frequent commentators on the issues involved. The key team have a wide experience in banking, insurance and the financial services and payments sectors and are thought leaders at the forefront of many industry wide and international debates.

Riskskill.com is an approved Visa Inc. GARS Reviewer.

For further information, please contact:  Bill Trueman or Kevin Smith at Riskskill.com


Bill Trueman and Kevin Smith

Principal Consultants, Riskskill


Contactless Card Payments Limit Increased From £30 to £45 in UK

UK contactless card payment

Contactless payments limit in the UK increases from £30 to £45 is being seen as Another blow for cash payments in United Kingdom. This will off course help the customers to save time during checkout at retail stores.

After much speculation, the contactless payments limit in the UK increases from £30 to £45. It has been under discussion for some time but recent Covid-19 developments have accelerated the decision and communication processes.

Effective from 1 April 2020, there will be a lengthy and phased migration for consumers and across merchant sectors. This will be further complicated by the retail temporary closures as a result of the steps to manage Covid-19.

All stakeholders, especially cardholders and merchants should welcome the increase. There will of course be concerns about fraud on contactless payments, but we should remember that current fraud figures show fraud on contactless payments is just 2.5p in every £100 spent.

For more information visit https://www.ukfinance.org.uk/contactless-limit-change-faqs

Kevin Smith is a Senior Payment Services & Risk Management Consultant & Industry Advisor at Riskskill.com and permanent member of AIRFA. He helps businesses in the payment sector perform better, in complying with regulation, doing more business, challenging partners and/or helping to put things right when they go wrong and if/when regulators, card-schemes and other parties start to challenge what our clients are doing.


RiskSkill Attends WebShield’s RiskConnect Conference 2019 in Warsaw

Webshield RiskConnect Conference 2019 Warsaw

The team at Riskskill were both honoured and pleased to attend and support our friends at Web Shield and yet another successful networking conference for risk management people, this time at RiskConnect 2019 in Warsaw.

Over the 19th and 20th November, Web Shield hosted some 250 risk practitioners from across Europe and many from further afield.

There was a superb group of presenters at the event, who rewarded the audience with powerful presentations; such as:

– Keynote presenters from Süddeutsche Zeitung (Obermayer and Obermaier – who were the original ‘Panama Papers’ 2017 pulitzer-prize winners) who signed copies of their book at the conference.

– Mastercard and Visa executives who presented their visions and key changes to global chargeback and fraud rules.

– USA-based; Better Business Bureau: on the extent of global Deceptive Marketing Practices (also the title of a new publication from our hosts at Web Shield)

– G2A.com and the Belgian Gaming Commission: who presented massively engagingly upon loot boxes.

– The Royal Canadian Mounted Police talking about significant investigations into malpractice

– Deloitte and Deloitte RegTech Lab, MarketScape, Nethone, Bankingblocks, Ethoca and Crystal Blockchain all produced extraordinary presentations about current, interesting and informative topics, as did great people from Web Shield too – who also announced the launch of its multi-language training academy courses on risk management.

Fuller agenda and details on the event can be found on the Web Shield / RiskConnect website.

Bill Trueman from Riskskill moderated a lively and fascinating panel discussion on Day-1 on the rapidly emerging and poorly understood issue of loot boxes (aka loot crates) and the various views taken by individual national regulators, the card schemes and the ultimate need for a greater understanding and potential need for further clarifying regulation. The panel comprised Peter Naessens (Belgium Gaming Commission), Olav Leonov (G2A) and Markus Prause (Web Shield).

Webshield RiskConnect Conference 2019 Warsaw attended by Bill Trueman

Kevin Smith moderated a panel discussion on Day-2 on the thorny topic of deceptive marketing. The panel comprised Steve Baker (Better Business Bureau), Kyle Smith (Ethoca) and Iveta Korenciakova and Chris West (Bankingblocks). They provided further guidance, experiences and emerging challenges that pulled together a lot of the content from their earlier presentations and the entire event overall. The discussion highlighted the growth and global expansion of the ‘tricks’ used against consumers and the risk of harm (or worse) that, for example counterfeit products can cause, as well as those of unlicensed pharma and neutra products – and their often inert, harmful or even illegal ingredients.

Webshield RiskConnect Conference 2019 Warsaw attended by Kevin Smith

Christian Chmiel chaired the event in his usual calm, confident and professional manner. The common theme remains industry collaboration in what is becoming an ever complex and diverse environment.

The quote of the conference, first introduced by Peter Bayley from Visa was: “What are the brakes on a car for? …. To make the car go faster”

Books from Christian Chmiel and Markus Praus, edited by Joyrene Thomas – also available at the conference): https://about-fraud.com/author/christian-a-chmiel/
Panama Papers book on Amazon: https://www.amazon.co.uk/Panama-Papers-Breaking-Story-Powerful/dp/1786070707/ref=sr_1_1?keywords=panama+papers&qid=1574442501&sr=8-1

Bill Trueman and Kevin Smith are leading payment, risk & fraud specialists who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit websites at RiskSkill, and AIRFA.

RiskSkill Attends CIR 10th Annual Risk Management Awards 2019

CIR 10th Annual Risk Management Awards 2019

Bill Trueman on behalf of RiskSkill was delighted to attend the CIR Risk Management awards last week with Joyrene Thomas (pictured), when we supported Christian Chmiel (also pictured) and saw him collect yet another award for the ‘Webshield’ solutions and their ongoing quest to help merchants with their risk management efforts. Webshield is very much an integral part of the industry. We were all looking forward to attending the RiskConnect.eu event in Warsaw next week.

Winners of CIR 10th Annual Risk Management Awards 2019 were declared on 6 Nov 19 organized by comedian Zoe Lyons at the London Marriott Hotel, Grosvenor Square.

These Awards celebrate the excellence in the field of risk management – recognising the expert, products and programmes in the risk sector for a decade.

For more information visit https://www.cirmagazine.com/riskmanagementawards/winners19.php


Data Protection Watchdogs Round on Facebook Libra Currency

Facebook Libra Currency

The bucking of the process order here concerns me greatly. Any other business, company and/or industry has a process to follow. This process that should be followed is that the company involved must establish its business plan and business and with that it must complete an application and with that approach the appropriate licensing authorities, regulators and/or government agencies in the jurisdiction in which they intend to operate and apply for appropriate registration, regulation and/or licensing.

What has happened here? Has this already happened here? The licences have been progressed and this is now a response to those applications? I doubt it.

It would seem that the data protection people have seen this announcement and are either a) Afeared that these people are going to go ahead without and of this compliance and outside the law of all jurisdictions including tax authorities! OR b) That the data protection people want to help fast-track the processes.

Either way: I am worried and so should everyone else be – that these people are getting privileged access to regulatory time when they do not pay for it through taxes: or that our regulators should feel the need to be so proactive.

Bill Trueman is a leading payment, risk & fraud specialist who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit his website at RiskSkill, apart from this he is also joint chief executive of AIRFA.

To Read More Visit Source Article: https://www.finextra.com/newsarticle/34211/data-protection-watchdogs-round-on-libra

Facebook Libra Currency – A Serious Threat to Global Banking System?

facebook libra currency

On Facebook’s Libra Currency : “I agree with Donald Trump’s Stand”

It is not often that I feel like agreeing with a world leader / game-show host; but I do. But only on the threatened introduction and launch of the Facebook Libra currency.

Payments are complex and there is a huge need for supervision and regulation. Especially, when things start to get challenging or when they go wrong. Our work, involves helping companies to do the right things, so we know just how tough this can be for every company, irrespective of experience.

So, we should all agree with Donald Trump (a shudder here), and for a couple of key reasons we must all make sure that payments and Banking are performed correctly and legally and appropriately licensed and to properly governed organisations to avoid:

A. An ‘Idiocracy’ future – with Facebook et. al.

B. The Tax / Government issues


In the 2006 film ‘Idiocracy’ – ‘Joe’ is transported to a dumbed-down future, where the President of the USA doesn’t read or write – and influence stems from a ‘fizzy drinks’ maker and TV game-shows. Should we really cede control to social media companies?

The companies behind Libra, that form the Libra Association , are giants in their own industries . They wipe-out competitors, and direct our lives with their products/ services. As citizens, are we happy for this Facebook-led association of big business to develop and deploy a crypto-currency using blockchain distributed ledger for its rails. Do we want them to harvest all of our shopping and payments information. Do we want them to collect more ‘lifestyle data’, which they will inevitably sell to others with or without our permission?

We know who run these ‘Libra’ companies, but should we worry that they have complex global corporate structures that collect, lose, sell, and abuse our data today, avoid paying taxes, and evade government enquiries. Even this month, Facebook was fined $5billion. But it took years and cost multiple $millions to do.

We should worry also that the initial Libra documentation shows a big intention to control, maybe even to ‘own’ our ‘identities’.

The Tax / Government Issues

We can all dislike taxes, but:

– They are necessary to pay for welfare, social, health service, community, law enforcement etc. But also to watch over and regulate businesses.

– Taxation also comes from corporates including from Banks and other regulated businesses.

– The tax affairs of the Libra ‘gang’ are very nefarious and hidden in the most tax efficient jurisdictions.

– Regulation also requires companies to have capital, to safeguard money and look after ‘people’, to have an ombudsmen and compensation schemes…… and much more.

We all want faster, cheaper, more secure and convenient payments and banking: but we should also want our money (and that of our aging parents and our children etc.) looked after, not to lose everything overnight, not to have our data misused or lost (again). We need oversight, someone to challenge those who look after our money and we must have laws to protect us from Facebook (et. al.). They might (perhaps) be able to deliver ‘faster’, ‘cheaper’, ‘convenient’ to us; but we have to look at the complete picture.

Our leaders should make sure that whoever wants to start operating financial services and other regulated sectors should keep them within strongly regulated risk and operating frameworks.

We should also worry about:

a) A move towards single global payments and currencies. Would this be linked to say the USD / USA? (Where is Facebook? How do you complain? Will you get an answer?)

b) When governments lose their control over their fiat currencies (e.g. Italy and Greece) will they start to lose control of economies, finances and then political decisions. To Facebook?

c) Will bond markets, currency markets, labour movement, currencies, international payment networks, Interest rates, tax jurisdictions, insurance, pensions be next?

d) Governments need time to adopt/change complex issues properly and sometimes we/they need to understand the ramifications before we re-boot 400 year old industries.

e) Does currency union lead towards political union……?

For the first time in my life, I really want regulation, control, governance, transparency and oversight. This is a BIG issue.

Go for it Donald!

Bill Trueman is a leading payment, risk & fraud specialist who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit his website at RiskSkill, apart from this he is also joint chief executive of AIRFA.