UK competition watchdog to have final say on big tech dominance of digital wallets

The Financial Conduct Authority (FCA) and the Payments Systems Regulator (PSR) are to leave the decision on whether to intervene in big tech’s dominance of digital wallets to the Competition and Markets Authority (CMA).

The regulators said that while they had identified competition concerns, they felt the CMA was “best positioned to investigate, and if appropriate, impose conduct requirements”. The CMA is currently investigating Apple and Google’s mobile ecosystems under section 9 of the Digital Markets Competition and Consumers (DMCC) Act 2024.

The FCA and the PSR set out the competition issues they have identified in the UK’s digital wallet market in a February 19 letter to the CMA, alongside a feedback statement on the latter’s October 2024 call for input into big tech and digital wallets.

The number of consumers using digital wallets to make payments has increased rapidly in the past five years. Some 10% now use a payment card stored in their digital wallet to make 75% to 100% of their purchases and, according to banking trade association UK Finance, at least one in four UK adults was registered for at least one mobile payment service in 2023.

Giants dominate

ApplePay, GooglePay and PayPal currently dominate the UK’s digital wallet market, accounting for the majority of all such transactions. Until last year, Apple did not allow third-party developers of digital wallets access to its customers’ phones and the regulators said they did not have data on the number now using a non-ApplePay digital wallet on their iPhone. 

The FCA said that because Apple’s offer only came into effect October, it may be premature to gather meaningful data on third-party developers that have entered into arrangements with Apple. However it was continuing to assess the proportionality of data collection and remain engaged with the CMA investigation of Apple.

Should big tech firms decide to expand their financial services offerings, fintech providers are concerned that they will be at a disadvantage because of the former’s market dominance. Innovate Finance, the trade body for the UK’s fintech sector, said in its response to the call for input that its members wanted to see requirements — similar to those imposed on the UK’s largest nine banks by the CMA in 2017 — imposed on big tech companies. That action required the banks to put in place systems to allow their customers to share their data with other financial services providers.

OpRes and regulatory perimeter

The FCA and the PSR said: “The majority of stakeholders view the current regulatory framework, including the scope of the FCA’s regulatory perimeter, as not fully effective and needing improvements, particularly to address areas like operational resilience and consumer protection.”

The FCA plans to investigate the operational resilience risk presented by the current concentration of the digital wallet market as part of an HM Treasury-led review of the payment services and electronic money regulations.

Yesterday HM Treasury said it would announce a timeline for the review in due course.

The regulators said they would consider calls to bring pass-through digital wallets inside the regulatory perimeter. In its response to the call for input, Innovate Finance was among those who recommended moving the perimeter. This was a way to ensure participants in the payments value chain adhered to requirements to deliver good consumer outcomes, as set out in the FCA’s Consumer Duty, it said.

Fraud and fincrime prevention

Digital wallets enjoy an extra layer of security, offered by mobile devices using biometrics. In FS25/1, the FCA and the PSR said that some respondents to the call for input claimed this made “digital wallets more secure than physical cards” and could reduce payment fraud. 

However, “these stakeholders did not provide any supporting evidence to substantiate the above claims, leaving the extent and scale of these issues unclear”, they added.

UK Finance’s annual fraud report does not break down payment fraud by origin source, such as card or digital wallet, and a spokesperson said such fraud would “likely be included” in its’ ‘card not present’ (CNP) category. In the first half of 2024, incidents of CNP fraud increased by 26% to 1.3 million.

In addition, some respondents said fraudsters would quickly adapt their methods to capitalise on the increased popularity of digital wallets. Social engineering and phishing attacks were highlighted as areas that criminals could quickly update their methods to target digital wallet users.

At present, liability for reimbursing payment fraud initiated via a digital wallet rests solely with the bank or provider that issued the card uploaded onto the wallet. Some respondents advocated a sharing of the liability for reimbursement, said the FCA and the PSR.

“They argue that placing sole liability on payment service providers is no longer sufficient, given the evolving fraud landscape. Moreover, a few stakeholders suggest that liability-sharing models — such as joint and several liability — could encourage digital wallet providers to strengthen security practices.”

The FCA and PSR said they would carry out further research to address the current lack of fraud data. Yesterday, the FCA could not provide a timeline for this research.

The CMA must publish the conclusion of its section 9 investigation by October 22.