Publication date: December 12, 2023
The following fictional case scenarios provide details about the payment functions: initiation of an electronic funds transfer at the request of an end user; the authorization of an electronic funds transfer; and the transmission, reception or facilitation of an instruction in relation to an electronic funds transfer.
The examples provided are not a replacement for the Criteria for registering payment service providers supervisory policy, but rather they are meant to complement the policy. They should be read in conjunction with the policy.
These examples build off each other. We recommend reading them in the order they appear.
Case scenario: Payment terminal manufacturer and payment gateway are two separate entities
Company A is a manufacturer of point-of-sale (POS) card payment terminals. It designs and sells payment terminals to entities, like Company B, that provide payment processing and acquiring services to merchants.
Company B enters into agreements with merchants. For a fee, merchants use Company B’s proprietary software that runs on payment terminals designed by Company A.
When a payer initiates a transaction at one of Company B’s merchant clients, Company B’s proprietary software that runs its POS interface captures and packages the payment data to launch the first payment instruction for further processing. This means Company B performs the initiation of an electronic funds transfer (EFT) payment function. Company B’s software interface also prompts the payer to confirm their consent to send the EFT (e.g., by pressing the “ok” button on the terminal), and as such Company B performs the authorization of an EFT payment function. Company B therefore meets the definition of a payment service provider (PSP) and needs to assess whether it meets the other aspects of the registration criteria to determine if it needs to register with the Bank of Canada.
In this example, Company A does not store personal or financial information, nor does it initiate, transmit or receive payment instructions in relation to an EFT, as the software component operated by Company B performs these functions. As a result, Company A is not performing any payment functions under the RPAA. It is not a PSP and does not need to register with the Bank of Canada.
Case scenario: Payment terminal is also a payment gateway
Assume now that Company A not only manufactures the POS card payment terminals, but also provides the payment gateway software to merchants. Company A directly advertises to merchants and provides its terminals in exchange for a brokerage fee on every transaction, thus competing with Company B.
In this situation, Company A performs several payment functions as defined in the RPAA. Company A performs the initiation of an EFT function since its software application captures the payment credential and transaction information and transmits it to a card network.
When the payer validates the transaction details and inputs their PIN code on the terminal, Company A’s software receives the end user’s consent to the transaction. As a result, Company A also performs the authorization function.
Those payment functions are not incidental to another activity because they are not exclusively performed to enable the sale of Company A’s payment terminals. Instead, they are a distinct business activity that generates additional revenues and is marketed as a payment solution to help merchants sell their products and services.
As a consequence, Company A now meets the definition of a PSP under the RPAA. It needs to assess whether it meets the other registration criteria and therefore must register with the Bank of Canada
Disclaimer
The case scenarios are illustrative examples reflecting the Bank of Canada’s interpretation of certain requirements set out in the Retail Payment Activities Act (RPAA). All names, facts and descriptions in these scenarios are entirely fictitious and do not reflect any real or actual individuals or entities.
Additionally, they do not represent legal advice and should not be used as a replacement for seeking such advice if an individual or entity is unsure about whether they are required to register with the Bank of Canada as a payment service provider. The nature of the products and services offered by each individual or entity will vary, as will the circumstances around offering these products and services. Therefore, any individual or entity that may be subject to the RPAA should assess their own situation on a case-by-case basis according to their own facts and circumstances. Any entity or individual that may be subject to the RPAA is ultimately responsible for determining whether they are required to register with the Bank.
The examples provided are not a replacement for the Criteria for registering payment service providers supervisory policy, but rather they are meant to complement the policy. They should be read in conjunction with the policy.