In the past, buying travel seemed to be simpler, especially as payment principles have grown more intricate over the last decade. Sales structures for tickets were refreshingly clear. Tickets were sold in ticket offices or by travel agents. Fares were only organised by booking class. Back then, no one thought of charging separately for gourmet delicacies, cappuccinos or some extra legroom. Payment was pretty much exclusively by credit card or cash. Card numbers were noted down carelessly, stored in poorly protected revenue accounting systems and transmitted directly to the acquirers for billing. The acquirers were still really concerned about the airline customers. Although the fees were outrageously high, authorization and billing involved little technical or administrative effort. Last but not least, governments and card organizations were still reluctant to issue regulations and guidelines with regards to payment processes.
The big game changer in ticket sales came in the form of the internet. Initially, they viewed web sales simply as an additional sales channel. The great opportunities for making offers more flexible and optimizing revenue through additional sales were not exploited by most airlines. However, online fraudsters quickly became aware of the potential of the online ticket sale. At the beginning of the 2000s, fraud cases (and the associated chargebacks) skyrocketed. This in turn triggered a flood of creative fraud prevention solutions. The Card Schemes essentially came up with two major initiatives to curb card fraud: 3-D Secure and Payment Card Industry Data Security Standards (PCI DSS). The implementation of the resulting standards and technologies was (and still is) a huge challenge for airlines stuck in legacy processes.
From PCI and 3-D Secure to PSP
These new standards and requirements have led to greater complexity in payment processing. PCI DSS regulates the processing and storage of credit card data. The associated certification is so strict and extensive that only a few highly specialized service providers are still allowed to process and store card data at all. 3-D Secure refers to the additional authentication of the cardholder. This standard also adds a great deal of complexity to payment processes.
PCI DSS and 3-D Secure have led to the emergence of a new type of service provider: the Payment Service Provider (PSP). The PSP helps merchants (and therefore also airlines) to process payments easily, with all the complexity being outsourced to the PSP.
The airlines now had to integrate additional service providers such as PSPs and fraud screening platforms. Moreover, the cost of developing and maintaining online retail platforms was constantly increasing. Airlines therefore began to pass on the costs of payment processes to their customers – the Optional Payment Charge (OPC) was born.
Of course, reports of online scams motivated law makers to draw up regulations and legislation. The most important of these is the “Payment Service Directive” (PSD), a set of EU regulations which means above all that all payment processes must be protected by “Strong Customer Authentication” (SCA) and that surcharging is no longer permitted.
The reliance on PSP and apparition of POP
To make matters worse, consumers started to expect more from airlines in the 2010s. After having made do with cash and credit cards for decades, they now demanded mobile payment, PayPal and payment by instalments.
In response to the turmoil of regulation, risks, costs and customer requirements, airlines initially adapted their applications and platforms. Services such as PSP, fraud screening and tokenization were implemented by the airlines. This resulted in highly complex networks of interlocking processes and applications that, over time, no one could really keep track of.
In their distress, the airlines turned to the PSPs, who looked at the issue in depth and came to the conclusion that a single PSP would inevitably be overwhelmed by the wealth of issues and regional peculiarities. The solution could only be a new type of service that would act as a new application layer between the airlines’ booking processes and the payment service providers. This was the birth of the Payment Orchestration Platform (POP).
The orchestra for payments
But which issues should a POP address, tackle and optimize? If the challenges, annoyances, threats and wishes from the airlines’ perspective are distilled to the essentials, the core issues that all need to be kept under control are revealed: cost, risk and conversion.
Costs are controlled via:
- the choice of service providers
- the prioritization of means of payment
- the avoidance of complaints and queries
- the generation of FX profits
- OPC
Risk is managed through:
- secure means of payment
- Fraud screening and fraud management
- PCI conformity
Conversion is promoted with:
- simplicity
- trustworthiness
- local means of payment
- low rejection rates
The core goal of a good POP must be to have a positive impact on cost, risk and conversion. This also generates separate costs, although ideally these are compensated for by optimizing the processes. But what exactly is the role of the POP?
A POP essentially performs three tasks: analysis, payment and reporting.
1. Analysis
Factors such as the customer’s origin, shopping cart (routing), booking class, the desired payment method and the customer’s risk profile are checked using various databases and fraud screening.
2. Payment
The customers are shown the means of payment available in their region, any FX profits are skimmed off via DCC or MCP, an OPC fee is collected and finally the payment is authorized and settled either by the customer themselves or via a third-party PSP.
3. Reporting
A POP should also standardize the remuneration displays of the various payment methods and acquirers and offer them to the airlines for integration with other airline reporting solutions.
This is, of course, a very simplified description of what a POP is and what advantages it can offer to airlines. Ultimately, it is about outsourcing the complexity of modern payment processes to a third-party provider and only having to maintain a single payment gateway API.
In summary, the holy trinity in the payment business, “cost”, “risk” and “conversion” can be balanced through the use of properly-scoped payment orchestration. However, this requires a “payment strategy” instead of an opportunistic approach to solving the increasing payment issues.