National payment system and horse ass width

The sudden disconnection of Russian banks from international payment systems fell unexpectedly than snow in December. Unexpectedly, it turned out that the use of payment systems of a potential adversary may cause side effects such as currency constipation or remote destruction of banks. You know, there is such a phobia - Gymnophobia, which means "fear of being naked in public." Apparently, our government does not suffer from it (which would be good news, but not). In the end, we all found ourselves in that position.

There is a reasonable way out of this situation - it will switch to the National Payment System instead of the enemy visa / mastercard. But it does not even exist in the form of a project. There is only a legislative initiative and vague desires, caused by this initiative itself. And therefore, a huge number of people in suits are now nervous and demand to begin its immediate development. Meetings are being held, where not only people in plaid shirts are invited, but even one or two elected in stretched sweaters. Ordering to start development right now. Well, or monday. Well, in this did not have time - start with the following. Better yet, start immediately implementing some system and at the same time lead its development. It would not have happened that some no-name company will receive an order on a state tender, which will take, say, Cyberboard, repaint, call SUPERVISA, and then the country to live with it.

“Who will design it and what tasks of which users will it solve?” Is an order of magnitude more important question than it seems. If it is developed by people from the banking sector, then it will be aimed at creating convenience for banks, and for people and businesses - as it will (hello, Sberbank!). If it is made by people from online systems, then it will first of all solve the problems of online business (banking problems are the last thing they are interested in). If it will be done by an accountant, then it will be a cloudy 1C. If Erlang programmers do it, the task will be to show its advantages over other dull languages. If it will be done by lovers of short-haired terriers, then ... no, I do not even want to look for an answer to this question.
')

Perhaps many people remember this wonderful myth about a spaceship and a horse's ass:

On the sides of the Kennedy spacecraft are two engines, each 5 feet wide. The ship designers would like to make these engines even wider, but they could not. Why?

The fact is that these engines were delivered by rail, which runs through a narrow tunnel. The distance between the rails is standard: 4 feet 8.5 inches, so the designers could only make engines 5 feet wide. The question arises: why is the distance between the rails 4 feet 8.5 inches?

It turns out that the railroad in the States was made the same as in England, and in England, rail cars were made on the same principle as the tramway, and the first trams were made in England in the same way as the horses. And the length of the axle was just 4 feet 8.5 inches! But why?

Because the horses were made with the expectation that their axles fell into the ruts on English roads, that the wheels would wear less, and the distance between the ruts in England was just 4 feet 8.5 inches! Why so?

Yes, the Romans began to make roads in Great Britain, bringing them under the size of their war chariots, and the length of the axis of the standard Roman chariot was equal ... correctly, 4 feet 8.5 inches! Well, now we got to the bottom, where did this size come from, but why did the Romans even think of making their own chariots with axles of exactly that length? But why: in such a chariot usually two horses were harnessed. And 4 feet 8.5 inches - it was just the size of two horse ass! It was inconvenient to make the axis of the chariot longer, since it would upset the balance of the chariot.

Consequently, here is the answer to the very first question: even now, when a man has gone into space, his highest technical achievements directly depend on the size of the HORSE BARRY TWO THOUSAND YEARS BACK.

The fact is that our banking and financial system is also based on a similar horse ass of past centuries.

Remember how banking really started? It began in the 12th century with trading houses (and then the Templars), who created the first payment system based on many of its branches in different cities and countries. Any merchant or traveler could hand over his valuables to one branch and then receive them (upon presentation of a written document) in another country at the branch of this trading house. What was incredibly convenient and safe in times of active road robbers.

Then, in the 17th century, money was invented in the form in which we have it now. And so there was a great variety of different financial instruments (stocks, futures, insurances). There was a large number of banks that began to interact with each other. A typical interbank transaction at the time looked like a horse-drawn van with an armed guard in which valuables were transported in physical form.

The emergence of more advanced means of communication (radio, telephone, and even the Internet) accelerated interbank interaction, but did not change it. Instead of a two-horse van, SWIFT (the international interbank system for transferring information and making payments) is now used, but it performs exactly the same functions. Client interaction also remains the same ancient, only checks and letters of credit are used instead of receipts. The relatively recent credit cards are something of an “instantly cash check”.

In other words, modern banking systems are OFFLINE systems that require documentary evidence for each action. And a huge number of offices that are actually interfaces to access them. Perhaps this is especially in case of atomic war. But even in this case, in peacetime, you can do everything electronically, just print reports somewhere in the basement. In any case, some banks are trying to get rid of hereditary imperfections and become online systems at least to interact with their customers (hello, Tinkov!).

Each transfer of money transfer looks like a “letter to the village of the grandfather”. You specify the index and address, but the bank can not verify their correctness. In the column “To:”, you indicate that the letter should be given to “grandfather Petrovich, who is a watchman in a collective farm garden”, but the bank cannot confirm in advance its existence and the identity of the connection of the address with a specific person. The bank takes your letter, attaches a safe with money to it and sends it with an evening “horse ass” on the slats. What happens to the letter after this - you can not find out. Wait for a response letter from grandfather.

Similarly, transfers between legal entities look like: payment, signature, stamp, power of attorney, a visit to the bank, waiting for several days, terrorization of bookkeeping with the questions “It’s time!”. And about the search procedure did not reach the payment better you do not know. It turns out that cash flows out of the economy for an average of three days. Without research it is hard for me to say how much we are losing on this. But it feels like it is somewhere around 20% of GDP and 50% of GDP growth rate.

And now we have a choice: to continue the acceleration of a horse ass or to do something new, convenient and unlike the ass? The difference in labor costs between these options is not too high. But the big efficiency achieved by it will be the multiplier of GDP. And this is not only money, but also saved lives of people, and an increase in welfare, and an increase in the country's competitiveness. If all this is still interesting to someone, then you should at least think about this option.

Payment system or payment platform?

And this is not only a linguistic question. What is the difference? I will give an analogy: imagine that you need to build a road connection throughout the country.

If suddenly it turns out that only the VAZ 2108 and only cherry color and only north can drive along these roads, and only the yellow gazel in which the chanson plays in the south goes to the south - this is a “payment system” with strict rules and predetermined entities.

And if any transport can go along the roads, which is subordinate to traffic rules and has passed inspection, then this is a payment platform that performs transport and service functions for various entities. This platform allows you to develop and improve the financial system to all interested parties. This is similar to what Internet technologies are now and open standards in a realized form. You can use them or offer your industry-specific solution and use it with industry partners.

Platform Benefits

• Validation of all transaction parameters before sending it;
• Instant sending and receiving a response from the recipient (status and data);
• Using dedicated authorization centers that confirm you in front of other system entities;
• The emergence of new types of transactions and types of interactions. The emergence of new services and business models;
• Cheap transactions;
• State control (fixation of transactions), there is no need for fiscal memory of CMC;
• Transparent procedures for challenging transactions, the legal significance of the transaction history in court;
• Great opportunities for integration and interaction with other systems;

Authorization

Any request in the system begins with authorization in a special center. After that, the center reports (via a secure channel) the results of the authorization to the service with which the user begins to interact. You can use different authorization centers:

• For authorization of a citizen of the Russian Federation, a state authorization center is used (“electronic passport” as in the UEC). This is convenient for those services where now the first thing they ask for is a passport. All government agencies, banks, ticket offices and other;
• For authorization of citizens of other states, the FMS center is used. The police will check the legality of stay in one second using a mobile scanner;
• For the police itself, the MIA authorization center is used. There you can control the levels of access to information, to the premises, to the weapon. And authorizing (sign) protocols and documents;
• For drivers, the traffic police center is used;
• Legal entities are authorized by the FTS center;
• Any organization can make its center and use it locally, for example, as an access control system in an office.

Authorization can be of any type and multi-factor.

• The simplest is simply by id;
• By Pin-code or password;
• By generated codes;
• On fingerprints (actual business and the Ministry of Internal Affairs);
• By voice, by iris of eye, by capillary grid (for secretaries).

Authorization Center also deals with security. Based on geolocation (and other factors) of requests, it identifies possible security breaches and in case of which it raises safety factors and informs the user about access attempts. In such circumstances, the complexity of fraud grows by orders of magnitude.

Card

The physical authorization tool can be a smart card with a contact and contactless nfc interface. Each authorization center can write its id on it. Moreover, each center can only overwrite its data - for this, there must be crypto protection in the card itself.

The ubiquitous appearance of contactless nfc interfaces. Instead of having to enter the card number and pin code, it will be enough to bring the card to the keyboard (PC) or the screen (tablets and phones).

To the card (that is, to the user) can be tied to a variety of accounts in various banks. When paying, you can choose which account in which bank to use for payment (if the payment interface supports it) or use the main account by default (if it does not).

In principle, you can write the same thing on any nfc carrier, for example, a smartphone. To increase the security level, an activation button can be made on the nfc card to avoid hidden scanning. To emulate a visa / mastercard you can make a magnetic strip. But it is better to connect to the proxy system of these systems as authorization centers.

Transactions

They can be multilateral and multi-format. Formats are available within the system and any application or service can use them.

• You want to pay your electricity bill. Log in to the system. Energosbyt requests the meter readings directly through the payment interface (such as Islands from Yandex) and reports the date, amount and readings of the previous payment. You enter new readings and send. Energosbyt calculates the amount to be paid and shows you. Choose an account (if you have several), a request to the bank about the sufficiency of money in the account occurs, and press [Pay];
• You pay utility bills on a single receipt. Log in to the system. Specify the month and current meter readings. Pay. And the system automatically parses your payment into several, each of which goes to a specific organization for specific services;
• You pay for purchases in the store. When paying, a list of your purchases is added to the transaction and you can see the list of paid goods and services in your account. This will be a kind of “electronic check” confirming the fact of purchase and a guarantee for the goods. Perhaps you will use some third-party service to do your home bookkeeping (which will use this data). Which will group your expenses, take into account your goals, automatically make monthly payments.

In other words, you can build a full-fledged interaction between the client and the services.

By default, the authorization center returns to the services anonymized user data, which does not allow to know his identity, but makes it possible to identify him (such as 223b73d55ff0009). But this id is relevant only for the operations of this particular service with this particular user. Different services can be combined into one program and use one user id for all.

In other cases approved by the management of authorization centers, they may report more information about the user.

Use cases

The shops

Imagine that the X5 retail chain is starting to support payment through this system. It installs certified payment devices (cheap and without fiscal memory) and connects its loyalty program to the system.

An anonymous user pays a purchase with a card. The bank receives a request from the store (with the amount and the list of purchases) and transfers the money to the store account. The store keeps an anonymous user id and shopping list (for analytics). If the analyst X5 decides to reward the user (knowing the history of his purchases) - she can do it while he is at the checkout.

If the user is lured by the X5 loyalty program, he thereby authorized the authorization center to report its real (basic) data to X5 and X5 can monitor its activity, award points, give gifts, send notifications by email / sms (without auto subscription, strict spam monitoring). , disconnection from the system for spammers).

Partner systems and air tickets

Situations like the one with Eviterra can be avoided. In general, there is no need for intermediate centers and difficulties with cash deposits of intermediaries. The client pays the invoice generated by OTA and his payment goes mostly directly to the airline, and in smaller parts to the accounts of intermediaries. This could be OTA, meta-search engines, and partner traffic providers (lead generators).

The system of receiving money for all types of partner systems will also be simplified. No need to wait for the end of the period to receive money. If the payment was withdrawn by the user (for consumer rights), then all commissions are returned automatically.

Banks

Reducing the cost of maintenance, offices, bureaucracy (and hence a significant increase in revenues on the same customer base). Integration into a common system gives them great opportunities to create new services and services. The best banks of the future will be successful IT companies, rather than dull cash vaults (as they are now).

In addition, banks can use one credit base. Along with it, you can implement the basic credit risk functionality for quick scoring.

Insurance companies

You can make an analogue CarFax. A single database where information about all incidents will be collected and where the Interior Ministry, insurance companies and car owners will have access to.

Transport

Using the card as a ticket in any public transport without special preparations (the amount is immediately debited). To receive discounts or subscriptions - they must be purchased at full price.

Tickets

The card can be used as an entrance ticket with instant payment (for one person). Or as a ticket ticket with prepayment / reservation. In this case, an electronic ticket is purchased in advance, and the card is used as a pass when entering the event. Also suitable for booking hotels and renting cars / bikes / equipment.

Social card and electronic passport

The authorization center can indicate additional user statuses: Pensioner, Student, Military Person, Honorary Donor, and so on. When contacting government agencies, the card will serve as an electronic passport.

Schoolboy

Access to school, sports sections, locker in the locker room, online diary, electronic signature for passing tests and checklists. Parents can know where the child is at school or out of school.

Medical record

Disease history, tests, diagnostics - all this can be stored centrally and doctors can have access there, including from mobile devices. A user card can serve as an electronic prescription in pharmacies (integration with pharmacy systems is required) with a choice of interchangeable drugs. The difficult ethical question of the availability of prescription statistics for pharmaceutical companies remains. Here we have to find some kind of compromise between “yes” and “no”.

Reception of payment

Easy connection of companies to the system and ease of automation (api and web widgets). You can begin to take money for services immediately after connecting to the system. No intermediaries and additional interest. You can make payments in favor of third parties without the need to conclude additional contracts (for example, your service can transfer money to a client’s mobile account, without having to have a contract between your service and the mobile operator). If the system becomes truly National, you can accept payment immediately after registering the company.

Online Authorization

It would be nice to make the web authorization feature similar to login-with-facebook. And to transmit only the basic information, the availability of which can be set by the user himself (you can hide everything at all).

Taxes

Almost the entire tax field can be automated. The tax will automatically receive all payment statistics (in both directions) and automatically determine the amount of taxes. For the exact calculation of taxes it is necessary to specify the types of transactions. It turns out a sort of consolidation of transactions and accounting entries (transactions from customers as “revenues”, transactions to suppliers as “expenses”, if simplified for example). As well as automatic control over activities (“retail sales” cannot receive “construction work” transactions, for example).

Electronic key

Can be used as an electronic key from the apartment and from the car. We must understand that this is an auxiliary device, not a physical key. In the absence of electricity, the lock must remain physically closed and require a physical key.

User account

For security management, viewing statistics and management - each authorization center has its own personal account. You can go further and make an expandable system, where each service used is represented by a separate application in the personal account ecosystem (this is a difficult task).

Personal account of the company

In fact, this is an office for interaction with the bank, tax and government agencies. As well as statistics and security issues.

For legal entities

• Integration with popular business management systems and 1C;
• Instant payments, automatic payments on a schedule;
• Validation of payment details;
• Different types of transactions (prepay, fee, commission, penalties, ..) for semantics to help automate business;
• Insurance of transactions, warranty and arbitration services;
• Depositing and registration of contracts;
• Electronic route sheets, rights, powers of attorney, tolerances;
• Access control (login to the system by card, electronic signature of documents) and access control for employees;
• Online interaction with government agencies. For example, with customs. With tax. Full two-way interaction;
• Transfer of salaries to employees on any of their accounts.

For individuals

• Universal ID. Electronic Passport. One card for all occasions;
• Security. Now citizens have a lot of things, the loss of which will be unpleasant. And so there will be only one card, the security of which will be monitored by automatic systems. Lost card is automatically blocked everywhere and immediately;
• Instant money transfers;
• Simple acceptance of payments in its favor (via mobile devices or via the Internet). Transfers, donations, Like & Pay, joint purchases and more;

Creating such a system

There are no technical barriers to its implementation. Almost all popular services have a similar or even greater complexity of implementation. Smile and program.

The real obstacle to such a system is an organizational one. In our country there is one unpleasant cultural feature - it is difficult for us to negotiate and interact with each other on equal terms. And to create such a system will require the joint participation of many subjects of the state, banks and business. We must somehow make some thousands of these “kings and their kingdoms” agree among themselves. If someone wins one, the whole system will be done to his advantage, to the detriment of others.

Before proceeding to the direct implementation, you will need to organize a large structure that will be engaged in the design.

• Project management and main project office;
• Interagency project commissions;
• Project commission of financial organizations;
• Project commission of business companies;
• Public project association and citizens.

All together it is necessary to prepare a set of Terms of Reference and Standards on the basis of which the entire system can be developed. This is the right approach, which in itself is the hope of the right result.

The wrong approach, in my opinion, is to give the implementation of the National Payment System to someone's pocket company, which will do it as a proprietary (closed) system. In our case, this may be the UEC, which has already made a payment system integrated with the “electronic passport” system.

To be honest, I have a strong prejudice against the UEC and this is why:

1. UEC was created by three large banks and is therefore doomed to implement the project in their interests (I saw information that all initiatives of UEC outside the banking sector were frozen by the shareholders). A part of their project called “Electronic Passport” is a requirement of the state and it is logical to assume that they will do it with minimal priority and without initiative.
2. Only banks with a capital of more than 3 billion rubles can be connected to the UEC. The remaining 80% of the banks in the span. Isn't there racism ?;
3. The names “UEC” and “PRO100” are very sad. The informational mess prevails on their sites, which means: either a low level of motivation or a lack of professionalism. Go to their sites and see. You do not want to use it unless you are forced to use force;
4. This is a closed system. Its development is limited by the capabilities and desires of the UEC;
5. Who are the developers? How many of them? What is their experience? What famous people work there? At what conferences did they speak? I could not find information about them. Payment system of this level is a rather complicated project. If you measure it in Yandex, then it is about 0.4 Yandex. Hence, the development team must comply with this ratio. Yandex has 6000+ employees and 150 active vacancies in Moscow only. UEC does not know how many employees and 2 vacancies, both are managerial. Either they have a secret team of ninja programmers who work for them, or this is a small team from which they want the impossible every day.

Conclusion

It is more correct to call the resulting system the National Information System, because protected interactions of a variety of subjects take place in it: the state, banks, business and citizens. The payment system is its important function, but not the only one.

I did not try to describe in detail the technical details of the implementation, because first we need to interest those who are now discussing the creation of a national payment system at the highest level. I'm not sure that it will work to the full, but if the idea comes to them that the modern design of the information system promises more benefits to the country than the modernization and “plugging of holes” of the systems of ancient design - I will be satisfied at least with this.

I do not know which Sportloto can be sent a similar article, so I publish it on Habré. If this project concept relates to your work - please discuss this article with colleagues and management.

If your imagination is already drawing you ways to implement such a project - do not restrain yourself, publish your proposals on Habré!

I really want our country to get the best payment system and workflow in the world. And you?