In time, banks are going to be “Amazonised” and will open their APIs both internally and externally. So what should the focus of the API be? The customer, maybe, rather than their money.
A couple of years ago at the Intellect/Payments Council conference, I gave a talk that touched on the “triple A play” strategy of Authentication, Apps and Application Programming Interfaces (APIs) for payment providers and I said that for most people, most of the time, there will be no “payment experience” because the payments will vanish into the apps. David Marcus, who was then President of PayPal, said the same.
I believe we’re heading very quickly toward a new era in which payments will essentially disappear.
[From State of Payments: Reinventing Money | LinkedIn]
I referred back to this to kick off my talk at the excellent MEETS 2014 conference in Frankfurt. This is the annual event from Sylvia Lukas’ PayComm organisation and my once per year opportunity to catch up payment industry friends from northern, central and eastern Europe. It was as educational, enjoyable and entertaining as always, and for me particularly stimulating this year because of the opportunity to sit in on discussions with banks, schemes, processors and acquirers all developing strategies in response to some significant shifts about to occur in our industry, many of them centred around impending regulatory change. One specific category of interest and importance to our clients is that of the API in banking.
My reason for referring back to my prediction about payments vanishing was to stress the API as the mechanism for it to occur but then to build on this point to consider the impact of API-centric strategies throughout the payments value chain. It was lucky I’d decided to emphasise the “Amazonisation “of the payments industry in my talk, because the best talk of the event, which was Michael Salmony’s (from Equens) opening piece on APIs on the second day, came to similar conclusions from a less technical direction. Michael, as an aside, had the best slide of the entire event, and it wasn’t (directly) to do with payments, but was a comment on European standardisation efforts and how they work out in practice!
I must stress that this focus on APIs is not new. It’s been clear for some time that this is way forward. I remember from a study on APIs that Consult Hyperion carried out last year for one of our US financial services customers that API-centric strategies make sense – because it’s a platform game – whether banks are forced to provide them by the regulators or not.
Moyer cites some banks that are already opening up public APIs, like French banks Crédit Agricole and AXA Bank, and others that have announced plans to do so, like Commonwealth Bank of Australia, ING and Capital One. Overall, she believes there is a growing understanding in the sector of the need for transformation. “I think most banks will provide a public API in the next two years,” she says.
[From Interview: Banks must focus on APIs and apps, not applications – Gartner analyst – Ireland’s CIO and strategy news and reports service – Siliconrepublic.com]
Now, after Michael’s excellent talk on the topic, he ran one of the workshop sessions and I was able to join in a fascinating and detailed conversation about the emerging European environment that I commented on in part one of this API Blast series of posts.
The EBA (European Banking Authority) is given the task to develop, in close collaboration with the ECB, ‘common and secure open standards of communication’ (incl. specs for data transmission and how TPPs are to authenticate themselves vis-à-vis AS PSPs). These standards will need a high level of detail and quality (testing) in order to make them usable.
[From Access to the Account (XS2A): accelerating the API-economy for banks? | Innopay]
I did ask a couple of people what the process for the EBA to develop this API is and what input they are seeking from different stakeholders, but I wasn’t able to obtain sufficient clarity to be able to report. Perhaps a correspondent might be able to point me in the right direction?
Anyway, at the workshop session I was in, the delegates were discussing trends in retail payments and they used an interesting classification to drive the debate, exploring how retail payments are changing in all of these areas.
Cards | No Cards | |
Schemes | the current situation Visa/MC EMV 3DS etc |
Visa/MC Euro-API push SCT FPS Zapp Pingit Paym |
No Schemes | bilateral | Starbucks prepaid Bitcoin |
It’s not the point of this blog to report the discussions, but I will say that as far as I could tell most of the European banks at the event seemed to agree with Michael’s point about the importance of developing a strategy around APIs, given the inevitability of the regulatory mandate. There are many aspects to this strategy and, as Craig Burton has said about this, many organisations will have to develop entirely new competencies in order to participate in API-based competition.
I think the biggest change is in the area of token and key management. If an organization wants to make sure that its API(s) are not being abused, well managed keys and tokens are essential. Managing developer’s with keys is probably not something most organizations have ever done.
[From 1 Raindrop: Security > 140]
A final point with respect to opportunities for banks. There is another way of looking at the strategy around APIs: not centred on payments, but centred on identity. Suppose the bank stored your personal information (rather as was suggested by the SWIFT Innotribe in their work on the digital asset grid, or DAG). Then the API would allow third-parties (and these could be a wide range of organisations, not only PSPSs) controlled access to support recognition, relationships and reputation transactions, reducing the overall costs to the stakeholders while giving the the customer control over their own data via their bank. Could the bank be the ideal partner to implement what Greg Meyer calls “The API of Me”:
I believe that we as consumers have a right to control the data we share about and between the services and products we use, and that the economic benefit of using and sharing that information by companies should be more transparent. “The API of Me” is the name I’d like to propose for a system of capturing, sharing, and limiting information about consumers
[From The API of Me « Information Maven: Greg Meyer]
As I said at the Wired Money event, perhaps the role of the bank in the future will change from being a place where you store your money (who keeps their money in a bank these days?) to being a place where you store your identity (surely you’d want to store it with a regulated organisation?).