The wonderful people at Payments NZ invited me around the globe to their conference “The Point” in Auckland this year and flattered me by asking me to
give a keynote talk on the topic of “Cardmageddon” (the day when cards are no longer more than half of non-cash payments) and
be the prize in their raffle.
Naturally, I accepted both offers.
It was a terrific event (you can download the presentations from the event here) and I thoroughly enjoyed both roles. I made a big deal about APIs and XS2A in my presentation because I wanted the audience to understand just what a range of organisations consumers are likely to give access to their bank accounts to. In particular, I said that I thought that retailers would be quick to take advantage of the possibilities here, but I also mentioned messaging and social networks. This latter case is one that I have discussed a couple of times before. Here’s where I came back to it a couple of years ago:
I can remember discussing with some clients at the time what sort of services they might be able to offer to Facebook or other social networks that were empowered through an Electronic Money Issuing (ELMI) license and Payments Institution (PI) licence.
In work for one of our clients around about the same, I firmly predicted that Facebook would do just this because the advantage of being able to instruct transfers without having the regulatory overhead of being a bank were so great. These were hardly Nostradamus-style prognostications, merely rather obvious interpolations of technology and regulatory trends. And, frankly, the cost of obtaining and maintaining these licences is so trivial to a Facebook or a Google or an Apple that it was a no-brainer to assume that they would apply. Well, guess what…
The Sunday Business Post reports that Facebook has received a licence from the Central Bank to operate a financial payments service, two years after applying for authorisation. A subsidiary of the social media giant can now act as a payments provider and electronic money issuer, as well as provide credit transfers and remittance services across the EU, as a result of the regulatory approval.
From Seen and Heard: Facebook secures payments services licence
Interesting phrasing. They can “provide credit transfers”. So the day when my teenage son’s dreams will at last come true are not far off. I’ll be able to send you a tenner in WhatsApp just as easily as I can send you my location and neither of us will need a bank account to do this. This means real, and real serious, competition coming into the payments space. This is great, because competition will drive new services for consumers. But it does make me wonder whether some more regulatory intervention is on the horizon.
To see why I think this, reflect on the Second Payment Services Directive (PSD2) — the home of the aforementioned XS2A — and why it is going to have a major impact on banks. This has been clear for some time and, indeed, I have been droning on about it for years. Let’s just recap on the principle for a moment. The point is that because banks occupy a privileged place in society they are required to provide some services that are for society’s good rather for their own good. XS2A is an example. In return for their privileges, banks have to deliver on certain responsibilities. So the regulator’s argument is that banks have to open up their APIs to 3rd parties in order to allow those third-parties to create new products and services that otherwise would not exist. The result of all of this is that society as a whole is better off.
Note that the banks themselves are not prevented from creating new products or services using these APIs either. I written before about the “Amazonisation of banking” and on a number of different engagements for financial services clients, my colleagues at Consult Hyperion have looked at the possibilities of opening up in this field. But back to The Point, where the very clear-thinking Victoria Richardson, General Manager Payments Direction at the Australian Payments and Clearing Association (APCA), set the meme of the event when she talked about banks having to shift their perspective from “API horror” to “API opportunity” and I genuinely think that, in the UK at least, some banks have started to do this.
So now the dust has settled, the banks are opening up their APIs and are seeing new opportunities from accessing data. This is not because banks wanted to do this, but because they were given no choice. But if this argument applies to banks, that they are required to open up their APIs because they have a special responsibility to society, then why shouldn’t this principle also apply to Facebook? You may be aware that Facebook recently blocked an insurance company from having access to customers Facebook data, which the insurance company wanted to know in order to provide better quotes and special offers and so on.
Facebook will allow people to use their accounts to log in to the Admiral app, and for verification purposes, but will not allow the insurer to view users’ posts to work out discounts.
From Facebook blocks Admiral’s car insurance discount plan – BBC News
It seems to me that these issues are equivalent. On the one hand we are saying the banks cannot stop other regulated institutions from having access to customers accounts provided that they obtain the customers’ permission first and use strong authentication and so on and so forth, so why on the other hand shouldn’t the same should apply to Facebook. Why shouldn’t a regulated institution such as an insurance company obtain access to customers’ data provided those customers give consent for them to do so? If I want to give GEICO access to my LinkedIn account on the grounds that I think it will get me a better deal on car insurance, why shouldn’t I? If an insurer decides to up my life insurance premium because they see me in a hot dog-eating competition on Facebook why shouldn’t they? After all, the more information insurers have, the more accurately they can price the risks. And if I don’t want to pay a higher premium, then I should stop smoking, bungie-jumping and eating Scotch eggs before breakfast. This is, by the way, hardly a new idea.
Startup Lenddo has launched a ‘social network’ credit card in Colombia that will see applicants approved or declined based on their reputations on Facebook and Twitter.[From Finextra: Lenddo delves into credit card applicants’ social media data]
You can see the obvious benefits for financial services organisations if they can have access to social media accounts, almost as great as the benefits that social media platforms will obtain from having access to bank accounts. Come to that, why shouldn’t all regulated institutions have access to LinkedIn or Twitter or whatever else given the informed consent of customers? These platforms are crucial to the way that society functions nowadays so why should they not be required to be open platforms just as banks are? That would be a level playing field, wouldn’t it?
I share your observations but if I recall correctly the open API is not mandatory for prepaid cards of emoney institutions (preamble 68)
Depending on their exact solution and the actual interpretation of this preamble, Facebook might thus not have to allow others entry on their ‘3p network’ (in payment terms).