Category: Markets

Electric fences and the rise of the near-bank

31st December 2012by Consult Hyperion3 Comments

[Dave Birch] I spent part of the holidays reading Forum friend Brett King’s Bank 3.0, his latest work, and this has naturally set me thinking about trends in banking as a context for trends in retail electronic transactions.

Here I am giving Brett a few tips on writing books and speaking in public.

I loved Brett’s Bank 2.0. I’m not a huge fan of business books in general and I don’t read very many, but like thousands of other people I found Bank 2.0’s combination of thoughtful analysis and well-chosen practical examples most educational and it certainly helped me to structure my own thoughts about the evolution of banking. In the new volume, Brett has a lot more to say about about connectivity, social media and engagement, all of which seemed to make eminent sense to me. So having read Bank 2.0 and Bank 3.0, do we know where banks are going? Actually, I think we do, at least in outline.

The path ahead for European finance is broadly clear. The banks will concentrate more on bread-and-butter lending like mortgages and cut down their exposure to other long-dated assets; a few lucky corporate issuers will be able to pick and choose how they get their capital; everything else will have to rely more on other sources of finance. More firms will turn to the bond markets. Very large pools of capital—held by sovereign-wealth funds, as well as by insurers and pension funds—will do more direct lending, often in partnership with banks. New forms of finance will nibble away at mainstream providers.
[From Non-bank finance: Filling the bank-shaped hole | The Economist]

Banking won’t go away, and nor will banks. But the banking functions required in the economy won’t necessarily be delivered by banks. Those of us viewing from the perspective of technology have always thought this obvious, but I think we need to recognise that technology isn’t the only driver for change. In fact, over the next 3-5 years, it won’t be the most important driver for change and while I agree wholeheartedly with Brett about the impact of technology (Brett says that “technology is no longer exceptional, nor is it an alternative choice for consumers — it is the way we do our banking” and he is absolutely right), the fact is that regulation will shape banking far more than 3D printing or electronic paper in that timescale.

The Banking Standards Commission wants the government to “electrify” the fence so banks won’t try to “game” the rules.
[From BBC News – Bank reform plans should be tougher, Banking Commission says]

The ring-fencing of retail banking to keep it separate from investment banking is hardly a new idea. When the United Netherlands common currency started in 1433, the good burghers of Antwerp, who knew a thing or two about growing a sound commercial environment, passed a law preventing moneychangers from either taking deposits or running payment systems. This basic regulatory principle has been alternatively enforced or neglected across business cycles ever since. Right now, the pressure is on to return to the sound banking structures of medieval Holland, but is an electrified fence the best way to achieve this? Perhaps an alternative might be to make it easier for new kinds of competitors to enter the space (the Zopas and Kickstarters and so on) so that non-banks can deliver the needed services.

Banks everywhere are under pressure from regulators, creditors and shareholders to refashion themselves into safer, smaller entities. Non-bank finance companies are turning the travails of these shrinking banks to their advantage.
[From Non-bank finance: Filling the bank-shaped hole | The Economist]

Hence the idea of the “near-bank”, the service that looks like a bank but that actually provides financial services from a mixture of bank and non-bank providers. This idea is explored in the SME sector in this week’s Tomorrow’s Transactions podcast with Nick Ogden of Cashflows, which is just such a near-bank.

The near-bank is not a new idea. In the long ago, hazy days of the then-new web, I wrote (with my then fellow Consult Hyperion colleague Mike Young) an article for Internet Research called “Financial Services and the Internet” (Volume 7, Number 2, p.120-128). We wrote about what we then saw as the two most likely long-term scenarios for future financial services in response to development of the Internet: the online-only “bancassurer” and what seems to have emerged as the modern financial services environment, where:

Financial services customers use IT to build a seamless environment for themselves, “with the underlying best-of-breed products originating from a wide range of suppliers”.
Financial services providers “retreat to a small range of products that build on core competencies, but supplied to a global market”.

A few months ago, I ran a workshop for an Asian bank exploring these trends and helping the bank to formulate some ideas about where to focus international efforts and afterwards had an interesting discussion about why customers might choose to use alternatives to banks for lending and borrowing (something discussed here last month). I said that I thought one aspect might be the desire for experiential and entertaining investing. However it might perform, my Barclays Cash ISA isn’t fun, or interesting or unique. There’s something that is fun about logging in to see how your bakery in Cornwall or bicycle messenger in Cambridgeshire is doing, even if you have only contributed a £100 chunk to the ten grand they borrowed to get started. And it’s also fun seeing how other people are doing (see, for example, e-Toro).

This desire for financial services that combine experience and entertainment I think connects with the evolution of social media so that connected savers and borrowers will begin to behave in very different ways, just as we are seeing connected consumers develop a different relationship with businesses that service them. The near-bank might be a more flexible way to navigate this new landscape, so when Brett gets around to Bank 4.0, I’m sure one of the central themes will be the portfolio provision of non-bank services by banks and near-banks alike.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

I hope this isn’t terminal

17th December 2012by Consult Hyperion1 Comment

[Dave Birch] As you know, I do like to try out new retail payment technology in person rather than rely on other people’s Powerpoint to assess the state of play. And I also like prosaic examples of cash replacement, particularly taxis, since I see it as a hallmark of a civilised society that you can pay a taxi without needing cash.

In the back of a cab in Singapore I saw this:

Hurrah! Armed with two phones and several contactless cards I looked forward to my end of ride payment experience. When we got to the airport, the guy rang up the fare. The options on the terminal were “credit” and some others. He selected “credit”, but no contactless option was visible. So he went back and selected contactless (I can’t remember what the menu item actually was). An EZ-Link logo appeared on the screen but no Visa or MC logos. Just out of curiosity, I tapped a MasterCard NFC phone on the terminal. Oh dear.

He chose “Restart” but nothing seemed to happen. Gulp. I didn’t have any Singapore Dollars with me so I gave the poor chap a US $20 bill along with my profuse apologies. It looks like the NFC infrastructure needs a little more work in places.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

The bank of me and you

14th December 2012by Consult Hyperion1 Comment

[Dave Birch] We all understand that the line between banks and non-banks is blurring in certain areas. Areas, essentially, other than taking deposits and creating credit. Forum friend Brett King has posted a couple of pieces on this point.

Clearly, to be a deposit taking bank and offer products like Mortgages, loans, savings accounts and so forth, it would be easier to have a bank charter. However, today the lines between banks and non-banks offering financial services is blurring faster than speculative investors dumping shares for Facebook.
[From Do you need a Banking License to do Banking? | Banking 4 Tomorrow]

I think Brett is right to point to the rise of the “near bank” as a highly probable trend in the next phase of retail banking evolution. So why is this, and why have we been talking to our clients for some time about the potential for sector-specific near-banks to deliver services? In Europe at least, the regulation of payments and the regulation of banking are separating. This means a lighter touch for payments, which should in turn mean more competition. This is in contrast to the well-understood demands for tighter regulation in the banking sector, largely because of banks’ ability to create money by lending. It’s taken for granted that “credit” means, to all intents and purposes, banks.

Yet this is changing. In the October issue of Prospect magazine there was a superb article about the alternatives to conventional bank lending by Sam Knight. I’ll leave it to you to read the article for yourself, but I want to pull out three particular points from the piece that relate to different types of lending.

First, the credit union. According to the piece, 40% of Americans belong to a credit union but only 1.5% of Brits. Credit unions could play a huge role in providing an alternative source for lending, but unfortunately that do not have the most efficient infrastructure.

What members were asking for, [the credit union manager] explains, were small loans, in the payday range of £50 to a few hundred pounds. She was keen to issue them, but it was hurting the credit union. Each £50 loan brought in just £1 in interest but cost £60 to process.

The arrival of mobile phones and the internet really ought to have fixed this problem by now (and I should mention in passing that Consult Hyperion are involved in a project touching on these issues in the UK right now). With the effective use of mobile as an alternative to cash, these costs should reduce substantially and expand the reach of credit unions in the UK.

Secondly, the growth in person-to-person (P2P) lending seems to indicate that some fraction of the economic transfer function needed for society to function can exist outside of the banking sector, co-ordinating lenders and borrowers via the internet rather than through institutions.

Right now, P2P companies have 1% of Britain’s £23 billion personal loan market, and are growing as a sector at 100% per year.

I’ve been playing around in this area for a while, since I opened up an account with Zopa, the market leader in the UK. By way of comparison, in the last quarter, I calculate that I earned three times as much from my Zopa account as I would have done had I left the money in my bank savings account. So +1 for P2P!

Thirdly, the provision of capital for business is also ripe for similar co-ordination. Funding Circle (which I’m also a member of!) has brokered £47m of small business funding in the past two years. One aspect that Sam didn’t explore in his article is the boundary between investment as a rational, financial activity and investing as a form of entertainment. I like Funding Circle because it’s fun and interesting. Even if my portfolio yields the same as a conventional savings account, I’ll stick with it, simply because it’s enjoyable to look through the lists of businesses and decide which ones to fund, and then see how your business acumen and instinct correlates with subsequent performance. The article also mentions Abundance,a P2P platform for savers to invest in renewable energy developments. It is run by Forum friend Bruce Davis, so I think I’ll head over and try that out too.

You can see a potential future here where third-parties offer consumers services that look like a bank but are actually a portfolio of non-bank services, a sort of supercharged Simple that provides a pre-paid payments account, a Zopa account, a hook into Kickstarter and Funding Circle, all under more Nutmeg-like interface. You set the dial, the system decides to move some of your spare cash into Zopa and lend it out.

Joseph Nocera’s excellent book “A Piece of the Action” describes the radical impact of money market accounts on the US bank system. I wonder if these “near bank” accounts will have a similar impact? Sam finishes the Prospect article by saying that “we will all, in time, become banks ourselves”. Well, not all of us, I’m sure, but for a great many of us the idea of removing the middlemen is as inevitable in financial services as it is in other commerce in the online world.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

You wait ages for a contactless terminal then 8,500 turn up at once

13th December 2012by Consult Hyperion2 Comments

[Dave Birch] An e-letter arrives from forum friend Shasi Verma, Director of Customer Experience at Transport for London (TfL) and an all-round jolly nice chap. He says…

I am writing to let you know that we are introducing contactless payment tomorrow (i.e., today,Ed.); this will initially be available on any of London’s 8,500 buses.
[From TFL – Service Changes]

Hurrah! This has been long awaited by many in the contactless community, because the relationship between wallet or phone or card and mass transit is well-understood to be central to nudging consumer behaviour. There are a great many people (millions) in London who have a contactless bank card but have no idea what it is or how to use it. Hopefully, they will see other people using bank cards on yellow buttons on public transport and be encouraged to try it for themselves. (At Consult Hyperion, we use the pub for the same purpose, acting selflessly in the long-term interests of key clients.)

London commuters will be able to start paying some bus fares with the swipe of their bank cards this week when transport authorities begin rolling out one of the world’s most advanced “contactless” payment systems.
[From London buses in bank card swipe trial – FT.com]

Well, not “swipe” exactly. In fact, not “swipe” at all. But yes, the buses have been fitted with the new “open loop” payment terminals. This means that that customers will no longer have to buy an Oyster card for travel but can simply use their shiny new contactless bank cards. When I was chatting to someone about this yesterday, their first question was “why bother – Oyster works fine” and indeed it does, but…

TfL reckon that their overall ticketing system costs them about 14p per £1 collected in fares. Some of this is ripe for reinvention. Product sales alone account for almost a third of costs, and this could easily be halved: monthly and yearly season tickets won’t go away for a long time, and since they are efficient products to sell, there’s no reason to stop them, but most of the ad hoc non-commuter trips could be shifted to open products.
[From Slick transit]

It’s cost a lot of money to upgrade TfL’s infrastructure and all of the readers at something like 20,000+ gates, but it will save them money in the long term. And what’s more, foreign visitors with contactless bank cards will be able to jump straight on a bus without having to get into gigantic queues at Paddington or Victoria to buy and load Oyster cards. And never ones to take corporate PR as as substitute for reality, on your behalf we ventured into the freezing London morning to check it out.

Hurrah again! A live, working, contactless EMV bus transaction captured for posterity. The readers already work with psychic paper, of course, so contactless bank cards are old technology really (!) but we’re still very excited about this because it is a project that Consult Hyperion has been involved in from the very beginning, when we were selected by TfL as their consultants for this project. If you’re interested to learn more about the project, you can listen to two of the key guys on the project (Shashi and Will Judge, who was then head of Future Ticketing) discussing it in one of our Tomorrow’s Transactions podcasts from last year. As well as helping with the analysis and specification of the new system, Consult Hyperion also developed the prototype contactless terminal for TfL to experiment with (we’re a little different from other consultancies because we have a full-time, in-house development team that builds prototypes and proofs-of-concept for clients.

In addition to upgrading thousands of readers around the system, TfL have developed a sophisticated back-office system to manage the mixture of closed-loop and open-loop payments and are now offering that system to other transport operators in the UK. We ran a seminar on this with TfL last year, by the way. This means that in time, ticketing may earn some money for TfL as well as reducing its costs.

The second question I was asked, and I won’t shy away from it here, was “great, I’ll be able to use my phone to jump on the bus”. Unfortunately, for reasons that are too technical (and too boring) to go into here, the only NFC/card handset combo on sale in the UK today, the Orange Galaxy S3 QuickTap, doesn’t work with the TfL bus readers. So if you want to amaze your friends (or are too lazy to get out a wallet) and jump on a double-decker using a flick of your smartphone, your better off getting yourself a Barclaycard PayTag and sticking it on the back. Here is an exciting photograph of such an installation, taken in London this crisp winter morn.

To make the simple tap-and-go work for millions of consumers taking millions of bus rides, reliably and securely, is very complicated. To hide all of the complexity from consumers and make the tap work in a few hundred milliseconds was a tall order. But they’ve done it, so well done TfL.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Welfare dependence

10th December 2012by Consult Hyperion2 Comments

[Dave Birch] A discussion earlier today touched on the British Government’s impending shift to “universal credit” in a reorganisation of the way that welfare benefits are paid. I saw in The Telegraph that the government was floating the suggestion that the payment systems be used to enforce moral judgements over the less well-off.

Iain Duncan Smith has asked his officials to see if so-called ‘problem’ families should receive their welfare payments on smart cards, rather than in cash.
[From 120,000 troubled families could be legally banned from spending benefits on alochol and tobacco – Telegraph]

The Daily Mail appears to have some more specific information on the design specifications for these new cards, which certainly seem to be using the very latest technology.

Plans being drawn up by Work and Pensions Secretary Iain Duncan Smith will see the 120,000 problem families targeted with Oyster-style cards which can only be used in certain shops.
[From Iain Duncan Smith: ‘No booze’ smart cards for benefit claimants who spend their handouts on drugs and alcohol | Mail Online]

I’m not entirely sure what they mean by “Oyster-style” (Blue? Rectangular? Contactless? Not issued by a bank? A closed loop solution?) but I’m guessing that what they actually mean is pre-paid. Now, as far as I am concerned, this is actually a good way to deal with the transition to universal credit. Forcing banks to provide “basic bank accounts” that welfare recipients don’t want to use is a dead end. These accounts are a backward-looking, money-losing, non-solution to the problem of the underbanked. Allowing non-banks to provide pre-paid solutions (perhaps rather like the O2 Wallet, with smartphone management capabilities and a companion EMV card) is surely a better way forward.

Anyway, as far as I know, welfare recipients will be getting their cash on smart cards anyway. It may have slipped Mr. Smith’s mind, but starting next year all benefit recipients, let alone “problem families”, will be getting their welfare payments on smart cards since the new Universal Credit system means the end of welfare cheques, benefit books, Post Office cards and everything else. All benefits will be paid into bank accounts and to get them out you will need a debit card. In the UK, these have been smart for some time, as I’m sure Mr. Smith’s chauffeur could have told him. But perhaps it is the journalists who do not realise this? Perhaps what Mr. Smith has actually asked his officials to look into is selective Merchant Category Code (MCC) restrictions on pre-paid cards and debit cards issued with basic bank accounts?

I will happily stave off the demands on the public purse by telling Mr. Smith’s official’s management consultants that this is a waste of time. All it means is that benefit recipients will have to trade (inefficiently and at a discount) to get the booze, fags and weed. Given the entrepreneurial nature of the criminal underclass, a likely outcome would be the invention of an intermediate currency for the black economy (e.g., detergent bottles). Yet Mr. Smith appears to know this already, which makes his floating of the idea of payment system as policeman even more puzzling.

Mr Duncan Smith said he was against using a US-style food stamps system because they are often traded as a form of currency.
[From 120,000 troubled families could be legally banned from spending benefits on alochol and tobacco – Telegraph]

It’s not clear to me why he thinks that removing the physical medium of exchange would make any difference to the marketplace dynamics. Especially as the US experience has already proved this to be the case.

Complying with a law signed by President Obama in February may cost taxpayers more that it saves. That’s one conclusion of a white paper issued today by the Electronic Funds Transfer Association, which represents ATM networks and owners and processors, as well as financial institutions and state welfare agencies.
[From Preventing Welfare Clients from Using Their Benefits at “Vice” Locations May Be Costly and Ineffective, Announces Electronic Funds Transfer Association – pymnts.com]

if you ban welfare recipients from accessing ATMs at casinos, it just means that they go to the ATM at the gas station over the road from the casino and pay twice as much to get their money out. I’m sure there are a great many honest taxpayers who are upset at the idea of welfare recipients using their (i.e., the taxpayers) money to buy booze and would like them not to. But turning Visa and MasterCard into moral chaperones for every rendezvous between card and terminal isn’t a way to do that.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Lessons vs models

3rd December 2012by Consult HyperionLeave a comment

[Dave Birch] The “Mobile Wallet Report” article about NFC that I just blogged about has a key takeaway that I wanted to mention: that the US market is not a blueprint for other developed markets. This has been a central element of the mobile roadmaps that Consult Hyperion has developed for clients for the last decade. The US market and the European market can, and will, learn from each other and swap ideas and innovations. But they are very different markets. This is also true, in my opinion, of the Japanese market.

In Japan, where handsets featuring Felica contactless technology account for more than 60% of the total number of handsets, takeup of the technology is relatively low – reportedly around 15% of Felica handset users – and is largely confined to public transport. It is not used much to pay for goods in shops – even though leading Japanese carrier NTT DoCoMo made a huge investment in helping retailers pay for the rollout of Felica-enabled payment terminals.
[From Mobile industry too focused on NFC: part 1 | Telecom Asia]

Oh man. So mobile proximity is toast. But wait a moment. At SIBOS this year, Dr. Kiyoyuki Tsujimura of NTT DoCoMo said that

They have 120 million NTT customers and 60% are using mobile payment enabled handsets. Of those, 60% are using mobile payments at least one a week, which means that around 50 million Japanese people are making a mobile payment on a regular basis.
[From The Financial Services Club’s Blog: NFC has been strangled at birth]

He also said that people do use it in shops. A paradox? Not really. Dr. Tsujimura clearly indicates that the Japanese public do not use it in shops because of payments. Instead he confirms the general meme that non-payment identity-centric services are the things that shift consumer behaviour.

They use it for convenience and financial benefits as the merchants are issuing ecoupons at the point of sale (POS) with additional discounts if they use mobile payments. Merchants also like it, as they have no cash to deal with, and they can get 1:1 marketing benefits by having the customer’s mobile details.

NTT also provide money transfer via mobile, but it’s not competitive with banks as money transfer is limited to a maximum of 120,000 yen (about £1,000 or $1,600) in a single transaction.
[From The Financial Services Club’s Blog: NFC has been strangled at birth]

We’ve always said, in our analysis and roadmapping work for clients, that the Japanese market is a special case that may contains lessons for us but is not a template for us (i.e., US and European markets). There are obvious structural reasons for this.

When asked why mobile payments had succeeded in Japan, Tsujimura-san said that “we are the largest operator in japan with 50% market share in mobile, so we set the standard for how customers deal with mobile payments”. In a fairly typical Japanese statement of the world, he then asserted that “we are leading how customers use mobile payments”.
[From The Financial Services Club’s Blog: NFC has been strangled at birth]

Some people draw a similar conclusion from Kenya, pointing out Safaricom’s huge market share, although they forget that it was nothing like as huge before M-PESA launched. Kenya could be a template for other emerging markets, in a way that Japan could not be a template for other developed markets, but it won’t be.

Back in March 2012, Citi’s Global Perspectives & Solutions (GPS) published a report called “Upwardly Mobile: An Analysis of the Global Mobile Payments Opportunity“. The report actually highlights the two cases of Japan and Kenya and looks at them in some detail. They present one as the obvious case study for the developed world and the other as the obvious case study for the developing world and says that they are likely to “serve as prototypes the future mobile wallet initiatives” although I have to say I find this unlikely. The market conditions, and the regulatory environment, were in both cases unique. And, as Citi point out, the Japanese merchant funded mobile wallet and the Kenyan user funded mobile wallet are completely different beasts. They have almost nothing in common and frankly the 9.5 million acceptance points in Japan and the 32,000 agents in Kenyan are apples and oranges: there is no reason why both system should not exist in parallel, sitting inside the same consumer mobile wallet.

There is doubt that we can find interesting lessons from the evolution of mobile payments in Japan but I cannot see the market conditions there being replicated in other developed economies and certainly not in the US. In the case of Kenya, we’ve already seen how the regulatory environment in other emerging markets has served to hold back the development of mobile payments and the idea that another similar scheme could sneak past the regulators to achieve scale is far-fetched. It’s important to study these cases and learn the lessons from them to take into other markets but we mustn’t be too superficial in our analysis. If we going to learn any lessons that they have to be the right stop

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

My policy has been talking to your policy

3rd December 2012by Consult Hyperion4 Comments

[Dave Birch] The November 2012 issue of the “Mobile Wallet Report” has an article headlined “Mobile network operators ‘keep calm and carry on with NFC'”. I can tell you that this is unequivocally not the case. Not only are banks, mobile network operators and others canning NFC projects right now, they are not keeping calm at all. They are not calm because they are not sure they have backed the right horse. Or, as more critical persons might say, the right horses: the SIM-centric model for NFC and the EMV-centric model for payments. The UK has, at the time of writing, precisely one NFC-EMV handset on sale (from Orange) and industry observers think it unlikely you will see a torrent of similar handsets reaching the shops in the near term. Events have started to overtake the argument that NFC-EMV made sense because it meant that the existing acquiring infrastructure could be used and it would minimise the retailers’ expenditure on POS equipment. I’m no longer satisfied by using NFC-EMV to pay at the car park ticket machine at Woking station because I’d rather just use the RingGo app on my iPhone and not go near the ticket machine at all. Retailers are abandoning the conventional POS for staff wandering around with iPads and the one mobile wallet that I use all the time is from Starbucks and doesn’t use NFC at all. Now is not the time to simply carry on with the same-old, same-old. Now is the time to stop and re-think the mobile wallet. It’s time for the “hyper wallet”.

A hyper wallet doesn’t try and simulate a physical wallet: it meet the requirements for a wallet in the modern, online world. It doesn’t emulate the leather wallet, it blows the leather wallet away.
[From Wallets, mobile wallets and hyper wallets]

I went along to the excellent Mobile Wallet Summit in London last week and sat through some excellent sessions, in particular the well-informed discussion about mobile acquiring featuring Petter Made and TT pals Stewart Roberts of iZettle and Dan Wagner from mPowa.

I spoke about this idea of hyper wallets in an identity-centric context, meaning that is the identity of the consumer that is the source of value in a world where the margin on payments continues to trend down. I also said that the convenience of NFC will put it into consumers’ hands. But the convenience will be used for purposes other than EMV payments. The hyper wallet will do things that physical wallets and digital wallets can’t do, not emulate the things that they can do just fine, like make card payments. The fact that hyper wallets are smart and connected means that they can deliver entirely different kinds of services.

Mobile wallets can use their computing power to instantly resolve these questions and present the user with optimal choice(s).
[From The Digital Wallet Value Proposition (NetBanker)]

Jim is characteristically spot on here. I want my mobile phone to do all the boring stuff that I don’t want to do, like figure out where to get Waitrose cash back or British Airways miles on any particular transaction. As I’ve written before, I can imagine selecting various overall policies from a menu somewhere on my phone and then leaving it up to the device from then on. I certainly don’t want to get involved in any dreary per-transaction decisions. I made another point at the Summit to go with this: hyper wallets should implement functions that simply cannot be implemented in physical wallets (I used the example of cryptographic tokens for review sites, but I’m sure smarter people than me will think of others).

When you pay your hotel bill, your wallet sends a blinded token to the hotel which then signs and returns it. Your wallet unblinds the token. When you log in to Trip Advisor, or whatever, you can send the token to them. The token proves that you stayed at the hotel, but is mathematically unlinkable. Trip Advisor and the hotel and the other viewers can know for sure that you stayed in the hotel but your Trip Advisor account can remain anonymous.
[From Security isn’t the killer app for digital identity]

This all does rather change the nature of competition in our industry, though. If consumers aren’t involved in the decision whether to use Amex or MasterCard at POS, because the computing power and the connectivity of the mobile wallet does it better, then what’s the point of the adverts and direct mail and promotions?

Barclays will have to convince my phone, not me, to use one of their products. This won’t happen, of course, because consumers either won’t be bothered to make these decisions or won’t be capable of making them. What they will do instead is download policy profiles into their wallets: the Money Telegraph Profile or the Suze Orman Profile or the Walmart Profile, so the issuers will be reduced to making deals with the policymakers. If the “Saga” policy is a popular choice for older British persons with their phones, then Barclays will have to do a deal with Saga in order to be part of their policy. It will be my Saga app that decides which payment card to use in the shop, not me. The TV advertisements will be even more of a waste of money than they are now.

If you put all this together, you see an impending shift in wallet strategy. The hyper wallet is getting closer.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

W8 IZ ~SCURE

20th November 2012by Consult Hyperion2 Comments

[Dave Birch] I think most of us are familiar with services that use text messaging as a mean to authenticate a transaction. When I log in to PayPal, for example, it sends a six digit code to my phone and I have to type this code in to continue. It’s not PayPal’s only defence of course, because they have a sophisticated and well-developed infrastructure for fraud detection and prevention, but it presumably further tips the balance away from the fraudster. By itself, however, SMS isn’t the answer.

The lobby group for Australian telcos has declared that SMS technology should no longer be considered a safe means of verifying the identity of an individual during a banking transaction… Today, SMS authentication is used by three of the four largest Australian retail banks as a preferred mode of second-factor authentication for transactions to unfamiliar accounts.
[From Telcos declare SMS ‘unsafe’ for bank transactions – News – iTnews Mobile Edition]

I have to say this isn’t entirely unexpected. Security experts have long regarded SMS as vulnerable and from a risk analysis perspective seen it as only one of a group of appropriate countermeasures that need to be deployed in transactional systems.

I saw Charles Brookson, the head of the GSMA security group, make a very interesting point recently. Charles was talking about the use of SMS for mobile banking and payment services and he made the point that SMS has, to all intents and purposes, no security whatsoever. The spoofing of SMS originating numbers, in particular, is trivial (this is why M-PESA, for example, encrypts and signs all SMS messages using a SIM Toolkit application).
[From Digital Identity: SOS SMS]

Some months before this, I’d cautioned about that same issue in a post about SMS from that risk analysis perspective (which is not surprising, since the risk analysis of transactional systems is, frankly, something of a specialty of Consult Hyperion).

My guess is that this is a general result: once you train customers to perform some simple action in order to obtain security, they won’t do any of the other cross-checks and because they think (for no reason) that SMS is somehow secure, then SMS-based approaches may be even more exposed.
[From Digital Identity: Out of band, out of mind]

One of the reasons for writing this piece was that the attacks on SMS were not hypothetical. (And, naturally, I wanted to trumpet tha the SIM-based architecture that we had developed for M-PESA was not subject to these same frauds.) In fact, at the time of writing, substantial frauds had already occurred.

The customer’s SIM card gets falsely declared stolen by the fraudster at the service provider. A replacement SIM card is issued, rendering the customer’s original SIM card void. What this means is that all security messages and codes sent to the customer by Standard Bank are sent to the fraudsters who utilise the customer’s replacement SIM card. Using the bank’s secure OTP, the criminals were able to change and add beneficiaries and transfer money out of the customer’s account using the original information obtained through the phishing compromise.
[From Digital Identity: Out of band, out of mind]

So where does that leave us? Well, I think that we need to move away from the idea that text messaging is a solution and look at implementing a generalised, SIM-based, MNO-interoperable, PKI. We already know how to do this (because some MNOs already do it) so perhaps it needs a vehicle to get anywhere. The wallet plays such as Oscar seem to me to be an obvious mechanism, especially given everything that is being said about mobile wallets needing to evolve identity-based value-added services as payments are commoditised.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Give me an “A”, give me a “P”, give me an “I”. Put it together and what have you got? Disruption

14th November 2012by Consult Hyperion1 Comment

[Dave Birch] APIs are all the rage. You know what I mean: Application Programming Interfaces. Every strategic planner in a bank should be thinking about them.

APIs serve as contact mechanisms – virtual handshakes, if you will – that allow various software to interact. The first API was released by eBay in 2005. Google was another early leader in opening its APIs to allow the creation of “mashup” applications. The location data in Google Maps is a good example of an application that has been used to create mashups.
[From Capital One, Lemon, and LevelUp Beef Up Their Tech Offerings | Bank Innovation]

We are already used to Facebook, Google, Twitter and so on being completely integrated into everything we do through their APIs. We don’t even think about it when we take a picture in iPhoto and click a button to upload it to Facebook. We just take it for granted that stuff should work with other stuff. Now we are beginning to see the start of that API explosion in financial services. This might begin with making and taking payments, and a bunch of non-transactional stuff, but will pretty soon extend across the sector. I genuinely do think that there are new opportunities for competition and disruption here. As I said a while back,

[European merchants] like the SCT (no chargebacks) so a pan-European PingIt would go down a treat. They don’t like SDD (eight week cancellation period). They like wallets, prepaid, “overlay services” (i.e., merchant applications sitting on bank API) and they remarked on the potential reuse of ID/authentication as well. I’m rather sympathetic to these positions… I also think that wallets built from bank APIs — about which I will blog more soon — look good.
[From You can’t touch me I’m part of the Union]

There are some businesses that our clients are involved in that are on an inevitable trajectory toward API-based services and no-one really knows how competition between API-based services will be managed or where it will take us. That’s why it’s fun. A good current example is the world of mobile wallet, where I said more recently that

it makes sense for banks to focus on API-based strategies to make their services available to other wallets
[From Wallets, mobile wallets and hyper wallets]

OK, so if you drink that Kool Aid, as our transatlantic cousins might say, where can you look around to find some examples and inspiration? Here are a few examples that we have explored with our clients recently:

PayPal were, I guess, the trailblazers here. Look at some of the recent announcements of products and services built on top of the PayPal API. Not only do these make for great services for end-consumers, but they help PayPal toward its goal of becoming the “commerce identity” for customers.

Intuit, who provide both consumer financial products and core banking software, has announced that it will open the APIs to its financial data service and allow third-party developers to use its capabilities to build innovative new software, the company announced today.

Stripe and Braintree have made a terrific plays in the card space by offering a very developer-friendly API for accepting payments along with very merchant-friendly entry strategies.

Lemon. They have a digital wallet (for storing receipts, loyalty cards etc) and have now opened the API so (as with Apple’s Passbook) third-parties can put their services inside the Lemon framework (known as, unsurprisingly, Lemonade).

CapitalOne. Their newly-announced API will make Cap One’s deals, rewards, and (rather interestingly, in my opinion) user identities available for developers to offer personalised coupons and offers for their customers

AXA Banque. This French bank’s API allows developers to access and integrate customer information data from AXA Banque with other applications.

LevelUp. There are over 4,000 merchants using LevelUp in the U.S., which range in size from small mom-and-pop shops to large chain retailers and they claim more than 300,000 users already.

This list goes on. I would have thought that a strategy for API-based competition is a) an imperative for financial services providers, b) exciting and c) frightening. It’s frightening because if you have spent the last generation on brand and product-based competition, shifting into competition on the basis of services delivered through APIs is scary. Who knows how it will work? Can we look around and find examples of companies who are already by competing by providing a financial services API (screen scraping doesn’t count!) that allows third-party applications execute financial transactions? Well, what about The Currency Cloud?

Provide a cross-border payments and forex solution via an API. The API can be used by firms looking to provide cross border payments services. Innotribe Startup finalist TransferWise is an example of a firm that is utilizing this API.
[From Celent Banking Blog » Finovate Fall 2012 Recap]

I interviewed Mike Laven, CEO of The Currency Cloud for a Tomorrow’s Transactions podcast that was posted a few weeks ago, weeks so you can listen to Mike for yourself. This isn’t simply about financial services trend, though. I rather echo Dean Bubley’s “smart pipes not dumb services” strategic advice to telcos so I find it unsurprising that mobile operators are beginning to explore APIs that could be integral to, for example, mobile wallet services.

In France, the big three national operators Orange, Bouygues Telecom and SFR have formed a consortium called YouConnect that exposes an API that allows m-commerce apps to auto-fill in purchase information (name, address, credit card, etc.) from carrier subscriber databases.
[From Meet YouConnect: Maybe carriers and developers can get along — Mobile Technology News]

I have a vague memory that the GSMA had something called OneAPI floating around earlier this year, so I don’t really understand why the French operators can’t use that, but whatever. Another category of organisation that is keen to develop API-based strategies is retailers.

Our goal is to essentially put an API around our stores. We want to think of all the key functions that customers need and have those exist in an API, with Web services for third parties to work with. We started with the photo print feature, but our goal is to expand to all areas of the business, from pharmacy to the health and daily living shopping experience.
[From Innovator Spotlight: Walgreens – Putting an API Around Their Stores]

You can see a vision beginning to emerge here: a retailer wallet that pulls together the retailer API, the operator API and the bank API to deliver a great, great service to consumers, totally integrated with the POS. One more point on this: There must be, of course, some substance behind the API. API to a service that goes down all the time, chokes on volume and delivers incorrect results is hardly progress. So the back end has to work.

Ultimately with many apps, it is actually the backend service (in Sparrow’s case, email), which is where the sustained value for the user lies. This puts companies that roll out backend platforms, which can keep users coming back over time and potentially access via many different devices, in a much stronger position to capture value in the long term.
[From Why the App Economy Isn’t the App Economy, But the API Economy | PandoDaily]

This ought to be good for scale providers who already have a robust infrastructure. Ideally, banks ought to fall in this category. With the obvious proviso that an appropriate cross-industry security platform needs to come into place, why shouldn’t banks be successful at providing API services?

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Rules and exceptions

8th November 2012by Consult HyperionLeave a comment

[Dave Birch] Another general point about Money2020 last month. Before the event, I’d looked at the programme and made a point of marking off all of the sessions that were wallet-related because that is central to many of our client engagements, and I thought I would find these the most interesting talks, but actually I found the discussions on the mobile acquiring side of things the most interesting. On day two of the event came the news that American Express has taken a stake in iZettle, the chip and signature European version of Square. I’m actually an iZettle merchant already, so I know that it works.

But while iZettle has the endorsement now of two major credit card companies — MasterCard and AmEx — it has also fallen afoul of the third biggie, Visa. The company’s European operation, Visa Europe, in July cut off access to its payment network for iZettle in almost all of its markets… The claim was that iZettle’s chip-and-signature system (you put your card into the dongle to read the chip, and then you sign on the smartphone screen to verify your identity) did not meet its standards for payments.
[From Mobile Payments Startup iZettle Expands Series B Of $31.4 Million, Adds American Express As Newest Investor As It Preps Launch In UK | TechCrunch]

At the same time, Square launched its first international service.

Payments processing startup Square has now brought its service to Canada, its first step outside of the U.S.
[From Square brings its mobile payments powerhouse to Canada | VentureBeat]

This isn’t just about empowering small business and individuals. Major retailers are already saying that they won’t be buying any more conventional POS terminals, following the lead of Machine Guns Vegas and using iPads and iPods and iPhones to take payments out on the floor rather than at cash registers. And there are a great many other people active in this market, which is seeing some terrific innovation. Take a look at what Intuit, Verifone, mPowa, emu and many others are doing. I’m really excited about all of this stuff, because it’s mobile POS that makes cash replacement a real possibility. Once every smartphone has been turned into a POS terminal, why would anyone bother with the hassle of cash?

On which topic, as it happens, I went along to the official UK launch of iZettle this week, and it was jolly fun.

The PR people did a great job. They had set up a little market with five stalls: coffee, cupcakes, sunglasses, hats and tchotchkes. They gave us a prepaid MasterCard with some cash on it to go and try out. I spent all my money on cupcakes though, so I used a “real” MasterCard and a “real” Amex card to try out the other stalls. I also tried to us a “real” Visa card, but more on this later. All the stalls were using iZettle instead of traditional POS.

The iPad version worked perfectly, so I went off for a wander and bumped into the UK MD of iZettle, Stewart Roberts. Here I am giving him a few tips on how to run an international acquiring business…

They have a new version of the dongle that uses the audio jack interface for other smartphones. Here it is in a Samsung S3, and once again I can report at first hand that it worked properly.

I also used a Visa card in this. When you use a Visa card it is a different purchasing experience. You give your mobile number and receive a text message with a link in it. When you click on the link, it takes you to a web page where you can type in your Visa card details yourself.

When you use an Amex card, it all works fine: you just sign as usual. The retailer is supposed to check the signature (particularly since they are liable for fraudulent transactions, unlike in the case of chip and PIN transactions)…

Most of the discussion with the journalists afterwards, as far as I could tell, was about the acceptance of Visa cards.

Whereas with Mastercard or American Express the consumer just presents their card and signs, Visa users had to hand over their phone numbers and tap in security details on their own phones.
[From BBC News – iZettle and the modernisation of money]

I asked Visa about this and they pointed me toward their statement on the issue:

“Mobile acceptance has the potential to be truly transformational for small retailers. iZettle is a great example of the innovations we are seeing in this exciting space. We’re continuing to work with iZettle to develop a fully Visa Europe compliant mobile point of sale solution. In the meantime iZettle merchants can support Visa card acceptance through an e-commerce transaction on the cardholder’s phone (often called mobile commerce).”

Personally, I think customers are going to get annoyed that they can use some cards but not others in device. So will the merchants (SMEs, generally speaking) continue to use one solution for MasterCard and Amex and then another solution (e.g., emu) for Visa? Or will they just use iZettle as a bridge until they can get hold of a chip and PIN solution that is approved by all of the schemes?

The whole issue of chip and signature is thorny. I happened to be at The Payments Council yesterday, and there I couldn’t help noting that they are

raising awareness of chip and signature cards – an alternative for those who are unable to use a PIN
[From Chip and signature – Accessible payment solutions unknown to those in need | PayYourWayPayYourWay]

I heard someone behind me make an interesting passing comment on this: if an elderly person opts to use a chip and signature card, but chip and signature cards are banned from certain transactions, could the elderly person sue for discrimination and get a jumbo payout from the UK’s lottery-style courts? I’m signing up for a chip and signature card right now, just in case.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers