IATA Pay and the unintended consequences of PSD2

The Irish central bank’s decision to authorise Google Payment Ireland under the second Payment Services Directive (PSD2) attracted a fair bit of comment, some of it informed. As Finextra pointed out, this does not grant Google with the ability to offer a full banking service including bank accounts, but they don’t need to because with a PI licence they can obtain API access to bank accounts under PSD2.

The licence means that Google can offer PSD2 Payment Initiation Services (PIS) and Account Information services (AIS)

It’s an obvious move for Google. My good friend Simon Lelieveldt noted in his blog on the subject, that this makes “Google Brexit-proof and PSD2-proof” which would be reason enough to do it, but it’s important to understand just how disruptive this licence might be.

I wrote about this back in 2017 for Wired, pointing out that changes in regulation “mean the tech giants will soon be able to access customers’ bank account data” and that companies such as Google would take this obvious step in order to gain access to financial services infrastructure without the overheads and scrutiny that a banking licence involves. Similarly, I’ve commented before that it makes sense for Amazon to get such a licence, not a banking licence because there is nothing that the banks can do to stop Amazon from becoming a neo-bank. PSD2 means that bank customers will give Amazon permission to access their bank accounts, at which point Amazon will become the interface between the customer and financial services.

Hence my point just how disruptive this might be. Only last month, banks in Spain were complaining (with some justification) that there are considerable implications to Google, Amazon and Facebook entering the financial services industry. This is because the introduction of PSD2 means that these new “big tech” entrants can benefit from asymmetric regulation and extend their appeal to consumers. The regulation is asymmetric, as my colleague Tim Richards I discussed in our “fireside chat” last year, because it means that tech companies can access banks’ customer data but the banks do not get to access the tech companies’ customer data.

The impact of open banking is, of course, not limited to the tech giants. IATA Pay is an industry-supported initiative to develop a new payment option for consumers when purchasing airline tickets online. It uses PSD2 to instruct transfers direct from customer accounts and I think it might turn out to be one of those things that economists call a “weak signal” of change? Looking back, I think we’ll see a kind of inflexion point where major retailers started to bypass the card networks and use open banking to go straight to the customer account.

“Hello this is British Airways. Click here to pay by IATA Pay and get double Avios”.

We spend a lot of time speculating on what might happen when the internet giants get access to bank accounts, but it could be just as big a deal across major retail categories. A year ago we wrote  “platform-provided strong authentication to retailer apps will allow them to bypass the existing card infrastructure (with some projections indicating that a third of European card volume could disappear in the coming years) and perhaps even the physical POS itself”.

We’ve said it before and we’ll say it again: open banking is a much bigger deal than many people think.

Consult Hyperion’s Live 5 for 2019

It’s that time of year again. I’ve had a chat with my colleagues at Consult Hyperion, gone back over my notes from the year’s events, taken a look at our most interesting projects around the world and brought together our “live five” for 2019.  Now, as in previous years, I don’t expect you to pay any attention to our prognostications without first reviewing our previous attempts, otherwise you won’t have any basis for taking us seriously! So, let’s begin by looking back over the past year and then we’ll take a shot at the future.

Goodbye 2018

As we start to wind down 2018, let’s see how we did…

  1. 1. Open Banking. Well, it was hardly a tough call and we were bang on with this one. We’ve been working on open banking projects in the UK, on the continent and beyond. What seems to be an obviously European issue, is of course a global one and we’ve been helping the global payment brands understand the opportunities. Helping existing market participants and new market entrants to develop and implement responses to open banking has turned out to be intellectually challenging and complex, and we continue to build our expertise in the field. Planning for the unintended consequences of open banking and the potentially un-level playing field that’s been created by the asymmetry of data, was not the obvious angle of opportunity for traditional tier one banks.

  2. 2. Conversational Transactions. Yes, we were spot on with this one and not only in financial services. Many organisations are shifting to messaging channels for customer support and for transactions, in both the banking and retail sectors. The opportunity for this continues with the advancements of new messaging enablers, such as the GSMA backed RCS. But as new channels for support and service are introduced to the customer experience, so are new points of vulnerability.

  3. 3. The Internet of Cars. This is evolving although the security concerns that we spoke about before, continue to add friction to the development of new products and services in this area. Vulnerabilities to card payments or building entry systems are security threats, vulnerabilities to connected or autonomous vehicles are potentially public safety threats.

  4. 4. Artificial Intelligence. Again, this was an easy prediction because many of our clients were already active. Where we did add to thinking this past year, it was about the interactive landscape of the future (i.e. bots interacting with bots) and how the identity infrastructure needs to evolve to support this.

  5. 5. Tokens/ICOs. Well, we were right to highlight the importance of “tokens” (the basis of Initial Coin Offerings, or ICOs) and our prediction that once the craziness is out of the way, then regulated token markets will become significant looks to be borne out by mainstream commentary. At Money2020 Asia in Singapore, I had the privilege of interviewing Jonathan Larsen, Corporate Venture Capital Manager at Ping An and CEO of their Global Voyager Fund (which has a $billion or so under management). When I put to him that the tokenisation of assets will be a revolution, he said that “tokenisation is a really massive trend… a much bigger story than cryptocurrencies, initial coin offerings (ICOs), and even blockchain”.

As we said, 2018 has seen disruption because the shift to open banking, starting in the UK,has meant the reshaping of financial services while at the same time the advance of AI into the transaction flow (transactions of all types, from buying a train ticket to selling corporate bonds) begins to reshape the way we do business.

Hello 2019

This year we are organising our “live five” in a slightly different way, listing them by priority to our clients rather than as a simple list. So here are the four key technologies that we think will be hot throughout the coming year together with the new technology that we are looking at out of the corner of our eyes, so to speak. The mainstream technologies are authentication,cross-sector digital identity, digital wallets for ticketing and secure IoT in the insurance sector. The one coming up on the outside is post-quantum cryptography.


So here we go…


  1. 1. With our financial services customers we are moving from developing strategies about open banking to developing implementation plans and supporting the development of new systems and services. The most important technology at the customer interface from the secure transactions perspective is going to be the technology of Strong Customer Authentication (SCA). Understanding the rules around which transactions need SCA or not is complicated enough, and that’s before you even start working out which technologies have the right balance of security and convenience for the relevant customer journeys. Luckily, we know how to help on both counts!

As it happens, better authentication technology is going to make life easier for clients in a number of ways, not only because of PSD2. We are already planning 3D Secure v2 (3DSv2) and Secure Remote Commerce (SRC) implementations for customers. Preventing “authentication friction” (using e.g. FIDO) is central to the new customer journeys.

  1. 2. Forward thinking jurisdictions such as Canada and Australia have already started to deliver cross-sector digital identity (where in both cases we’ve been advising stakeholders). New technologies such as machine learning, shared ledgers and self-sovereign identity, if implemented correctly, will start to address the real issues and improvements in know your customer (KYC), anti-money laundering (AML), counter-terrorist financing (CTF) and the management of a politically-exposed person (PEP).  The skewed cost-benefit around regtech and the friction that flawed digitised identity systems cause, mean that there is considerable pressure to shift the balance and in the coming year I think more organisations around the world will look at models adopted and take action.

  1. 3. In our work on ticketing around the world, we see a renewed focus on the deployment of real digital wallets. Transit and other forms of ticketing (such as for sporting events) are the effective anchor tenants of the digital wallet, not payments. In the UK and in some other countries there has been little traction for the smartphone digital wallet because of the effectiveness of the deployment and use of contactless cards. If you look in your real wallets, most of what your find isn’t really about payments. In our markets, payments alone do not drive consumers to digital wallets, but take-up might be about to accelerate. It’s one thing to have xPay put cards into a digital wallet but putting your train tickets, your sports rights and your concert passes into a digital wallet makes all the difference to take-up and means serious traction. Our expertise in using the digital wallets for applications beyond payments will give our clients confidence in setting their strategies.

  2. 4. In the insurance world we see the business cases building around the Internet of Things (IoT). The recent landmark decision of John Hancock, one of the oldest and largest North American life insurers, to stop selling traditional life insurance and instead sell only “interactive” policies that track fitness and health data through wearable devices and smartphones is a significant step both in terms of business model and security infrastructure. We think more organisations in the insurance sector will develop similar new services.  Securing IoT systems becomes a priority. Fortunately, our very structured risk analysis for IoT and considerable experience in the practical assessment of countermeasures, deliver a cost-effective approach.

  3. 5. In our core field of security, we think it’s time to start taking post-quantum cryptography (PQC) seriously not as a research topic but as a strategic imperative around the development and deployment of new transaction systems. As many of you will know, Consult Hyperion’s reputation has been founded on the mass-market deployments of new transactions systems and services and this means we understand the long-term planning of secure platforms. We’re proud to say that we have helped to develop the security infrastructure for services ranging from the Hong Kong smart identity card, to the Euroclear settlement system and from contactless payments to open loop ticketing in major cities. Systems going into service now may well find themselves overlapping with the first practical quantum computer systems that render certain kinds of cryptography worthless, so it’s time to add PQC to strategies for the mass market.

And there you have it! Consult Hyperion’s Live 5 for 2019. Brexit does not mean the end of SCA in the UK (since PSD2 has already been transcribed into UK law) and SCA means that secure digital identities can support transactions conducted from digital wallets, and those digital wallets will contain things other than payment instruments. They might also start to store transit tickets or your right to travel, health and fitness data for your insurance company. Oh, and all of that data will end up in the public sphere unless the organisations charged with protecting it start thinking about post-quantum cryptography or,as Adi Shamir (one of the inventors of public key cryptography) said five years ago, post-cryptographysecurity.

Money2020 China

What an interesting experience the first Money2020 in China was. It was held in Hangzhou, the home of AliPay, and I was delighted to have been invited along to share some of our experiences in the payments and to learn first hand about the Chinese approach to the sector.

Money2020 China gets underway

The event was well-staged and with simultaneous translation from Chinese it provided an opportunity to hear about the wide variety of fintech activities in China. It was, as you might imagine, very different from the Las Vegas event last month. There was no discussion of cryptocurrency because of the Chinese regulatory context and while I did see one presentation on the use of digital signatures in smart contracts, there was little discussion of blockchain and related technologies.

Ron Kalifa talking about value-added merchant services

I particularly enjoyed Worldpay vice-chairman Ron Kalifa’s fireside chat (in which he said that people were underestimating the impact of open banking) and presentation of their annual world payments report. To a payments nerd like me this was a great opportunity to look at key trends in payments on a country-by-country basis and try to work out which trends are relevant to our clients around the world as they formulate strategies for the always-on, mobile-centric, open-banking future. Key to these strategies is, of course, security and so I always pay attention to the big picture presentations around fraud. In China, these have scary numbers attached to them, but you have to take into account the size of the Chinese economy (I think the Chinese cybercrime losses are lower than in many other countries).

Real, and scary, fraud numbers

Given the widespread use of scores of one form or another to determine trustworthiness it is no coincidence that China sees a rise in frauds relating to the manipulation of these scores. Without commenting on the benefits or otherwise of such models (most Brits, myself included, can only think of Black Mirror when social scores are discussed) it is worth making the point that preventing “gaming” of these scores while preserving individual privacy means dealing with paradoxes that might well be resolved through the use of cryptographic techniques that have no conventional analogues and are therefore difficult for policymakers to bear in mind.

Reputation fraud in action

Most of what I found thought-provoking, both in the presentations and the water cooler discussions, was to do with business models rather than new technologies. The new business models emerging in a regulated, platform-centric, dynamic market are what we should be studying. We might choose to implement some of these models in a slightly different way taking into account the varying cultural norms around security and privacy, but the idea of separating payments from banking and then turning payments into platforms, and then using these platforms to acquire customers at scale for other businesses is certainly very interesting.

These new models, of course, centre on data and value-adding using that data. When people pay for everything with their mobile phone, they lay down a seam of data that is waiting to be mined. Despite this, the convenience of the mobile-centre platforms is so great that people are clearly willing to put privacy concerns to one side. I chaired a great session on privacy with CashShield, Symphony and eCreditPal with, I think, gave out a very comforting message: if you build services with privacy in the first place, then actually complying with GDPR and other global regulations is actually not that much of a problem.

 

One more thing that struck me about the context for these developments that it seems to me that China is making its e-money regulation more like the EU’s. With an EU electronic money licence, the organisations holding the funds must keep them in Tier 1 capital and are not allowed to gamble the customer’s money, whereas in China there was no such restriction. Now the People’s Bank has said that from January 2019 the Chinese operators will have to hold a 100% reserve in non-interest bearing deposits at a commercial banks, a decision that will likely cost the main players (Tencent and Alipay) a billion dollars or so in revenue.

It was interesting spend a few days inside the mobile-centric, QR-everywhere, always-on, app and pay world of the future and picking up some useful lessons for our clients. A very interesting week.

And Relax …

According to a reputable news source well, the (Daily Mail) the Royal Mint is casting (sic) around to find things to do when the Treasury caves to the inevitable and tells them to quit wasting everyone’s time and money by minting coins. They’ve come up with the idea of making a credit card out of real gold. This isn’t the Royal Mint’s idea, of course. They stole it wholesale from 30 Rock a few years ago.
 
The cards will have the owners signature engraved on the back (I’ve no idea why, since the card schemes are discontinuing the use of the pointless signature panels on cards) and will apparently be worth $3,000 each which (as a number of Twitterwags immediately pointed out) will greatly increase the number of fake ATMs in the streets around Belgravia after midnight. They are apparently working on ways to get these 18-carat gold cards to work in ATMs and, of course, at contactless terminals.
 
Wait, what?
 
Contactless?
 
How do you make metal cards work in contactless terminals? The metal card messes with the magnetic jiggery-pokery that makes contactless cards work. I know this because Consult Hyperion’s awesome contactless robot test rig (below) has a frame for the card, terminal or card under investigation that is made from wood so the there’s no metal in the field when testing.
 

 
The metal contactless cards that I’ve seen before are made using a plastic laminate or by cutting a segment from the metal and replacing it with plastic, so I discounted this report on the Royal Mail’s bold ambitions and filed it away and went off to enjoy Money20/20 in Las Vegas with my Consult Hyperion colleagues.
 

 
I had a great time in Las Vegas chairing the “Around the World of Identity” session on the first day, and then I enjoyed the tremendous privilege of interviewing Jed McCaleb and Adam Ludwin of Interstellar on the main stage on the third day. Interstellar is the crypto giant formed by the takeover of Adam’s Chain by Stellar’s Lightyear. This was particular fun for me because I’d visited both Stellar [here] and Chain [here] for our “Tomorrow’s Transactions” podcast series some time ago (we rather pride ourselves on helping clients to spot what’s coming next) and had noted that both of these guys were really smart and really nice. As they proved on stage.
 

 
During a break from conference sessions, business meetings and blackjack I went for a stroll around the exhibition floor to catch up with old friends and see what sort of fun fintech things are heading our way. You could have knocked me down with a feather when spotted a stand from Amatech, who are based in Galway in Ireland. They were prominently displaying the bold claim that they had working contactless metal cards. Naturally, I went to investigate, it turns out that they were telling the truth. They’ve developed a clever manufacturing process that combines multiple layers of metal with different elecromagnetic characteristics so that the metal card now helps the chip on a card to communicate contactlessly instead of blocking such communications. Wow. Very cool (and they can do it with graphite too). I saw it working with my own eyes…
 

 
For all the talk about changing business models in the self-sovereign identity world to orient around data sharing, re-imaging AML with AI to change the cost-benefit around the regulations and on using cryptocurrency to transfer value across borders, you just can’t beat talking with someone who has made something that you didn’t know existed until you saw it. The satisfying clunk of a metal card on a glass counter was the highlight of the day for me. Apart from running into Shaq in the green room, of course.
 

 
Money2020 was exhausting, because all of our clients (and a great many of our prospective clients) are all there and I loved meeting all of them, but I wouldn’t miss it! I’m already looking forward to flying the CHYP flag at the inaugural Money2020 China next month. See you all there!

Avoiding Costs Abroad

Vacation season is upon us! In a few weeks’ time, you could be leaving your home country for some relaxation. Perhaps to the Mediterranean for some sun or somewhere further afield off the beaten track. In full holiday mode, as the sun shines high and mighty, you’re about to indulge in another sundowner. Just only one last hurdle before you can quench your thirst, as you hand over your credit card and are promptly presented with the mobile POS, whilst being asked politely “Would you like to pay in Sterling or local currency?”.

What will you choose?

It is a familiar situation experienced by many of us who have ventured abroad. In that instance, we must decide our fate without fully comprehending the ramifications of our choice. EUR or GBP? And with seeming enlightenment, many rookie fingers have floated reluctantly towards the more familiar currency, GBP, sheepishly smiling, whilst not knowing whether it was the right choice and perhaps not thinking further of the implications (because after all, there is only one cardinal rule during vacation time – no stress allowed!). Was it the right choice though? Well, not according to Starling Bank who have shed some light on the matter through an experiment on Dynamic Currency Conversion (DCC), as reported by This is Money in the article (http://www.thisismoney.co.uk/money/news/article-5784137/The-proof-pay-local-currency-never-pounds-holiday.html).

DCC is the capability that allows a purchase or cash withdrawal to be done either in the local currency abroad or in the home currency associated with the debit or credit card being used. If the home currency is selected, then the POS terminal does a currency conversion on the spot from the local (e.g. EUR) to the home currency (e.g. GBP) at an exchange rate decided by the merchant. The merchant could potentially add their own commission to that conversion operation, resulting in a more expensive purchase than it would be if the local currency were selected. Whereas, in the case of the latter, the purchase or withdrawal is carried out in the local currency, following which a currency conversion is done by the issuer bank or credit card provider at an exchange rate defined by the card scheme network, which is invariably about as good as you can get.

As an example, in their experiment, Starling Bank have found out that an ATM cash withdrawal of EUR 200 costed £195.18 when GBP was selected, meaning that the withdrawn amount was converted on the spot to the home currency (i.e. GBP) by the local bank. In comparison, when EUR was selected whilst keeping all other factors alike, the same withdrawn amount costed £177.44 since it got converted later by the Issuer bank or credit card provider at a better rate. Indeed, that is £17.74 in savings when carrying out the transaction in local currency (EUR) rather than converting it on the spot to the home currency (GBP). This was also true for all the purchases made; albeit the difference was much less (in pence) for each individual purchase. Yet, we all know that the cumulative amount of these smaller differences over purchases made during an entire week’s holiday could potentially result in significant savings. The bottom line from the experiment, and the article, is that you are much better off almost always paying in the local currency.

Understanding the workings of DCC is only one part of the puzzle when trying to save costs for card usage abroad; but there are additional “hidden” costs, which we need to be aware of. More specifically, Issuer banks or credit card providers could charge a fee per transaction for purchases or withdrawals abroad (on top of the conversion rate), which could accumulate during a holiday stay and set you back considerably. Personally, I prefer to completely avoid these costs by opting for payment cards (prepaid, debit or credit) tailored for frequent travelling that do not charge for usage abroad and can offer additional features. However, you do need to be familiar with the terms and conditions for using these cards, since the card providers could restrict their usage, for instance, by limiting the total daily spend, or the number of times you can withdraw cash from an ATM in a day. Most of these restrictions align with typical leisure spending behaviour abroad, including mine so I never had an issue, but every person has different needs. The advantage is that the majority of these travel-specific payment cards come with a companion mobile application that allows you to manage your card, including various features such as viewing your transaction history, topping up your balance (in case of prepaid), blocking your card if stolen or lost, requesting emergency cash, etc.

Prepaid travel cards are quite popular for usage abroad since they allow you to manage spending overseas with ease. An advantageous feature of prepaid travel cards is that they can be associated with different currencies. So, I could load the balance on the prepaid card with a choice from various popular currencies such as GBP, EUR, USD, etc whilst potentially locking in the exchange rate at the time of loading. This gives you total control (and certainty) over planning your holiday spending budget allowing you to make significant savings when compared to using any payment card not tailored for usage abroad. There are many prepaid travel card products available with different features and costs, so it is important to choose the right product that suits your needs and demand. Also, be aware of other costs that prepaid card providers might impose such as card inactivity fee. There are various comparison web sites that table out the different fees and limits associated with the various prepaid products, and of course always refer to the terms and conditions for each card product. For more information on different types of prepaid travel cards I suggest checking out a web site like the following https://www.moneysavingexpert.com/credit-cards/prepaid-travel-cards.

Although prepaid travel cards are ideal for daily spending abroad, I still recommend that you take other types of payment cards, preferably from different card network schemes, only as a fall-back. Unfortunately, a prepaid card might not be accepted in certain situations that would require pre-authorisation such as petrol stations, car rental deposits or hotel reservations, so it is best to have other travel specific debit or credit payment cards in hand. Also, as witnessed recently with the service disruption of one of the international card scheme networks, it is best to diversify the scheme network as a contingency measure.

Working for Consult Hyperion, I’ve had the opportunity to work for the kind of payments innovators who identify areas like this where customers get a bad deal and there are opportunities to make things better. It is thanks to the work of those striving to improve payments, with the support of people like us, that in today’s world we have different payment products to choose from. It is just a question of finding the right product for you, whilst making sure that you fully understand the terms and conditions, such as fees and limits for operating the product. Understanding DCC and carefully planning for the right payment instruments before travelling abroad could help you avoid certain costs, ultimately having more funds available to spend on that well-deserved vacation. So, start looking for the right payment instrument, so you can fully enjoy a stress-free summer vacation! Oh, and if during your vacation you have a great idea for a new payments product, we’d love to hear from you and help you turn the idea into reality.

Contactless bank cards not safe

According to Katie Morley from the Telegraph:

Millions of passengers across Britain could be left stranded under plans for every bus in Britain to go cashless despite widespread security fears over contactless technology.

She goes on to say:

Which? said that despite nine in ten of its members owning a card with a contactless option, 40% of them had not used it for at least 12 months, opting instead to pay via chip-and-pin.

This is odd, because TfL has found that in London, c. 25% of journeys are now paid for using contactless bank cards rather than Oyster or paper tickets.

She also asserts:

Busses in Scotland and Northern cities such as Manchester, Leeds and Sheffield are looking to copy London busses which do not allow travellers to pay by cash onboard, according to plans outlined in a major report by the UK Cards Association, a body which represents the payments industry.

This kind of justifies her headline:

Millions of travellers could be stranded under plans for every bus in Britain to go “cashless”

Except that it is not true. Yes, our work at TfN has plans for rolling out modern smart ticketing technologies across the north of England. Yes, there are current plans for contactless payments cards to be accepted by the largest bus operators across the UK. But they have not committed to banishing cash from buses like London has.

And when London did stop accepting cash on buses, were millions stranded? No.

Open-loop payment in transit

In my previous blog, I talked about the trends in smart ticketing systems leading to account-centric and open-loop payments which I want to consider in more detail in this blog.

‘Open-loop’ Payments

‘Open-loop’ is the term used for transit payment instruments which can also be used for generic payments outside of the transit system. By contrast, traditional transit payment smart cards (such as Oyster in London) have required customers to convert their money to transit-only funds stored in a transit account and used to pay for travel. Customers have been prepared to do this because of the benefits of speed of access to the transit system without having to stop to purchase tickets. However, the down-side is that they have to periodically load funds to their CTCs, such funds then being unavailable for other purposes unless a refund from the CTC is sought.

There are many payment instruments emerging, but the one which is currently most ubiquitously accepted by merchants is EMV, the smart debit and credit standard used by the large payment networks including MasterCard, Visa and American Express whose members are the banks. These Payment Schemes are currently lobbying the transit sector for their open-loop cards to be accepted as payment instruments within transit.

This approach has the obvious benefits that (i) fewer CTCs need to be issued by the transport operator, and (ii) customers can arrive in a city from anywhere in the world and travel using the bank cards in their pockets.

The leading example of open-loop payments in transit is London where all Oyster readers have accepted contactless EMV (cEMV) payment cards from across the globe since 2014. Other transit schemes already committed to rolling out acceptance of cEMV open-loop payments include the national OV-Chipkaart scheme in the Netherlands and MTA in New York.

UKCA Transit Framework Model

The country with the most practical experience of a large-scale open-loop payment transit deployment is the UK, and, in particular, Transport for London which now sees more than one million journeys per day using ‘contactless payment cards’, the generic term used to described all EMV-compliant contactless devices, including ApplePay.

The deployment in London was pioneering and occurred before any models existed for cEMV use in transit. Subsequently, a payment model framework has been developed by the UK Cards Association (UKCA) in conjunction with the transport industry. The Association’s members issue the vast majority of debit and credit cards in the UK.

UKCA has identified three models which are described below. Two of the models are ‘pay as you go’ (PAYG) and the third model assumes that a ‘travel right’ or PAYG balance has already been purchased.

The important point to understand is that UKCA models 1 and 2 exploit EMV payments and are therefore bound to EMV-issuing banks, which are communicated with via the Merchant Acquirer. These models are different from transit account-centric solutions which could accept pre-payment from any payment instrument, not just bank cards. Furthermore, the ‘token’ used to identify the passenger in the account-centric solutions can be either an open-loop (CPC) or a closed-loop (CTC) token.

This last point is important in relation to ‘unbanked’ passengers. It has been shown (e.g. Ventra in Chicago) that cEMV technology cards can be issued to the unbanked and used as smart ticketing ID tokens to access pre-purchased transit products.

The bank business model for APIs: Identity

Dgwb blog white border

In Europe the banks are being forced to open up APIs for third-party access to bank accounts. Obviously, this will cost money and entails risks. But from the work that Consult Hyperion has already done for banks in this area, I think I can see at least one way to build a positive business model around them.