Category: Banking and Finance

Shaping the future of finance: key insights from M2020 USA.

18th November 202518th November 2025by Consult HyperionLeave a comment

Howard Hall, Vice President Growth at Consult Hyperion, consulting by Fime, summarizes the key discussions and insights from Money2020 USA 2025, one of the leading payments industry conferences.

Fime and Consult Hyperion was out in full force at Money 20/20 Las Vegas, with Dave Birch, Xavier Giandominici, Ben Potter and Nick Norman all on the ground. Over three packed days we met with dozens of clients, partners and industry friends, both old and new. We came away inspired by how fast the world of payments, identity and digital trust is evolving.

The era of agentic AI.

Agentic AI was everywhere this year. Dave Birch’s session, supported by leaders from Mastercard explored how intelligent, autonomous agents will reshape the way money moves and decisions get made. These aren’t just chatbots; they’re systems capable of acting on our behalf, initiating payments, verifying identity and managing risk. The question everyone is asking now is: how do we trust the agent? What are the new signals, frameworks and governance models that let us verify that an AI acting for us is doing the right thing?

This conversation dovetails perfectly with our heritage in digital identity and trust frameworks. It’s one thing to build an agent; it’s another to ensure that it’s secure, compliant and grounded in real-world identity. That’s where we come in.

Stablecoins and the future of money.

Stablecoins and tokenized money continued to capture attention across panels and side discussions. There’s a growing sense that programmable value, whether through stablecoins or digital fiat will be the natural companion to agentic AI. If agents are going to act, they’ll need a medium of exchange that is fast, programmable and secure.

We heard repeatedly that firms want help bridging the gap between experimentation and production. This is the kind of challenge Consult Hyperion thrives on combining technical insight with regulatory understanding to make the next generation of payment rails real.
Insights from dozens of client conversations.

Our one-to-one meetings revealed a lot about what’s on the minds of our clients and partners:

Platform resilience and optimization came up again and again — from large fintechs re-evaluating their processing infrastructure to global brands seeking help rationalizing fragmented payment systems across multiple geographies and logos.
Digital identity and trust frameworks were top of mind. Organizations across banking, payments and big tech are exploring how to extend KYC into the world of Know-Your-Agent (KYA) and mDL.
Tokenization and security continue to present both opportunity and friction. Several firms are revisiting their existing implementations and seeking a path toward scalable, interoperable solutions.
Go-to-market alignment remains a challenge. Many companies are looking for help in shaping adjacent services, workshop and partnership strategies are areas that were top of mind.
Sector-specific certification and standards are shifting. We heard updates from trusted partners working to reshape digital-identity assurance around specific industries rather than one-size-fits-all frameworks.

These conversations reaffirmed what we already know: clients value practical, implementation-level understanding of the complex ecosystems that connect identity, payments and technology.

Why this matters.

For nearly three decades, Consult Hyperion has helped organizations around the world navigate the intersection of trust, technology and financial inclusion. Whether it’s designing new tokenization schemes, building digital-identity frameworks or testing payment systems with Fime, our work sits at the core of where the industry is heading.

Money 20/20 was a reminder that we’re entering a new chapter, one where human and machine actors coexist in digital ecosystems that demand security, privacy and interoperability from the start.

Let’s continue the conversation.

If you’d like to explore how agentic AI, stablecoins or next-generation identity can be built safely and responsibly into your business, we’d love to talk. Reach out to our team and let’s turn these conference insights into real-world strategies and implementations.

Trust in the Future of Finance: Key insights from M2020 Asia.

17th June 202518th November 2025by Steve PanniferLeave a comment

Steve Pannifer, Senior Vice President of Digital Identity at Fime, summarizes the key insights and discussions from Money 20/20 Asia in Bangkok, Thailand – a prominent event that brings together the Asia-Pacific payments ecosystem to delve into the latest opportunities within the industry.

One of the main themes at Money 20/20 Asia this year was “Trust in the Future of Finance”. It is an important topic. Many of the pain points in the digital economy are related to trust, not least the rampant fraud occurring within an ever-increasing number of digital spaces such as social media. People get scammed because they trust people who they shouldn’t. The internet is over 30 years old and yet it still has no trust layer. This is essentially the problem that digital identity is trying to solve.

Alongside colleagues from Fime and Consult Hyperion, I was delighted to be able to contribute to a number of trust related sessions at the event:

Building Digital Trust with Modern Identity Security and Orchestration
Navigating Compliance and Security in Digital Identity
Selling to Robots: The Digital Identity Imperative in Agentic Commerce
Brainstorm: Building Trust with AI in Digital Identity
It Takes a Village – Making Digital Identity Work
Your Face Becomes Your Wallet of Everything: Personalization vs Security

Here are some of my key takeaways:

More friction does not necessarily mean more security

I’ve sometimes heard it said that people are lazy when it comes to online security, and it is this that results in them not taking the steps necessary to protect themselves online. I’m sure there is some truth in that, but I also believe a big part of the problem is to do with the ways systems are designed. If we put a lot of friction into the customer experience, that will also encourage poor behavior. For example, asking a customer for a memorable word is a terrible idea. They will inevitably choose something so obvious that the smallest amount of social engineering will reveal it.

Building a good customer experience is an essential part of creating a trusted service – a point that Linden Dawson, Senior Product Manager of Customer Digital Identity at National Australia Bank (NAB), made during the session “Building Digital Trust with Modern Identity Security and Orchestration”. It’s not that we need to design services with no friction. Some friction can be reassuring to customers and is an important element of building trust.

Regulation needs to address the root cause

In the same session, Natalie Reed, Director at Deloitte, described Australia as the “scam capital of the world”. I think the UK could give Australia a run for its money. Her point was that it is out of control. This report, published by the United Nations’ Office on Drugs and Crime in April 2025, highlights the level of industrialization of the scam business, which employ “multi-lingual workforces comprised of hundreds of thousands of trafficked victims and complicit individuals”. From centers in Southeast Asia and beyond, transnational organized crime is able to target victims across the world.

In some countries (like the UK) regulators are trying to address the scam issue by making the banks pick up the tab but this does little to address the root cause. It does not stop the activity of scammers. Neither does it encourage people to make sure they can trust the person to whom they are sending money. One glimmer of hope, as Natalie explained, is the new scams prevention framework in Australia which places some responsibility on the social media platforms, where many scams originate. We will have to wait to see how far the regulator can go in holding social media platforms to account.
Trust is needed across the whole lifecycle.

Too often the trust conversation has been focused on onboarding, ignoring the need for trust through the whole customer lifecycle – a point well made by Ian Sorbello, Principal Solutions Architect at Transmit Security, in the session on “Navigating Compliance and Security in Digital Identity”. Those initial checks are important but unless they are linked to strong authentication and fraud checks, weaknesses will be exploited and trust will be lost.

Anoosh Arevshatian, Chief Product Officer at Zodia Custody, took this a step further, explaining the connection between digital identity and digital assets. Ultimately digital identity boils down to the private keys under the control of the user (but likely managed by a custodian). The binding of the corresponding public keys to digital assets establishes ownership. Protecting those keys through the customer lifecycle is essential for customers to be able to trust that their assets are safe.

Trust is about to get a lot more complicated

In their session “Selling to Robots: The Digital Identity Imperative in Agentic Commerce”, Dave Birch, Global Ambassador at Consult Hyperion, Consulting by Fime and Victoria Richardson, Partner at ID Partners, highlighted how agentic AI will dramatically change the relationship between organizations and their customers. For example, AI agents will help customers find the best deals, switching as needed – meaning that businesses will no longer be able to rely on customer inertia.

Customers will of course need to trust AI agents to use them. But as Dave and Victoria explained, organizations will need to trust agents too. A key question will be whether organizations will even know that they are dealing with agents rather than actual customers?

Several emerging AI agents use screen scraping to access services through the same interface as human customers, making it difficult to distinguish between the customer and their AI agent. Frameworks such as the Model Context Protocol (MCP), which is seeking to standardize how AI agents access data sources, may help. By giving agents a different end-point to the human customer, organizations will have a better chance of working out what or who they are interacting with.

The technology and standards to deliver trusted digital identities exist. These can address the issues of fraud, friction, inclusion and privacy we see all around us today. The task of building a trusted internet may be complex, requiring the commitment of many stakeholders but it is not unachievable. Examples around the world have shown that with the right incentives, real progress can be made – the key point from my session.

Stay ahead of key market trends

Attending conferences such as Money 20/20 Asia allows us to keep our finger on the pulse of the key challenges and opportunities faced by each player in the market. It isn’t just the main conference programme that offers these insights; it’s getting the chance to speak directly with the banks, merchants, and service providers that operate within each region and finding out what matters most to them. Trust remains the cornerstone of a secure digital future. Events like Money 20/20 Asia show us that while the challenges are complex, the solutions are within reach – if we work together.

Learn more about Fime’s expertise across the digital identity ecosystem.

The Evolving Role of Digital Wallets and Consult Hyperion’s Expertise in Driving Innovation.

24th January 202518th November 2025by Steve PanniferLeave a comment

Digital wallets are transforming how we pay, interact, and secure our digital identities. As smartphones become indispensable, consumers worldwide are using digital wallets for transactions, peer-to-peer payments, and even managing digital identities like driver’s licenses and health credentials. However, behind the convenience of digital wallets lies a complex network of technology, security, and regulatory challenges.

At Consult Hyperion, we specialize in navigating these challenges, using our expertise at the intersection of identity, payments, and cybersecurity to help clients innovate securely and effectively in the digital wallet space.

Digital Wallets: Expanding Beyond Payments

While digital wallets initially gained traction as payment tools, they have evolved into multi-functional platforms that can store not only debit and credit cards but also digital identities, health passes, travel documents, loyalty cards, and more. Wallets are increasingly integral to the digital identity ecosystem, empowering people to prove who they are, access services seamlessly, and control their personal data with security and transparency.

One emerging trend is the integration of mobile driver’s licenses (mDLs) into digital wallets. As mDLs gain adoption, digital wallets can provide a secure, portable means of identity verification, allowing users to authenticate their identities for various purposes while retaining control over their personal information.

Regional Approaches: United States, Europe and Australia

The adoption of mDLs into digital wallets varies significantly across regions, influenced by differing regulatory environments, market demand, and technological infrastructure. Here’s how digital wallet innovation and mDL adoption is evolving across North America, Europe, and Australia.

United States

The U.S. has been at the forefront of mDL adoption with several state DMVs already rolling out mDLs and several others with programs underway. These digital credentials are starting to be accepted for in-person use cases such as domestic air travel and liquor purchases. And going forwards, they will also be accepted online. Like physical driver’s licences, mDLs will have a lot of utility.

Many states are choosing to work with the large platform wallets, like Apple Wallet and Google Wallet, issuing mDL credentials into the wallets consumers already have. Those wallets are increasingly becoming “digital hubs” where users can store a variety of credentials. But this is not the only solution. Some states have also launched mDL specific apps. These provide consumers with the option of a standalone mobile driver’s licence.

In the middle of all this progress is the American Association of Motor Vehicle Administrators (AAMVA) which is playing an important role coordinating stakeholders and promoting standardized and interoperable approaches.

Europe

Some European countries have local proprietary mobile driving licences…

In the EU, the eIDAS 2.0 regulation requires each country in the EU to provide at least one digital wallet to its citizens, residents and businesses. Those wallets will be required to support for the ISO 18013 standard that underpins mDLs. In parallel, the EU plans to make driving licences mobile by default.

The situation is however complex.

• The EU is developing a rich but complex wallet architecture, of which support for mDL is just one part.
• Many wallets – which will require robust certification processes if interoperability is to be achieved
• Role of OEMs unclear – providing wallets or providing the secure technology to support wallets over the top

The EU wants all of this to come together over the next couple of years, which seems very ambitious.

So whilst wallets look set to play an important role in the EU digital economy, it will be some time before they provide the straightforward utility of US mDLs.

Australia

Australia has also been a leader in mobile drivers licences, several states issuing them.
Austroads, an intergovernmental organization, is driving the development and standardization of mDLs in Australia. They are working with state and territory governments to develop a consistent framework for mDLs, ensuring interoperability and security. This includes alignment with both ISO 18013 (mDL) and the more generic ISO 23220 (mDoc). This should allow the mDL apps issued in Australia to hold other digital credentials in the future. So instead of issuing mDLs into wallets, the mDL will become the wallet.
Austroads is going one step further by building a “Digital Trust Service” – providing the means to check the authenticity of the issuers of digital credentials held in those “mDL wallets”.

The Core Elements of Digital Wallet Success

Digital wallets that can hold both payment credentials and other digital credentials will have huge utility. They will increase convenience, reduce fraud and improve privacy.

Successfully implementing and scaling digital wallets requires expertise in several key areas:

Security: Security is crucial when handling sensitive information such as cryptographic keys, payment details or digital identity credentials. Consult Hyperion has decades of experience of building and testing secure payments services with expertise in strong cryptography, mobile application security and tokenization.
Identity: Digital wallets often serve as digital IDs. Users can store verifiable credentials, such as mDLs or health passes, giving them control over personal data. Integrating these digital identity solutions requires navigating regulatory frameworks and ensuring interoperability with existing systems. At Consult Hyperion, we leverage our deep knowledge of standards like Decentralized Identifiers (DIDs) and Verifiable Credentials to design privacy-protective and compliant solutions.
Payments: Wallets gained popularity as payment solutions, and understanding payment intricacies is essential. This includes managing multiple payment types and adhering to regional regulations. Our expertise spans EMV, contactless, and real-time payment systems, enabling us to help clients integrate and scale secure wallet-based payments globally.

Why Consult Hyperion?

Our ability to bridge the gap between theory and real-world application makes us a trusted advisor for organizations building digital wallets. Our expertise encompasses:

Strategic Partnerships and Innovation: Trusted by financial institutions, tech companies, and governments, we’ve helped design systems that meet stringent security, usability, and regulatory standards. We understand the strategic goals behind digital wallet projects, allowing us to guide clients in creating solutions aligned with long-term objectives.
Deep Technical Knowledge: Our technical expertise across identity, payments, and cybersecurity enables us to develop robust solutions, from designing secure protocols to implementing advanced authentication methods.
Proven Track Record: Our history of delivering projects in both private and public sectors demonstrates our ability to execute at scale. Clients rely on us for our technical capabilities, dedication to quality, and innovative approach.

The Future of Digital Wallets: Shaping the Next Generation

Digital wallets are evolving with advances in biometric security, decentralized identity, and blockchain technology. As wallets move beyond payments, businesses must adapt to new standards for security, privacy, and user experience. Apple, Google, and government-led solutions worldwide are positioning themselves as leaders in the wallet space, each bringing unique strengths to the ecosystem.
Consult Hyperion remains at the cutting edge, helping organizations navigate this dynamic landscape. Whether you’re looking to launch a new digital wallet, expand an existing platform, or secure sensitive data, we offer the expertise and insight needed to support your goals.

Final Thoughts

Digital wallets are becoming vital gateways to secure payments and digital identities across the world. At Consult Hyperion, we’re excited to help shape this future, enabling our clients to create secure, compliant, and user-centric solutions. With our expertise in identity, payments, and cybersecurity, we look forward to partnering with organizations worldwide that share our vision for a secure, interconnected digital world.

Slower Payments?

11th October 202411th October 2024by Margaret Ford1 Comment

I’ve just received a cheery email from my credit card provider entitled, “We’re improving your fraud protection.” I assume it is from them: it arrived amongst a barrage of emails telling me not believe what I read in emails. When online scamming was in its infancy, you could spot the difference but, as fraudsters’ skills, use of AI and sophistication has developed, nobody really can any more.

It is important to remember that this is an equal opportunities form of fraud. You don’t have to be online. You don’t even need a mobile phone. If you have a UK bank account and a phone number, the scammers will delight in using their social engineering skills to extract your life’s savings.

In the communication I’ve received, beyond all the good news about the generosity of the bank, there is a brief mention of the Payment Systems Regulator (PSR) [1 ]. Apparently, they require all Authorised Push Payment (APP) transactions to be subject to a refund within 5 workings days if they are found to be fraudulent. This applies to payments over both Faster Payments and CHAPS. There are exceptions to this, for example where the customer is grossly negligent and not considered vulnerable [2 ].

There is also a ceiling set on the amount. This was initially announced as £415k but, due to strong resistance from the banks, is now set at £85k. The PSR state that this will cover 99% of APP claims. It happens to be the same amount as individuals can claim for lost savings under the Financial Services Compensation Scheme [3 ], should their bank become insolvent.

In the early days, Faster Payments was a rather unpredictable experience but, as it has scaled, many of the creases have been ironed out. Confirmation of Payee has helped to ensure that the payment reaches the intended beneficiary. It can take a couple of attempts to get it right. e.g. for dog walkers, they may appear as Wendy’s Walkies, under the name of the owner Wendy Walker and as a business account or a personal account. Still, if you have the correct sort code and account number, things tend to fall into place.

My bank has sent me a similar email, telling me to be wary around One Time Passwords (OTPs) and referring me to the Take Five To Stop Fraud [4 ] website. Again, it looks plausible and the advice is not unreasonable. It is, however, disappointing that there seems to be very little discussion of mutual authentication these days.

One aspect of the new regime is that all Payment Service Providers (PSPs) must be registered with Pay.UK. Both receiving PSPs and sending PSPs can be liable for any APP fraud. This is a significant departure from the existing regime, where the burden tends to fall on the sending PSP.

Losses due to APP scams are estimated at nearly £500m [5 ] annually. UK Finance [6] has identified factors which contribute to APP fraud, one of which is perceived urgency in dealing with a situation. While Faster Payments provides real convenience, the transactions are not reversible and so it has become a honey pot for thieves. Once money is transferred to a fraudulent account, it can be sent on to multiple accounts, sometimes with the assistance of money mules, either in the UK or overseas.

Frequently, by the time the fraud is investigated, the money is long gone. In response to this, PSPs are permitted to introduce a delay into the processing of payments. In principle, where a payment appears suspicious, they can put in place a pause of up to four days [7]. Clearly, this has serious implications for transactions such as conveyancing, where a housing chain requires everyone to complete on the same day. Even in simple situations, like paying a credit card bill, delays can result in the cardholder having to pay additional charges and interest.

While it is positive to see the challenges of APP fraud being addressed, it will be interesting to see how these significant changes to the payments landscape play out over the coming months. Activities such as intelligence sharing, risk-scoring and real-time screening [8] will remain central to tackling fraud.

It is interesting to note that in other countries where approaches to Open Banking are being explored, the focus tends to be on data sharing rather than payment initiation. For example, in the US, the Consumer Financial Protection Bureau [9] (CFPB) is working to open up data sharing, to promote innovation in financial services.

References

[1] https://www.psr.org.uk/news-and-updates/latest-news/news/psr-confirms-its-decision-on-app-scams-reimbursement/

[2] https://www.psr.org.uk/media/tbbdhkcx/sr1-consumer-standard-of-caution-exception-dec-2023.pdf

[3] https://www.fscs.org.uk/what-we-cover/banks-building-societies-credit-unions/

[4] https://www.takefive-stopfraud.org.uk/

[5] https://www.psr.org.uk/our-work/app-scams/#:~:text=Every%20year%20thousands%20of%20individuals,to%20APP%20scams%20in%202023.

[6] https://www.ukfinance.org.uk/news-and-insight/blog/how-understanding-human-behaviour-key-effective-prevention-app-fraud

[7] https://www.bbc.co.uk/news/articles/cn7yel28rx6o

[8] https://www.synectics-solutions.com/our-thinking/why-your-app-scam-strategy-must-not-be-swayed-by-the-reimbursement-limit-update

[9] https://www.consumerfinance.gov/about-us/newsroom/cfpb-launches-process-to-recognize-open-banking-standards/

AI and Open Banking – the dynamic duo in Financial Services

25th July 20232nd September 2024by Sruti JainLeave a comment

Continue reading “AI and Open Banking – the dynamic duo in Financial Services”

Real-time payments, right now, with FedNow.

24th May 20239th January 2024by Howard HallLeave a comment

Continue reading “Real-time payments, right now, with FedNow.”

Living abroad, with tokens

22nd September 20222nd September 2024by Neil McEvoyLeave a comment

Living abroad, with tokens.

I have just completed a three-month stint building our business in Australia, and expect to return for a similar period in the near future. How were payments, for me? The first thing to note (to coin a phrase) is that I used no cash whatsoever and don’t recall seeing anyone else either. All retail payments, including transport payments (don’t knock commuting if you’ve never travelled to work on the Manly ferry), were via my Apple Watch, so no PINs, either. (Australia is online PIN, so if you do use an old-fashioned card, you’re unlikely to ever have to insert it into a reader.)

Of course, virtual cards, as wielded by (for example) Apple Pay and Google Pay, present tokens (Device PANs) as an alias for the Primary Account Number (PAN). This ensures that the issuer is able to block fraudulent transactions that could present the Device PAN from somewhere other than the relevant wallet (for example, during a standard e-commerce checkout).

Living and working abroad for three months requires payments for things beyond the usual touristic or business travel items—for example, rent and utility bills. Credit cards are not particularly well suited to many of these payments, with the requirement for recurring (and, sometimes, variable) payments, returnable deposits and so forth. Further, in Australia, it is standard practice for credit card payments for these kind of transactions to attract hefty surcharges. And, of course, forex charges and spreads apply.

What would have been better, would have been to have an Australian bank account and use all the domestic money transfer facilities. The trouble was, I didn’t have much idea of eligibility criteria (such as long-term residency) or how long KYC checks would take (especially without an Australian Tax File Number or driving licence, etc). Fortunately, there is a partial solution.

A number of fintechs (I used Wise) enable you to set up an account in your home country and then create (or have created, automatically) linked accounts in many other countries. Thus, I acquired an Australian BSB (Bank-State-Branch, equivalent to UK Sort Code or US/CAN Routing Number) and Account Number, exactly as any long-term resident.

In essence, the BSB/Account Number combination is a token representing my (UK-based) relationship with Wise. Just like a Device PAN, it enables a class of transactions, using a convenient digital representation; and also limits the scope of transactions; e.g. preventing anyone misusing the token from raiding my Sterling or US dollar funds.

One current limitation is that I cannot use the Australian bank details to set up a further level of indirection, that is, to use an Australian PayID, which would enable me to use a convenient handle, such as my mobile number, in place of hard-to-remember bank details (and, in fact, enable account portability). As well as providing more convenience, like other forms of token, this improves security, by making it less likely that someone impersonating me, and requesting payment, can pass off bank details which they control.

It would be nice to go one further step, which would be to use PayTo, the service set up by Australian Payments Plus, using the New Payments Platform (NPP), to manage payment relationships via mobile apps provided by banks and fintechs. I hope Wise (and others) are working on that. Then, a digital nomad could truly fit in!

Finally, a related grouch: I was frustrated, on a number of occasions, by useful apps not being available to people, demonstrably present in the relevant country, with an Apple ID associated with a different country. One example was my mobile provider; the obvious way to top up an account would be via their app, on a phone carrying their SIM, one would have thought. It was not to be, unfortunately. The same issue occurred with a government app and a newspaper app. Conceivably, I could have created an additional Apple ID or temporarily changed my residence details on the existing Apple ID. You’ve got to me braver than me to do that!

CBDCs – wallets, liability and acceptance

26th July 20222nd September 2024by Tim RichardsLeave a comment

CBDCs are everywhere – and nowhere. Everyone is discussing them, but almost no one is actually deploying them. Sure, this is in part due to the early stage thinking that is going into working out what is actually required but it’s also due to the tricky business of actually working out how they would be implemented. Developing a retail payment solution is a lot harder than creating a Central Bank backed payment instrument.

Continue reading “CBDCs – wallets, liability and acceptance”

Do I need to upgrade my Fare Collection system to support CBDC?

17th May 20222nd September 2024by Simon LakerLeave a comment

This week, a press release from China announced they had expanded acceptance of the digital Yuan onto public transport in 12 cities. China has led the way in the development of a Central Bank Digital Currency (CBDC), launching a trial in 2020 which has been expanding steadily. But what does this mean? What is a CBDC? And when will I need to consider accepting them in public transportation?

Continue reading “Do I need to upgrade my Fare Collection system to support CBDC?”

What Exactly Is A Smart Wallet?

26th April 20222nd September 2024by David G.W. BirchLeave a comment

A wallet is a way of organising things. My Apple Wallet, just like my real wallet, doesn’t have any cash in it. It has credit cards, debit cards, loyalty cards, vaccination records, boarding passes, train tickets and driving licences (Apple have just gone live with their driving licence and state in Arizona). These things are all held independently in the wallet: they don’t talk to each other and they don’t share data with each other. They are also, as you will have noticed, mostly about identity, not money.

Continue reading “What Exactly Is A Smart Wallet?”