Victoria Saporta, BoE executive director for prudential supervision, has said recently that minimum resilience requirements should be required for the tech giants’ (and others’) hosting services, before they may process and store banking data. We strongly support these comments. We have identified this issue as one of a number of new risks arising from modern financial systems architecture, in recent Structured Risk Analyses that we have carried out for financial and retail organisations in North America, Asia-Pac and EMEA.
We were delighted to get a lot of good feedback on Neil’s previous blog on Mondex Memories and CBDCs and its relevance to CBDCs and thought it would be interesting to respond to some of the more interesting – and difficult – points raised in a follow-up blog. Before addressing those I wanted to put the Mondex program into some historical context. They were very different days – we didn’t have an intranet until 1996, let alone internet access. There were no SDKs – although actually we did build a precursor to one of those – or APIs and the idea of remote payments was still in its infancy (although we did that too).
Deep in the mists of time (that is to say, the early-1990s), I led the team from Consult Hyperion responsible for Mondex specification, design and development. For those not familiar with paleo-payments, it was one of a clutch of (contact) smart card based electronic cash systems, none of which survived beyond, let’s say, early adolescence. There were two main reasons for their demise, one technological and one business. The concept was ahead of the capabilities of the underlying technology. Transactions took about the same amount of time as cash plus change, which wasn’t a compelling reason for anyone to leave their wallet behind. The promoters of the schemes (retail banks and payment brands) did not target particular niches where there may have been a business case (I always thought car parking might work) but instead blanketed retail outlets in particular cities or small countries. So, mostly unused devices were put under the counter, and people forgot about the schemes after an initial blaze of publicity.
The Bank of England and the UK Treasury have announced a Central Bank Digital Currency (CBDC) Taskforce to coordinate the exploration of a potential British CBDC. But how could a digital Pound actually work? As it happens, this is something that Consult Hyperion knows rather a lot about. Apart from our work on the first British central bank digital currency (Mondex) back in the 1990s, our work on the first population-scale mobile money scheme (M-PESA) in the 2000s and our work on the most transformational contactless payment roll-out (Transport for London) in the 2010s, our practical experience across implementation platforms means that we understand the architectural options better than anyone.
When we look forward to 2021, it is no surprise that COVID-19 is the dominant factor. So far as the merchant payments world is concerned, the shape of the post-pandemic new normal transaction environment must be the key strategic consideration for stakeholders and I am desperately keen to hear the variety of informed opinion on this topic that I have come to expect at Merchant Payments Ecosystem every year. At Consult Hyperion we like to contribute to these conversations by providing a useful framework for discussion: our annual “Live 5”, our yearly set of suggestions for strategic focus. This year, we choose to look at the key issue of pandemic transformation and its impact of on the three key domains where our clients operate: Payment, Identity and Transit, together with (as is traditional!) a suggestion as to a technology that the POS world may not be thinking about but probably should be.
Guest blog post by Mirela Ciobanu, The Paypers
The topic of Central Bank Digital Currency (CBDC) is gaining momentum. Across the globe, many CBDC initiatives aim to digitalise payments, support financial inclusion, make cross border payments faster and cheaper, support fiscal transfer, etc. What is firing up discussions around CBDC and why is it important today?
Adoption of new technologies and understanding of their huge potential to support and stimulate our life has caused the world to change a lot in the last year. The current pandemic has triggered the decline of cash usage to avoid getting the virus and safeguard the most vulnerable ones (health-wise). Economic wise, as many governments wanted to protect their citizens and directly stimulate the economy down to every citizen, they offered ‘helicopter money’ via digital wallets.
What did you think of the US election? I don’t mean the candidates and the outcome. What did you think of the election process? Should it be possible for national elections of this type to be done online? Last week the IET published a paper on internet voting in the UK, led by our good friend at the University of Surrey, Professor Steve Schneider. It’s well worth a read. As the paper explains, internet voting for statutory political elections is a uniquely challenging problem. Firstly voting systems have exacting requirements and secondly, the stakes are high with the threat of state level interference.
The pandemic has revised interest in a topic that has surfaced repeatedly in Tomorrow’s Transactions events over the years, and that is the issue of local and complementary currencies. The Bristol Pound, the Brixton Pound, the Lewes Pound and many other experiments have sprung up around the country (indeed, around the world) to try to stimulate and regenerate local and regional trade and prosperity in response the changing economic circumstances. We tend to think of currencies as being instruments of the nation state but that’s actually a recent invention in the great scheme of things. There’s no reason to see optimal currency areas as inviolable laws of nature rather than transitional borders under prevailing monetary and financial arrangements.
We’ve just had an important anniversary. I’m sure you are all thinking of July 4th and, of course, who can forget it! It’s a date that is very important to many people because it is the anniversary of the birth of The Clash, who played their first live gig on 4th July 1976. But for me, there is a much more important and personal anniversary. Here is the front page of the Swindon Evening Advertiser from 4th July 1995. The day I finally made the front page of my home town newspaper. Got to see my picture on the cover, got to buy five copies for my mother…
Yes, I was there on 3rd July 1995 in Swindon town centre when the Swindon Evening Advertiser vendor Mr. Don Stanley (then 72) made the first ever live Mondex sale. And here is the photographic evidence of same — in case you don’t happen to have copy of that Swindon Evening Advertiser — as I emerge Zelig-style from the crowd to watch Don take the e-cash. It was a very exciting day because by the time this launch came, my colleagues at Consult Hyperion, who were instrumental in creating Mondex devices and software, had been working on the project for some years (and for the first three or four years it was entirely in secret).
So for those of you who don’t remember what all of the fuss was about: Mondex was an electronic purse, a pre-paid payment instrument based on a tamper-resistant chip. This chip could be integrated into all sorts of things, one of them being a smart card for consumers. Somewhat ahead of its time, Mondex was a peer-to-peer proposition. The value was transferred directly from one chip to another with no intermediary and therefore no cost. In other words, people could pay each other without going through a third party and without paying a charge. It was true cash replacement, invented at National Westminster Bank (NatWest) in 1990 by Tim Jones and Graham Higgins. Swindon had been chosen for the launch because, essentially, it was the most average place in Britain. Since I’d grown up there, I was rather excited about this, and while my colleagues carried out important work for Mondex (software specification, development and testing for all of the core components), I watched as the fever grew out in the West Country.
Many of the retailers were quite enthusiastic because there was no transaction charge and for some of them the costs of cash handling and management were high. I can remember talking to a hairdresser who was keen to get rid of cash because it was dirty and she had to keep washing her hands, a baker who was worried about staff “shrinkage” and so on.
The retailers were OK about it.
“From a retailer’s point of view it’s very good,” said news-stand manager Richard Jackson. “But less than one per cent of my actual customers use it. Lots of people get confused about what it actually is, they think it’s a Switch card or a credit card.”
That’s if they thought about it all.
It just never worked for consumers. It was a pain to get hold of, for one thing. I can remember the first time I walked into a bank to get a Mondex card. I wandered in with 50 quid and had expected to wander out with a card with 50 quid loaded onto it but it didn’t work like that. I had to set up an account and fill out some forms and then wait for the card to be posted to me. Most people couldn’t be bothered to do any of this so ultimately only around 14,000 cards were issued.
So, why I am wallowing in this nostalgia again? Why do I think more people should be celebrating the Mondex Silver Jubilee? Well, look East, where the first reports have appeared concerning the Digital Currency/Electronic Payment (DC/EP) system being tested in four cities: Shenzen, Chengdu, Suzhou and Xiong’an. DC/EP is the Chinese Central Bank Digital Currency (CBDC).
with the kind permission of Matthew Graham @mattysino
The implementation follows the trajectory that I talk about in my book The Currency Cold War, with the digital currency being delivered to customers via commercial banks. The Deputy Governor of the People’s Bank of China, Fan Yifei, recently gave an interview to Central Banking magazine in which he expanded on the “two tier” approach to central bank digital currency (CBDC). His main points were that this approach, in which the central bank controls the digital currency but it is the commercial banks that distribute it, is that is allow “more effective exploitation of existing business resources, human resources and technologies” and that “a two-tier model could also boost the public’s acceptance of a CBDC”.
He went on to say that the circulation of the digital Yuan should be “based on ‘loosely coupled account links’ so that transactional reliance on accounts could be significantly reduced”. What he means by this is that the currency can be transferred wallet-to-wallet without going through bank accounts. Why? Well, so that the electronic cash “could attain a similar function of currency to cash… The public could use it directly for various purchases, and it would prove conducive to the yuan’s circulation”. How will this work? Well, you could have the central bank provide commercial banks with some sort of cryptographic doodah that would allow them to swap electronic money for digital currency under the control of the central bank. Wait a moment, that reminds me of something because… yep, that’s how Mondex worked.
That was the big difference between Mondex and other electronic money schemes of the time, which was that Mondex would allow offline transfers, chip to chip, without bank (or central bank) intermediation. Offline person to person transfers. Just like cash. That’s huge. Libra can’t do it, and never will be able to because, like Bitcoin, it needs to be online to check for “double spending”.
Mondex was a window into the future of money.
That’s why this week’s special webinar is a Mondex reunion! Tim Jones, one of the co-inventors and Mondex CEO, will be joining with Debbie Gamble who was head of Mondex North America. On our side, our CEO, Neil McEvoy (who led the Mondex specification and implementation team) and Tim Richards (who designed the underlying portable, secure operating system), will join Tim and Debbie to reminisce and have a bit of fun, but much more importantly, to talk about the lessons learned from that incredible experiment, and to share ideas for the coming generation of digital currency innovators. And there may be one or two special guests…
It’s that time of year again. I’ve had a chat with my colleagues at Consult Hyperion, gone back over my notes from the year’s events, taken a look at our most interesting projects around the world and brought together our “live five” for 2019. Now, as in previous years, I don’t expect you to pay any attention to our prognostications without first reviewing our previous attempts, otherwise you won’t have any basis for taking us seriously! So, let’s begin by looking back over the past year and then we’ll take a shot at the future.
As we start to wind down 2018, let’s see how we did…
- 1. Open Banking. Well, it was hardly a tough call and we were bang on with this one. We’ve been working on open banking projects in the UK, on the continent and beyond. What seems to be an obviously European issue, is of course a global one and we’ve been helping the global payment brands understand the opportunities. Helping existing market participants and new market entrants to develop and implement responses to open banking has turned out to be intellectually challenging and complex, and we continue to build our expertise in the field. Planning for the unintended consequences of open banking and the potentially un-level playing field that’s been created by the asymmetry of data, was not the obvious angle of opportunity for traditional tier one banks.
- 2. Conversational Transactions. Yes, we were spot on with this one and not only in financial services. Many organisations are shifting to messaging channels for customer support and for transactions, in both the banking and retail sectors. The opportunity for this continues with the advancements of new messaging enablers, such as the GSMA backed RCS. But as new channels for support and service are introduced to the customer experience, so are new points of vulnerability.
- 3. The Internet of Cars. This is evolving although the security concerns that we spoke about before, continue to add friction to the development of new products and services in this area. Vulnerabilities to card payments or building entry systems are security threats, vulnerabilities to connected or autonomous vehicles are potentially public safety threats.
- 4. Artificial Intelligence. Again, this was an easy prediction because many of our clients were already active. Where we did add to thinking this past year, it was about the interactive landscape of the future (i.e. bots interacting with bots) and how the identity infrastructure needs to evolve to support this.
- 5. Tokens/ICOs. Well, we were right to highlight the importance of “tokens” (the basis of Initial Coin Offerings, or ICOs) and our prediction that once the craziness is out of the way, then regulated token markets will become significant looks to be borne out by mainstream commentary. At Money2020 Asia in Singapore, I had the privilege of interviewing Jonathan Larsen, Corporate Venture Capital Manager at Ping An and CEO of their Global Voyager Fund (which has a $billion or so under management). When I put to him that the tokenisation of assets will be a revolution, he said that “tokenisation is a really massive trend… a much bigger story than cryptocurrencies, initial coin offerings (ICOs), and even blockchain”.
As we said, 2018 has seen disruption because the shift to open banking, starting in the UK,has meant the reshaping of financial services while at the same time the advance of AI into the transaction flow (transactions of all types, from buying a train ticket to selling corporate bonds) begins to reshape the way we do business.
This year we are organising our “live five” in a slightly different way, listing them by priority to our clients rather than as a simple list. So here are the four key technologies that we think will be hot throughout the coming year together with the new technology that we are looking at out of the corner of our eyes, so to speak. The mainstream technologies are authentication,cross-sector digital identity, digital wallets for ticketing and secure IoT in the insurance sector. The one coming up on the outside is post-quantum cryptography.
So here we go…
- 1. With our financial services customers we are moving from developing strategies about open banking to developing implementation plans and supporting the development of new systems and services. The most important technology at the customer interface from the secure transactions perspective is going to be the technology of Strong Customer Authentication (SCA). Understanding the rules around which transactions need SCA or not is complicated enough, and that’s before you even start working out which technologies have the right balance of security and convenience for the relevant customer journeys. Luckily, we know how to help on both counts!
As it happens, better authentication technology is going to make life easier for clients in a number of ways, not only because of PSD2. We are already planning 3D Secure v2 (3DSv2) and Secure Remote Commerce (SRC) implementations for customers. Preventing “authentication friction” (using e.g. FIDO) is central to the new customer journeys.
- 2. Forward thinking jurisdictions such as Canada and Australia have already started to deliver cross-sector digital identity (where in both cases we’ve been advising stakeholders). New technologies such as machine learning, shared ledgers and self-sovereign identity, if implemented correctly, will start to address the real issues and improvements in know your customer (KYC), anti-money laundering (AML), counter-terrorist financing (CTF) and the management of a politically-exposed person (PEP). The skewed cost-benefit around regtech and the friction that flawed digitised identity systems cause, mean that there is considerable pressure to shift the balance and in the coming year I think more organisations around the world will look at models adopted and take action.
- 3. In our work on ticketing around the world, we see a renewed focus on the deployment of real digital wallets. Transit and other forms of ticketing (such as for sporting events) are the effective anchor tenants of the digital wallet, not payments. In the UK and in some other countries there has been little traction for the smartphone digital wallet because of the effectiveness of the deployment and use of contactless cards. If you look in your real wallets, most of what your find isn’t really about payments. In our markets, payments alone do not drive consumers to digital wallets, but take-up might be about to accelerate. It’s one thing to have xPay put cards into a digital wallet but putting your train tickets, your sports rights and your concert passes into a digital wallet makes all the difference to take-up and means serious traction. Our expertise in using the digital wallets for applications beyond payments will give our clients confidence in setting their strategies.
- 4. In the insurance world we see the business cases building around the Internet of Things (IoT). The recent landmark decision of John Hancock, one of the oldest and largest North American life insurers, to stop selling traditional life insurance and instead sell only “interactive” policies that track fitness and health data through wearable devices and smartphones is a significant step both in terms of business model and security infrastructure. We think more organisations in the insurance sector will develop similar new services. Securing IoT systems becomes a priority. Fortunately, our very structured risk analysis for IoT and considerable experience in the practical assessment of countermeasures, deliver a cost-effective approach.
- 5. In our core field of security, we think it’s time to start taking post-quantum cryptography (PQC) seriously not as a research topic but as a strategic imperative around the development and deployment of new transaction systems. As many of you will know, Consult Hyperion’s reputation has been founded on the mass-market deployments of new transactions systems and services and this means we understand the long-term planning of secure platforms. We’re proud to say that we have helped to develop the security infrastructure for services ranging from the Hong Kong smart identity card, to the Euroclear settlement system and from contactless payments to open loop ticketing in major cities. Systems going into service now may well find themselves overlapping with the first practical quantum computer systems that render certain kinds of cryptography worthless, so it’s time to add PQC to strategies for the mass market.
And there you have it! Consult Hyperion’s Live 5 for 2019. Brexit does not mean the end of SCA in the UK (since PSD2 has already been transcribed into UK law) and SCA means that secure digital identities can support transactions conducted from digital wallets, and those digital wallets will contain things other than payment instruments. They might also start to store transit tickets or your right to travel, health and fitness data for your insurance company. Oh, and all of that data will end up in the public sphere unless the organisations charged with protecting it start thinking about post-quantum cryptography or,as Adi Shamir (one of the inventors of public key cryptography) said five years ago, post-cryptographysecurity.