Lockdown for transit

COVID-19 lockdown for transit

A couple of weeks ago I was delighted to host one of our weekly COVID-19 webinars. We discussed the impact of the global COVID-19 pandemic on public transport and how our technologies are likely to be used to help.

We had two panellists from Consult Hyperion (Neil McEvoy, CEO, and Simon Laker, Principal Consultant from our US office) and the guest panellist was Steve Cassidy from Fuse Mobility, a Scottish start-up providing Mobility as a Service (MaaS) software solutions.

The discussion was divided into three parts as follows:

  1. In the ‘Before Times’, MaaS was the direction of travel motivated by congestion and global warming. Will this continue to be the case?
  2. During the COVID-19 Lockdown, how can technology help facilitate safer essential travel?
  3. What will the ‘New Normal’ look like for mobility?

The Before Times

MaaS solutions – ones that integrate different existing transport providers to provide a near seamless door-to-door experience for consumers – were assumed to be the long term ‘direction of travel’ in order to address the mobility, congestion and pollution issues. Our MaaS Payments white paper in July 2019 showed that integration is key:

  • Modes
  • Ticketing
  • Payments
  • Journey planning
  • Hyperpersonalised packages

Lockdown

Many public transport operators are providing ‘enhanced Sunday services’. As most passengers stay at or work from home, we are seeing a decline in ridership of 75-95% across the globe. Changing patterns of user mobility when working from home means there are many fewer advance purchases in an uncertain future with tightly managed budgets. This is pushing us towards the future we already thought was coming where PAYG dominates and season tickets are irrelevant. Operator web sites are having to make special provision for customers claiming refunds on their season tickets which they can no longer use.

Meanwhile, we are seeing reports of levels of traffic being back at 1955 levels and the improvement of air quality leading to an estimated 1,752 avoided pollution deaths in the UK.

New Normal

For me, the most interesting technical development for coming out of Lockdown is the ‘Privacy-preserving contact tracing apps’ being proposed by various government and organisations across the globe. We have seen an unprecedented co-operation between Apple and Google in agreeing to modify their mobile device operating systems to accommodate such apps. The technology proposed is Bluetooth Low Energy (BLE) which uses radio waves over distances up to 10m. The technology is the same as has been tried without much success for running Be-In Be-Out (BIBO) transit payment schemes. These tend to suffer from not being able to detect accurately enough whether a potential passenger is on or off a bus, or just standing nearby. And they also suffer from being no more convenient to use than established technologies such as contactless cards and 2-D barcodes.

BLE will allow two contact tracing apps to detect each other and share anonymised information about being in contact that can be used later to alert potentially infected parties when someone declares themselves as having tested positive.

The UK government has rejected the proposals from Apple, Google and several others to instead prefer a centralised approach because they believe the alternative would lead to a delay in the reporting of symptoms, amongst other consequences. Only time will tell whether the UK population can be convinced to use the NHS app which launched a trial in the Isle of Wight on 4 May. Steve Pannifer recently blogged about this. And we discussed it on week 6 of our Webinars, the recording of which will be available on our website soon.

What will the future hold for public transport when lock down lifts? On the webinar we considered what plans China had in place at that time. The Shenzhen bus company paper about combatting COVID-19 covers the following points:

  • The virus will not be eradicated soon; extra precautions are needed against the spread of the virus.
  • Passenger will be screened using temperature checks.
  • Big data used will be used for planning the most important routes needed for getting passengers to work; mobility provided will be modified according to demand.
  • Passenger health data will be collected from apps. Presumably, like other contact tracing apps mentioned above.
  • Continued enforcement of a maximum of 50% passenger loading.
  • Voluntary passenger name and contacts registration in case needed later.

There is an opportunity for MaaS Providers post lockdown since the public are likely to be either using their private cars to avoid contact with others or else using on demand services.

The transit COVID-19 webinar recording is available to watch. Many thanks to our panellists for sharing their time and insights.

We continue to host weekly webinars every Thursday at 4pm BST. Let us know if you would like to register to attend.

The “isRecovered?” attribute

So far the tech giants seem to be the coronavirus winners, with a massive surge in digital communications and online orders. The impact on lift sharing companies is less clear.

The guidance from both Uber and Lyft says that if they are notified (by a public health authority) that a driver has COVID-19 they may temporarily suspend the driver’s account. It is not exactly clear how this would work.

That got us wondering whether digital identity systems, that we spend so much time talking about, could help. It seems to me there are two potential identity questions here:

1.       Is the driver who Uber or Lyft thinks it is?

2.       Does the driver have coronavirus?

The first question should be important to Uber and Lyft at any time. Ok, for the moment they want to be sure that they know who is driving to give them a better chance of knowing if the driver has the disease. But there are all sorts of other reasons why they might want to be sure that the driver is who they think it is – can the person legally drive for one.

The second question is harder. Just because the driver doesn’t have the virus today, doesn’t mean he or she won’t have it tomorrow. Maybe, perhaps the ability to share an isRecovered? attribute that says “I’ve recovered from the illness” would be useful when we start to see the light at the end of this tunnel we are entering. And the ability to share that anonymously might be helpful too – providing assurance to both driver and passenger.

All this to one side, the guidance from both Uber and Lyft outlines financial measures they are putting in place to provide security to drivers that self-isolate. That is a great example of responsibility providing the incentive and support required to allow their drivers to do the right thing.

Consult Hyperion’s Live 5 for 2020

At Consult Hyperion we take a certain amount of enjoyment looking back over some of our most interesting projects around the world over the previous year or so, wrapping up thoughts on what we’re hearing in the market and spending some time thinking about the future. Each year we consolidate the themes and bring together our Live Five.

2020 is upon us and so it’s time for some more future gazing! Now, as in previous years, how can you pay any attention to our prognostications without first reviewing our previous attempts? In 2017 we highlighted regtech and PSD2, 2018 was open banking and conversational commerce, and for 2019 it was secure customer authentication and digital wallets — so we’re a pretty good weathervane for the secure transactions’ world! Now, let’s turn to what we see for this coming year.

Hello 2020

Our Live Five has once again been put together with particular regard to the views of our clients. They are telling us that over the next 12 months retailers, banks, regulators and their suppliers will focus on privacy as a proposition, customer intimacy driven by hyper-personalisation and personalized payment options, underpinned by a focus on cyber-resilience. In the background, they want to do what they can to reduce their impact on the global environment. For our transit clients, there will be a particular focus on bringing these threads together to reduce congestion through flexible fare collection.

So here we go…

1. This year will see privacy as a consumer proposition. This is an easy prediction to make, because serious players are going to push it. We already see this happening with “Sign in with Apple” and more services in this mould are sure to follow. Until quite recently privacy was a hygiene factor that belonged in the “back office”. But with increasing industry and consumer concerns about privacy, regulatory drivers such as GDPR and the potential for a backlash against services that are seen to abuse personal data, privacy will be an integral part of new services. As part of this we expect to see organisations that collect large amounts of personal data looking at ways to monetise this trend by shifting to attribute exchange and anonymised data analytics. Banks are an obvious candidate for this type of innovation, but not the only one – one of our biggest privacy projects is for a mass transit operator, concerned by the amount of additional personal information they are able to collect on travellers as they migrate towards the acceptance of contactless payment cards at the faregate.

2. Underpinning all of this is the urgent need to address cyber-resilience. Not a week goes by without news of some breach or failure by a major organisation putting consumer data and transactions at risk. With the advent of data protection regulations such as GDPR, these issues are major threats to the stability and profitability of companies in all sectors. The first step to addressing this is to identify the threats and vulnerabilities in existing systems before deciding how and where to invest in countermeasures.

Our Structured Risk Analysis (SRA) process is designed to help our customers through this process to ensure that they are prepared for the potential issues that could undermine their businesses.

3. Privacy and Open Data, if correctly implemented and trusted by the consumer, will facilitate the hyper-personalisation of services, which in turn will drive customer intimacy. Many of us are familiar with Google telling us how long it will take us to get home, or to the gym, as we leave the office. Fewer of us will have experienced the pleasure of being pushed new financing options by the first round of Open Banking Fintechs, aimed at helping entrepreneurs to better manage their start-up’s finances.

We have already demonstrated to our clients that it is possible to use new technology in interesting ways to deliver hyper-personalisation in a privacy-enhancing way. Many of these depend on the standardization of Premium Open Banking API’s, i.e. API’s that extend the data shared by banks beyond that required by the regulators, into areas that can generate additional revenue for the bank. We expect to see the emergence of new lending and insurance services, linked to your current financial circumstances, at the point of service, similar to those provided by Klarna.

4. One particular area where personalisation will have immediate impact is giving consumers personalised payment options with new technologies being deployed, such as EMV’s Secure Remote Commerce (SRC) and W3C’s payment request API. Today, most payment solutions are based around payment cards but increasingly we will see direct to account (D2A) payment options such as the PSD2 payment APIs. Cards themselves will increasingly disappear to be replaced by tokenized equivalents which can be deployed with enhanced security to a wide range of form factors – watches, smartphones, IoT devices, etc. The availability of D2A and tokenized solutions will vastly expand the range of payment options available to consumers who will be able to choose the option most suitable for them in specific circumstances. Increasingly we expect to see the awkwardness and friction of the end of purchase payment disappear, as consumers select the payment methods that offer them the maximum convenience for the maximum reward. Real-time, cross-border settlement will power the ability to make many of our commerce transactions completely transparent. Many merchants are confused by the plethora of new payment services and are uncertain about which will bring them more customers and therefore which they should support. Traditionally they have turned to the processors for such advice, but mergers in this field are not necessarily leading to clear direction.

We know how to strategise, design and implement the new payment options to deliver value to all of the stakeholders and our track record in helping global clients to deliver population-scale solutions is a testament to our expertise and experience in this field.

5. In the transit sector, we can see how all of the issues come together. New pay-as-you-go systems based upon cards continue to rollout around the world. The leading edge of Automated Fare Collection (AFC) is however advancing. How a traveller chooses to identify himself, and how he chooses to pay are, in principle, different decisions and we expect to see more flexibility. Reducing congestion and improving air quality are of concern globally; best addressed by providing door-to-door journeys without reliance on private internal combustion engines. This will only prove popular when ultra-convenient. That means that payment for a whole journey (or collection or journeys) involving, say, bike/ride share, tram and train, must be frictionless and support the young, old and in-between alike.

Moving people on to public transport by making it simple and convenient to pay is how we will help people to take practical steps towards sustainability.

So, there we go. Privacy-enhanced resilient infrastructure will deliver hyper-personalisation and give customers more safe payment choices. AFC will use this infrastructure to both deliver value and help the environment to the great benefit of all of us. It’s an exciting year ahead in our field!



Consult Hyperion’s Live 5 for 2019

It’s that time of year again. I’ve had a chat with my colleagues at Consult Hyperion, gone back over my notes from the year’s events, taken a look at our most interesting projects around the world and brought together our “live five” for 2019.  Now, as in previous years, I don’t expect you to pay any attention to our prognostications without first reviewing our previous attempts, otherwise you won’t have any basis for taking us seriously! So, let’s begin by looking back over the past year and then we’ll take a shot at the future.

Goodbye 2018

As we start to wind down 2018, let’s see how we did…

  1. 1. Open Banking. Well, it was hardly a tough call and we were bang on with this one. We’ve been working on open banking projects in the UK, on the continent and beyond. What seems to be an obviously European issue, is of course a global one and we’ve been helping the global payment brands understand the opportunities. Helping existing market participants and new market entrants to develop and implement responses to open banking has turned out to be intellectually challenging and complex, and we continue to build our expertise in the field. Planning for the unintended consequences of open banking and the potentially un-level playing field that’s been created by the asymmetry of data, was not the obvious angle of opportunity for traditional tier one banks.

  2. 2. Conversational Transactions. Yes, we were spot on with this one and not only in financial services. Many organisations are shifting to messaging channels for customer support and for transactions, in both the banking and retail sectors. The opportunity for this continues with the advancements of new messaging enablers, such as the GSMA backed RCS. But as new channels for support and service are introduced to the customer experience, so are new points of vulnerability.

  3. 3. The Internet of Cars. This is evolving although the security concerns that we spoke about before, continue to add friction to the development of new products and services in this area. Vulnerabilities to card payments or building entry systems are security threats, vulnerabilities to connected or autonomous vehicles are potentially public safety threats.

  4. 4. Artificial Intelligence. Again, this was an easy prediction because many of our clients were already active. Where we did add to thinking this past year, it was about the interactive landscape of the future (i.e. bots interacting with bots) and how the identity infrastructure needs to evolve to support this.

  5. 5. Tokens/ICOs. Well, we were right to highlight the importance of “tokens” (the basis of Initial Coin Offerings, or ICOs) and our prediction that once the craziness is out of the way, then regulated token markets will become significant looks to be borne out by mainstream commentary. At Money2020 Asia in Singapore, I had the privilege of interviewing Jonathan Larsen, Corporate Venture Capital Manager at Ping An and CEO of their Global Voyager Fund (which has a $billion or so under management). When I put to him that the tokenisation of assets will be a revolution, he said that “tokenisation is a really massive trend… a much bigger story than cryptocurrencies, initial coin offerings (ICOs), and even blockchain”.

As we said, 2018 has seen disruption because the shift to open banking, starting in the UK,has meant the reshaping of financial services while at the same time the advance of AI into the transaction flow (transactions of all types, from buying a train ticket to selling corporate bonds) begins to reshape the way we do business.

Hello 2019

This year we are organising our “live five” in a slightly different way, listing them by priority to our clients rather than as a simple list. So here are the four key technologies that we think will be hot throughout the coming year together with the new technology that we are looking at out of the corner of our eyes, so to speak. The mainstream technologies are authentication,cross-sector digital identity, digital wallets for ticketing and secure IoT in the insurance sector. The one coming up on the outside is post-quantum cryptography.


So here we go…


  1. 1. With our financial services customers we are moving from developing strategies about open banking to developing implementation plans and supporting the development of new systems and services. The most important technology at the customer interface from the secure transactions perspective is going to be the technology of Strong Customer Authentication (SCA). Understanding the rules around which transactions need SCA or not is complicated enough, and that’s before you even start working out which technologies have the right balance of security and convenience for the relevant customer journeys. Luckily, we know how to help on both counts!

As it happens, better authentication technology is going to make life easier for clients in a number of ways, not only because of PSD2. We are already planning 3D Secure v2 (3DSv2) and Secure Remote Commerce (SRC) implementations for customers. Preventing “authentication friction” (using e.g. FIDO) is central to the new customer journeys.

  1. 2. Forward thinking jurisdictions such as Canada and Australia have already started to deliver cross-sector digital identity (where in both cases we’ve been advising stakeholders). New technologies such as machine learning, shared ledgers and self-sovereign identity, if implemented correctly, will start to address the real issues and improvements in know your customer (KYC), anti-money laundering (AML), counter-terrorist financing (CTF) and the management of a politically-exposed person (PEP).  The skewed cost-benefit around regtech and the friction that flawed digitised identity systems cause, mean that there is considerable pressure to shift the balance and in the coming year I think more organisations around the world will look at models adopted and take action.

  1. 3. In our work on ticketing around the world, we see a renewed focus on the deployment of real digital wallets. Transit and other forms of ticketing (such as for sporting events) are the effective anchor tenants of the digital wallet, not payments. In the UK and in some other countries there has been little traction for the smartphone digital wallet because of the effectiveness of the deployment and use of contactless cards. If you look in your real wallets, most of what your find isn’t really about payments. In our markets, payments alone do not drive consumers to digital wallets, but take-up might be about to accelerate. It’s one thing to have xPay put cards into a digital wallet but putting your train tickets, your sports rights and your concert passes into a digital wallet makes all the difference to take-up and means serious traction. Our expertise in using the digital wallets for applications beyond payments will give our clients confidence in setting their strategies.

  2. 4. In the insurance world we see the business cases building around the Internet of Things (IoT). The recent landmark decision of John Hancock, one of the oldest and largest North American life insurers, to stop selling traditional life insurance and instead sell only “interactive” policies that track fitness and health data through wearable devices and smartphones is a significant step both in terms of business model and security infrastructure. We think more organisations in the insurance sector will develop similar new services.  Securing IoT systems becomes a priority. Fortunately, our very structured risk analysis for IoT and considerable experience in the practical assessment of countermeasures, deliver a cost-effective approach.

  3. 5. In our core field of security, we think it’s time to start taking post-quantum cryptography (PQC) seriously not as a research topic but as a strategic imperative around the development and deployment of new transaction systems. As many of you will know, Consult Hyperion’s reputation has been founded on the mass-market deployments of new transactions systems and services and this means we understand the long-term planning of secure platforms. We’re proud to say that we have helped to develop the security infrastructure for services ranging from the Hong Kong smart identity card, to the Euroclear settlement system and from contactless payments to open loop ticketing in major cities. Systems going into service now may well find themselves overlapping with the first practical quantum computer systems that render certain kinds of cryptography worthless, so it’s time to add PQC to strategies for the mass market.

And there you have it! Consult Hyperion’s Live 5 for 2019. Brexit does not mean the end of SCA in the UK (since PSD2 has already been transcribed into UK law) and SCA means that secure digital identities can support transactions conducted from digital wallets, and those digital wallets will contain things other than payment instruments. They might also start to store transit tickets or your right to travel, health and fitness data for your insurance company. Oh, and all of that data will end up in the public sphere unless the organisations charged with protecting it start thinking about post-quantum cryptography or,as Adi Shamir (one of the inventors of public key cryptography) said five years ago, post-cryptographysecurity.

Our live five for 2018

It’s that time of year again. I’ve had a chat with my colleagues at Consult Hyperion, gone back over my notes from the year’s events, taken a look at our most interesting projects around the world and brought together our “live five” for 2018. Now, as in previous years, I don’t expect you to pay any attention to our prognostications without first reviewing our previous attempts, otherwise you won’t have any basis for taking us seriously! So let’s begin by looking back over the last year and then we’ll take a shot at the new one!

Goodbye 2017

This was the “live five” of technology-driven changes in the secure transactions field that we thought would have a real business impact over the previous year. In the spirit of openness and honesty and disclosure that we are famed for, let’s see how those predictions fared.

  1. RegTech. I think we did pretty well with this prediction. Interest in regtech has grown throughout the year and the ability of regtech to make real differences in major markets is established.
  2. Digital Identity. As we noted, one of the key regtechs, if not the key regtech, is digital identity. It did shoot up the agenda over the year and some interesting initiatives opened up.
  3. PSD2 (still). No commentary is needed!.
  4. Paying on the Go. We thought that a key use of open APIs will be payments, and very likely mobile payments. MasterCard’s purchase of VocaLink would tend to support this view!
  5. Invisible POS.  The shift from “check out to check in” paradigms is underway but it is fair to observe that we did not see the number of launches we were expecting as many of the projects remain in beta and will be holding to wait for the arrival of PSD2 (and CMA remedies in the UK).

Not bad. In fact, pretty good. So now let’s take a look at where we think the action will be in the coming year in our corner of the transactions treehouse. My guess is that you’ll agree with four out of the five – if not… let us know!

Hello 2018

From the perspective of our home base in the UK, the really big trend is easy to predict and wholly uncontroversial, since open banking is going to transform our industry. Thinking around this opens up a couple of adjacent areas as well. So…

  1. Open Banking. In the UK, the regulators’ determination to bring real competition to the financial services world means that we are about to see major disruption in the space. Last year I called this before a “crossing of the streams” (in an hommage to Ghostbusters!) because there are three different initiatives coming together.The first stream is the PSD2 provisions for access to payment accounts. As you may recall, these include a set of proposals that are due to come into force in 2018. A group of those proposals are what we in the business call “XS2A”, the proposals which force banks to open up to permit the initiation of credit transfer (“push payments”) and account information queries. Even at a pure compliance level these PSD2 regulations pose significant questions for the structure of the existing payments industry. While PSD2 does not mandate APIs (I think – it’s all gotten a bit complicated but as far as I know the screen-scrapers have fought a decent rearguard action) an open banking API is the obvious way to implement the PSD2 provisions.

    The second stream is Her Majesty’s Treasury’s push for more competition in retail banking. This led to the creation of the Open Banking Working Group (OBWG), which published its report in 2016.  It set out was a four part framework, comprising:

    • A data model (so that everyone knows what “account”, “amount”, “account holder” etc means);
    • An API standard.
    • A security standard.
    • A governance model.

    The third stream is the CMA report that triggered the remedies mentioned above. This envisages APIs to improve competition in retail banking by focusing on the use of APIs to obtain access to personal data that can be shared with third-parties to obtain better, more cost-effective services.

    These streams are coming together to create an environment of what is now called Open Banking. And it’s a big deal. And it begins in January 2018 when the nine biggest banks open up their APIs and the UK becomes a fascinating and exciting laboratory for new services. Who will take advantage of this new environment? Well, in our opinion, it’s not the fintechs. And we are not the only ones who think this.

    Much has been made of the rise of fintech [but] according to a report by the World Economic Forum (WEF), traditional banks are more vulnerable to competition from another source: tech giants like Amazon, Facebook, and Google.

    From Tech firms like Amazon (AMZN), Facebook (FB), and Google (GOOGL) are the biggest competitive threats to the banking industry — Quartz

    As we have pointed out for some time, it is not all obvious that what we refer to as the “challenger” banks in the UK (i.e., the new banks who have obtained licences in recent years) are really challengers at all. The era of the “challenger banks” is coming to an end as the internet giants compete to be the front end to the customers transactional financial services.

  2. Conversational Transactions. One class of application that will exploit API integration with banking and payment systems is chat, whether through standard messaging applications or “chatbot” interfaces. This is hardly a wild prediction, but we think that the early steps (e.g., Facebook Messenger’s recent UK payments launch) indicate a major shift in 2018. Right now, when my sons at University ask me for money on WhatsApp, I have to switch to Barclays Pingit to send the money. Not for much longer. And it is important to understand the roadmap here, because the link between conversational commerce and voice commerce is straightforward. It’s all small step from typing “Send £20 for the ticket” to saying “Send £20 for the ticket”.
  3. The Internet of Cars. Anyone who visited Mobile World Congress or CES or, I’m sure, many other events throughout the year, couldn’t have failed to notice the amount of work going on in the “internet of things” (we all understand just how important that will be) and how much of the IoT focus is on the automobile sector. You can see why this is: cars are expensive, so they can stand the cost of adding smart technology that can deliver new functionality. However, as Consult Hyperion have always said, doors are easy but locks are hard. It’s easy to connect the myriad systems in the modern car to the world, but it’s really hard to secure them. This is a great opportunity for organisations with skills in encryption, authentication, key management, operational security and so on to help the automobile industry,It’s one thing when your bank account gets hacked (because the bank has to give you your money back) but when the hackers are crashing cars for fun it’s another thing altogether. If we want our cars to engage in transactions then we have to be sure that the security infrastructure for those transactions is absolutely solid.
  4. Artificial Intelligence. Well, when it comes to money, and indeed absolutely everything else, there is no doubt that AI will be the most disruptive technology of our generation. We may be a long way from Terminators and HAL 9000, but the massive AI investments pouring into financial services around the world mean that the technology is going to our business, and soon. If you examine where banks are spending their AI budgets right now, machine learning is the main focus. An Infosys poll earlier in the year showed that two-thirds of banks were already spending in this area and this is no surprise. Banks have large quantities of data that in the past they have found difficult to extract wisdom from and they have large transactional flows that they find it difficult to manage in the context of increasing regulatory burdens. Machine learning systems excel at finding patterns and exceptions in such data, provided that they can be fed the voracious quantities of raw material, so the main use of the machine learning systems is currently fraud detection and prevention. This throws up an interesting strategic challenge for banks in the new Open Banking world, because there is a threat to risk management, information analysis and sales/marketing processes in the new environment where they may not get to see the data held by third-party providers but those providers have access to bank accounts.
  5. Tokens/ICOs.  Well, those first four predictions are mainstream. But it’s fun to pick something out of left field (as our American cousins would say) by looking where technology might mean very different kinds of assets being used in transactions. We might well see a new kind of money emerge in the coming year.  Not Bitcoin, but “tokens” (the basis of Initial Coin Offerings, or ICOs). When the current craziness is past and tokens become a regulated but wholly new kind of digital asset, a cross between corporate paper and a loyalty scheme, they will present an opportunity to remake markets in a new and better way. One might imagine a new version of London Alternative Investment Market (AIM) where start-ups launch but instead of issuing equity they create claims on their future in the form of tokens. The trading of these tokens is indistinguishable from the trading of electronic cash (because they are bearer instruments with no clearing or settlement) but there will be an additional transparency in corporate affairs because aspects of the transactions are public.  The transparency obtained from using modern cryptography (e.g. homomorphic encryption and zero-knowledge proofs) in interesting way iss, as an aside, one of the reasons why we tend to think of the blockchain as a regtech, not a fintech.

All in all, the coming year will see much more disruption than might be apparent at first because the shift to open banking, starting in the UK, is what will drive the reshaping of the sector while at the same time the advance of AI into the transaction space (transactions of all types, from buying a train ticket to selling corporate bonds) begins to reshape the way we do business.

Our live five for 2017

It’s that time of year again. No matter how much I complain that silly lists of what will be big in the New Year are trivial and superficial and not really representative of a more detailed analysis of key trends… I still feel I have to annoy my colleagues at Consult Hyperion into giving me a few ideas so that I can surf the end of year blog wave.

Goodbye 2016

Here we go then. As for the last few years, I’ve put together a “live five” of technology-driven changes in the secure transactions field that will have a real business impact over the coming year. But first, in the spirit of openness and honesty and disclosure that we are known for, I think it’s not right to bother you with this kind of thing without first assessing how we did last time so that you can judge whether to pay any attention to this year’s list or not! So let’s see how our live five for 2016 did:

  1. Amazonisation. We got this one right. The focus on APIs increased through the year and not only for the interfaces to 3rd parties but also as a mechanism for restructuring internal processes and operations.

    the more far thinking will be re-engineering their businesses to develop a whole bunch of APIs outside of PSD2 and will be working out the business models behind opening them out to developers and businesses.

    From Open Banking APIs: Threat and Opportunity | Consult Hyperion

    It’s been really interesting see how the bank (in particular) attitudes to the priority and scope of API strategies has evolved over the year.

  2. Mobile ID and Authentication. Again, largely correct. The European Directive on Strong Customer Authentication (SCA) means that banks and other financial services organisations have had to up their game and make significant investments in improving their authentication methods. For most, this has meant moving to solutions that somehow involve the mobile phone. The impact of the NIST report on 2FA (which said that one-time password sent by text message can no longer be considered a secure authentication method) has yet to be felt, but the shift to more sophisticated and comprehensive mobile identity solutions is underway.

    The NIST guideline goes on to talk about using push notifications to applications on smart phones, which is how we think it should be done.

    From SMS authentication isn’t security. And that’s official | Consult Hyperion

    Of course,  this means doing proper risk analysis on the mobile applications to make sure that they have the appropriate levels of security built in, but at Consult Hyperion we’re rather good at doing that, so it’s a sensible way to proceed.

  3. EMV Next Generation. Big for us, but I wouldn’t say it’s touched the mainstream yet. EMV is getting long in the tooth and needs to be refreshed.

    We celebrate St. Valentine’s Day on 14th February every year to commemorate the introduction of chip and UK In the UK on 14th February 2006. I am a payments romantic, so this is very special day.

    From Ten more years! Ten more years! | Consult Hyperion

    The work that we have been involved in, helping clients to assess and shape their strategies towards the future of EMV, continues.

  4. The Push for Push. When I wrote this I couldn’t have imagined just how right I would be. MasterCard spent a billion dollars on VocaLink.

    mark my words it was one of the most significant events in the evolution of the UK payments industry since Reg Varney got a tenner out of that first ATM in Enfield half a century ago.

    From MasterCard and VocaLink is a big deal | Consult Hyperion

    Enough said.

  5. Transparency. Mixed, I would say. I had expected shared ledgers to proceed further in the exploration of new markets and new kinds of markets but actually most of the work that we have been involved with (I mean paid professional services, not academic research) has continued to look at the ways in which this interesting new class of technology could be used to emulate, essentially, existing centralised systems. But I think our analysis, as set out in this paper, stands.

    The paper that Richard Brown of R3, my colleague Salome Parulava and I put together what seems like an age ago (a year is a long time in fintech) has finally been published!

    From A legacy of transparency | Consult Hyperion

    However, in one or two of the projects, the focus did begin to shift to new ways of doing things and we remain of the opinion that more transparent markets will come.

On the whole, not too bad I think. A good enough score, I hope, to make our thoughts about 2017 worth at least a glance.

EMV POS Upgrade

As you know, I’m all about new technology at the point of sale or service, so I’m going to choose five areas where new technology will make a significant difference to retail financial services – not only payments – over the coming year.

Hello 2017

On to the predictions for the coming year. I’m playing the same game as always here. I don’t want to give away any of the really cool stuff that our teams are working on for clients in business, NGO and government sectors right now, but I do want to make predictions that I already sort-of know will come true because we are already working with the technologies so that I can look clever! I’m sure you all understand how this works. Anyway, here goes…

  1. RegTech. A number of the new technology projects that we have been involved with recently have come to a similar conclusion, which is that the use of new technology to reduce the cost of transactions is a struggle, but the use of the new technology to reduce the cost of regulating the transactions has a much better business case.

    2017 will see the emergence of the next generation of innovation in fintech that addresses risk management and regulation for the bank. We expect that regulatory technology, also known as regtech, will emerge as a separate area of innovation…

    From 2017 predictions | Business Analytics 3.0

    For many of our clients, the costs of regulation are both high and out of control. If the blockchain or cloud or big data or biometrics or whatever can do anything to address the spiralling costs of compliance, they will have significantly more impact on the transaction space than if they could deliver a marginal reduction in transaction costs.

  2. Digital Identity. One of the key regtechs, if not the key regtech, is digital identity. It has finally risen to the top of the agenda and this year it will finally change the way business works. I notice that Karen Webster has come to a similar conclusion in her piece about the major trends for next year.

    More than just authenticating a consumer for a particular transaction, creating a secure digital identity will mean capturing a variety of attributes about that consumer that then can be selectively presented as needed.

    From 8 Big Shifts In FI, Retail, Payments | PYMNTS.com

    Indeed.  What’s more, implicit in this prioritisation, is the start of the identity wars as various constituencies struggle to deliver the mass-market identity solutions that we need. In some areas, it may be the government that does this, in other areas it may be the banks. But in some areas, it may be the big five: Facebook, Google, Amazon, Microsoft or Apple. Either way, there are big implications for our clients long-term strategies.

  3. PSD2 (still). One of the immediate  needs for digital identity infrastructure is to help with the delivery of PSD2 in Europe. Along with the Secure Customer Authentication directive mentioned above, a practical identity infrastructure is an urgent requirement if the industry is going to make open banking and API access work cost effectively .

    European banks and payments companies will spend much of 2017 preparing for the second phase of the EU’s Directive on Payment Services (PSD2).

    From Predictions 2017: What financial services executives can expect | ZDNet

    Right now this is all a bit of a mess because the “standards” that the industry is waiting for our being delayed and it seems to me that the timescales will be further extended in the New Year. However, she is still possible for banks to develop their strategies around the demands of PSD2 even if the details of the specific standards are not yet known.

    Specifications.

  4. Paying on the Go. A key use of open APIs will be payments, and very likely mobile payments. Mobile payments are coming front and centre as a means to authorise access to payment accounts. Not for tap-and-go NFC but for the next generation of retail, transit, utility and other payments across all channels. As everyone has been saying, payments are vanishing inside the mobile phone and whether it is ordering your Starbucks via a voice interface or jumping out of an Uber or shopping at an increasing number of websites, the transaction will complete because of the identification and authentication (I tend to label these “recognition” for short) functionality of the mobile. Since the mobile delivers both convenience and security it seems to me unstoppable in this regard.

    Retailers across the board will adopt mobile payment solutions.

    From Retail Trends and Predictions 2017 | 12 Retail trends and predictions to watch for

    It is natural for retailers to want to manage the shopping experience in order to deliver the best possible service to their customers. As the bumper sticker says, they want to go from check-out to check-in.  One of the implications of this shift for our clients is that they will be delivering services to mobile app developers rather than end customers! Testing these mobile apps to make sure that they have the security necessary for the mass market needs specialist skills that Consult Hyperion has and that customers can rely on.

  5. Invisible POS.  In many of the markets where we provide professional services and indeed software to the transactions value network, the day when non-cash transactions will no longer be dominated by cards is now within the strategic planning horizon.

    No checkout lines. No registers. No self-checkout. No cash, credit or debit.

    From How To ‘Shoplift’ Legally With Amazon

    I’m not expecting the Amazon Go science fiction model to dominate world retailing any day soon, but the combination of mobile apps, instant payments and alternative payment solutions will combine to see volume shift away from the card dip, swipe or tap. Card payments (by card, by token etc) will continue to grow but as more and more of them vanish inside apps, so the nature of the card industry and the shape of the value networks will shift. And if you this is rose-tinted techno-determinist hype from engineers, have a look at what someone whose business this is think about it: 

    Amer Sajed, the chief executive of Barclaycard, says it will spell the steady demise of the physical plastic credit card, which his company introduced to the UK 50 years ago. “People will be able to seamlessly shop going between the web, an app or in store,” he says.

    From The invisible credit card of the future – BBC News

    When customers check in and then check out without plastic in their hands, the point of sale will undergo fundamental change. The competition between payment methods will be subject to new dynamics that are not yet visible or understood. Trying to introduce a new payment scheme to Tesco’s stores is one thing, but introducing a new payment scheme inside the Tesco app (with no changes to the stores, POS or any other infrastructure) is quite another. Our knowledge of both new payment methods and new POS environment help clients to make to informed decisions about their future retail environments.

What does this mean for our clients for the coming year? Given that by and large we work for the incumbents who currently dominate their markets, whether banks or card issuers or acquirers or retailers or government agencies, it’s all about linking these key trends together at a strategic level in order to be able to take advantage of the opportunities offered by the new technologies at the tactical level, working with new players where necessary, to stay on top.

My feeling is that these strategic trends will interact to cause some pretty interesting changes in our markets across the coming year, driven above all by the absolute necessity to restore sanity to the cost-benefit calculations around compliance. It will be regulatory pressures, not technology drivers, that shape most decisions in the next few months but we understand how to make effective use of new technology in responding to those pressures so that’s all good. Here’s to another great year in the world of secure electronic transactions!

Our live five for 2016

Well, however superficial they might be, there’s no doubting the popularity of the end of year roundup and predictions for the coming year. We don’t argue with the box office down at CHYP End, so here we go with our now-traditional “live five” transaction technology trends for 2016. But, first of all, I think we need to take a look at how we did with our live five for 2015 before you can decide whether to pay any attention at all to this live five! Let’s see how we did!

  1. In-App Payments. This was a good shout. The discussions around payments becoming invisible and vanishing into apps are now common currency and the trend toward retailers wanting to shift payments inside their app so that they can deliver the best service to customers was well established before Walmart Pay came on the scene.

    Target is reportedly developing a mobile wallet that customers can use to pay for goods with their smartphones, according to three unnamed sources who spoke to Reuters… also confirmed that Kohl’s plans to release a payment service called Kohl’s Pay in the fall of 2016 that would be part of the retailer’s existing app.

    [From Target thinks it has enough customer trust to get into the mobile wallet game – Quartz]

    It seems natural to me that retailers will take advantage of mobile technology to get closer to customers and there are plenty of opportunities to provide services into their apps. Just recently, McKinsey called in-app “the new battleground” for shopping (McKinsey on Payments, October 2015) and noted that what they called “repetitive interaction” (what we call “relationship” in the Consult Hyperion “3Rs” model) is way to generate more value for customers.

  2. The Three Party Party. I think we scored a bullseye here, with ChasePay the surprise announcement of Money2020. We knew nothing about the ChasePay plans when we predicted big moves away from the traditional four-party model in retail payments, we based the prediction on work that had been underway for some other clients, particularly in the field of mobile options for domestic schemes.

    Gordon Smith, CEO of Consumer & Community Banking at JPMC Chase Cards, introduced Chase Pay as a mobile payments solution that provides a “true omnichannel” payments experience – in-store, in-app and online purchases – and built the case for why he believes Chase Pay will be a formidable force in payments… Chase Pay will not support NFC.

    [From Chase Pay Mobile Wallet Launches — With MCX As A Partner]

    In a world of mobile phones there just isn’t the same pressure for global solutions as there has been in the past and if you look around the world you can see a clear resurgence in bank-centric three-party schemes: Russia, Turkey, India and so on.

  3. Privacy as a Proposition. This didn’t develop as we’d expected, despite the increased pressure because of massive, continuous and damaging data breaches throughout the year. I’m not entirely sure why (e.g.) banks didn’t develop more privacy-centric propositions — a good example being tokens for adult services — but I suppose they have decided that there are other more strategically important parts of the identity business to focus on.
  4. Blockchain. Wow, Another bullseye. It was definitely the year of the replicated distributed shared ledger formerly known as the blockchain, although I must agree with this commentator on the Innotribe conference that it is not wholly clear to many people exactly why:

    In front of a large group of finance professionals, “blockchain experts” and audience alike agreed that blockchains were the wave of the future – despite a complete lack of consensus on what a blockchain is. Or even why one is needed.

    [From Why Big Banks Got Blockchains Wrong in 2015 – CoinDesk]

    We are a small company, and statistically insignificant in the great sea of IT spending. But the nature of our work makes us a useful weathervane for clients and I can tell you that we have had way more blockchain-specific consulting work this year than even a reckless hypemerchant like me would have predicted (and not only in financial services). Luckily for us, being early into this space allowed us time to develop a more general approach to thinking about shared ledgers from a business perspective that has worked well in helping our customers to evolve their positions.

  5. ID for the Internet of Things. I think we can claim that there is widespread recognition of the problem now and a first few steps towards a solution with the major chip platforms working to bring secure hardware (e.g., Intel’s Enhanced Privacy ID) to devices. Given some of the work that Consult Hyperion has been doing for clients in this area, I think I might go so far as to say that I finished the year more optimistic about the possibilities here although I still think we have a long, long way to go to make the thingternet as safe and productive space.

Having looked back, then, and established that our live five does indeed have some value for organisations looking to establish their strategic priorities, I’ve had a look at the projects that Consult Hyperion has been working on around the world and identified what I think are five key transaction technology trends for our clients in the coming year.

Deep Purple

Now, of course, I’m playing a game here. I don’t want to give away any of the really cool stuff that our teams are working on for clients in business, NGO and government sectors right now, but I do want to make predictions that I already sort-of know will come true because we are already working with the technologies so that I can look clever! So, with that in mind, here’s the new live five that you can expect to see organisations focus on in the coming year:

  1. Amazonisation. Now that everyone is agreed that APIs are the right away to deliver services into the marketplace, some organisations are going further and structuring themselves around APIs, helping not only external customers but internal functions to benefit from a more flexible and functional mechanism for co-operating. Now, in 2016 it will be PSD2 that will undoubtedly spur many of our clients to develop strategies for either providing or consuming bank APIs.

    Successful internet giants, like Salesforce, Amazon, Google, Twitter, and Facebook, have been active to offer APIs to third parties. Salesforce has earned more than half of its revenue through APIs, not from its own user interface. Twitter, Netflix, and Google handle billions of transactions through APIs daily. And we can say Amazon has been a pioneer with open APIs – the online retail giant already had an Amazon Store API back in the early 2000’s.

    [From APIs – the core of a new economy, really? : DisruptiveViews]

    It is really interesting to try and think what this kind of restructuring around APIs will be mean for financial services organisations, and I’m looking forward to working with our teams to find ideas for transforming their businesses.

  2. Mobile ID and Authentication. The focus for solving “identity problems” is shifting to the mobile device. Whether it is in payments, ticketing, inclusion or in straight identity applications, the mobile phone will be the mass market solution to the problems of recognition, relationships and reputation (those “3Rs” again). We have said repeatedly that a model based on strong authentication against a local revocable token held in tamper-resistant memory deliver the right platform. The announcement of Google’s scheme for replacing passwords with mobile phones is sure to be followed by a similar announcement of an “Apple Smart ID” or something similar, the mobile operator’s Mobile ID Connect service is being deployed and I’m sure that other schemes will be launched.
  3. EMV Next Generation. You might be thinking that it’s all quiet on the EMV front now that the US roll-out is under way, but some of our clients have started to develop their strategies and tactics around the EMV Next Generation specifications and I expect to see momentum grow throughout the year. There are, as far as I can see, three strands to strategy for them to consider: first is that we are reaching the limits of the cryptography currently employed and must look at replacing it long before it becomes a vulnerability in the marketplace, second is that there is pressure for value-added merchant propositions (e.g., coupons, loyalty and so on) within the standard and the third is that “legacy” EMV (which still hasn’t been fully rolled out in the US) will be with us for another fifteen years or so. For each organisation, looking at the drivers and blocks around each of these is central to its retail payment strategy.
  4. The Push for Push. In the UK, the faster payment service (FPS), is well established, has been fantastically successful and has enabled things on top of it already, like Pingit and Paym and so on, and there’s more to come. That is also happening in other countries have started to go down that route. The one great exception was always the US because the Federal Reserve has no regulatory mandate to make the banks there implement an instant payment system, and so we all thought it would be some time before instant payments appeared in the US. Actually, however, in the last couple of months there has been raft of announcements coming out of the US: The Clearing House (TCH) is working with VocaLink, Dwolla are experimenting with APIs, NACHA is moving to same day and so on. Even in the US instant payments will feature heavily across the next year and as they spread they will shift industry focus to push payments. As Tom Noyes said earlier this month,

    As I’ve stated before, no engineer would design a payment system to operate the way we do today (see Push Payments).

    [From Changing Economics of Payments – Noyes Payments Blog]

    I agree. There are good reasons for thinking that pull payments are a hack to get around the dumb payment networks of the past and, personally, I see push dominating in the long run.

  5. Transparency as the “win-win-win. Given the considerable confusion about what shared ledgers are, how they work and what the impact of different architectural choices on business models is, you might be forgiven for thinking that the technology will stall. But we think that there has been a focus on the wrong drivers. Blockchains are only one form of shared ledger and they aren’t automatically cheaper or even more efficient than (for example) databases. Shared ledgers do, however, have a couple of interesting characteristics that will reshape some markets. One of them is transparency and, in the short term, this can be the core of a win-win-win involving customers, institutions and regulators.

I’m naturally very curious what you all think about these choices so please do not be shy in the comments below! Along with our other consultants, I’ll be speaking on these themes at a number of events across the coming year and really look forward to discussing them with you.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.