Victoria Saporta, BoE executive director for prudential supervision, has said recently that minimum resilience requirements should be required for the tech giants’ (and others’) hosting services, before they may process and store banking data. We strongly support these comments. We have identified this issue as one of a number of new risks arising from modern financial systems architecture, in recent Structured Risk Analyses that we have carried out for financial and retail organisations in North America, Asia-Pac and EMEA.
In our Live 5 for 2021, we said that governance would be a major topic for digital identity this year. Nowhere has this been more true than in the UK, where the government has been diligently working with a wide set of stakeholders to develop its digital identity and attribute trust framework – the rules of road for digital identity in the UK. The work continues but with the publication of the second iteration of the framework I thought it would be helpful to focus on one particular aspect – how might the framework apply to decentralised identity, given that is the direction of travel in the industry.
EMV is at the heart of global payment card processing. As a specification it governs the processing of billions of transactions globally, with the vast majority of those flowing through the international payment schemes. As a technology it has been incredibly successful, reducing fraud levels everywhere it’s been introduced and its extension into contactless payments is now the fastest growing area of face-to-face payments. The idea that EMV might soon be obsolescent seems far-fetched, to put it mildly, but there are reasons to believe that its hegemony is under threat.
Card issuing seems to be hot right now. Despite the rise of alternatives to card payments, many Fintech’s appear intent on adding payment cards to their product portfolios. And it is not just the “me too” start-up banks.
For example, some international remittance services are adding payment cards to their offerings. This allows customers to spend the money they receive directly but also means that customers do not withdraw funds immediately upon receipt. This extends the customer relationship adding value to both the customer and the Fintech.
Deep in the mists of time (that is to say, the early-1990s), I led the team from Consult Hyperion responsible for Mondex specification, design and development. For those not familiar with paleo-payments, it was one of a clutch of (contact) smart card based electronic cash systems, none of which survived beyond, let’s say, early adolescence. There were two main reasons for their demise, one technological and one business. The concept was ahead of the capabilities of the underlying technology. Transactions took about the same amount of time as cash plus change, which wasn’t a compelling reason for anyone to leave their wallet behind. The promoters of the schemes (retail banks and payment brands) did not target particular niches where there may have been a business case (I always thought car parking might work) but instead blanketed retail outlets in particular cities or small countries. So, mostly unused devices were put under the counter, and people forgot about the schemes after an initial blaze of publicity.
I was delighted to be asked to present a keynote at the FIDO Authenticate Summit and chose to focus on digital identity governance, which is something of a hot topic at the moment. Little did I know that the day before my session was recorded the European Commission would propose a monumental change to eIDAS, the Europe Union’s digital identity framework – one of the main examples I was planning to refer to. I hastily skimmed the proposed new regulation before the recording but have since had the time to take a more detailed look.
We’ve now had well over year of sporadic lockdowns, of varying degrees of severity. I’m loathe to tempt fate, but it does seem that, in the UK, we’re heading towards a low background level of Covid-19, during the summer months at least. It’s therefore an appropriate time to examine the changed methods of working, and whether, or to what extent, they should be incorporated into normal practice.
The Bank of England and the UK Treasury have announced a Central Bank Digital Currency (CBDC) Taskforce to coordinate the exploration of a potential British CBDC. But how could a digital Pound actually work? As it happens, this is something that Consult Hyperion knows rather a lot about. Apart from our work on the first British central bank digital currency (Mondex) back in the 1990s, our work on the first population-scale mobile money scheme (M-PESA) in the 2000s and our work on the most transformational contactless payment roll-out (Transport for London) in the 2010s, our practical experience across implementation platforms means that we understand the architectural options better than anyone.