It’s that time of year again. No matter how much I complain that silly lists of what will be big in the New Year are trivial and superficial and not really representative of a more detailed analysis of key trends… I still feel I have to annoy my colleagues at Consult Hyperion into giving me a few ideas so that I can surf the end of year blog wave.
Here we go then. As for the last few years, I’ve put together a “live five” of technology-driven changes in the secure transactions field that will have a real business impact over the coming year. But first, in the spirit of openness and honesty and disclosure that we are known for, I think it’s not right to bother you with this kind of thing without first assessing how we did last time so that you can judge whether to pay any attention to this year’s list or not! So let’s see how our live five for 2016 did:
- Amazonisation. We got this one right. The focus on APIs increased through the year and not only for the interfaces to 3rd parties but also as a mechanism for restructuring internal processes and operations.
the more far thinking will be re-engineering their businesses to develop a whole bunch of APIs outside of PSD2 and will be working out the business models behind opening them out to developers and businesses.
It’s been really interesting see how the bank (in particular) attitudes to the priority and scope of API strategies has evolved over the year.
- Mobile ID and Authentication. Again, largely correct. The European Directive on Strong Customer Authentication (SCA) means that banks and other financial services organisations have had to up their game and make significant investments in improving their authentication methods. For most, this has meant moving to solutions that somehow involve the mobile phone. The impact of the NIST report on 2FA (which said that one-time password sent by text message can no longer be considered a secure authentication method) has yet to be felt, but the shift to more sophisticated and comprehensive mobile identity solutions is underway.
The NIST guideline goes on to talk about using push notifications to applications on smart phones, which is how we think it should be done.
Of course, this means doing proper risk analysis on the mobile applications to make sure that they have the appropriate levels of security built in, but at Consult Hyperion we’re rather good at doing that, so it’s a sensible way to proceed.
- EMV Next Generation. Big for us, but I wouldn’t say it’s touched the mainstream yet. EMV is getting long in the tooth and needs to be refreshed.
We celebrate St. Valentine’s Day on 14th February every year to commemorate the introduction of chip and UK In the UK on 14th February 2006. I am a payments romantic, so this is very special day.
The work that we have been involved in, helping clients to assess and shape their strategies towards the future of EMV, continues.
- The Push for Push. When I wrote this I couldn’t have imagined just how right I would be. MasterCard spent a billion dollars on VocaLink.
mark my words it was one of the most significant events in the evolution of the UK payments industry since Reg Varney got a tenner out of that first ATM in Enfield half a century ago.
- Transparency. Mixed, I would say. I had expected shared ledgers to proceed further in the exploration of new markets and new kinds of markets but actually most of the work that we have been involved with (I mean paid professional services, not academic research) has continued to look at the ways in which this interesting new class of technology could be used to emulate, essentially, existing centralised systems. But I think our analysis, as set out in this paper, stands.
The paper that Richard Brown of R3, my colleague Salome Parulava and I put together what seems like an age ago (a year is a long time in fintech) has finally been published!
However, in one or two of the projects, the focus did begin to shift to new ways of doing things and we remain of the opinion that more transparent markets will come.
On the whole, not too bad I think. A good enough score, I hope, to make our thoughts about 2017 worth at least a glance.
As you know, I’m all about new technology at the point of sale or service, so I’m going to choose five areas where new technology will make a significant difference to retail financial services – not only payments – over the coming year.
On to the predictions for the coming year. I’m playing the same game as always here. I don’t want to give away any of the really cool stuff that our teams are working on for clients in business, NGO and government sectors right now, but I do want to make predictions that I already sort-of know will come true because we are already working with the technologies so that I can look clever! I’m sure you all understand how this works. Anyway, here goes…
- RegTech. A number of the new technology projects that we have been involved with recently have come to a similar conclusion, which is that the use of new technology to reduce the cost of transactions is a struggle, but the use of the new technology to reduce the cost of regulating the transactions has a much better business case.
2017 will see the emergence of the next generation of innovation in fintech that addresses risk management and regulation for the bank. We expect that regulatory technology, also known as regtech, will emerge as a separate area of innovation…
For many of our clients, the costs of regulation are both high and out of control. If the blockchain or cloud or big data or biometrics or whatever can do anything to address the spiralling costs of compliance, they will have significantly more impact on the transaction space than if they could deliver a marginal reduction in transaction costs.
- Digital Identity. One of the key regtechs, if not the key regtech, is digital identity. It has finally risen to the top of the agenda and this year it will finally change the way business works. I notice that Karen Webster has come to a similar conclusion in her piece about the major trends for next year.
More than just authenticating a consumer for a particular transaction, creating a secure digital identity will mean capturing a variety of attributes about that consumer that then can be selectively presented as needed.
Indeed. What’s more, implicit in this prioritisation, is the start of the identity wars as various constituencies struggle to deliver the mass-market identity solutions that we need. In some areas, it may be the government that does this, in other areas it may be the banks. But in some areas, it may be the big five: Facebook, Google, Amazon, Microsoft or Apple. Either way, there are big implications for our clients long-term strategies.
- PSD2 (still). One of the immediate needs for digital identity infrastructure is to help with the delivery of PSD2 in Europe. Along with the Secure Customer Authentication directive mentioned above, a practical identity infrastructure is an urgent requirement if the industry is going to make open banking and API access work cost effectively .
European banks and payments companies will spend much of 2017 preparing for the second phase of the EU’s Directive on Payment Services (PSD2).
Right now this is all a bit of a mess because the “standards” that the industry is waiting for our being delayed and it seems to me that the timescales will be further extended in the New Year. However, she is still possible for banks to develop their strategies around the demands of PSD2 even if the details of the specific standards are not yet known.
- Paying on the Go. A key use of open APIs will be payments, and very likely mobile payments. Mobile payments are coming front and centre as a means to authorise access to payment accounts. Not for tap-and-go NFC but for the next generation of retail, transit, utility and other payments across all channels. As everyone has been saying, payments are vanishing inside the mobile phone and whether it is ordering your Starbucks via a voice interface or jumping out of an Uber or shopping at an increasing number of websites, the transaction will complete because of the identification and authentication (I tend to label these “recognition” for short) functionality of the mobile. Since the mobile delivers both convenience and security it seems to me unstoppable in this regard.
Retailers across the board will adopt mobile payment solutions.
It is natural for retailers to want to manage the shopping experience in order to deliver the best possible service to their customers. As the bumper sticker says, they want to go from check-out to check-in. One of the implications of this shift for our clients is that they will be delivering services to mobile app developers rather than end customers! Testing these mobile apps to make sure that they have the security necessary for the mass market needs specialist skills that Consult Hyperion has and that customers can rely on.
- Invisible POS. In many of the markets where we provide professional services and indeed software to the transactions value network, the day when non-cash transactions will no longer be dominated by cards is now within the strategic planning horizon.
No checkout lines. No registers. No self-checkout. No cash, credit or debit.
I’m not expecting the Amazon Go science fiction model to dominate world retailing any day soon, but the combination of mobile apps, instant payments and alternative payment solutions will combine to see volume shift away from the card dip, swipe or tap. Card payments (by card, by token etc) will continue to grow but as more and more of them vanish inside apps, so the nature of the card industry and the shape of the value networks will shift. And if you this is rose-tinted techno-determinist hype from engineers, have a look at what someone whose business this is think about it:
Amer Sajed, the chief executive of Barclaycard, says it will spell the steady demise of the physical plastic credit card, which his company introduced to the UK 50 years ago. “People will be able to seamlessly shop going between the web, an app or in store,” he says.
When customers check in and then check out without plastic in their hands, the point of sale will undergo fundamental change. The competition between payment methods will be subject to new dynamics that are not yet visible or understood. Trying to introduce a new payment scheme to Tesco’s stores is one thing, but introducing a new payment scheme inside the Tesco app (with no changes to the stores, POS or any other infrastructure) is quite another. Our knowledge of both new payment methods and new POS environment help clients to make to informed decisions about their future retail environments.
What does this mean for our clients for the coming year? Given that by and large we work for the incumbents who currently dominate their markets, whether banks or card issuers or acquirers or retailers or government agencies, it’s all about linking these key trends together at a strategic level in order to be able to take advantage of the opportunities offered by the new technologies at the tactical level, working with new players where necessary, to stay on top.
My feeling is that these strategic trends will interact to cause some pretty interesting changes in our markets across the coming year, driven above all by the absolute necessity to restore sanity to the cost-benefit calculations around compliance. It will be regulatory pressures, not technology drivers, that shape most decisions in the next few months but we understand how to make effective use of new technology in responding to those pressures so that’s all good. Here’s to another great year in the world of secure electronic transactions!