Victoria Saporta, BoE executive director for prudential supervision, has said recently that minimum resilience requirements should be required for the tech giants’ (and others’) hosting services, before they may process and store banking data. We strongly support these comments. We have identified this issue as one of a number of new risks arising from modern financial systems architecture, in recent Structured Risk Analyses that we have carried out for financial and retail organisations in North America, Asia-Pac and EMEA.
In our Live 5 for 2021, we said that governance would be a major topic for digital identity this year. Nowhere has this been more true than in the UK, where the government has been diligently working with a wide set of stakeholders to develop its digital identity and attribute trust framework – the rules of road for digital identity in the UK. The work continues but with the publication of the second iteration of the framework I thought it would be helpful to focus on one particular aspect – how might the framework apply to decentralised identity, given that is the direction of travel in the industry.
EMV is at the heart of global payment card processing. As a specification it governs the processing of billions of transactions globally, with the vast majority of those flowing through the international payment schemes. As a technology it has been incredibly successful, reducing fraud levels everywhere it’s been introduced and its extension into contactless payments is now the fastest growing area of face-to-face payments. The idea that EMV might soon be obsolescent seems far-fetched, to put it mildly, but there are reasons to believe that its hegemony is under threat.
Card issuing seems to be hot right now. Despite the rise of alternatives to card payments, many Fintech’s appear intent on adding payment cards to their product portfolios. And it is not just the “me too” start-up banks.
For example, some international remittance services are adding payment cards to their offerings. This allows customers to spend the money they receive directly but also means that customers do not withdraw funds immediately upon receipt. This extends the customer relationship adding value to both the customer and the Fintech.
We were delighted to get a lot of good feedback on Neil’s previous blog on Mondex Memories and CBDCs and its relevance to CBDCs and thought it would be interesting to respond to some of the more interesting – and difficult – points raised in a follow-up blog. Before addressing those I wanted to put the Mondex program into some historical context. They were very different days – we didn’t have an intranet until 1996, let alone internet access. There were no SDKs – although actually we did build a precursor to one of those – or APIs and the idea of remote payments was still in its infancy (although we did that too).
Deep in the mists of time (that is to say, the early-1990s), I led the team from Consult Hyperion responsible for Mondex specification, design and development. For those not familiar with paleo-payments, it was one of a clutch of (contact) smart card based electronic cash systems, none of which survived beyond, let’s say, early adolescence. There were two main reasons for their demise, one technological and one business. The concept was ahead of the capabilities of the underlying technology. Transactions took about the same amount of time as cash plus change, which wasn’t a compelling reason for anyone to leave their wallet behind. The promoters of the schemes (retail banks and payment brands) did not target particular niches where there may have been a business case (I always thought car parking might work) but instead blanketed retail outlets in particular cities or small countries. So, mostly unused devices were put under the counter, and people forgot about the schemes after an initial blaze of publicity.
Last week, I attended the excellent Transport Ticketing Digital Summit which focused on advances in fare collection and Mobility as a Service (MaaS).
I was delighted to be asked to present a keynote at the FIDO Authenticate Summit and chose to focus on digital identity governance, which is something of a hot topic at the moment. Little did I know that the day before my session was recorded the European Commission would propose a monumental change to eIDAS, the Europe Union’s digital identity framework – one of the main examples I was planning to refer to. I hastily skimmed the proposed new regulation before the recording but have since had the time to take a more detailed look.
Earlier this year we were delighted to be part of the Consult Hyperion webinar on Request to Pay. A common thread in post-event conversations that followed was an interest in the parallel developments of the UK and European flavours of Request to Pay and how they might work together. With the launch of the European version on June 15th, we thought it an ideal time to signpost the bigger differences.
In the new digital economy, digital identity is a key component to ensuring security, privacy, and convenience for people and businesses.