When we look forward to 2021, it is no surprise that COVID-19 is the dominant factor. So far as the merchant payments world is concerned, the shape of the post-pandemic new normal transaction environment must be the key strategic consideration for stakeholders and I am desperately keen to hear the variety of informed opinion on this topic that I have come to expect at Merchant Payments Ecosystem every year. At Consult Hyperion we like to contribute to these conversations by providing a useful framework for discussion: our annual “Live 5”, our yearly set of suggestions for strategic focus. This year, we choose to look at the key issue of pandemic transformation and its impact of on the three key domains where our clients operate: Payment, Identity and Transit, together with (as is traditional!) a suggestion as to a technology that the POS world may not be thinking about but probably should be.
Today marks the 10th anniversary of Safer Internet Day in the UK. Each year Industry, Educators, Regulators, Health & Social Care workers and Parents rally to raise awareness and put into action, plans to tackle findings from significant research on the topic of trust and safety on the internet. This year one of the research pieces talks of the challenge ‘An Internet Young People Can Trust’. As a mum of two school age children, I am sat here wondering if the internet will ever be safe … for them or me.
If I think about life BC (before COVID), my eldest used social media for broadcast communications to her friends. She was guided on the appropriateness of certain apps and our acid test on the content she was posting, was always ‘would you go up to a stranger in the street and give him your name, age, location and a photo of you in a bikini’ … her reaction was always ‘err, no’. My youngest had never been online apart from BBC Bitesize for homework assignments. We’re not online gamers so have never had constant nagging to go online. Additionally, you have to remember the internet (and mobile internet) has been significant in my work world since 1990 so I have a heightened understanding of the pitfalls and have seen many fall foul of their online reputation, tarnishing their in-person reputation.
A couple of weeks ago I wrote a piece for our friends at Smartex; ‘Brexit and the UK Finance’s proposed £100 contactless limit’. Perhaps a title more worthy of grabbing readers would be ‘Will Brexit make stealing bank cards attractive again?’
The pandemic has accelerated consumer behaviour that has been teetering for the last decade. The desire for contact-free (and therefore contactless) transactions, has meant a significant trend in consumers becoming comfortable with tapping their cards and perhaps more interestingly, their phones (devices/wearables). We’ve seen merchants switch from hand scribbled ‘cash only’ signs, to ‘please use cards (devices etc) wherever possible’. Some stores have completely rejected cash altogether.
It’s that time of year again: where’s it’s traditional to take stock and look to the future. At Consult Hyperion, we do that through our ‘Live 5’ process; where we look at major trends in business, technology and consumer attitudes and project them onto our areas of business focus, with twists of our own. This is more than a marketing exercise. It informs our advisory services, but also sets our own strategy, for example by determining what technologies are investigated, and protypes built, by our Hyperlab unit.
Guest blog post by Mirela Ciobanu, The Paypers
The topic of Central Bank Digital Currency (CBDC) is gaining momentum. Across the globe, many CBDC initiatives aim to digitalise payments, support financial inclusion, make cross border payments faster and cheaper, support fiscal transfer, etc. What is firing up discussions around CBDC and why is it important today?
Adoption of new technologies and understanding of their huge potential to support and stimulate our life has caused the world to change a lot in the last year. The current pandemic has triggered the decline of cash usage to avoid getting the virus and safeguard the most vulnerable ones (health-wise). Economic wise, as many governments wanted to protect their citizens and directly stimulate the economy down to every citizen, they offered ‘helicopter money’ via digital wallets.
Recently I saw this article suggesting that 97% of mobile transactions in Asia are fraudulent? Can this really be true? I decided to investigate.
The article highlights an excellent report published by Secure-D looking into mobile ad fraud, which it appears is a largely hidden multi-billion dollar enterprise, impacting emerging markets in particular. As you might expect with an enterprise of this size it is multi-faceted and complex. Two of the ways fraudsters are making money are as follows:
- Fake clicks: The internet runs on advertising revenues obtained when a user clicks on an ad in a mobile app or on a web page. Fraudsters have numerous ways to create fake clicks, that look like they’ve come from a real person, and then be paid the associate fee. One way that they do this is by deploying malicious apps to the devices of unsuspecting users often disguised as a legitimate app offering an innocuous service like providing weather information.
- Hidden purchases: Many mobile users in emerging markets are unbanked and use their prepaid mobile airtime to purchase goods or services. Those malicious apps deployed to devices can also then siphon off funds from users without them realising it is happening. They just see their airtime running out more quickly than it otherwise might.
Payment Processing Platforms
At Consult Hyperion we spend a lot of our time looking into payments processing platforms for our clients. Over recent months we’ve delivered;
- technical due diligence, assessing their capabilities
- security and vulnerability analysis on networks and products
- designed fundamental security architectures for new payments solutions
- advised clients on the selection of payment platform solutions
- and helped design new platforms or extended the capability of their existing platforms
It’s fair to say we have a comprehensive understanding of payments processing. The products and solutions offered by Fintechs, Banks, Neobanks etc. rely on the capabilities of the underlying payments platform(s).
At the (sadly, virtual) Fintech South event the year, I was asked to chair a discussion on identity and privacy with three extremely well-qualified experts who had informed perspectives on the state of, and trends in, those important pillars of a digital society. These were Adam Gunther (SVP, Digital Identity for Equifax), Andrew Gowasack (Co-Founder and President at TrustStamp) and Megan Heinze (President, Financial Institutions, North America for IDEMIA). It was great to talk to a group of people who were not only well-informed on these topics but had some passion for them too.
I won’t go over everything that was discussed, but I do want to pick up on a comment that was made in passing when I was chatting to the panelists: someone said that a guiding principle should be “no scary systems”. Hear hear! But what is a scary system? It is, in my opinion, a system that privileges security over privacy. This is not how we should be designing the identity systems for the 21st century!
When consumers install software on their devices, they often perform some sort of risk evaluation, even if they don’t consciously realise it. They might consider who provides the software, whether it is from an app-store, what social media says, and whether they have seen any reviews. But what if once a piece of software had been installed, the goalposts moved, and something that was a genuine software tool at the time of installation turned into a piece of malware overnight.
This is what happened to approximately 300,000 active users of Chrome ad blocking extension Nano Adblocker. You see, at the beginning of October, the developer of Nano Adblocker sold it to another developer who promptly deployed malware into it that issued likes to hundreds of Instagram posts without user interaction. There is some suspicion that it may have also been uploading session cookies.
What did you think of the US election? I don’t mean the candidates and the outcome. What did you think of the election process? Should it be possible for national elections of this type to be done online? Last week the IET published a paper on internet voting in the UK, led by our good friend at the University of Surrey, Professor Steve Schneider. It’s well worth a read. As the paper explains, internet voting for statutory political elections is a uniquely challenging problem. Firstly voting systems have exacting requirements and secondly, the stakes are high with the threat of state level interference.