Recently I saw this article suggesting that 97% of mobile transactions in Asia are fraudulent? Can this really be true? I decided to investigate.
The article highlights an excellent report published by Secure-D looking into mobile ad fraud, which it appears is a largely hidden multi-billion dollar enterprise, impacting emerging markets in particular. As you might expect with an enterprise of this size it is multi-faceted and complex. Two of the ways fraudsters are making money are as follows:
- Fake clicks: The internet runs on advertising revenues obtained when a user clicks on an ad in a mobile app or on a web page. Fraudsters have numerous ways to create fake clicks, that look like they’ve come from a real person, and then be paid the associate fee. One way that they do this is by deploying malicious apps to the devices of unsuspecting users often disguised as a legitimate app offering an innocuous service like providing weather information.
- Hidden purchases: Many mobile users in emerging markets are unbanked and use their prepaid mobile airtime to purchase goods or services. Those malicious apps deployed to devices can also then siphon off funds from users without them realising it is happening. They just see their airtime running out more quickly than it otherwise might.
This is the second of three blogs about technologies to support contact-free use of public transport.
Public transport operators have been making great efforts to make public transport safe during the pandemic. TfL recently launched a new app that makes it easier for passengers to plan their travel and avoid routes where they might come close to large numbers of people. There are claims that the rate of uptake of contactless by passengers has increased significantly since the pandemic and the demand for contact-free transactions on public transport. Visa recently offered a graph relating to global public transport contactless transactions. However, it is not clear what the actual contactless usage is since they are hidden behind month-on-month percentage increases which look enormous when the previous months had fallen off the proverbial cliff.
It’s that time of year again. I’ve had a chat with my colleagues at Consult Hyperion, gone back over my notes from the year’s events, taken a look at our most interesting projects around the world and brought together our “live five” for 2018. Now, as in previous years, I don’t expect you to pay any attention to our prognostications without first reviewing our previous attempts, otherwise you won’t have any basis for taking us seriously! So let’s begin by looking back over the last year and then we’ll take a shot at the new one!
This was the “live five” of technology-driven changes in the secure transactions field that we thought would have a real business impact over the previous year. In the spirit of openness and honesty and disclosure that we are famed for, let’s see how those predictions fared.
- RegTech. I think we did pretty well with this prediction. Interest in regtech has grown throughout the year and the ability of regtech to make real differences in major markets is established.
- Digital Identity. As we noted, one of the key regtechs, if not the key regtech, is digital identity. It did shoot up the agenda over the year and some interesting initiatives opened up.
- PSD2 (still). No commentary is needed!.
- Paying on the Go. We thought that a key use of open APIs will be payments, and very likely mobile payments. MasterCard’s purchase of VocaLink would tend to support this view!
- Invisible POS. The shift from “check out to check in” paradigms is underway but it is fair to observe that we did not see the number of launches we were expecting as many of the projects remain in beta and will be holding to wait for the arrival of PSD2 (and CMA remedies in the UK).
Not bad. In fact, pretty good. So now let’s take a look at where we think the action will be in the coming year in our corner of the transactions treehouse. My guess is that you’ll agree with four out of the five – if not… let us know!
From the perspective of our home base in the UK, the really big trend is easy to predict and wholly uncontroversial, since open banking is going to transform our industry. Thinking around this opens up a couple of adjacent areas as well. So…
- Open Banking. In the UK, the regulators’ determination to bring real competition to the financial services world means that we are about to see major disruption in the space. Last year I called this before a “crossing of the streams” (in an hommage to Ghostbusters!) because there are three different initiatives coming together.The first stream is the PSD2 provisions for access to payment accounts. As you may recall, these include a set of proposals that are due to come into force in 2018. A group of those proposals are what we in the business call “XS2A”, the proposals which force banks to open up to permit the initiation of credit transfer (“push payments”) and account information queries. Even at a pure compliance level these PSD2 regulations pose significant questions for the structure of the existing payments industry. While PSD2 does not mandate APIs (I think – it’s all gotten a bit complicated but as far as I know the screen-scrapers have fought a decent rearguard action) an open banking API is the obvious way to implement the PSD2 provisions.
The second stream is Her Majesty’s Treasury’s push for more competition in retail banking. This led to the creation of the Open Banking Working Group (OBWG), which published its report in 2016. It set out was a four part framework, comprising:
- A data model (so that everyone knows what “account”, “amount”, “account holder” etc means);
- An API standard.
- A security standard.
- A governance model.
The third stream is the CMA report that triggered the remedies mentioned above. This envisages APIs to improve competition in retail banking by focusing on the use of APIs to obtain access to personal data that can be shared with third-parties to obtain better, more cost-effective services.
These streams are coming together to create an environment of what is now called Open Banking. And it’s a big deal. And it begins in January 2018 when the nine biggest banks open up their APIs and the UK becomes a fascinating and exciting laboratory for new services. Who will take advantage of this new environment? Well, in our opinion, it’s not the fintechs. And we are not the only ones who think this.
Much has been made of the rise of fintech [but] according to a report by the World Economic Forum (WEF), traditional banks are more vulnerable to competition from another source: tech giants like Amazon, Facebook, and Google.
From Tech firms like Amazon (AMZN), Facebook (FB), and Google (GOOGL) are the biggest competitive threats to the banking industry — Quartz
As we have pointed out for some time, it is not all obvious that what we refer to as the “challenger” banks in the UK (i.e., the new banks who have obtained licences in recent years) are really challengers at all. The era of the “challenger banks” is coming to an end as the internet giants compete to be the front end to the customers transactional financial services.
- Conversational Transactions. One class of application that will exploit API integration with banking and payment systems is chat, whether through standard messaging applications or “chatbot” interfaces. This is hardly a wild prediction, but we think that the early steps (e.g., Facebook Messenger’s recent UK payments launch) indicate a major shift in 2018. Right now, when my sons at University ask me for money on WhatsApp, I have to switch to Barclays Pingit to send the money. Not for much longer. And it is important to understand the roadmap here, because the link between conversational commerce and voice commerce is straightforward. It’s all small step from typing “Send £20 for the ticket” to saying “Send £20 for the ticket”.
- The Internet of Cars. Anyone who visited Mobile World Congress or CES or, I’m sure, many other events throughout the year, couldn’t have failed to notice the amount of work going on in the “internet of things” (we all understand just how important that will be) and how much of the IoT focus is on the automobile sector. You can see why this is: cars are expensive, so they can stand the cost of adding smart technology that can deliver new functionality. However, as Consult Hyperion have always said, doors are easy but locks are hard. It’s easy to connect the myriad systems in the modern car to the world, but it’s really hard to secure them. This is a great opportunity for organisations with skills in encryption, authentication, key management, operational security and so on to help the automobile industry,It’s one thing when your bank account gets hacked (because the bank has to give you your money back) but when the hackers are crashing cars for fun it’s another thing altogether. If we want our cars to engage in transactions then we have to be sure that the security infrastructure for those transactions is absolutely solid.
- Artificial Intelligence. Well, when it comes to money, and indeed absolutely everything else, there is no doubt that AI will be the most disruptive technology of our generation. We may be a long way from Terminators and HAL 9000, but the massive AI investments pouring into financial services around the world mean that the technology is going to our business, and soon. If you examine where banks are spending their AI budgets right now, machine learning is the main focus. An Infosys poll earlier in the year showed that two-thirds of banks were already spending in this area and this is no surprise. Banks have large quantities of data that in the past they have found difficult to extract wisdom from and they have large transactional flows that they find it difficult to manage in the context of increasing regulatory burdens. Machine learning systems excel at finding patterns and exceptions in such data, provided that they can be fed the voracious quantities of raw material, so the main use of the machine learning systems is currently fraud detection and prevention. This throws up an interesting strategic challenge for banks in the new Open Banking world, because there is a threat to risk management, information analysis and sales/marketing processes in the new environment where they may not get to see the data held by third-party providers but those providers have access to bank accounts.
- Tokens/ICOs. Well, those first four predictions are mainstream. But it’s fun to pick something out of left field (as our American cousins would say) by looking where technology might mean very different kinds of assets being used in transactions. We might well see a new kind of money emerge in the coming year. Not Bitcoin, but “tokens” (the basis of Initial Coin Offerings, or ICOs). When the current craziness is past and tokens become a regulated but wholly new kind of digital asset, a cross between corporate paper and a loyalty scheme, they will present an opportunity to remake markets in a new and better way. One might imagine a new version of London Alternative Investment Market (AIM) where start-ups launch but instead of issuing equity they create claims on their future in the form of tokens. The trading of these tokens is indistinguishable from the trading of electronic cash (because they are bearer instruments with no clearing or settlement) but there will be an additional transparency in corporate affairs because aspects of the transactions are public. The transparency obtained from using modern cryptography (e.g. homomorphic encryption and zero-knowledge proofs) in interesting way iss, as an aside, one of the reasons why we tend to think of the blockchain as a regtech, not a fintech.
All in all, the coming year will see much more disruption than might be apparent at first because the shift to open banking, starting in the UK, is what will drive the reshaping of the sector while at the same time the advance of AI into the transaction space (transactions of all types, from buying a train ticket to selling corporate bonds) begins to reshape the way we do business.