The New Zealand economy’s $45 million credit card brake

In October of this year the New Zealand Government’s Ministry of Business, Innovation & Employment (MBIE) released an issues paper outlining the current state of the country’s retail payment systems. The paper is part of a broader conversation about payments, technology and banking efficiency that many governments are starting to take a keener interest in as they look for economic growth levers.

The MBIE identified 5 key issues facing the local market, many of which some of you will notice resonate with conclusions government bodies in Australia and the European Union have also reached. These issues were:

  • Market incentives that drive credit card use over and above low cost alternatives are adding $45 million per year in additional costs to the economy. The number represents approximately 5% of the total resource cost for processing electronic card payments.
  • Increased card processing costs have seen merchants increase their prices to all consumers (high and low income earners alike) by around $187 million per year. This has led to low-income households cross-subsidising high-income households credit card reward programs to the tune of $59 million per year.

NB: There is growing evidence of banks ‘flipping’ credit card users to higher cost premium cards, that offer higher rewards. These cards incur higher charges for merchants, who are faced with steeper interchange fees.

  • Scheme debit cards are steadily encroaching on the market share of New Zealand’s free and proprietary domestic EFTPOS network. This could result in similar market distortions occurring in the future, as has been seen in credit card markets.
  • The interchange model is blocking innovation and new entrants to the market, by giving card issuing banks significant financial incentives to favour payment systems that offer interchange income.
  • Interchange fees charged to small businesses can be up to two and a half times as great as those charged to large businesses. Any increase in this spread could harm retail competition.

Interchange fees in particular dominate the conversation when it comes to retail payment networks, and it is no different in this paper. And while the report notes these fees are a ‘perfectly rational profit maximising mechanism from the perspective of the network owner’ and useful in the context of first growing a two sided market, the question remains as to whether they continue to be the best pricing mechanism for today’s mature market.

The Reserve Bank of Australia seems to be leaning towards no when it comes to answering that one. In May of this year it released a report reviewing card payment regulation in Australia. It states ‘there is little justification for significant interchange fees in mature card systems’, calling for continued regulatory intervention in the market to keep interchange fees at acceptable levels. No doubt the MBIE will be taking note of this finding.

Regulation and possible government intervention isn’t the only battle issuers have on their hands when it comes to protecting their margins. In Australia, several of the largest banks are attempting to collectively stare down Apple Pay in its battle for a share the interchange fee income. However, in a blow to the negotiations, just last week Apple announced it had struck a deal with payments provider Cuscal, allowing the 31 credit unions and smaller banks Cuscal serves to shortly begin offering Apple Pay to customers. Locally they’ll join ANZ and American Express who have already come on board. Given Apple Pay is a carrot for acquiring deposits, a much needed source of bank funding, the last remaining banks will no doubt be looking to reach a resolution with Apple as soon as they can to avoid churn.

Innovation is certainly picking up speed. Last week Paymark, the company responsible for maintaining the local debit network in New Zealand launched Online EFTPOS, allowing customers to pay for goods online directly from their cheque or savings account. If this is cheaper for merchants compared to traditional online payment methods of scheme debit and credit, they will do their best to steer merchants towards this payment method.

Payments innovation is a rising tide that will lift all ships – merchants and consumers alike. Could that same tide seem more like a tsunami to issuers and schemes? Undoubtedly they will still have a role to play, however the writing seems to be on the wall that it will possibly be a more marginalised one.

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech. Jessica Ellerm is a thought leader specializing in Small Business.

Ripple may become real competition for SWIFT in cross border payments

Best Internet Concept of global business from concepts series

ID:38626297

Image source.

Next week, 8,000 bankers and their vendors fly into Geneva for 4 days of talking about FinTech. Last year I had to fly to Singapore. This year, I can just hop on a train from Bern (sayonara jet lag).

Last year Emergent Fintech started to move onto the main stage at SIBOS and this year it really is center stage in a way that resonates with the people who come to SIBOS; there is less talk about disruptive business models replacing incumbent banks and more about how disruptive technology can help Banks make a quantum leap in processing efficiency.

However one Emergent Fintech venture that is active at SIBOS could give SWIFT (which owns SIBOS) some cause for agita. Ripple is emerging as a real contender in cross border payments, which is a business that SWIFT has dominated for decades.

Ripple Basics and Recent Momentum

To quote from Ripple information on SIBOS (Stand F60):

“As bank-grade distributed financial technology, Ripple delivers instant, certain, and low-cost settlement for all banks via a global network of banks and market makers.

 Ripple offers a real-time cross currency settlement solution and a FX market making solution, both available for license. These solutions enable you to settle cross-currency payments efficiently, by connecting your bank directly to other banks around the globe for direct bank-to-bank settlement.”

Ripple recently closed a $55m Series B and in today’s market, a Series B is a good proxy for momentum. The investors are mainly banks, which makes sense as they will be the users.

More importantly, they are making the first live payments on the network, talking about transactions completing in 20 seconds.

The recent problems with Ethereum play into Ripple’s hands. For a long time, many people said that Ripple might be easy to implement but that it was a commercially controlled currency. The Ethereum problems show that all new digital currencies have their issues.

Visa has also just thrown in its hat into the cross border SWIFT alternatives.

The cybersecurity challenges that SWIFT suffered earlier this year must be making banks more willing to look seriously at alternatives.

Whether cross border payments use Ripple, Ethereum or Bitcoin Sidechains remains to be seen, but it seems clear that we can expect cross border payments completed within seconds in the not too distant future. It is pretty clear where the puck is headed.

SWIFT’s own Blockchain initiative 

SWIFT announced they were looking at Blockchain almost a year ago. Since then there has not been a lot of news. SWIFT can certainly buy whoever gets traction, but will face a cannibalization challenge as new entrants will be cheaper as well as faster. Cheaper payments will increase volumes so I envisage a future where SWIFT still dominates cross border payments but using Blockchain technology, with lower prices and increased volumes.

The back office guys are getting ready

In my core banking days, the SWIFT module was critical. It still is. However we can see the vendors, consultants and oursourcers getting ready for payments via Blockchain. This announcement by Ripple, Deloitte and Temenos is an example of an industry positioning around a possible new value chain.

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge platform.

The opportunity to disrupt the credit card rails may finally be opening up

blowing-up-railroads

Image source

The transition to Chip and PIN credit cards in America currently looks like just a big conversion cost – good for vendors and consultants and a big extra cost and time suck for everybody else. 

However, below the surface something bigger is brewing.  Chip on plastic is incremental change, but Chip on mobile phone is a game-changer. 

Payments has been the boulevard of broken dreams for entrepreneurs, but there is a reason it attracted so much attention – it is a massive market. According to Boston Consulting Group:

“In 2013, payments businesses generated $425 billion in transaction revenues, $336 billion in account-related revenues, and $248 billion in net interest income and penalty fees related to credit cards. The total represented roughly one-quarter of all banking revenues globally. Banks handled $410 trillion in noncash transactions in 2013, more than five times the amount of global GDP.” 

The accepted wisdom is that dreams of disrupting those credit card rails is foolish. You can see that wisdom baked into the stock price of Visa and Mastercard (just shy of $300 billion as I put keys to pixel).For a while, the disruptive crowd looked to Bitcoin but that hope has faded. The accepted wisdom now is that you can only make money within the existing credit card rails.

That maybe about to change (and it is nothing to do with Bitcoin). 

First, lets look at the big switch from mag stripe to chip cards in America

The big switch from mag stripe to chip cards in America

To the rest of the world, America moving from mag stripe to chip cards merits this reaction – “what took you so long?”

AITE Group has run the numbers. Here is one of the headlines from their report:

“the cost to implement PIN for all cards at merchants with PIN pads already installed is low, the costs are much higher for merchants that have yet to install PIN capability”

That is why many merchants in America are currently implementing a strange variant called Chip and Signature – you know, those signatures that nobody ever checks! Signatures are a relic of the past, useless in the digital age. That is why in countries that went to Chip cards a long time ago, it is all now Chip + PIN (but there was a period of transition where check out staff were clearly trained to look at the signature, although what they could actually check is unclear). That combo of Chip + PIN is pretty secure and that is a big deal for retailers because they now have the liability for fraud.

Chip cards alone are more secure than mag stripe cards. A criminal can steal the PAN (Primary Account Number) if they have your mag stripe card for a minute (one crooked waiter is enough) but with a Chip card they need the card itself to get cash or goods and consumers know when they have lost a card and will report it lost to the bank/issuer, so the time window for a criminal is less. This is a better Single Factor Authentication – something you have.

However Two Factor Authentication – something you have  + something you know is better. That is Chip + PIN.

Where the puck is headed. At some point merchants must start saying “if we are responsible for fraud and all the costs to prevent fraud, why are we paying such a big transaction fee?” Credit Card networks rely on all the parties – consumers, merchants, banks – having aligned interests. If one or more starts to question “whats in  it for me” the network starts to break down,

The next headline focusses on the issuers/banks:

“Issuers would also face significant incremental expense, including the costs to reissue cards, establish and maintain a PIN management system, educate customers, and modify ATMs and interactive voice response platforms. Issuer costs total more than US$2.6 billion, which would result in a five-year fraud-avoidance benefit of about US$850 million”. 

Well that sounds like a lousy ROI argument – invest US$2.6 billion and get back US$850 million! Pass, thanks. Of course one can argue with those numbers, but even if they are wrong by a lot, the ROI still looks lousy. Maybe those numbers are so far off that the ROI is viable. Common sense says that they maybe way off, because issuers did all that in other countries and they would not have done that if the ROI was that bad. Does anybody have better data?

Where the puck is headed. To Issuers (aka Banks), credit cards are the way to to do unsecured consumer lending at the point of need aka point of sale. A consumers is at a store and wants to buy a $1,000 item and  not confident I have $1,000 in their account so they opt for credit.  Unsecured consumer lending is what Marketplace Lenders do. Banks want to be there at the point of need/sale because that means low Customer Acquisition Cost (CAC). So Banks will tighten up limits and be more selective on who they give credit to. That has happened in countries that moved to Chip + PIN. That means that Issuers will implement Chip + PIN no matter what it costs because it it is way to stay at the front end of unsecured consumer lending. Any vendors helping them reduce those costs will do well. However the big picture is that while we use the term issuer and bank interchangeably, because most issuers are banks, you do not need to be a bank to be an issuer. You could be an Altfi Lender or MarketPlace Lender or a Merchant.

King Consumer is OK with the big switch

So much for merchants and issuers. What about the critical third player in this network – you and I?

Consumers find Chip + PIN easy enough (spoken as somebody who lived in America for many years and then moved to Europe). Sure, it is a muscle memory change, but it really is not that hard.

Retailers will make the switch because they have to and Issuers/Banks will make the switch because they have to. There will be lots of debate about who pays and how much, but the switch has to happen. The mag stripe alternative is simply not viable  – it is a relic like a fax machine.

But lets consider the other switch, the ones that the criminals do.

The criminal big switch

After Chip + PIN is introduced, fraud in Card Present transactions (aka physical retail) becomes too hard, so criminals shift attention to Card Not Present (CNP aka e-commerce).

Again, who has liability is key. If retailers have liability, they will impose one more step on consumers.

Both Visa and Mastercard have a solution. MasterCard has SecurePay. Visa has Custom Payment Service.

Using myself as a market panel of one, I can tell you that it is no more than a minor irritant, like learning to use a PIN.

So far, the 4 cornered marketplace – consumers, merchants, and issuers and payment networks – is intact and the credit card companies sit in the middle earning their fees as the 4th corner.

However, the big change is when we go to mobile transactions.

Three factor authentication is better

Chip is better than mag stripe for single factor. Chip + PIN is better two factor than Chip + Signature. But 3 factor is best and that is what mobile phones enable:

  • Factor 1: something I own (can be a chip on a card or a chip in a phone)
  • Factor 2: something I know (PIN)
  • Factor 3: something you know about me (location in a mobile phone, not possible with a Chip card).

If the payment authoriser (basically what a credit card company does) knows all three, the chance of fraud is very low. If you reduce fraud costs, the actually costs of making a payment are a blip of attention in one of your servers i.e. so close to zero that you might as well count it that way.

The Mobile Payment tipping point.

If this data from eMarketer is even close to right, we are at the Mobile Payment tipping point:

IMG_0915

When Merchants move into Payments via Tokenisation

Shh, don’t tell, but Uber is really a payments company with an e-commerce skin. So is Amazon. So is AirBnB. People make a big deal about Uber, Amazon and AirBnB not owning the actual physical stuff/service that we buy – as if vertical integration was an issue in the 21st century. What is much more critical is when a when Merchants become payments businesses through Tokenization.

Tokenization 101

Tokenization is the one time password that a student of cold war espionage stories would recognize. If you steal the token/one time password, you can steal the contents of that message/payment and only that message. That is fundamentally different from stealing the Primary Account Number (PAN). If you steal the PAN (by physically stealing a card or reading the mag stripe encoded data from a merchant) you can steal a lot of money.

Remember those merchants upset by the cost of switching to Chip + PIN? They would like to do this as well. Any entrepreneur who figures out how to offer that to small merchants will do well – maybe Square?

It is an aggregation job. If you aggregate a large number of tokens (ie consumers who trust you enough to do payments through you) you have a valuable business.

Think about these giant commerce players – Uber and Amazon and AirBnB – in terms of the 4 cornered marketplace:

  • King Consumer – well somebody has to pay
  • Merchant – tick
  • Issuer – Merchants can also be Issuers. They can lend (the often do, calling it Supply Chain Finance or something)
  • Payment processor. This is where we need to look at Debit Interchange Fees & Mobile Wallets.

Interchange fees & Mobile Wallets.

If you pay via Debit from your bank account, it is simply a blip in a server somewhere i.e. cost is close to zero and where regulation around Interchange Fees come into the picture.

If you pay via Debit from your bank accountDebit from cash in your mobile wallet, the cost should be zero. It is like paying in folding notes and coins, with no intermediary. If a merchant who already has your consumer trust, offers you mobile cash as an option at a lower cost it is an easy call. Even in a drunken Uber cab ride home you can peek into your mobile wallet and see if you have enough cash. This is where mobile wallet interoperability and the leapfrogging to mobile money in the Rest (which is a big theme on Daily Fintech) is key.

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge platform.

India may take the lead in mobile payments by cracking the digital ID problem

Fingerprint_Scan_-_Biometric_Data_Collection_-_Aadhaar_-_Kolkata_2015-03-18_3660

A lot has changed since the Fintech Global Tour went to India in January 2015, when the action looked uninteresting. Days later we discovered Paytm and digging into that story we could see how India is leapfrogging the West in mobile payments. Later that year we looked at the Payment Bank Licenses, an innovation that regulators in other countries now study and adapt to their country. Today we look at how India is taking this to the next level with the Unified Payment Interface.

Digital Identity for the Unbanked

Less than 2% of the 1.2 billion population of India have a credit card (and nearly 20% have never been to a bank). and yet there are over 1 billion mobile phones in India. Leapfrogging the old way (credit cards and ATMs) is the only way. This is the core of our thesis of First The Rest then The West (that the innovation, which in the 20th century went from West to Rest of the World, has moved in the 21st century and now increasingly moves from the Rest Of World to the West).

The goal of mobile money – to make transferring and receiving money as easy as exchanging e-mail or text messages – is an essential user need in India (and a nice to have in the West).Imagine paying for that pizza delivery when you don’t have a credit card and the ATM is miles away. The pizza guy has a mobile phone. The solution is obvious. As long as you can crack the Digital ID problem.

Unified Payment Interface

Unified Payment Interface is a recently announced architecture and a set of standard APIs that was launched by National Payments Corporation of India. It is consistent with the Reserve Bank of India‘s vision of a digital society. India already had an Immediate Payment Service (IMPS) platform through which one could transfer money instantly by going online. Unified Payment Interface takes this a critical stage further by enabling easy debit capability on mobile phones.

Identity after Aadhaar

The key to mobile money is Digital ID. This is key to preventing fraudsters and other bad actors (money launderers, terrorists etc).

Unified Payment Interface is built on top of India’s massive biometrics-enabled national ID system, called Aadhaar (the Hindi word for foundation). This is a unique 12-digit number associated with a person’s eye, fingerprint or facial features and it has recently crossed the magic number of registering 1 billion people. This leapfrogs western artefacts such as drivers license and passport.

Entrepreneurs and Banks on a level playing field

The goal of regulators is to get better, faster, cheaper financial services to the people. They should not care whether it is a bank or a startup that does this as long as both play by the rules.

Unified Payment Interface is being created by India’s retail banks and backed by India’s central bank. This is essential because the Banks have to accept the Digital ID. Yet the biggest beneficiaries could be ventures such as Paytm, or Novopay which offers mobile banking at 44,000 neighborhood convenience stores (called kiranas in India). Unified Payment Interface is about C2M as much as it is about C2C (a distinction that is unreal in a country like India where most people are micro entrepreneurs aka sole traders or free agents).

Tech Smart Regulation

Unified Payment Interface is another example of Tech Smart Regulation (like PSD2) that goes beyond a bureaucratic mandate to make it happen through an architecture and a set of standard APIs.

It is not a coincidence that these big government initiatives have been partly brought to life through the smarts and hard work of Indian tech pioneers such as Nandan Nilekani and Vinod Khosla.

Different path to China

The action today in Fintech is in China. BAT (Baidu Alibaba Tencent) are making moves that make the American Internet Platforms (GAFA – Google Apple Facebook Amazon) look hesitant. Western firms flock to China to invest and do deals. The Bitcoin story today is largely a China story.

India is just the other country with over a billion people. Except that a) India’s demographics are better (younger) and b) India’s GDP growth rate has surpassed China (the data is questionable as it is in many countries these days).

Those two “unicorn countries” (with over a billion people) have taken a totally different path. China leaped to prosperity through manufacturing and is now making the transition to being a consumer centric economy (from being export driven). India grew more slowly in services and is already more of consumer centric economy. China can make stuff happen quickly because a single Party is in total control, but has no safety valve of popular discontent, while India has a famously messy and slow moving democracy. In technology, the changes are also stark. American Internet Platforms struggled to get established in China, leaving room for BAT (Baidu Alibaba, Tencent) to emerge but were welcomed with open arms in India (where the Google of India is Google, the Facebook of India is Facebook, etc).

By cracking the Digital ID problem, India may create a global winner in mobile payments.

E-commerce is payments with a pretty wrapper

Flipkart is a big e-commerce success story in India that figured out how to accept cash for deliveries. Naturally they got into the mobile payments game by buying PhonePe, which uses the Unified Payments Interface.

Uber is really a taxi service that figured out how to tokenize the credit card payment process. India has figured that out and is not making their entry easy (which Uber responds to in their trademark pugilistic fashion as we reported here).

Better than M-Pesa

Africa pioneered mobile payments with M-Pesa. While the West was obsessing about the theoretical possibilities of Bitcoin, M-Pesa was changing millions of people’s live in practice. The data from where it started in Kenya is amazing – about 50% of the population use it. This has crossed the chasm.

However, M-Pesa suffers from one fatal flaw that prevents global adoption. It is a closed system controlled by one company (Vodafone). India has so far taken an open approach to innovation and could do this in mobile payments.

Both China and India view Africa as a market opportunity. Yet Africa may create its own disruptive innovation (see here for our coverage of African Fintech).

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge Network.Bernard Lunn is a Fintech thought-leader.

The big Apple to square off against online payment giants

T2P4MN3LQ2

Recently H&M opened its doors here in Australia. Devoid as we have been for some time down under of fast fashion, the past few years have seen a flood of global retailers open on our high streets, including Zara, Gap, Uniqlo and Forever 21 to name a few.

In my university days overseas, H&M was a regular haunt. The clothes were (and remain) almost embarrassingly cheap (provenance anyone?) and the on-trend designs were always a draw.

So on a Thursday night last week, at a loose end while I waited to meet some friends for dinner, I was lured in once more by the ‘SALE!’ signs in the glossy white H&M windows, deciding I would kill some time ‘just browsing’ until I was due at the restaurant.

Of course, it wasn’t long before I was sucked in by the lure of the many bargains on offer. After jostling my way through the frenzy of shoppers, I decided upon three items I was willing to purchase on the off chance they fit, not brave enough to tackle the queue for the fitting rooms, and willing to gamble $50 on my purchase.

Feeling a little guilty for ending up parting with cash when I had only intended on looking, I made the trek to the checkout, rationalising each purchase in my head as to how it would ‘fit in’ with my existing wardrobe. Budget out the window, I was ready to part with my hard earned $50.

As I rounded the corner I was met with a rather unappealing site – a checkout queue that snaked around several posts. Not even H&M’s contactless payment devices were making significant headway with these shoppers.

Now while I might still occasionally shop at H&M, one thing that certainly has changed in my 10 years out of university is my patience for queues. Whether they’re at bars, shops or restaurants – queues are a deal breaker. I mentally weighed up the pain of standing in line verses how badly I wanted the garments. I checked my watch – almost time for dinner. I covertly hung the clothes on the rack next to me and made for the exit.

I’m certain my wallet breathed a sigh of relief as I exited, however there was a twinge of annoyance and regret about my abandoned purchase. Sure, I can go back to H&M at any time, but it’s unlikely I’ll ever find those items again. The whole experience certainly made me wonder, why, in 2015, when you really want to buy something, does it still have to be so hard?

In store payments broken

Even high end retailers struggle to get this right. Earlier in the year a friend was visiting Sydney from New Zealand and had specifically wanted to purchase an item from Louis Vuitton. Unfortunately for her, the visit coincided with Chinese New Year, a period which invokes Black Friday like shopping volumes and swathes of Chinese locals and tourists hitting up their favourite luxury goods retailers. Upon entering the store, which was swarming with people, we were told the wait to be assisted simply to purchase something would be up to an hour. An hour!? We’d entered planning to purchase and we couldn’t even buy. It was a mildly ridiculous experience.

What should this look like then? As a shopper, I think many of us are well placed to describe the experience we do want when we decide to get off our laptops and head into the store. Seamless. We want to enjoy the process of shopping, rather than have it feel like a chore, with obstacles thrown across our path that make it harder, not easier, to buy. Shopping shouldn’t feel like a steeplechase. It should feel like a gentle stroll through a botanical garden, with plenty of time to stop and smell the gardenias.

Apple Pay launches online payments

So it was with interest that I followed the announcement this week from Apple about its eponymous Apple Pay being available at online checkouts this fall. If anyone is going to make a customer payment experience beautiful, surely it’s going to be Apple.

And well, that’s pretty much what they announced – one click shopping that’s safe and easy. Soon retailers across the globe will be sporting Apple Pay buttons for lucky Safari browser users. Instead of entering in card details and exposing your personal details to the servers of every retailer you shop at, you’ll be able to do it once, with Apple. Verification of your payment will be made via Touch ID on your phone or a few taps on the side of your Apple Watch. Brian Roemmele, Apple evangelist and founder of Pay Finders has a great run down on how it will all work (beautifully of course) in this article on Medium.

PayPal will certainly be taking notice of Apple’s long anticipated move, not to mention the likes of Google and Samsung. PayPal already has its own one click checkout feature, One TouchTM  which it no doubt hopes to use as a form of defence against the big Apple. PayPal is reported to already be seeing staggering improvements with One TouchTM, with conversion rates north of 80%.

From online to offline

But back to my somewhat disappointing H&M experience – what about in store payments? Can Apple make those beautiful too? Can a retailer’s point of sale system just start talking to my Apple wallet for the purposes of paying? It is exciting to imagine the Apple announcement as opening the doors (perhaps just by a crack) to a future whereby checking out becomes synonymous with walking out. A future that says when I walk into a shop, I am automatically pre-authorised to spend up to a certain amount, can pick up some items off the rack and then simply walk out, my credit card debited automatically in the process.

It sounds dangerously intoxicating, but really it’s just translating what online payments are becoming, into the offline environment.

Point of Sale Clover sort of tackled this back in 2014 by integrating Apple Pay in-app payments with its cloud based point of sale, trialing the payment process in a local beer and burger joint. Punters who downloaded the venue’s app were able to order from their table and pay via Apple Pay, in-app. Confirmation of the sale was then tracked back into the Clover POS, just like it would be for a standard card present transaction.

But really, the magic is unlocking in store mobile payments in a way that doesn’t require you or I to download yet another app. Just like we’ve come to expect a credit card machine to accept all the cards in our wallet, it might not be that farfetched to expect all the point of sale systems in the stores we shop in to one day accept all the wallets on our phones – be they Apple Pay, PayPal or some other incarnation. And for us to not have to bother with queuing up to get our phone or our watch near a credit card reader in order to finalise our payment.

While retailers spend so long getting the lighting, store design and product looking perfect, it sometimes feels like they forget to take creative steps to optimise the one thing that really matters – conversion rates. Experience is more than just a nice waft of perfume when you enter the store, it extends all the way to how easy it is to buy the actual goods. Apple Pay and PayPal are making it easier to do this online. Time will only tell if they’ll rise to the challenge offline as well.

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech. Jessica Ellerm is a thought leader specializing in Small Business.

Pirates with Ties interview with David Thompson of Western Union

Pirates with ties

In the Pirates with Ties interview series, we are interviewing people who are leading digital transformation and innovation in major Financial Institutions.

David Thompson is the Executive Vice President, Global Operations & Chief Information Officer at Western Union. In this interview we learn about WU Edge, their recently launched cross border payments platform for SME.

Daily Fintech Advisers provide strategic consulting to organizations with business and investment interests in Fintech. Bernard Lunn is a Fintech thought-leader.

The SWIFT hacks may accelerate the transition to Blockchain based cross border payments

300px-SWIFT

It has been an interesting news cycle in Fintech. First we had Lending Marketplace Meltdown Week. The takeaway: “all this new fangled stuff is messed up and its time to go back to the tried and the true”. Then we had the news that SWIFT, the venerable cross border payment system got hacked again, for the second time in weeks. The takeaway: “the old tried and true is broken, its time to accelerate plans to bring in the new fangled stuff we have been brewing in our labs”.

Our mantra is “once means nothing, twice is coincidence and three times is a trend”. So the second SWIFT hack prompted a deeper look into what went wrong and to assess the likely second order impact.

Reactions from experts

First, here is the official SWIFT security announcement on 13 May after the second attack.

Daily Fintech asked some experts in FX and cross border payments for their reactions.

Alan Scott, a serial entrepreneur with deep experience of FX, cross border payments and blockchain technology focussed on the inherent weaknesses of closed systems:

“SWIFT derives most of its security from being a closed system operated by and for trusted parties.  Block chain as originally envisioned is an open system operated by trust less parties.  This hack really demonstrates the weakness of the first system, once in the hacker is protected by the system as by definition everyone in the system is trusted.  Once discovered, the owners of the system have a problem larger than the financial impact of the hack, that is do they inform the world that their system of trust has been broken?  Or can they just quietly fix the problem and inform only those on a needs to know basis?  In an open system system like block chain attempted hacks are visible, defences can be built and the issue of trust is owned by the entire community (distributed versus central).  In this way the technology evolves in a more organic manner, adapting when and where it needs to.  This ability to evolve is its competitive strength and why it will over time in my opinion prove to be superior.”

Howard Tolman, a serial entrepreneur with deep experience of FX, cross border payments and security technology focussed on the difficulty of bolting stable doors after the horse has gone:

“Any dangerous malicious attack on a major financial institution will not only attract a lot of attention but will also get people running up and down trying to find immediate solutions which quite frequently are just not attainable. Swift probably knew about the fact that there was a potential problem through Application Security Testing either static, dynamic or interactive and network scanning applications would mean that they were also probably aware that they had applications running that had been updated to remove security flaws. The problem that large integrated organisations have is that installing a patch on a production application might in some cases do more commercial damage in the short term than the results of hacking. I would say that large numbers of institutions have reports on their desks saying that they have massive vulnerabilities but they just can’t solve them quickly for various reasons. So they hope for lady luck to help them out. 

In the Java space the only real way to solve things quickly is to eliminate the problem at the virtualisation layer through implementation at the JVM. This means that the application itself does not have to be changed but the problem from a practical standpoint is removed. This is the concept of RASP. 

Of the cuff I would say that the real big problems come about by systematic malicious attacks over a long period of time without discovery. Blockchain type technology has as its core complete transparency which almost by definition would mean malicious  attacks would be recognised promptly. I  am not an expert on specific security features in blockchain but what I describe in the previous sentence is certainly important. There seems to be tremendous momentum for those organisations with products that require distribution  of transactional data to multiple parties towards Blockchain type applications. The SWIFT hacking can only exacerbate that migration process.”

Basic Phishing Does Work

In my spam filter I recently an email telling me “We have sent the payment to your account as instructed by our customer. Kindly check the attached Swift copy of your confirmation.” Clearly some people do fall for this. Hackers only need one open door.

The weakest link in a chain

Hackers got hold of access credentials to send messages on SWIFT. As of publish date, it is not publicly known whether this was via internal collusion or via a phishing attack. The SWIFT statement has something about a PDF reader but that is the only clue. The earlier posted guidelines issued by SWIFT show the kind of best practices that consumers are told to do in order to avoid getting hacked. One might assume that banks operate to higher standards. The problem is that while that is true for 99.99% of banks, hackers only need to find one door to enter and then, as Alan puts it, “once in the hacker is protected by the system as by definition everyone in the system is trusted.”

As SWIFT Gets Bigger, Blockchain Maybe the answer

SWIFT is already far and away the biggest global payment system. Any bank that wants to send/receive payments internationally is a member. Corporates are also members. With great skill, one can build very large enterprise scale systems. SWIFT is an example. It is very, very big and has mostly worked very well. Now we are in an era when we need to build on an even bigger scale to allow more people to transact cross border and do it faster and at less cost. The most resilient massive system is the Internet – a truly decentralised system. Decentralized scales better than centralised. And a decentralised Blockchain based system can offer real time payments. SWIFT already has a Blockchain initiative. SWIFT has the perfect corporate structure to implement a Blockchain based cross border payment system on a global basis for banks because it is a cooperative owned by the member banks. SWIFT has the trust of Banks and an annual gathering of the tribes at SIBOS where personal relationships are renewed. If anybody can implement Blockchain based global payments on a mass scale it is SWIFT. We suspect that the SWIFT Blockchain team won’t lack for budget after these recent hacks.

Permissioned or Permissionless – the inclusion question

SWIFT can replace the 1970s based system with a 21st century Blockchain system. That is the easy bit. It is like a core banking system overhaul for a massive global bank. It takes a long time and costs a lot of money and requires a good team, but with all those ingredients, it is a very achievable. That SWIFT Blockchain upgrade can be done with a permissioned Blockchain system for the existing approx 8,000 current members of SWIFT. It would be much faster and much lower cost. Problem solved? Not entirely. This still puts Banks as the intermediaries to do cross border payments. A truly inclusive peer to peer network would be permissionless – everybody can transact cross border directly. This could be done in such a way that Banks are “in the loop” to offer loans and other value added services. This would be a bolder move by SWIFT. It will be interesting to see what they do.

Daily Fintech Advisers provide strategic consulting to organizations with business and investment interests in Fintech. Bernard Lunn is a Fintech thought-leader.