GDPR vs PSD2 – Banks may abandon PSD2 due to conflicting policies

KEEP-CALM-AND-PREPARE-FOR-GDPR

Image Source

About a year ago, Bernard had written a post on PSD2, and discussed different levels of maturity in regulations. He highlighted that PSD2 was a regulation meant to open up the market for innovative consumer banking use cases and solutions. However, the same regulator (EBA) have set a timeline for General Data Protection Regulation (GDPR) in 2018 alongside PSD2.

We have discussed PSD2 and its implications for banks, fintech firms and consumers at length in the past. So, let me focus on GDPR and what it means to firms and consumers. The purpose of GDPR is to ensure consumers give informed consent before companies can share their personal data with third parties. Pre-ticked check boxes and inactivity from consumers can no longer be assumed as their consent to data sharing post GDPR.

Unlike PSD2, GDPR applies to businesses in the EU processing consumer data, not just Financial services firms. Also, for non-EU businesses GDPR applies, if an EU resident’s personal data is processed in connection with goods/services offered.

The Data Protection Act (DPA) provided consumers with right of subject access – which meant consumers can request a company for data that the firm had collected about them. Currently many businesses charge a fee to provide this data to consumers, but post GDPR, firms can’t charge this fee.

As consumers, we can instruct firms when to collect our data and stay on top of it using the right of subject access. Now what does this have to do with PSD2? PSD2’s purpose is to enable consumer data sharing, where as GDPR’s purpose seems to be to try and cut down on data sharing.

GDPR

PSD2 is about financial services firms sharing customer data with third parties who they may not necessarily have a contractual agreement with. These third parties may then come up with innovative use cases by processing consumer data.

So, to be compliant with PSD2, banks should ask for customer’s consent to share their data with third parties. But to be compliant with GDPR, data processing by third parties will also need explicit customer consent. How is a bank supposed to be responsible for the processing of consumer data performed by a third party, it has no contractual agreement with?

While this hasn’t been explicitly mentioned as a process required to be GDPR compliant, my guess is, it would be upon the Banks to ensure third parties (that they share consumer data with) have consumers’ consent to process their data.

Unlike PSD2, that doesn’t have any punitive charges, violation of GDPR might result in a fine of upto €20 Million or 4% of Global turnover. And knowing the way banks deal with regulatory compliance, nothing motivates them more than a fine hanging over their heads.

This means, where there are conflicting regulations, and lack of clarity on a standard approach to data sharing, banks will focus completely on implementing the punitive GDPR. In someways, GDPR may also become an excuse for banks for not implementing PSD2 and avoid sharing what they feel is their asset – consumer data. Watch this space!!


Arunkumar Krishnakumar is a Fintech thought leader and an investor. 

Get fresh daily insights from an amazing team of Fintech thought leaders around the world. Ride the Fintech wave by reading us daily in your email.


 

Fraud Detection using AI and Mastercard’s acquisition spree

“Progress is made by the improvement of people, not the improvement of machines.”

fraud-detection

Image Source

As more consumers turn to digital banking for their everyday transactions they will generate huge amounts of data that banks can use to identify trends and highlight suspicious behavior.

As digital transaction volumes increase, and real-time payments become the norm, banking solutions to identify frauds are often inadequate. In most cases these systems will need to determine if a transaction is genuine or not in a fraction of a second. Thanks to the AI wave, as fraudsters get better, machines spotting them get better too.

Cybercrime is estimated to cost the global economy 400 billion dollars. Credit card fraud accounts for a large proportion of this cost. Artificial Intelligence (AI) can provide faster, cheaper and more accurate fraud detection.

Some of the key considerations of a payments infrastructure (using AI) while solving the fraud detection problem are,

  1. Initiate the payments safely
  2. Handle billions of transactions
  3. Identify relationships through graph maps
  4. Social media integration and Sentiment analysis
  5. Behavioural analysis
  6. Adapt quickly as fraudsters evolve their modus operandi

An AI system can use thousands of data points in every transaction and do a fuzzy lookup to billions of other transactions to identify patterns, coincidences and anomalies.

Most payment giants are increasingly turning to AI and Mastercard is no exception. They have been acquiring firms focusing on fraud detection as AI deal activity hit all time highs in Q1 2017. In March 2017 Mastercard announced the acquisition of NuData Security to deliver online and mobile anti-fraud solutions using session and biometric indicators.

AI_MnA_Q1-17_2


“Our unprecedented use of artificial intelligence on our network is already proving successful. With the acquisition of Brighterion, we will further extend our capabilities to support the consumer experience.”

– Ajay Bhalla, President of Enterprise risk and security for Mastercard


 

Earlier this month, Mastercard announced the acquisition of Brighterion. Brighterion’s portfolio of AI and machine learning technologies provide real-time intelligence from all data sources regardless of type, complexity and volume. Its smart agent technology will be added to Mastercard’s suite of security products already using AI.

“Progress is made by the improvement of people through the improvement of machines.”


Arunkumar Krishnakumar is a Fintech thought leader and an investor. 

Get fresh daily insights from an amazing team of Fintech thought leaders around the world. Ride the Fintech wave by reading us daily in your email.


 

From a Blockchain based to a Blockchain inspired world, SWIFT could deliver verdict at Sibos

test-hand-chains

Image Source

This time last year, the dust hadn’t settled on the Blockchain hype, and several key players within Fintech and Financial Services were quite upbeat about the possibilities. However, as results of PoCs from various consortiums, central banks and payment providers emerged, the results were mixed. Daily Fintech covered an article on R3’s miseries towards the end of last year when Goldman Sachs left the consortium.

Since then, R3 publicly moved away from Blockchain, into a Blockchain inspired world using an open source distributed ledger named Corda. The R3 consortium lost three major banks towards the end of last year. This is vastly attributed to the fact that they chose to move away from a pure Blockchain implementation to a Distributed Ledger implementation for Corda.

The three banks Goldman Sachs, Santander and JP Morgan left the consortium and invested in Axoni that was a pure Blockchain firm. It got worse when R3 blogged that they were not a Blockchain firm, and had always been a distributed ledger company and got trolled on social media for that.

This was shortly followed by the news that SWIFT had launched its inter-bank payments platform that it believed would be the future of its cross border payments platform. The platform was called GPI (Global Payments Innovation), and had a founding consortium of 12 global banks. The GPI, at that time was based out of traditional technologies and not Blockchain. However, earlier this month, SWIFT announced that GPI was being beta tested on Blockchain with 22 new banks validating the system. Verdict on this PoC is going to be at Sibos later this year.

Swift GPI

Image Source

Apart from this, the Bank of England (BoE) haven’t delivered a conclusive verdict on the PoC with Ripple for Cross border payments. The detailed report on the PoC was released earlier this month. The key message was:

” Cross-border payments when applied to wholesale markets present different challenges than when compared with retail and corporate transactions, which the Ripple product is designed to handle. The availability of liquidity is one such challenge, and the PoC allowed the Bank and Ripple to begin exploring these questions. “

In other words “Ripple’s solution wasn’t fit for purpose”, although Ripple chose to see it differently.  A few days later, Ripple announced that a pure Blockchain based approach was not scalable for banks and advocated a “Hybrid approach”.

Wearing my technology hat on, I see some fundamental lessons here, and I may be repeating what has been so often mentioned.

  • Find technologies that can solve your problems – it may not have to be Blockchain.
  • Do not interchangeably use Decentralised Ledgers and Blockchains. You can photocopy on a Canon machine too (not just on Xerox).
  • Innovation doesn’t always have to be on sexy technology. SQL Server and Oracle can do the job too.
  • Simplicity is often overlooked and massively underrated.

I believe that SWIFT’s announcement of the results of their Blockchain PoC at Sibos could provide a decisive direction for Blockchain in Financial Services/Payments. And it might well be “Let’s Move On”.


Arunkumar Krishnakumar is a Fintech thought leader and an investor. 

Get fresh daily insights from an amazing team of Fintech thought leaders around the world. Ride the Fintech wave by reading us daily in your email.


 

SME to consumer p2p payments – the next big (Western) payment behavioural shift?

This week the web was a buzz with the news Apple would be launching peer to peer payments. And while it’s hardly novel from an innovation perspective, the network effects of Apple could be the tipping point for mainstream mobile payments adoption.

While consumer innovations in the p2p space are surging ahead, one area that feels like it is well in truly in the dark ages – in Australasia anyway – is peer to peer payments between businesses and customers.

There are many dynamics at play that discourage innovation in this sector. One of those is the rich river of fees flowing from small businesses to banks in the form of interchange fees.

Unlike Europe, Australian regulators have been far more generous over the years when it comes to caps on weighted interchange fees. But, as of July of this year, the party will be well and truly over. Interchange fees will be limited to a maximum of 0.8 percent – a far cry from the giddy heights of 2.2 percent and above that some premium credit cards were able to garner.

But what if you could design a new system that removed interchange fees altogether? In fact, what if it removed merchant service fees altogether? Well, for a start, small businesses would love you – because they are the ones that face the brunt of these costs on a monthly basis.

That’s exactly what New Zealand entrepreneur Ben Lynch has set out to do with his payments prototype Jude. I caught up with Ben in Sydney yesterday and he took me through the app. And honestly, it seems like a no brainer.

The secret to how Jude works is that it eliminates cards altogether. After all, why do we really need them, if a small business’s bank account and a consumer’s can just talk to one another? Cards are the equivalent of a 90s middleman.

And if we can get two bank accounts to talk to each other, without breaking any banking T&Cs, even better.

So, at prototype stage, the Jude experience for a customer and a business looks like this. When in range of the store, the customer places an order on their Jude App. They then appear on Ben’s custom made point of sale tablet, perched on the merchant’s counter. The shop owner sees the order and the customer’s details, and prepares the order. The customer collects their order, and just walks out. No cards, no mobiles being waved in front of terminals. Beacons placed in the store register all the comings and goings.

And while we’ve seen PayPal and other industry players attempt to create a similar experience, more often than not, they’ve always been linked to an expensive payment transaction – that the merchant needs to foot. But with Jude, like the best things in life, the entire experience is free.

To replace plastic for p2p payments is a behavioural shift for consumers. But if those with the biggest pain point to solve – small business owners – help drive and facilitate this because it saves them a huge amount of money, then that is a golden channel to market. Not to mention the value add for a point of sale vendor as an upgrade feature within their subscription. And while Jude might not generate money from the transaction itself, the data stream of payments coupled with SKU data is a monetisation opportunity in itself.

You can read more about Ben and Jude’s journey here.

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech. Jessica Ellerm is a thought leader specializing in Small Business.

Cyber Attacks in Cashless India – Ransomware just the start

cyber7-900px

Image Source

In November last year India went through a demonetization drive when the government banned the Rupees 500 and 1000 notes. It caused a lot of near term pain with some serious liquidity crisis in a primarily cash driven economy. However, sanity returned in a few months with various private and public sector initiatives driving the move to a cashless economy. But the lack of governance and awareness on cyber has left the consumers and banks exposed to large scale cyber attacks. The recent ransomware attacks were very successful in India, and that feels like just the start.

Attacks by Country

Wannacry Ransomware attacks were reported across about 48000 computers in India with 60% of targeted victims being institutions and 40% being consumers. On investigation, it was revealed that the weak link that allowed many of the attacks was Windows XP and unpatched Windows operating systems used by institutions. However, about 70% of the country’s ATMs run on these operating systems and largely remain unpatched, hence posing a huge risk to consumer banking credentials.

During the attacks, Cyber Peace Foundation (CPF), which is running a research project monitoring cyber attacks, saw nearly a 56-fold increase in breach attempts at sensors installed across eight states in the country. Computer Emergency Response Team (CERT-In) asked the Reserve Bank of India (RBI), stock exchanges, the National Payments Corporation of India (NPCI) and other vital institutions to safeguard their systems against the ransomware.

cert

Just a few weeks after the demonetization announcement, Prime Minister Mr.Narendra Modi announced the BHarat Interface for Money (BHIM) mobile application, which was downloaded 17 Million times within two months of launch. PayTM, India’s leading mobile payments service crossed the 200 Million users mark earlier this year, and have most recently launched PayTM bank with about $1.4 Billion raised from Softbank valuing the firm at $7 Billion. The “Jan Dhan Yojna” scheme successfully brought about 200 Million unbanked consumers into banking. Post demonetization, bitcoin has started to be more widely used.

This is all great news, but it feels like the country is doing it all too fast, without the right governance, and more importantly consumer awareness on cyber risks. Over the last few years, India has consistently been identified as one of the most vulnerable countries to cyber attacks as the digital infrastructure was growing at a crazy pace without the necessary controls in place. The country has about 300 Million internet users of which about 150 Million are only using mobile internet. However many of these phones use vulnerable operating systems and are easily hacked.

One of the common modes of cyber attacks in the country happens through malicious applications on smart phones. This occurs when users download mobile applications that come with some online offers, and allow access levels to the applications that in turn allow the hacker to ask the users’ contacts to make payments using mobile wallets. With a booming e-commerce industry projected to reach $64 Billion by 2021, banks and payments providers lack the capability to keep Cyber attackers at bay.

Charts-03.jpg

Challenges in handling cyber attacks are different depending on if the victim was a bank/firm or a consumer. The problem with banks is the secrecy they maintain about cyber attacks on their systems. A few months ago, data of about 3.2 million debit cards was lost in what is claimed to the India’s biggest breaches. SBI, HDFC Bank, ICICI, YES Bank and Axis were all hit by the breach of debit cards. RBI has hence mandated banks to reveal any cyber attacks that banks have had to suffer. Cyber attacks cost Indian businesses about $4 Billion every year as per latest estimates.

Banks in India have also managed to set up shadow or decoy systems which resemble the actual systems and have developed honey pots to trap such hack attempts. However, they still lag behind their western counterparts in sophisticated techniques and forensics needed to counter cyber attacks.

Still, banks are much more prepared to handle cyber attacks than consumers who are easily manipulated. This is primarily because consumers lack awareness of cyber attacks and social engineering techniques by the hackers are getting more and more sophisticated. There are measures from the government (unlike old times) to bring awareness to people on Cyber risks. 90% of the consumers are unaware that the government runs a 24X7 TV channel “Digi-Shala” that focuses on digital payments.

When Demonetization was announced, the Modi supporter in me felt super thrilled about the possibilities as the economy accelerated towards a cashless state. Even the near term pains faced by the common man felt justified in some ways, but it feels like India is ill-prepared to take on cyber risks inspite of efforts from the government and central bank. Watch this space.


Arunkumar Krishnakumar is a Fintech thought-leader and an investor. 

Get fresh daily insights from an amazing team of Fintech thought leaders around the world. Ride the Fintech wave by reading us daily in your email.


 

China Face-Off America – Battle of Global Payments between Tech Titans

America-Eagle-versus-China-Dragon-fight-battle-war-illustration.png

Source

Earlier this year Daily Fintech did a China week, and there were several interesting topics and key insights discussed. We analysed how the three Chinese Tech giants (Baidu, Alibaba and Tencent) have led the Fintech boom in China and what the favourable factors that helped were. However, over the past few weeks, we have had some developments with WeChat expanding into Europe, and almost as a reaction (perhaps not), Facebook ramping up group payments on messenger, Android pay collaborating with Paypal and more. We have Ant Financial’s bid for Moneygram and there is also a rumour that Whatsapp was ramping up to launch payments in India. That feels like a heated battle between Tech giants of the east and the west (really Chinese vs Americans, such a cliche) for Global Payments Glory. 

While we immerse ourselves in Fin and tech in the west, we often tend to forget that there is a whole new world out there in Asia that completely dwarfs what we have achieved in the west with regards to Fintech. FinTech financing in Asia-Pacific was almost US$10 billion in the first half of 2016, eclipsing the aggregate of North America’s (US$4.6b billion) and Europe’s (US$1.85 billion). WeChat sent 32 billion digital red envelopes over Chinese New Year in 2016 and 46 Billion in 2017. Paypal did 4.9 billion transactions in the whole of 2015 and 6.1 billion in 2016. This list could go on, but you get the point. The dragon really dwarfs the west!!

China Fintech

Stats aside, Chinese tech giants have had tremendous success in their local Fintech market. In comparison, Apple, Facebook, Google and Amazon (the Fantastic Four) have had mixed results in the west.

I am fascinated by what Alipay(from Alibaba) and Wechat (from Tencent) have managed to achieve in China. A good story about the growth of these firms is how WeChat created a highly localised product to compete with Alipay. WeChat had been lagging Alipay upto the launch of “Lucky Money” during the Chinese New Year of 2014. It combined the Chinese tradition of “Red Pocket” with conventional peer-to-peer transaction, and achieved huge success by adding a fun flavor of luck into its payment function. During the New Year holiday of 2014, approximately 10 million users engaged and bundled their bank cards, and 40 million red pockets were dispatched. In 2016 these numbers on WeChat further increased to 420 million, and reached a massive 8 billion that same year. Jack Ma called this strategy by WeChat the “Pearl Harbour Attack” on Alipay.

WeChatVSAli

WeChatVSAli1

Source

Now, lets take a look at what the Fantastic Four have achieved in Payments.

Facebook, apart from hiring David Marcus (from Paypal) haven’t really had much joy with its payments business. Its payments revenue (for 2016) of $753 Million is tiny when compared to ads revenue of about $28 Billion. And the payments revenues were down 11% from 2015.

Google’s Wallet project didn’t go anywhere at all, however it had a much better uptake with its Android Pay. By end of 2017, Android pay is projected to have about 27 Million users. Android Pay have just agreed to integrate Paypal to it, which would mean customers can use Paypal through Android Pay.

Amazon’s “Pay by Amazon” has been a good story from the time it was launched. It has now 33 Million users which is almost a 50% annual growth from 23 Million users last year. Amazon managed to get its Wallet License in India last week (watch this space).

Apple pay has been the leader of the pack in the payments world. With about 84 Million users projected by end of 2017, Apple have so far done well in this space, however still lags behind Paypal.

All these numbers from the Fantastic Four are tiny when compared to the numbers achieved by WeChat and AliPay.

Alibaba have been quite active in expanding through acquisitions. Investment into PayTM in India, provides them a hold into PayTM’s 200 Million user base in India. However the most recent news on Moneygram is an ambitious step into the remittance market, and if the deal did happen (post all the drama), it would provide Alibaba a 5% share of the 600 Billion pound remittance market.

'The Americans aren't objecting in principal to a merger down the line as long as we build a Chinese wall to keep a couple of things secret from the Chinese.'

WeChat have more recently started global expansion into South Africa, set up its European offices in Italy and planning a London launch soon. While they are behind Alipay with their global expansion, their customer acquisition strategy has worked better (than Alipay’s) so far.

When I talk to innovators in India, I often tell them to create a simple solution to an existing problem without overengineering it. That’s generally true for most developing nations. There are ample problems to solve and a half decent solution can see massive growth if executed well.  In the case of China a few hundred million users went from Cash to Mobile Payments and it was a classic leapfrog moment. Most likely Alipay and WeChat wouldn’t see this again in their Global expansion adventures.

I believe they would have better success through acquisitions, investments and partnerships with key payment players in their target markets, rather than trying to lift and shift their business model in China elsewhere. I also think that the winner of the East vs West payments war would be decided by key battlegrounds in India, LATAM and Africa. If Alipay and WeChat could expand into these regions quickly, then the Fantastic Four would struggle to gain ground. However, you don’t write off the likes of Apple, Amazon, Google and Facebook that easily. Watch this space!!

Arunkumar Krishnakumar is a Fintech thought-leader and an investor. 

Get fresh daily insights from an amazing team of Fintech thought leaders around the world. Ride the Fintech wave by reading us daily in your email.

ClearBank: a MSFT Azure B2B Fintech

Screen Shot 2017-04-17 at 18.30.50.png

A well kept secret of the UK B2B banking sector, is now public. Clear Bank, a clearing Bank in the UK, is ready to compete with the four UK clearing banks,

  • Barclays
  • HSBC
  • Lloyds
  • Royal Bank of Scotland (RBS).

Clear Bank is the fifth UK clearing bank and the only one that is pure B2B since it does not offer services direct to the consumer.

Don’t confuse Clear Bank in the UK, with Clear in the US an early stage startup offering banking services to startups. Or Bank Clearly, a digital banking start-up in the Middle East similar to Moven (i.e. no banking license but offering banking services to startups by partnering with CBW Bank).

Back in the 60s there were 16 clearing banks in the UK. Consolidation in this part of transactional banking has left the UK currently with 4 clearing banks that process over 80 Trillion pounds annually worth of payments in the UK. This is a fee business for settling payments between institutions and individuals.

Clear Bank has no plans to offer services directly to consumers. Clear Bank’s value proposition is to make processing payments in the UK via systems like Bacs, Chaps etc, Faster & Cheaper.

Screen Shot 2017-04-14 at 08.10.41.png

Source

Who cares?

Clear Bank will be helping Challenger banks to access the payment system at the Bank of England level, at the same level as incumbents.

Clear Bank will help the 44 UK Building societies offer current account services in a cost effective way. Right now, only 2 out of the 44 offer such capabilities to their members due to prohibitive costs.

Clear Bank will boost indirectly retail banking by reducing the substantially processing costs, which will facilitate competition for incumbents in the UK.

Clear Bank will help Fintechs by providing Banking as a service through the Cloud at a very low cost. Clear Bank will be offering an API so that Fintechs can interconnect to the ClearBank Fabric.

Who is behind this innovation?

Clear Bank has been built on the Microsoft Azure Cloud. I spoke to Richard Peers, Director of Financial services at MSFT in the UK, last week and he clarified the hybrid approach: “The application and business logic of Clear Bank is in the public cloud; connectivity to payment schemes and customer data is local in the private cloud.”

Clear Bank is built on the Azure public cloud and the Azure Service Fabric (hybrid approach). No need to understand the technical details here. What is important to know is that Clear Bank’s business model is in the category known as PaaS (Platform as a service). Most of us are mainly familiar with Saas. Microsoft has been working with financial services providers on various projects whose value proposition is delivered via Paas or Iaas. The infographic below captures the main differences. This is where we start understanding how the technology has lowered the cost and also how the Banking As a service offering is secure.

Screen Shot 2017-04-14 at 09.02.01.png

Source

Clear Bank’s platform includes authentication of the parties involved using a combination of voice, biometrics and face recognition. As Richard pointed out “The Iaas is a technical model that delivers a business model that allows a different scale, agility, security, cost model.”

He also explained in clear business language about Azure Service Fabric, the micro services “kitchen” of MSFT:

“The current world has been operating with applications that are still client/server many tiered and typically needing significant engineering and testing across the full stack before they can be deployed, with huge dependencies between layers. So think about having to get everyone in a company as complex as Microsoft on board with a decision before you can act. In the microservices world, you can focus on a component, get it right and deploy without total dependency on everything else.”

 My last question to Richard, was about the nature of the True innovation in Clear Bank’s case? I always thought of MSFT as a cloud computing player focused more on the Blockchain tech potential and now I realize that is has been instrumental in launching a clearing bank (we all expected blockchain to be the tech disrupting this part of the stack) that is NOT Blockchain powered?

The true innovation is in the fundamentals of the business model and the scalability of the cloud when applied at its highest potential.   Banks need to operate at real-time, based on an API model with the ability to reason over data at low cost, resiliently and securely.  Their use of the cloud allows this, delivering a faster and more cost efficient model with the agility to add new services as the market moves. ClearBank provides a Banking as a Service (BaaS) model to other Financial institutions and Fintechs, allowing them to focus on their own products and core businesses. ClearBank provides the underlying banking infrastructure and software all as a service.”

 On our radar screen

We will be watching Clear Bank’s role in the digitization of financial services. What microservices will be built on it, how much will the UK payment system save, how much will the global system interact through Clear Bank? Which of the multiple banking services that ClearBank offers, will prove to be the key by impacting the payment ecosystem?

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge Network. Efi Pylarinou is a Digital Wealth Management thought leader.