Security, the New Payments Ecosystem and the Need to Educate the Consumer (Or Ask Them to Unclog Your Sewer!)
When it comes to any payments ecosystem, you must remember that we are talking about MONEY. More importantly, people’s money (like yours and mine). In any conversation in this space, secure is something that is assumed. A consumer simply won’t use a new system if they don’t believe it is secure. Unless of course it’s free Wi-Fi. As we have seen, folks are willing to do almost anything to get free access on their devices, even agreeing to clean toilets! (This was a real thing… one hotspot operator added it to their Terms of Service fine print). When we talk secure, it’s important that we keep this in mind: secure is not just a piece of the Hierarchy of Payment Needs, it’s an integral part of it, which is why it sits directly on top of the foundations. Without this layer, the whole ecosystem collapses.
The Evolution of Payments
As we leave the comfortable and known confines of yesterday’s payments ecosystem, questions around security are normal and expected. You can’t have trust in something without knowing it’s secure, or that there are fail-safes in place if something does go wrong. In the past, we had very defined payment scenarios, where you knew without a doubt where liability lay if something did go wrong – the ‘unhappy flow’ was accounted for. However, as we move to a more open environment where new parties are joining every day, it is only natural to have your head on a swivel. After all, we are only as safe as the weakest link in our workflows.
Regulation and Recreation
A more open environment means that our sandbox needs to have built-in security, and an ability to manage threats both at the ecosystem level and within our solutions. The flexibility in the new environment, and in the applications themselves, makes this possible today – a marked change to the ‘old’ payments ecosystem. Applying the same logic, agreements and regulations that were in place to manage the older ecosystem will be strained to breaking point in the new ecosystem. This is why we are seeing new regulations like PSD2, The UK Open Banking Initiative and General Data Protection Regulation (GDPR) coming into play.
A major challenge is how we layer in secure elements without impacting the ‘need for speed,’ by which I mean real-time! Luckily for us, Moore’s law is at play, which is making it possible to process information in nanoseconds. But there’s also a change in the user experience; an opportunity to gather information ahead of the transaction and view further upstream than has ever been possible previously. This is thanks to the increasingly “open” nature of payments at the core of our discussion. As we open up access, we create a two-way street: we not only broadcast out payment capabilities, but in return we can marry-in APIs from the broader API ecosystem. Whether those are geo-location based services or facial recognition software, we need to innovate in the secure layer without impeding the speed of the transaction. This may actually make transactions ‘lighter’ and able to move quicker, ultimately propelling us towards a more secure ecosystem!
Getting Your Hands Dirty
While it sounds counterintuitive to some, the New Payments Ecosystem has great potential to not only embrace the need for speed, but also to do so more securely than today. It comes down to embracing the change, rolling up your sleeves and playing with new technology, be it distributed ledger, blockchain, or Open APIs. All have the potential to solidify the baseline assumption of security needed to allow the New Payments Ecosystem to strive.
Related Blog Posts
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
To Regulate Or Not To Regulate – Is That Thy Question?
Debates are healthy, and as someone who spent a little time during my college years dabbling around the edges of the speech and debate team, I can tell you it’s something that I personally relish. A chance to really talk through the pros and cons of an argument and lay out the bare facts… and then be judged based not only on those facts, but on the presentation and power of persuasion—sign me up!
Request for Pay – What Does It Mean For Financial Institutions?
What do banks – one with $60B+ in assets, one a mid-size regional bank, and one, a small innovative credit union – have in common with payment networks and the ‘Big 4’ consulting firms? They were all part of the first ACI #PaymentsForBreakfast event in North America! The theme was real-time payments, but the focus was more specifically on Request for Pay.
Why Open Banking Might Need to Rely on a Magic Illusion of 24x7 Availability
The adage “the more things change, the more they stay the same” appears to ring true when applied to the early phases of the evolution of open banking (or open payments). Especially when you contrast it with the early days of ATM withdrawals; particularly those made in the dead of night so you could pay cash for your after-party greasy feast.
Sibos Preview: The Five Trends Transforming Real-Time Payments
Real-time is now a reality, with more than 30 schemes live around the world. And real-time is in the spotlight as banks and financial service providers make their way to Sydney for Sibos 2018. What better time to look ahead at the key trends that are going to shape the ongoing development of real-time payments.
Winners and Losers in the Regulation Vs Competition Debate? How About New Business Models?
As Summer has abruptly turned to Fall, I have found myself daydreaming of a European vacation (and yes, I realize it’s Fall there too… or rather, Autumn). Maybe it’s the Instagram feed full of friends on a summer sojourn to Italy, France, or Germany, or the constant barrage of Premier League kickoff commercials on the NBC Networks (Let’s Go Gunners!), but yesterday it was something else entirely that had me drifting off into a memory-induced Nutella-crepe state of euphoria.
API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
The Mexican Fintech Revolution – ¿Qué onda in Open Banking?
Mexico has joined an elite group of nations, being amongst the first to pass open banking regulations. Specifically designed to open up its financial services and technology sector, the so-called ‘Fintech Law’ appears to have taken notes from PSD2, UK Open Banking, Singapore’s ‘organic’ approach, and others – and balances these against Mexico’s unique context and aims.
ACI’s Lu Zurawski, one of the industry's foremost open payments experts, and Sonia Gomez, a Latin America payments authority, discuss this balancing act; including the drivers, the regulation and the potential benefits.
Working Up An Appetite for APIs in Australia
This week ACI hosted the latest installment of our #paymentsforbreakfast forums in Australia, with the early birds catching the open banking worm in both Sydney and Melbourne.
Given the similarities between the Australian and UK open banking movements, we enticed ACI’s UK-based Lu Zurawski (Solutions Practice Lead - Retail Banking) to Australia to share his learnings from being heavily involved in the UK Open Banking working group.
APIs and Cash Management (Harnessing the Hammer, Part 2)
In my last blog post, we talked about the hammer and the nail; the hammer in this case being open APIs, and the nail being the market need to adapt to changes in customer behavior and expectations from our commercial market. We laid out why the US is in a different position when it comes to open APIs—it has to do entirely with the regulatory environment, which is allowing us to start with the largest revenue opportunity first. Finally, we challenged you, the reader, on how you can begin on your journey. And that is where we are going to pick things up. What steps can you take today, and what use cases can you explore as we start getting our hands dirty?