By Ralf Gladis, CEO, Computop
For the first time in the UK last year, debit card transactions overtook cash as the most popular form of payment. According to research both Canada and Sweden are ahead of the pack when it comes to cashless payments, but in the UK too the way we pay for goods has changed considerably and as contactless card, smartphone and other forms of electronic payments become easier and more convenient for consumers, so we will rely less and less on pounds, shillings and pence.
Of course, for shoppers, fast and easy payment methods do have to be balanced with security, and with card and data fraud on the rise, they look to retailers to ensure the technology being used to process payments is fit for purpose. It must support their card or mobile transactions without risking their personal data or put them in danger of theft.
In the past year there have been a number of headline-grabbing data breaches – including at Dixons Carphone, putting millions of customer credit card details at risk. To help with this, Visa and Mastercard have introduced new security standards, which rely on point-to-point encryption (P2PE) to deliver rigour into the payment process, with the aim of building trust amongst consumers. The customer’s payment data is strongly encrypted directly onto retailer’s POS terminals without the use of intermediate storage. Thanks to strong coding, data is kept secure, allowing it to be transmitted safely via any device – in fact, because no real data is displayed, or stored, it is worthless to a cyber hacker or thief – and this reduces the risk to both retailers and shoppers. The additional advantage of using PCI (Payment Card Industry) P2PE standard solutions is that it becomes unnecessary for retailers to add PCI certification into their IT landscape, which saves them both money and effort.
On the horizon, however, are a range of innovative alternative payment methods which promise to add further opportunity, but also complexity, to the payments landscape.
This year will see a second EU Payment Services Directive (PSD2) aimed at reducing the costs of payment processing for retailers and improving security for customers. The way that this will work is to ensure the customer is authenticated against two out of three factors – knowledge, possession and inherence. Knowledge relates to a username, or a password or pin for example. Possession is the item being used to make the payment, such as a debit card or a smartphone. Inherence, however, relates to the physical characteristics of the customer, which using today’s technology could mean their voice, their fingerprint or the iris in their eye – biometrics.
Building on biometrics
Biometric authorisation is what the future looks like. Fingerprint recognition is a common feature on smartphones already and is now being integrated into payment transactions. For retailers there are some significant advantages particularly when it comes to instant payments, those made in ‘real-time’ by a third party at the request of the customer. This will make the process quicker, and significantly for the customer it will also make the experience seamless – an objective of any merchant. For security, this type of payment will be subject to authorisation under the new Directive if the transaction value exceeds 30 euros, or its equivalent in sterling. Although the legislation has been introduced under EU law, much like GDPR, experts do not anticipate any changes to this in the short-term for UK retailers post-Brexit, so retailers here will need to ensure they comply.
Voice and facial recognition
What else can we expect to see? A rise in voice commerce and facial recognition payments. Already customers are using Alexa to order their online shopping but the additional authentication that is needed under the new rules, will ensure that the system cannot be abused or confused by the wrong voice. Facial recognition too is very likely to become part of the automated payment experience, which will lend itself particularly well to transactions in brick and mortar stores. Pilot schemes have already been carried out, for example, the MasterCard Identity Check, commonly known as ‘pay by selfie’, where a payment can be authorised by the customer by taking a photo of themselves with their smartphone. The photo is compared with a comparison image and if the two pictures correspond the transaction goes ahead. We envision a time when an intermediary app to facilitate this process is no longer needed in the retail environment.
MasterCard has said that it will make biometric identification available to its customers this year, either through fingerprints or facial transactions, not just for in-person payments but also for remote transactions. This will provide security to customers, but it also meets their convenience preferences too. They carried out research with the University of Oxford which found that 93 per cent of consumers prefer using biometrics to traditional passwords or pins.
In terms of challenges, not all merchants, particularly if they are in the midst of eCommerce and omnichannel transformation projects, will be willing, or able to establish the infrastructure to store biometric characteristics securely and ensure they are complying with data protection rules. Connections need to be made between hardware manufacturers and payment service providers to start the process so that smartphones, tablets or VR glasses can save a highly encrypted copy of the customer’s fingerprint or voice pattern (or iris) onto the device.
The payments landscape is shifting and before long only methods that support silent, smooth, automatic processes with a global reach will have a future. If established payment brands are able to meet customer expectations, then they will win trust and loyalty, but consumers will be cautious about biometric payment processes, particularly amongst older generations.
All the indications are that in 2019 we will see user names and passwords replaced with biometric authentication like fingerprints, face and voice recognition supported by quickly evolving biometrics technology. At Computop we see more and more retailers interested in using biometrics, not just for securing payments, but also to enable customers to login to their online shop accounts. As consumers, we will welcome innovations that do away with typing complex passwords on small touchscreens and, usefully, we can’t forget a fingerprint. This is compelling for today’s omnichannel shopper and what the shopper wants, the retailer tends to provide.
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS firms must address the data issues flagged and created by the Covid-19 pandemic
When the pandemic started, organisations within the financial services sector were faced with three key questions. How do we do homeworking? How do we go remote? How do we manage this?
In trying to answer these questions, the business continuity measures taken by FS firms were not up to scratch. Mistakes that could have been avoided were made. To start off with, users had to be given the necessary equipment to make remote working happen and they had to have access to the infrastructure needed, such as broadband. Users also had to have access to the information and data needed to do their job. And this is where they started to run into trouble. While software applications like Zoom and Microsoft Teams made it possible to stay connected, the systems in place were not adequate to facilitate secure data management practices en masse.
These are the downsides that need to be addressed.
Where’s the governance?
Historically, firms operating in the financial sector have been slow to adopt cloud technology, preferring to store sensitive data on premise, in order to mitigate perceived risk. As such, through the lockdown, much of the data people need access to is not in the cloud, but is stored in applications or file servers.
Adding to the issue, the VPNs of many organisations don’t have the capacity to allow large numbers of users online. This lack of VPN availability has forced FS firms to allow users access to GDPR sensitive data multiple times, with little or no method of tracking in place.
In order to acquire the information they need to do their jobs while out of the office, employees have been copying, downloading and sharing files that now exist outside of the corporate firewall, without any governance or security considerations. Such data is now, for all intents and purposes, in the wild, making it harder to bring back under control. Teams working remotely don’t have the corporate governance and security protocols that they would have when working in the office.
So, being forced to work remotely, at short notice, has impacted compliance and governance in a very negative manner. The way data is being handled greatly increases the chance of a data breach occurring. It also flies in the face of FCA regulation, and in particular GDPR where personal data is being used. While the FCA might be a little more lax in light of the current challenges right now, this will change when data breaches start to occur and customers start asking questions. Poor choices now will not be a reasonable excuse to avoid future fines.
If this crisis has shown us one important thing, it’s that the slowness of financial services firms in adopting cloud technology, which made it significantly harder for them to access and use data, has hurt business continuity, security and privacy.
Better Data Practices
So, how can organisations take control of their data? For many this means deploying it to the cloud in a rapid manner, whilst retaining security and governance practices. It is possible for organisations to make data accessible if the technology is deployed correctly, allowing all the necessary controls to remain in place. Having the short-term decisions correctly in place and making them under an umbrella of good governance and accountability, ensures that you don’t suffer knee jerk reactions and risk losing control of data.
By keeping on top of your data as much as possible, you significantly reduce the opportunity for chaos to happen. That starts with making it available on a safe and secure platform. At a time like this, it is imperative that organisations have a good understanding of their data. Information asset registers should be kept up to date to track where their information is, where it’s being used and the purpose for which it’s being used.
For our clients, we are now using AI to help them assess and understand their data, flag any risks their data is posing to their organisation, and help them mitigate that risk. By implementing the right systems this can all be automated, and there is nothing stopping organisations from doing this with next to zero impact on their userbase.
Remote working is becoming the norm: It has been proven to work and organisations will start reflecting on how much office space and connectivity they really need. As such, organisations are being forced to act now and adapt their data governance and compliance practices to suit the ‘new normal’. Waiting until the pandemic passes is not an option.
5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS
Lauren Jones, International Payments Ambassador, Icon Solutions
Instant payments are the ‘new normal’. The last decade saw a ramp-up in adoption as regulation, customer expectation and technology dovetailed to create immediate, 24/7 demand for financial services.
This means that banks and payment service providers (PSPs) who rely solely on speed of payments as a competitive differentiator will struggle to get ahead. The focus is now on leveraging instant payments rails to deliver value-added services that can drive a return on investment. Understanding where these opportunities lie, therefore, is crucial.
- Request to Pay for more control
Perhaps the most valuable new way to leverage instant payment rails is Request to Pay (R2P). R2P is an umbrella term for various scenarios in which a payee takes the initiative to request a specific payment from the payer.
Corporates have two key challenges in that they only receive funds when a customer wants to pay them, and they only receive the information the customer chooses to provide. This makes reconciliation difficult and can even negatively impact workflow and working capital.
However, the R2P options for bill presentment and payments solve these problems, significantly reducing operational cost, liability for chargebacks and fraud risk, as well as improving reconciliation and liquidity. A secure R2P service also has the potential to simplify managing receivables and reduce processing costs.
R2P also benefits consumers. As they are presented with a payment request rather than funds being debited automatically, they can enjoy more autonomy and control over their money across various channels.
As a result, several solutions have emerged under the R2P banner, such as the IDEAL scheme in The Netherlands and PromptPay in Thailand. Further traction will be gained, with EBA Clearing gearing up to launch a pan-European R2P solution in 2020. Certain banks in the US have also begun to go live with The Clearing House ISO 20022 R2P messages using instant payments infrastructure.
- Amplify the power of QR codes
QR code solutions have surged in popularity in recent years as a simple, low-cost alternative payment method, offering consumers and merchants more choice at checkout.
We are now seeing various banks and payments industry players reviewing their strategies to take full advantage. QR code-based solutions, combined with instant payments rails, can extend utility beyond the physical point-of-sale to include online and bill payments.
Thailand, India, China, Singapore, Malaysia and Hong Kong have all established payment services that leverage QR codes to initiate real-time payments. And although Europe and the US have been slower to adopt QR codes, some European countries such as Sweden and Switzerland have already embraced the technology with country-wide schemes for both retail and corporate payments. In the US, adoption is market-led with several retailers such as Target and Walmart implementing proprietary QR code payment systems.
- Leverage valuable real-time data with ISO 20022
While instant payments does not inherently provide enhanced data opportunities, most of today’s instant payments systems are built using the ISO 20022 data standard. This is due to the extended data-carrying capabilities and the added value this messaging standard can offer banks’ customers. For data to be truly valuable, it needs to be machine-readable, consistently structured and standardised – ISO 20022 enables all that.
However merely collecting data is not enough. Mining and extracting value from this data will be a decisive differentiating factor for banks and other players looking to take their customer propositions to the next level.
The good news is that banks and PSPs are well-positioned to collate and leverage data to deliver tailored interactions, unlocking new revenue opportunities while remaining compliant to stringent regulation.
- Deliver convenience for corporates
The combination of instant and enhanced data-carrying capabilities is extremely attractive to large corporates, and in turn, greater corporate usage of an instant payment system will increase volumes and lower costs.
Instant payments give corporate treasurers greater control over their payments, allowing them to make on-the-spot payment decisions and hold on to liquidity for longer. Instant payments enable informed and timely views on cash positions, enabling management of treasury risk. ISO 20022 data- carrying capabilities also allow corporates to attach invoice data to a payment, allowing for more efficient reconciliation.
Benefits are not only limited to corporate treasurers, but also B2C treasury departments. Instant payments offer new ways to make payments to customers. As mentioned, R2P can also lower cost, reduce risk of fraud, and increase information around each transaction, all of which are key requirements for modern treasury departments.
Moreover, as domestic instant payments schemes grow, there is an opportunity to line these systems together to deliver cross-border real-time movement of both funds and data for corporate and commercial transactions.
- Embrace new channels
As payments become increasingly embedded in our daily lives and interactions, it is inevitable that instant payments will become more ingrained in the social media experience.
This is already the case across many Asian countries, but momentum is slowly building in Europe and the US as well. For example, First Direct’s Fdpay service allows customers to make P2P payments within social media apps. In addition, Instagram, WhatsApp and Facebook are all actively exploring instant payments and checkout options. Watch this space.
Building on strong foundations
It is clear that building a foundation for innovation now will enable banks to create points of differentiation and tap into new revenue streams through R2P, QR codes, leveraging enhanced data, corporate instant payments and new channels.
But to fully realise the return on investment, banks will need to overcome the legacy payment environments many are encumbered with, and will need to develop a powerful transformation strategy to ensure their payments landscape is equipped to fully harness the benefits.
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...
FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’
By Christian Nentwich, CEO at Duco At the start of 2020, before the global coronavirus pandemic changed the world,...
5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS
Lauren Jones, International Payments Ambassador, Icon Solutions Instant payments are the ‘new normal’. The last decade saw a ramp-up...
THE BEST PATHS TO SECURE AUTO FINANCING IN 2020
The previously flourishing economy has taken some dramatic turns in the last few months due to the health and economic...
TIPS FOR BUSINESS EXPANSION
Alan Sutherland, CEO of Kind Consumer Every successful business had a beginning. Its founders usually looked for ways to...
THREE QUESTIONS FINANCE LEADERS SHOULD BE ASKING THEMSELVES DURING THE PANDEMIC
Chris Pope, Global VP of Innovation at ServiceNow We’re living through unprecedented times, dealing with a situation completely out...
HOW WILL COVID-19 IMPACT ESG INVESTING LONG-TERM?
By Kerstin Engler, Senior Wealth Manager, Geneva Management Group. Sustainability is a trend on the rise in every sector...
EIS LAUNCHES IN THE UK AS INSURANCE COMPANIES LOOK BEYOND PROTECTION TO DELIVER MORE VALUE TO CONSUMERS
Leading digital insurance platform expands global footprint to meet UK insurance market demands EIS, a core and digital platform provider...
TINK TECHNOLOGY ENABLES MULTI-BANKING FOR NORDEA’S NORDIC APP CUSTOMERS
Tink’s account aggregation, data enrichment and personal financial management technologies have been integrated into Nordea’s mobile banking app to deliver...
BITCOIN COMES OF AGE
Katharine Wooller, Managing Director, UK and Eire, Dacxi The Bitcoin halving event, which occurred on the 11th May, has...
KEEPING PAYROLL SAFE AND SECURE IN LOCKDOWN” – HOW FINANCE FIRMS’ PAYROLL TEAMS CAN MAKE IT HAPPEN
by Richard Dutton, account director, Symatrix With companies across the UK switching to remote working since the pandemic took...
EMERGENCE PARTNERS LAUNCHES TO HELP BUSINESSES NAVIGATE A NEW WORLD OF EMERGING TECHNOLOGY
Consulting firm will partner with clients to transform their businesses using disruptive technologies Emergence Partners, has today launched to provide strategic counsel...
BEFORE THE INK IS DRY: CORRECTING BIOMETRIC SPOOFING MYTHS
Eric Setterberg, System Design Engineer at Fingerprints Biometric authentication is highly robust, and the latest solutions offer considerably greater security...
DIY SOS: FIXING-UP THE FINANCIAL SERVICES HOUSE
By Edwin Abi, CMO, Modulr It has been 11 years since the 2008 financial crisis. And in that time,...
ARE WE AT THE TIPPING POINT FOR GLOBAL BIOMETRIC PAYMENT CARD ADOPTION?
By Vince Graziani, CEO of IDEX Biometrics ASA Following the coronavirus outbreak, consumers are ready to go cashless more...
KEEPING DATA IN THE VAULT: INSIDER BREACH RISK IN FINANCIAL SERVICES
by Tony Pepper, CEO. Egress Financial services organisations are trusted with far more than just money; they are also responsible...
MOBILE MONEY MOVED THE NEEDLE ON FINANCIAL INCLUSION – BUT NEEDS SCALED INFRASTRUCTURE TO FULFIL AFRICA’S POTENTIAL
Dare Okoudjou, Founder and CEO, MFS Africa Africa is gearing up to become of the great success stories of...
WHAT WILL SALES LOOK LIKE IN A POST COVID-19 WORLD?
Max Eaglen, Director at Platform Group, looks at how businesses will need to re-shape their sales techniques in a post COVID...
HOW HAS THE CORONAVIRUS LOCKDOWN IMPACTED THE MANUFACTURING SECTOR?
As thousands of people have headed back to work, the manufacturing industry will need to have safety guidelines set out...
CAN AUTOMATION HELP BUSINESSES GET PAID ON TIME?
By Magali Michel, Director at Yooz Procurement process costs account for an average of 60% of turnover for most...