Article | March 2, 2020
A number of key benefits pertaining to banking in the cloud are now widely acknowledged – from scalability, agility and security to future proofing and (perhaps the most significant of all) cost efficiency. So, while the debate around whether cloud needs to be a part of a payments players’ future strategy is well settled now, it does not mean that when it comes to cloud payments “one-size-fits-all”. In fact, it’s quite the opposite.
Article | March 2, 2020
Open Banking is all about the customer being in control of their data and funds. It gives them the freedom and flexibility to decide when and with whom to share their valuable information. However, as with all vibrant and progressive ecosystems, speed, security, and ease of use will determine open banking’s future success along with the key issue of trust. Will the end user trust people to share data with them and trust their banks to still protect their data?
PSD2 Open Banking gives Payment Service Users (PSUs) the legal right to share their transactional account data with regulated third party providers (TPPs). For this to be possible, the 6,000+ Financial Institutions providing transactional payment accounts that can be accessed online have to put in place open banking APIs. These APIs give TPPs the access required to either make payments on an account holder’s behalf or view account data and funds, both of which require the account holder’s prior explicit consent. Access can only be denied if a TPP is believed to be unauthorised or fraudulent.
Open banking regulation has given rise to a new group of FinTechs who are seizing the opportunity to create innovative apps and products with the customer at the core of the offering. At the end of 2019, 240 TPPs from across the EEA and UK were regulated to provide open banking services. A year later, this figure had increased to 450 (excluding the thousands of credit institutions that are also able to act in the capacity of TPPs). The near doubling of newly regulated entities demonstrates user demand for the innovative products and services that these organisations are offering – it is now down to trust and security in the ecosystem, along with ease of use, to drive volumes.
The ability for TPPs, many of whom may be unknown to these Financial Institutions, to request immediate access to valuable data and funds presents many challenges and risks – all of which must be addressed without introducing potential friction in the customer journey. The main challenges are knowing if a TPP is who it claims to be and whether it is regulated to provide the services being requested at the time of the transaction request. After all, these are the key factors enabling the bank to trust the TPP and feel confident the end user can trust them. The added difficulty of knowing which markets within the EEA a TPP is authorised to operate in is an additional challenge.
Financial Institutions have long been the trusted guardians of their customers’ data and funds. Although the open banking model means the customer now has ultimate control of their data, it is still primarily the Financial Institution’s responsibility to ensure nothing goes wrong and they are likely to be held liable in any disputes that arise. There is also the very real reputational risk to Financial Institution if something does go wrong.
Checking a TPP’s identity, its current regulated status, and the services it is requesting to perform are essential but not easy tasks to complete in that, firstly, a Financial Institution needs to determine whether a TPP is who it claims to be. This is done by having real-time access to the 70+ Qualified Trust Service Providers (QTSPs) who can issue PSD2 eIDAS certificates. These eIDAS certificates contain the requisite information on a TPP’s identity and are used to secure communications between Financial Institutions and TPPs. They also digitally seal messages, ensuring the integrity of the concept and proof of origin.
However, an eIDAS certificate can have up to a two-year validity period. During this time, changes may have been made to a TPP’s regulatory authorisation status by its Home National Competent Authority (NCA). This introduces significant risk to the Financial Institution’s decision process.
eIDAS certificates also do not contain information on the countries a TPP is authorised to provide their products and services into under passporting rules. This information is held on the TPP’s Home NCA Credit Institution and Payment Service Provider (PSP) registers. Between them, the 31 NCAs maintain over 115 databases and registers. Checking them at the time of a transaction request is paramount to prevent fraudulent TPPs from slipping through the net.
According to the Konsentus Q4 2020 TPP tracker, every country in the EEA had at least 75 TPPs who could provide open banking services. These may not all be Home regulated TPPs. Take, for instance, Germany, who had 35 Home Regulated TPPs in December 2020 but an additional 112 TPPs who could passport in their services. To do the requisite due diligence on all these TPPs would require having online access to all the databases and registers hosted by the NCAs regulating these TPPs. This means connecting to the 31 NCAs and interrogating over 115 separate registers in real-time, in addition to connecting with all the QTSPs who issue PSD2 eIDAS certificates.
When a Financial Institution is presented with an eIDAS certificate by a TPP, if a real-time online connection can be made to all the legal sources of record, the Financial Institution can make an instant informed risk management decision on whether, or not, to give the TPP access. All this can be done behind the scenes without the end user even being aware of what is happening.
As volumes look to dramatically increase over the next few years fraudulent and other sorts of attacks are bound to increase. Financial institutions are going to face increasing challenges around protecting end users’ data, ensuring access is only given to those with the appropriate authorisations and permissions. A very real risk for them is the reputational one; after all, end users may not be that good at separating a reputational issue around open banking from broader issues around their banking relationship.
For Financial Institutions, maintaining trust in their brands is going to be crucial going forward, but the risks are going to increase if they have not locked down who can access end user account data and funds.
Article | March 2, 2020
From stock market swings and billions wiped off of the airlines, hotels, transportation revenues to drug, soap or iPhone replacement shortages – the coronavirus outbreak is taking its toll on many business aspects of life. Euler Hermes calls this a "quarantined trade". The company's analysts estimated that Covid-19 costs $320bn of trade losses every quarter. But what about fintech? It’s not immune to the virus either. As the side effects of Covid-19 will be unfolding in the weeks to come, we’ll see some fintech or finance companies taking hits. But other companies or solutions will be gaining traction.
Article | March 2, 2020
The axing of third-party cookies by Google and the other major browser companies will require a major readjustment by financial services organisations.
The decision, coming fully into force next year, will effectively choke off the data that has enabled personalisation, optimised website interactions and driven much internet advertising. It is no comfort that the browser companies have acted because of fears about infringement of privacy and data protection legislation such as the EU’s GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act) in California.
The move will affect how UK financial services organisations interact with millions of people. More than three-quarters of Britons now use online banking and 14 million use digital-only banks, expecting a slick, light-touch interaction. So it appears that just as many people go digital, financial services organisations will no longer have access to information they need for personalisation, being unable to track where customers go on the internet after they have visited a bank’s website. All that data about individuals’ habits and preferences will be unavailable.
It seems catastrophic, but in reality, it is not. Financial organisations have a new opportunity to radically improve how they interact with web visitors and customers. AI-powered behavioural analytics offer far superior, real-time capabilities, using the data from the first-party cookies on their own website domains and where available, data from customers’ transaction histories.
The result is a solution that is faster, more accurate and responsive than conventional technology relying on cookie data owned and stored by third-party organisations. Instead of relying on such data for relatively rigid profiling and personalisation, behavioural analytics enables real-time interactions based on a more dynamic picture of how an individual’s requirements are changing.
The technology analyses all the browsing characteristics including time on site, speed of movement and page views, as well as more obvious features such as interest in specific products. Historical data added to the analysis includes what customers did on previous visits and the interval between those visits, establishing patterns where possible.
The flexible advantages of behavioural analytics hubs in financial services
Segmentation allows a bank to identify customers as soon as they arrive on its site, according to whether they are a new or existing customer. Their behaviour then indicates what they want. Knowing what customers are interested in is important. Customers visit financial services websites for a host of reasons – from seeking information, to opening accounts, exploring loans and mortgage offers, making or setting up new payments. They may also want advice about investments and savings, pensions or small business finance. Almost all of these requirements involve quite complex mental processes which financial organisations can influence while consumers are on their sites.
Collecting the data is not difficult – the skill is in making it actionable in an effective way, replicating the ability of a perceptive employee to read a customer’s state of mind. Banks can do this by setting up a behavioural analytics hub to understand what a customer’s behaviour means and how it can be optimised.
Using customised parameters, the hub will, for instance, trigger a screen notification that prompts the web visitor to fill in a form requesting an appointment. In the case of existing customers, the technology can correlate health insurance offers with spending on fitness, and, in general, savings and investment recommendations can be tailored to the client’s concerns or goals as revealed by their navigation of a bank’s website or mobile app.
Banks can set up analytics to see when consumers are behaving in a way that indicates they about to leave the website, allowing them to intervene with a notification that could include an offer. This provides a positive outcome and avoids the blanket use of offers that undermines profitability.
It is a more sophisticated and personalised approach that avoids annoying pop-ups or recommendations that fail to match individual preferences. As part of a single AI-powered segmentation platform, the technology enables banks to personalise marketing content in SMS messages and emails sent to consumers (who consent), which deliver far better results through precise targeting.
Solutions for last-mile interaction in the open banking era
The single platform approach also has another major advantage. It is much easier to implement and far more efficient and streamlined compared with separate solutions for different parts of the customer journey.
The benefits of using AI-powered segmentation solutions should be part of the financial sector’s broader strategy to transform its systems for the open banking era as we approach the end of third-party cookies. For established banks, the reality for some time has been that complexity of systems has undermined their ability to deliver a high-quality last mile. This they can now address without huge disruption or investment.
The alternative is for financial services organisations to become lost on an ocean of data, losing track of customers. Behavioural analytics will bring banks new insights into customers that surpass third-party cookie data, being actionable and accurate and in real time. To provide a streamlined and profitable experience for themselves and their millions of customers, banks must now employ the latest advances in AI-powered behavioural analytics.