Banks and PSPs are rethinking strategies to defend against fraud and new competition.
The banking landscape has changed. Between 2014 and 2015, consumer log-ins to internet banking increased by 10%, while there was 6% decline in branch transactions. The revised Payment Services Directive (PSD2) is bringing about significant modifications to the payments landscape and it will affect all players and ultimately improve user experience without exception.
The new regulation issued by the European Commission has high expectations. It aims to put the customer and their security at the centre of the electronic payments process. However, many financial institutions will need to invest heavily in system and process upgrades to be able to adhere to this modernised approach.
In a 2015 press release, Commissioner Jonathan Hill, responsible for Financial Stability, Financial Services and Capital Markets Union, said: “European consumers want to know that their payments are safe when they shop or make a payment online. The new Payment Services Directive will ensure that electronic payments in Europe become more secure and more convenient for European shoppers. This legislation is a step towards a digital single market; it will benefit consumers and businesses, and help the economy grow.”
Legacy technology and practises mean that for many, a huge investment is required to make the necessary upgrades, risking existing revenue streams and brand reputation. In addition, traditional financial institutions are further exposed to the threat of the new competitors less hindered by existing technology.
For newer market entrants, with less cumbersome systems, PSD2 presents an opportunity to gain more ground on less nimble traditional players. For the larger financial institutions, turning to the fast moving technology vendor community for support, will enable them to react more quickly, bringing legacy systems up to speed.
Technology partnerships instantly can help close the generation gap for many financial institutions, with zero disruption to day-to-day activities. A smooth identity verification (ID&V) process is an essential part of successful customer interaction online and PSD2 recognises and promotes this. The ID&V process should take place in a manner that inspires trust with minimal consumer disruption.
As most ID&V processes rely on the compliance of the consumer it is vital not to overlook the importance of ease and familiarity in the process. New processes in response to PSD2 need to be future-proof and be combined easily with other authentication technologies like biometrics.
The directive aims to bring faster and easier transactions and increased security. It widens consumer choice and lowers transaction fees. In addition to encouraging slicker and more secure consumer experiences, PSD2 has another extremely worthy cause – opening up the complex European market.
PSD2 introduces Access-to-Accounts, which gives Third Party Providers (TPPs), direct access to consumers’ accounts. This also means that consumers’ card details don’t need to be shared online when making purchases.
Banks will have to give TPPs direct access to consumer accounts and need to get to grips with APIs. They will also need to ensure that they have the appropriate security measures in place to prevent fraud and also to respect consumer confidentiality. 88% of banks agree that security and data protection is a big concern with PSD2.
In a recent survey, 88% of banks see the challenge of overcoming their legacy systems, and the high cost of implementation as a barrier against their digitization. Banks also face a technological challenge, a question of performance. Only 14% of banks were confident that on ‘day one’ they would have APIs in place to support open access. But banks don’t need to tackle these challenges alone. For example, a customisable, modular client-hosted platform or SaaS solution, which allows consumers to verify themselves via recognisable and friendly interfaces, could be installed rapidly without the need to change these legacy systems by myPINpad.
As well as the technical challenge, there is also a challenge in thinking to be faced. PSD2 will put consumers back at the heart of personal banking, where they belong. The digital revolution has put power of choice in the hands of consumers. Banks will need to recognise this and react to it.
PSD2 intends to standardise security across a changing landscape, improve consumer security and incorporate emerging payment technologies into the existing standard. However, as a recent Finextra report highlights, this presents a major challenge for long standing banks and PSPs.
PSD2 should not be viewed as a hindrance or even a threat by banks. It should, instead, be viewed as a huge opportunity to rethink, reshape and renew.
It provides a foundation and framework for having a customer centric focus. In the immediate aftermath of the banking crises of the last decade, commentators, analysts and regulators all agreed that banks had to start putting customers first.
The extent to which this has happened is a debate that will no doubt continue to happen throughout the introductory years. But PSD2, if embraced, can show the roadmap towards this if banks are ready to follow some key advice:
- Strategise and introduce new services – Banks will have the opportunity to expand their services and become TPPs themselves. There is an opportunity for them to create new business.
- Put customers truly at the heart of the proposition. Challenger banks are producing customer-centric products and services and are winning business. So every step of the customer experience, from applying for new products and accounts to authenticating themselves to accessing their account must have customer needs and desires at their core.
- Increase consumer protection and take a collaborative approach – prepare IT departments and partner with knowledgeable solution providers that will strengthen security levels required and understand banks’ needs and legacy systems.
The future of banking is at a cross-roads and initiatives such as PSD2, and its focus on choice and a level playing field, gives the opportunity for banks to provide the next generation of banking for the millennial customer. Companies such as myPINpad are well placed to help banks rise to the challenge by providing innovative solutions rapidly and without the need to change current infrastructure.
Metro Bank expects defaults to rise as COVID-19 support measures fade out
(Reuters) – Metro Bank posted a much bigger annual loss on Wednesday and said it expects defaults to rise through the year in line with its provisions as government support measures set in place due to the COVID-19 crisis are wound down.
The mid-sized company, part of a breed of challenger banks set up to take on the dominance of bigger and more conventional lenders in Britain, said underlying pretax loss was 271.8 million pounds ($385.58 million) for the 12 months ended Dec. 31 compared to 11.7 million pounds a year earlier.
“The pandemic has clearly impacted performance, leading to significant expected credit losses, but our transformation strategy is firmly on track and we have accelerated initiatives to shift our asset mix, bringing higher yield and improving net interest margin, as evidenced in the second half,” Chief Executive Officer Daniel Frumkin said.
Metro, which relieved some of the pressure on its capital levels last year by selling one of its portfolios to NatWest, estimated impact from the coronavirus pandemic to be 124 million pounds.
The bank, whose net interest margin fell to 1.22% from 1.51% in a low interest rate environment, said provisions to cover loan losses amounted to 126.7 million pounds at 2020-end, compared with 11.7 million pounds a year earlier.
The company said the increase in expected credit losses was driven by deteriorating macro-economic scenarios that have increased the probability of defaults.
($1 = 0.7049 pounds)
(Reporting by Muvija M in Bengaluru; Editing by Vinay Dwivedi)
As We Get Back to the Future of Work, Banks Must Embrace WhatsApp
By Shaun Hurst, Technical Director, Smarsh
If you had told me a year ago that the world’s major financial services companies would all be operating almost entirely with a remote workforce, I would have broken out in a cold sweat.
Straight away my mind would have jumped to the severity of the compliance issues that such a move would involve. Then I’d worry about the magnitude of the investment that banks would need to make in innovative collaboration tools – a move they had put off for so long. For nights on end, I would have tossed and turned thinking about the creaking legacy archives so many banks still held onto, already struggling to keep pace with the exponential rise in data flowing in and out of modern businesses every nano-second.
What a difference a year makes.
Coming in to 2021, banks are light years ahead of where they were at the turn of the decade. The vast majority have implemented the technology they need to enable their workforce to compliantly use the collaboration tools. Most have either moved their archives to the public cloud or have seriously sped up their plans to do so. And the ‘Future of Work’ is no longer a buzz word. It is now a reality. We will never go back to a situation where employees are only able to work in a physical office.
But there is work still to be done. There is a valuable lesson that banks need to learn from 2020: embrace technology, do not fear it. Fear of compliance issues was one of the main reasons that so many had put off fully adopting the collaboration tools that are now the lifeblood of their businesses. What they need to do now is expand their newfound wisdom and embrace all communications platforms that enable employees to stay connected and work effectively, wherever they are.
WhatsApp and Financial Services Regulations
This is most evident with WhatsApp. Many people working in the financial services industry already know that the end-to-end encryption messaging tool is ubiquitous and widely used to keep in touch with colleagues, clients, and contacts. But while company policies largely prohibit the use of WhatsApp, financial regulators have stayed away from an outright ban. Instead, they have issued guidance requiring companies to ensure that the instant messaging tools used by their employees are supervised and in compliance with already existing record-keeping rules such as MiFID II.
In 2019, the FCA stated that firms need to “take reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the firm is unable to record or copy.” Similarly, the SEC issued guidance in late 2018 reminding companies of their responsibility to monitor electronic messaging and encouraged them to “stay abreast of evolving technology.”
Ensuring that these guidelines are adhered to has been complicated by the fact that many companies have brought in outright or partial bans on unmonitored instant messaging tools, while also adopting bring-your-own-device (BYOD) policies. Largely implemented to cut costs, these BYOD policies mean businesses are now less able to police which communications apps and platforms their employees are using. This means that they have now lost the oversight they need to ensure that employees are adhering to the bans.
Despite a mountain of anecdotal and judicial evidence that employees in the financial services industry have turned to WhatsApp even more since the outbreak of the pandemic, banks are still failing to adopt the compliance tools they need to ensure their employees are acting legally.
Legal Issues with WhatsApp
In 2020, there were several legal and disciplinary cases that centred upon the misuse of WhatsApp within banks.
In April, Bloomberg reported that a dozen traders at one investment bank were punished for using WhatsApp at work – one was fired and the others had their bonuses cut. In October, two senior executives working in the commodity sector quit after accusations that they had broken their company’s rules on instant messaging platforms.
While one banker was acquitted over a legal case with the FCA in which he was accused of purposefully obstructing an investigation by deleting WhatsApp messages, the UK regulator stated it would ‘take action whenever evidence we need is tampered with or destroyed.’ A clear message to banks that they will be expected to provide accurate accounts of any messages sent by their employees over WhatsApp.
The Solution: Capturing and Supervising WhatsApp Communications
The compliance challenges of the increased use of WhatsApp have been widely played out in the financial media in recent years, with multiple firms being handed significant fines due to their communications-monitoring oversights. This doesn’t have to be the case.
As I said before: We will never go back to a situation where employees are only able to work in a physical office. Companies working in regulated industries, and especially financial services companies, must embrace the tools that they know are in wide use by their employees.
Very few banks have introduced the monitoring solutions they would need to adequately manage the use of WhatsApp or other encrypted messaging tools by its employees. But encrypted messaging tools like WhatsApp and WeChat can be captured, monitored, and supervised. Firms simply need to invest in the technology in order to do so.
Two weak links cyber attackers are exploring to breach banks
By Rui Ribeiro, CEO at Jscrambler
The coronavirus pandemic has brought on a lot of changes into modern society, specifically when it comes to digital transformation. If we were already headed into the digital direction pre-pandemic, these unprecedented circumstances have only further accelerated the process. From education to banking, all sectors are going through this digital transformation, providing much-needed safer alternatives to in-person interactions. But how does this new paradigm impact the cybersecurity posture of organisations? How are financial institutions adapting and what do they need to improve?
When it comes to the banking sector, the digital component has become instrumental in the economy. On this note, it was found in a recent survey that 84% of consumers expect banks to actively transform their processes and offer digital services to keep them safe. We have seen large-scale closure of physical banks, and the use of electronic payments is increasing as people make the shift from cash to digital. Due to the circumstances, there has also been a general increase in e-commerce transactions, for example, there was an 81% increase in Italy according to Mckinsey & Co. All these factors are making traditional banks shift to digital banking faster than ever.
Incumbents are embracing the democratization of financial services and launching customer-centric platforms, for example, Santander launching openBank or RBS launching Bó. Not only are we seeing traditional banks shift their processes, but we are also seeing an increase in neobanks. These banks operate exclusively online without traditional physical branch networks as is the case with Revolut, N26, Nubank, and many more. But what does all this rapid growth mean for banks in terms of security?
The Copay example is only one in many incidents that have happened over the years. These cybersecurity incidents are sadly not uncommon, especially when technology advances as fast as it has in the past few years. With this rapid mutation of digital banking solutions, we see malicious strategies also improving fast to try and keep up with the market. Companies need to be aware of this double-edged sword so that they can also focus on improving their security. Having visibility and control over their products is crucial when it comes to ensuring that their web and mobile applications are not being leveraged by attackers to siphon user data.
In conclusion, although the shift to digital transformation is bringing a lot of needed safety for users when it comes to avoiding in-person interactions, users also need protection in the digital space. Because of this, banks are required to consider the possibility of the various online threats and find solutions to keep their users’ data safe. Developing an application fast enough to keep up with other digital banking applications is not enough to provide a good user experience. The key takeaway here is that banks need to take action now and mature their client-side security to prevent breaches and be compliant with regulations. If they are able to successfully manage their client-side security, they can outpace attackers and keep their users safe.
Metro Bank expects defaults to rise as COVID-19 support measures fade out
(Reuters) – Metro Bank posted a much bigger annual loss on Wednesday and said it expects defaults to rise through...
UK’s Sunak could extend stamp duty holiday until June-end – The Times
(Reuters) – British finance minister Rishi Sunak is preparing to extend the stamp duty holiday by three months until the...
As We Get Back to the Future of Work, Banks Must Embrace WhatsApp
By Shaun Hurst, Technical Director, Smarsh If you had told me a year ago that the world’s major financial services...
Lloyds profits fall as it targets wealth push
LONDON (Reuters) – Lloyds Banking Group reported a sharp fall in profits for 2020 but resumed paying a dividend, as...
How to give your investment portfolio a Spring clean
By Alexander Joshi, Behavioural Finance Specialist, Barclays Private Bank Spring is often a time of optimism and change, and in...
ESG – how this new alternative data set delivers competitive edge
By Stef Nielen, Strategic Business Development, Alveo Buy-side financial firms are increasingly looking to tap into alternative data sets, including rapidly...
Exclusive: Ant investor Boyu Capital targets $6 billion for new private equity fund – sources
By Kane Wu HONG KONG (Reuters) – Chinese private equity firm Boyu Capital, an investor in Chinese technology titans including...
Asia markets slide as higher bond yields test tech sector
By Tom Westbrook SINGAPORE (Reuters) – Falling tech stocks in China and Hong Kong pulled Asia’s markets sharply lower on...
The cash-flush amateurs hunting game cards, handbags and art
By Elizabeth Howcroft and Tommy Wilkes LONDON (Reuters) – Stocks, bonds and commodities? Old hat. Once the preserve of the...
GameStop: How events unfolded and the next chapter
By David Morrison, Senior Market Analyst at Trade Nation, GameStop is a bricks and mortar video gaming retailer which launched in...