Changing consumer payments
The consumer payments market is being irreversibly disrupted. There has been a fundamental change in the way we can pay for goods and services around the world.
The pace of this change has increased rapidly, and it is an increase that history shows us is set to continue. In 3000 BC, our primary payment method was grain. It took two thousand years for us to find a better way and start paying with crude metal coins. More recently, in the ‘20s when the charge card was introduced, it took another 30 years before the credit card was first used. The time between these change events is shrinking fast. It only took Apple three years to launch Apple Pay after Google gave us the first digital wallet – just one tenth of the time between the charge card and the credit card (Figure 2).
Increasing customer expectations and innovations in technology mean that we will see more frequent changes to the way we can pay. And as consumers, we know it. A recent survey found that 70% of the first tech-savvy generation believes that the way we make payments will be radically different in five years’ time. Over the past four years the volume of mobile payments has already increased by over 60%, while non-banks have increased their share of financial transactions by 85%. The UK is a relatively mature payments market and we are already seeing the impacts of these changes on traditional payment methods (Figure 1).
So, what does this mean for the big institutions? We all know that payments are an integral part of our everyday life, so any big change in the way we choose to pay will challenge their core business models. This applies to retailers, banks, card associations and regulators. They must effectively and quickly change in order to remain relevant to customers, and keep their business alive.
Over the following pages, we identify some of the innovations in payments that are already impacting traditional industry models and assess the implications.
We take an in-depth look at Apple Pay and how it is on the cusp of setting the next big wave of disruption in motion.
Figure 1: Trends in the UK Payments market, 2010-14
Figure 2: The development of payments
21st Century payments
From evolution to innovation
The early 2000s delivered a number of changes in the way that we make payments – from the growth of Chip and PIN (EMV) card payments, to real time payments processing and being able to ‘pay by app’ without any need for our wallets (Figure 3).
All these changes were an extension of existing payment mechanisms, driven by large organisations, but they certainly did not disrupt the payments market. Instead, they helped it to evolve from a paper and plastic market to one that enabled fast, easy and secure e-payments.
Real disruption and innovation is driven by startups who have the scale and structure to remain agile and capitalise on opportunities as they arise. Large companies are tied to traditional structures and hierarchies and find this difficult to emulate. This is what we are seeing in the consumer payments market today – smaller, non-traditional players such as Powa and Poynt are disrupting the consumer payments markets with new offerings.
We have identified four key areas set to transform the consumer payments market as shown on the next page.
- ONLINE PAYMENTS
Established in 1998, PayPal was one of the first disruptive forces in consumer payments. Today, they process nearly 10 million payments per day and by enabling quick, easy and secure payments, they are shifting consumer attitudes to online payment.
More than that, PayPal has begun to irreversibly alter our reliance on traditional financial services providers and payments processors. With a quarter of people expecting that they are “likely” to bank with an alternative digital payment service instead of a large bank within the next two years, this is clearly set to continue.
- DIGITAL CURRENCIES
More recently, digital currencies such as Bitcoin have begun to disrupt the consumer payments market. We believe that digital currencies will have an important role to play in payments, even if that role is not yet clearly defined.
Just five years ago, many of us had not even heard of digital currency. Yet, on ‘Black Friday’ (2014), Bitcoin was the ninth most popular payment method and we spent the equivalent of $152 million in Bitcoin. It is also now accepted at 75,000 merchants worldwide – no mean feat.
- OMNI-CHANNEL PAYMENT SYSTEMS
Some of the most exciting and powerful disruptions have come from digital and omni-channel payment systems. Powa is a good example of a British startup that is disrupting the market – it is now valued at £1.6 billion.
Major UK retailers like Argos have signed up to use their technology, which embeds a digitally encoded signal (a ‘tag’) in advertisements. This means as shoppers, we can bypass the need to search online for an item or enter our card and address details each time we make a purchase. Technologies such as Powa and Poynt aim to improve the customer experience and help increase sales as a result.
- DIGITAL WALLETS
Google was one of the first to launch a digital wallet and over the last three years, we have seen the widespread emergence of others. Since the initial hype however, Google have retired some of their digital wallet offering as they failed to obtain support from banks and retailers. On top of that, customer fears around data security and information demands hindered any real consumer interest.
Despite this, rivals see the opportunity and are introducing their own services. These include MBNA (UK card issuer launching a digital wallet) and of course Apple, who have recently launched Apple Pay – a digital wallet that addresses many of the challenges experienced by Google. At the launch, they claimed that banks representing 90% of credit card volume had signed up to Apple Pay in the US14. Apple is clearly poised to play a key role in the global payments market of the future…
Set to win the wallets of consumers
So what is different about Apple? Why should they succeed in changing the way consumers can pay where others have failed?
Steve Jobs and Steve Wosniak founded Apple Computer in Cupertino, California in 1977. Their first product was the Apple I computer and even though they only sold 200 units, it established their reputation for great design and innovation. To reflect their wider focus on consumer electronics, including the now iconic iPod, iPhone and iPad, the company dropped the word ‘computer’ from its name in 2007.
Today, Apple is a multinational company with annual sales of over $180 billion, and was valued at more than $700 billion in November 2014 – more than the combined value of IBM, Google and Amazon. In January 2015 they reported a quarterly net profit of $18 billion – the biggest ever made by a public company. Apple is also sitting on a cash pile of $142 billion – more than twice what the entire US Treasury had available in early 201416, 17. This is most definitely a company with the financial resources available to disrupt the consumer payments market.
It also has the reputation. Apple has a track record of disrupting markets – just ask anyone in the music business. Before Apple launched the iPod in 2001 and iTunes in 2003, CD music sales in the US were worth over US$13 billion per year. Thirteen years later this had shrunk by nearly 84% to around $2 billion. In contrast, iTunes sales (which include music revenue) have increased from under $400 million in 2004 to over $18 billion in 2013.
APPLE PAY = PAY APPLE
With a focus on getting the design right in terms of customer experience, security and the business model, Apple is now poised to change the way payments are made both in-store and online. Using the technology embedded in its latest devices, Apple has designed an easy to use approach that is secure (original credit card details are never sent to complete a transaction), anonymous, and does not immediately threaten the revenue of banks and card associations such as Visa and MasterCard.
It also does not cost any more for retailers or consumers. In Apple’s own words: “Apple Pay lets you use iPhone and Apple Watch to pay in stores and apps in an easy, secure, and private way.”
One of the most impressive things about the ApplePay business model is that it is not upsetting the traditional payment industry. Instead of taking the Google Wallet and PayPal approach and competing with the industry head on, they have negotiated deals that include the largest card associations (including Visa, MasterCard and American Express), some of the biggest card issuers in the US, and many significant retailers. Their business model, which has the support of traditional market participants, will enable them to achieve real market penetration and change the way consumer payments are made. By the end of 2014, Apple had already signed up banks and retailers that represented over 90% of US credit card volume.
Whilst details of the negotiations and deals with banks and card associations remain under wraps, it is understood that Apple has agreed a business model where they can make up to 0.15% of the value of every transaction. To put that into context: in the UK, cards are used in three out of every four transactions and card spending now exceeds £0.5 trillion every year. If Apple Pay were to underpin just 10% of those transactions, this could be worth £75m of new revenue in the UK geography alone. Expanded globally, it could be worth billions in additional revenue to Apple.
Where is the money coming from for this new revenue stream? Details of the deal that Apple has negotiated remain confidential, but it is apparent that consumers and retailers will not pay any more to use Apple Pay in comparison to other NFC payments. But it does mean that banks and card companies will be handing over a share of their revenue to Apple.
This makes sense because it is the banks and card companies that generate card payment revenues. They can afford to give up some of their revenue as they will enjoy a reduced cost of card fraud under the more secure Apple Pay system. This should be a win-win for all concerned.
But, how does Apple Pay ensure security? Two ways: a user must confirm their identity using the touch-ID fingerprint scanner; and credit card numbers are never shared or transmitted – each transaction uses a one-time transaction identity instead of the card details themselves.
The real question concerns Apple’s long-term strategy. Right now they are working in partnership with banks and card companies. Although the Apple Pay approach is innovative, one can definitely argue it is not disruptive.
But what will happen in the future? If Apple becomes established as a trusted brand for payments, the negotiation power will shift away from banks and card companies. Apple could demand a higher proportion of revenue, or even become a more independent payment provider.
Now that would be disruptive.
Challenging traditional models
While the question remains open as to whether Apple will win the battle for the digital wallet, or whether digital currencies will become the norm, one thing is clear. Innovation and disruption within the consumer payments market will continue at pace, and traditional cash and plastic payment methods will become less and less relevant in our digital world. This will have profound implications not just on consumers, but on retailers, banks, card associations and regulators.
Payments innovation is on the rise
Is your business ready?
The financial and retail markets have been irrevocably disrupted by payments innovation since the turn of the millennium. Over the past few years, the pace of this disruption has been increasing, driven by nontraditional payment providers.
We have witnessed significant investment in new innovation. For example London, a major global financial hub, has attracted $539 million in financial technology investment in 2014 – triple the investment of the previous year.
This investment will increase levels of innovation and choice in the way consumers make payments.
While we can debate which innovations will emerge victorious over the next few years, what is clear is that there are real and credible disruptors such as Apple who have the financial means, proven track record and industry backing to be very real contenders.
Retailers, banks and card associations must continue to invest in and promote payment innovation to remain relevant to consumers and attract their business. We suggest four key actions that organisations must consider to remain competitive:
Consumer payments will be radically different in five years.
Will your business be ready? Or will it get left behind?
What does cybersecurity look like for the financial sector in 2021?
By Neill Lawson-Smith, managing director at CIS
The landscape is changing incredibly fast, with cybercriminals using the most up-to-date technology to hack systems. Here are the six areas those in finance should be watching out for…
The finance and insurance sector is increasingly becoming a notable target for cyber attacks. Many of these breaches happening are believed to be due to inadequate security measures when teams or businesses are using cloud services.
The financial industry is also being affected by changes in processes with more fintech, virtual banks, and other digital disruptors impacting the market. The landscape is changing incredibly fast, with cybercriminals using the most up-to-date technology to hack systems, so it is therefore up to the financial sector to keep up to avoid security breaches.
What does this look like for the year ahead in the financial sector? Here are the Six areas those in finance should be watching out for:
- AI securityand cyber defence
Both Cybercriminals and cyber defence are commonly using Artificial Intelligence (AI). In cybersecurity, it is used to identify new threats, as well as assess the effectiveness of the responses to threats, enabling them to foresee and essentially block attacks before they happen. It is also used to spot behavioural patterns and can quickly identify possible infiltrations.
Hackers have also started to use AI to make it easier for them to get past security systems in place. This year, it is likely that AI will be increasingly used as a means of gaining personal details (i.e. credit card details) as well as optimising spam phishing campaigns.
- Mobile cybersecurity in banking
With the number of consumers using their mobile devices for banking and financial transactions increasing, especially since the COVID-19 pandemic has rendered society predominantly cashless, cybercriminals have been heavily targeting mobile systems. For example, mobile malware only targets mobile phone operating systems. The most common forms of mobile malware are virus and trojans, spyware and madware (mobile adware), phishing campaigns, and browser exploits.
This means it is now more important than ever to protect mobile devices to the same extent as traditional hardware.
The same protocols that are in place to ensure your staff PCs and laptops are secure now, need to also be applied to their mobile devices as well, such as:
- Ensuring the latest versions of the operating system and other applications are installed.
- Installing a firewall.
- Enabling mobile security software to protect against malware and viruses.
- Using password protected lock screens.
- Ensuring apps are only downloaded from official sites like Apple App store and Google Play.
- Multi-factor authentication
Multi-factor authentication adds an extra layer of security to all your business networks by ensuring every transaction or login is supported by at least two security measures for access. It is one of the easiest security measures to implement within your business and is becoming more common within the financial sector for many transactions. The traditional username and password are becoming increasingly easy for cybercriminals to acquire, whereas adding an extra identification method, that is not easily accessible to the hackers, ensures an extra layer of protection.
The most commonly used multi-factor authentication methods are:
- Passwords – They should be complex and comprise at least eight characters and be a combination of upper- and lower-case letters, numbers, and special characters.
- One-time use code – A randomly generated code sent via SMS or email which is used only once. With weaknesses in mobile networks and email accounts, these can however be intercepted by hackers.
- App generated codes – a code generated by an app on a mobile phone often created by scanning a QR code that contains a ‘key’. As the key is stored on the phone itself this is less likely to be intercepted by a third party.
- Physical authentication keys – this is a USB which the user inserts every time they login from a new computer. Unfortunately, they don’t work on all devices without adapters (such as iPhone, MacBook or Android).
- Biometrics – Using a fingerprint, voice, or an eye dent is an effective identifier. They are extremely difficult to hack but if they are, they cannot be used ever again for anything.
- Information – this could be something that only the user would know – either a password or a piece of information.
Most of these methods are free or relatively cheap to implement and don’t require anything other than a mobile phone for the user. The added security of multi-factor authentication means even if a hacker has acquired a username/password combination there is still an extra security barrier preventing access.
- Refined testing
As the finance industry is constantly changing, then so too are the security threats. Financial cybersecurity is an ongoing commitment, so installing new anti-virus software and implementing MFA, and stopping there is not going to keep you protected for long. It requires ensuring software and firewalls are up to date as well as ensuring access is regularly updated. In addition to this constant maintenance regular testing of the systems is essential. All systems have vulnerabilities, and as these change, cybercriminals learn to overcome them, and therefore software develops.
One thing to remember is that it is not possible to be over-cautious when it comes to cybersecurity. Regular penetration testing essentially identifies any weaknesses in your systems before the cyber criminals do. It is essential to schedule penetration testing or vulnerability scans at least once a quarter unless compliance dictates otherwise. They can be carried out using a vulnerability scanner.
- Hiring the right people
It is crucial to have the right team on hand to ensure your systems are up to date, regularly tested and maintained is essential.
Your IT team should have the following skills and knowledge:
- Knowledge and understanding of the company’s IT infrastructure
- Knowledge of cybersecurity best practices
- Understanding of company processes and data flows
- Up to date knowledge of cybersecurity solutions
- Plan a Defence, Prepare for Attack…
Although businesses can take many precautions, there are limitations on skills, investment and timescales in implementing a comprehensive cybersecurity infrastructure, it is essential that appropriate procedures, policies and processes are established to ensure that an appropriate response is carried out in the event of a detection – whether manual or ideally automated – so that whenever an attack occurs, the appropriate and proportionate response is carried out immediately to limit any further damage or intrusion.
Data protection: it’s time to reassess your security strategy
By Tony Pepper, CEO of Egress
It’s no secret that the Covid-19 pandemic has created a perfect storm of cybersecurity risk. External threats are heightened, but there’s also a higher level of internal risk too, exacerbated by home working. With most financial services organisations planning to continue with mass remote working for the foreseeable future, it’s important for security teams to review their strategy and assess whether it still works in this new landscape. When it comes to insider threat, there are three key areas that IT leaders should focus on: building a positive culture around security, understanding their organisation’s level of risk and protecting their people.
- Build a security-positive culture
Many organisations have unknowingly instilled a security-negative culture among their employees, where people are punished or shamed if they cause a security incident. While they might think that this would discourage employees from causing data breaches for fear of repercussions, this actually makes your organisation less secure. Our Outbound Email Security Report found that 62% of organisations rely on their people to report email data breach incidents – and if employees are too afraid to come forward, that means your business is at risk of developing a security blind spot.
A security negative culture won’t actually prevent data breaches caused by human error, something which organisations need to recognize as largely unavoidable without technological intervention; it just delays remediation, which makes every incident worse. By creating a security-positive culture, you can better engage and educate employees, as well as ensure you’re able to rapidly triage any incidents if they occur.
- Understand your risk
When mapping out your risk, you’ll likely find that the picture looks very different to how it did even a year ago. In the past, organisations have focused on their networks and their devices when it came to security strategy. While these are vital areas for consideration, what hasn’t been as well-addressed to date is the human aspect of risk, particularly human error. You need to look closely at the tools that your employees are using daily to facilitate digital communication with clients and colleagues, including when sending sensitive information.
Employees are specifically using email more than ever before – our recent research found that 94% of organisations are sending more emails due to Covid-19, with one-in-two IT leaders reporting an increase of more than 50%. With this expansion of email volumes comes an increase in the risk that an email containing sensitive data might be misdirected. Remote working has also heightened the threat – our research found that 35% of organisations’ serious email data breaches were caused by remote working. Why? The causes lie in their behavior and the environments in which they operate. Some individuals may feel they’re able to take more risks away from the “watchful eyes” of their Security team, and every employee is faced with a myriad of distractions that make them more likely to make a mistake.
It’s time for organisations to take stock of their risk by looking at where gaps in their security might exist – and provide safety nets for their employees that can automatically detect and mitigate inadvertent data breaches and risky behaviour.
- Protect your people
It goes without saying that not all data breaches are caused by malicious activity. An overwhelming amount of data breaches are caused by hardworking employees making honest mistakes, from sending an email to the wrong person to responding to a phishing attack. Unfortunately, human error is an unavoidable part of life, and mistakes will happen. In the past, many organisations have taken the approach that employee error can be ‘trained away’, embarking on comprehensive security training programs in the hope that security incidents might decrease.
Unfortunately, if that were the case, then employee activated data breaches would be a thing of the past! Organisations need to employ a multifaceted approach when it comes to avoiding accidental insider data breaches – education and training remain an important element, but ultimately businesses need to implement the right technology to provide a safety net for their people. Many organisations have legacy DLP solutions in place that cannot mitigate the risk as they fail to fully understand employees’ behaviour.
Often, these tools stand in the way of productivity, prompting users even when there isn’t a legitimate risk. When click fatigue sets in, these solutions become ineffective, with users ignoring prompts whenever they appear. Luckily, advances in machine learning mean that there’s technology available to prevent insider data breaches such as misdirected email, by deeply understanding the way that users behave and the context in which they share data, to ensure emails are sent to the right recipients with the right level of security.
The vast majority of organizations will never go back to every employee working full time within the office environment, instead post-pandemic we will see a myriad of different approaches – with some based in the office, while others work at home part or full-time, and as the world opens up again, their locations may change throughout the day. To mitigate risks from inadvertent errors to intentional data exfiltration, CISOs must address their security culture and protect their human layer with intelligent controls that mitigate employees’ behaviors and stop breaches before they happen.
Sumitomo Life Insurance Selects Talend to Build Company’s Data Infrastructure
Leading life insurer uses Talend in data lake environment for data analytics
Talend (NASDAQ: TLND), a global leader in data integration and data integrity, announced today that Sumitomo Life Insurance Company, one of the Japan’s leading life insurance companies, has selected Talend Data Fabric for its data analytics infrastructure.
Sumitomo Life aims to become the most trusted and supported company by its stakeholders, including its customers, and to grow sustainably and stably. Sumitomo Life’s vision is to offer advanced products to enable customers to live vigorously. To respond to that, the company is developing and delivering cutting-edge products that respond to its customers’ current and expected futures needs in areas focusing on nursing care, medical insurance and retirement planning.
“With the trust from our customers as the starting point of all our activities, Sumitomo Life is providing optimal life insurance services to every person through the sound management of the insurance business,” said Mr. Masakazu Ohta, General Manager in Charge of Information System Department at Sumitomo Life. “As a new approach, it was necessary to build a common foundation for big data management, and Talend is the driver. Talend’s superiority in cloud implementation, development productivity, features, and licensing model convinced us to be part of this journey together.”
To meet the needs of its customers and offer them innovative products and services, Sumitomo Life has decided to build a foundation for data analysis (Sumisei Data Platform) in the cloud for the promotion of new insurance products. The company evolved its legacy data environment to the new environment where they can store the data extracted from various systems both on-premises and effectively in the cloud.
In order to meet the needs of each individual customer and provide the best insurance for them, Sumitomo Life uses Talend Data Fabric as the hub of its data infrastructure. This manages data across the organization and integrates data into a data lake, which makes them able to utilize data across the company.
“We have been able to release projects with the continuous support of Talend, even amid the changing business environment in the Covid-19 crisis. We will continue to collaborate with Talend in order to actively promote company-wide data analysis projects,” added Mr. Ohta.
“The insurance market is one of the most competitive sectors. By facing tight regulations and complex customer needs, companies must be at the forefront of innovation to offer even more services and new products to its customers,” said Kenji Tsunoda, Country Manager Japan, at Talend. “Talend helped Sumitomo Life reinvent its data-driven infrastructure to provide a data management platform that enables the development of advanced products for its customers. We are delighted to support Sumitomo Life in the pursuit of their vision.”
Former Bank of England Governor Carney joins board of digital payments company Stripe
By Kanishka Singh (Reuters) – Mark Carney, former head of the UK and Canadian central banks, has joined the board...
Airbus CEO urges trade war ceasefire, easing of COVID travel bans
By Tim Hepher PARIS (Reuters) – The head of European planemaker Airbus called on Saturday for a “ceasefire” in a...
Why a predictable cold snap crippled the Texas power grid
By Tim McLaughlin and Stephanie Kelly (Reuters) – As Texans cranked up their heaters early Monday to combat plunging temperatures,...
UK could declare Brexit ‘water wars’ – The Telegraph
(Reuters) – Britain could restrict imports of European mineral water and several food products under retaliatory measures being considered by...
Commerzbank to lose 1.7 million clients by 2024 – Welt am Sonntag
FRANKFURT (Reuters) – Commerzbank expects to lose 1.7 million customers by 2024 as part of its current restructuring, resulting in...
Bitcoin and ethereum prices ‘seem high,’ says Musk
(Reuters) – Billionaire CEO Elon Musk said on Saturday the price of bitcoin and ethereum seemed high, at a time...
Sunak to raise business tax to pay for COVID-19 support – The Sunday Times
(Reuters) – British finance minister Rishi Sunak is set to increase a tax on business to pay for an extension...
FTSE Russell to include 11 stocks from China’s STAR Market in global benchmarks
SHANGHAI (Reuters) – Index provider FTSE Russell will add 11 stocks from China’s STAR Market to its global benchmarks, according...
Foxconn chairman says expects “limited impact” from chip shortage on clients
TAIPEI (Reuters) – The chairman of Apple Inc supplier Foxconn said on Saturday he expects his company and its clients...
Bitcoin, ether hit fresh highs
SINGAPORE (Reuters) – Bitcoin hit a fresh high in Asian trading on Saturday, extending a two-month rally that saw its...