Thursday, 2 October 2014

Payments Knowledge Forum: the inside track

@TFL
This year's Payments Knowledge Forum (PKF) in London kicked off with the theme that we are moving towards an ever more virtual world. David Smith, Wincor Nixdorf, opened the event with the statement that people are constantly on the move and expect their services to move effortlessly with them.

So how can the payments industry live up to this expectation?
Andrew Vorster, a technology foresight consultant, said that every bank and FI is now weaving digital components into its business. One way is by implementing self-service kiosks and iPads in their physical branches so that customers are able to check accounts online or open a new account easier and faster. This is an example of how the industry is finding ways to blend the physical with the virtual, he said, which is driving the multi-channel approach we have to technology today.

Another theme was how to make your internet banking and particularly your mobile app into more than just a portal for carrying out typical banking transactions.

One presentation was given by eLeader, a Poland-based mobile banking software developer which boasts Bank Zachodni WBK, part of Santander, as a client, as well as other banks in Poland, the Baltic States and the Middle East. Artur Malek, marketing manager at eLeader, pointed to data showing that people trust banks more than most other players to carry out a mobile transaction. The lesson from this is that a mobile banking app is the best place to make purchases, so the eLeader Superwallet offering allows customers to browse for and purchase goods from partner retailers all within the bank's app. In the case of Bank Zachodni WBK, partners include grocery stores which offer home delivery, bus and parking tickets, hotel bookings, charity donations, flower delivery and other gifts. The offering is white labelled and therefore branded by Bank Zachodni WBK and the other customers, and should be a new stream of revenue for a bank as well as improving the general utility of its mobile offering and therefore increasing take-up.

eLeader is in the early stages of looking for customers in the UK banking space and its Superwallet part of a new generation of mobile banking software offerings. The interest to banks in augmenting their channels in this way is that it allows them to push back against efforts by the likes of Apple to aggregate customers' banking in a bank-agnostic mobile wallet or personal finance management platform. If these initiatives succeed, banks may lose some of their brand strength in customers' minds. For example, in using NFC through Apple Pay on an iPhone, one physical link to a bank in the form of a branded plastic card would be weakened. In the end, banks may lose the ability to cross-sell, and may lose leverage over customers in terms of the effect that incentives they can offer may have. Conversely, banks will be able to gather much more data about customers if they can be convinced to do more things through the mobile app. The opposite is true for retailers however, which may prefer customers using their own websites rather than a bank's app, and negotiations between a bank and a retailer would likely reflect this tension.

The adoption of NFC contactless cards was also a hot topic at the forum. Christopher Dawes, head of authorisation services at EFTlab, said there has been slow growth in adoption and where the cards can be used worldwide, but he predicted that 'NFC is going to shoot up' in the next two years. Dawes outlined some of the reasons for using NFC. These were that consumers want to reduce time at point-of-sale (POS); retailers want to reduce the amount of cash that is handled onsite, as it bears down on insurance costs and reconciliation gets easier.

Dawes did, however, point out that the key reason for not adopting NFC is consumer experience. He cited Marks and Spencer (M&S) as an example. The major UK-based retailer has been accused of late (at least twice) for taking the incorrect amount of money from a consumer's contactless card account (see more here and here). Dawes listed a few more complaints including that some consumers claimed that an NFC terminal had taken money from a consumer's account from around ten metres away, but 'the cards are not powerful enough', he emphasised. 'There is still a lot of work that needs to be done to teach consumers exactly how these payments are taken,' he said.

Another problem has been the debacle with the Oyster travel cards in London (LINK). Back in March this year, almost 2000 commuters had to be refunded after the contactless payment systems charged the wrong card. Some commuters even ended up paying for their journey twice, as money was taken from their debit card despite the fact they had paid for a season ticket. Speaking about this issue, Dawes commented that none of these problems have been with the technology. Instead, it's all about 'teaching the consumers and persuading them that they need to slow down, use one card at a time and make the payment happen'.

A number of firms proposed solutions for mobile application security and fraud protection at the event also. 'Memorable questions' which we are all confronted with on a regular basis, either when we forget passwords and need to reset them, or as part of standard login procedures, were generally held up for ridicule at the forum. Talbot Harty, the CEO of DeviceAuthority, pointed out that combining a password with a memorable question does not pass as two-factor authentication, since it relies only on two things you know rather than one thing you have, and one thing you know.

Pixelpin was presented by its founder and COO, Geoff Anderson, as a 'cooler' and image-based alternative to traditional pin or password protection. The customer must remember four points in sequence of a memorable picture. Tranwall was another fraud prevention solution, which allows cardholders to set their own rules in real-time for what types of transactions should be denied. Offering a different take was Biocatch, which relied on mapping users' habits in many different ways to detect irregularities, from the way a user types to whether they are left or right-handed. DeviceAuthority itself recommends the practice of device authentication, meaning that a user would always be aware if someone was trying to log into an account on a device other than his own. This is a technique already used by Halifax, Lloyds, Tesco Bank and others in the UK.

The presentation given by Steven Murdoch, senior research fellow at the University College in London, showed that UK card fraud is on the rise once again. A key attribute of this is card-not-present fraud (such as online banking), he said, which has gone up 22 per cent to £301 million. And although counterfeit and lost and stolen fraud was meant to be prevented by the chip and pin, this too has gone up. The former has risen three per cent to £43.4 million and the latter is up seven per cent to £58.9 million.

Murdoch emphasised how usability is a security requirement, especially when it comes to online payments. This has now been recognised in the industry, he said, and banks and payment systems suppliers are now developing tests that check both the usability and security of the device. With techniques like that, Murdoch assured, we can be 'fairly optimistic' that although fraud might go up and down, overall it should be kept under control. The forum demonstrated that there is much more space for creativity in protecting citizens from fraud related to mobile and online banking, and that better protection need not necessarily mean more complication for the user.

Follow Chloe and Lawrence on twitter. 

No comments:

Post a Comment