Experts from the payments sector assess the major talking points of 2018, and look ahead to 2019 to discuss with Patrick Brusnahan the industry’s key priorities for the new year
Benjamin Hosack, Chief Commercial Officer, Foregenix
Businesses will be more proactive in their cybersecurity strategies in the next 12 months. New legislation such as GDPR, and continuing high-profile hacks and their consequences – including resignations at board level – are starting to change minds.
Increasingly, the board – rather than just IT or operations departments – is realising that it has a responsibility to understand cybersecurity and ensure comprehensive procedures are followed. The trend is moving away from viewing issues such as compliance as a tick-box exercise and towards a procedural framework that improves security. After all, what is the point in just trying to get through a sign-off process if the breach happens and the results are costly?
Many businesses appreciate that it might be a matter of time before they experience a major incident, so a more proactive approach to cybersecurity is necessary. One result will be more investment in solutions that want to cut through the data, and see alerts that really matter so action can be taken quickly. Will also see a switch to managed detection and response (MDR) services. Continuing skills shortages will mean businesses that lose cybersecurity expertise will be left facing the challenge of operating security systems and determining the real threats within all the noise of day-to-day business-as-usual alerts. The solution could be greater use of specialist MDR services for many businesses. SMEs that are unable to afford or warrant a full-time cybersecurity professional will see MDR services as critical to monitoring assets and detecting threats early in the breach cycle – before data assets are stolen.
Old vulnerabilities will remain an issue. While cybercrime is constantly evolving, many criminals continue to exploit old and tested vulnerabilities. Research we conducted in October on over 170,000 Magento websites worldwide found that no region registered less than 78% of its sites being at less than high risk from hackers for the failure to update security patches – a very simple oversight. There is no reason to see this changing in 2019 until there is a shift in the effectiveness of vulnerability management governance.
Companies will start to focus on the broader enterprise, as opposed to just the sensitive data environment. There has been a shocking lack of investment and interest in the greater environment, and very often that less-protected environment is used as a beachhead to gain access to the sensitive areas. The growth in the Internet of Things and the media attention it will gain in relation to security will bring this issue to the fore. While many businesses are starting to move in the right direction regarding preparation and responses to cybercriminals, the threats constantly evolve. Boards need to take necessary steps to keep the risks as low as possible.
David Jones, VP – Product Marketing, Nuxeo
Many large financial service institutions have struggled with the task of managing increasing volumes of information plus locating important information that lives in multiple customer systems and transaction repositories, and many will continue to find this challenging in 2019.
But AI-empowered classification of content with a Content Services Platform (CSP) approach – as introduced by Gartner – offers financial services CIOs a promising new way of searching for useful information, allowing banks to at last identify what is useful and get rid of content that is past its sell-by date.
The difference is that old-school enterprise content management systems adopted a fixed set of metatags for each document, and changing these classifications requires a lot of development work along with mass updates to all content related to that metadata.
In a CSP, if you want to add a new metadata field, you can. Plus, much richer metadata can be stored and used than ever before – think image resolutions, language of a document, geophysical data and more, giving context, intelligence and insight into your information management ecosystem and allowing you to make those disconnected systems truly useful once again.
Emma Huntington, Strategic Development, Innovation and Venturing lead, Nationwide
It has been an interesting year as we launched our Venturing Fund and made our first three investments while continuing to explore the challenges and opportunities of a rapidly changing world. From the changing housing market, the opportunities of working with startups and how we can unlock the power of new technologies to help tackle societal issues, we are looking at the long-term and evolving needs of our members.
While Nationwide has helped over 300,000 first-time buyers into homes of their own in the last five years, the reality for many is that they will be renting for longer periods than previous generations. Technology has transformed the way we manage our lives, from grocery shopping to booking a taxi, and the home-rental industry is now ripe for a similar transformation, where technology enables renting a property and getting help with any issues to become easier for renters, while managing a property becomes easier for landlords – and communication between both sides is also improved.
The first investment from our Venturing Fund was with acasa, which is exploring how to transform the rental experience, and we are exploring how we can support our members in this growing area.
Turning to the fintech industry, it looks as if the increase in the number of big businesses working with startups will continue, while regional disparities in the support available for startups will still be an issue. Having launched our venturing arm, NBS Ventures, in the summer of 2018, we are investing for the long term in supporting great startups to scale. With investments in three companies so far – acasa, Hazy and Moneyhub – we will continue to work with great start-ups to do things together that neither of us could do alone.
It is not just in London that we’re seeing innovative companies starting up – but support for early-stage businesses outside large metropolitan hubs can be hard to come by. That is why we’ve started a regional mentoring pilot, going out to some of the hardest regions in which to start a business and providing space, advice, mentoring and a community to support each other. The scheme is being piloted in Swindon, and we are now looking to expand the pilot to the areas that need it most in 2019.
A year ago, we were anticipating the imminent arrival of Open Banking legislation in the UK. Now that is established, finance-focused businesses including fintech start-ups, established banks and comparison sites are looking to use Open Banking in new ways.
The full potential of Open Banking is still yet to be unlocked, but we predict big strides will be made in 2019 in this area. We recently announced the launch of Open Banking for Good, which will see us bringing organisations and people together in 2019 to create and scale solutions around Open Banking that will improve financial capability in the UK. At the heart of Open Banking for Good is a big goal: to use Open Banking to solve some of society’s biggest challenges, creating solutions that bring practical help to the ‘financially squeezed’ – the one in four households (12.7 million people) who are struggling financially in the UK.
It has been an exciting 12 months, and I am looking forward to 2019 as we continue to push the boundaries to ensure we deliver for our 15 million members.
Matthias Setzer, Chief Commercial Officer, PayU
Until now, we have seen the larger player monopolise a partnership. This will change in 2019, when we start seeing more substantial real applications in areas such as machine learning and even blockchain. The time is right for smaller players to use the backing of a partnership to propel themselves and their proprietary technology ahead of competitors.
Partnerships will move beyond simply providing the infrastructure that supports the development of disruptive technologies. Instead we will see a focus on savvy collaboration providing smaller players with the risk and market knowledge, as well as an understanding of quality assurance, to push the boundaries and move state-of-the-art tech beyond the hype.
Markets such as Latin America are already taking action to embrace innovation – take the recently published Mexico fintech law or the fintech-friendly licences being issued in Brazil, for example. Meanwhile South East Asia is leading the way in the field of blockchain and crypto development. This means that 2019 can only be a competitive year.
Ralf Gladis, CEO, Computop
In 2018 we have seen innovations – but perhaps not as many as we hoped for. The PSD2 directive kicked off in January, and while instant payments were a key part of this, they still had a tough start. Banks introduced Instant Payments only for online banking, but the European retail industry is still waiting on APIs for retail payments and two-factor authentication (2FA).
For the first time in the UK, debit card transactions overtook cash as the most popular form of payment. According to research, when it comes to cashless payments, both Canada and Sweden are ahead of the pack, but this change in the UK is a significant indicator of the general trend towards electronic payment solutions and away from cash.
So, it was no surprise that Google took another step at getting involved with the launch of Google Pay – formerly known as Android Pay and Pay with Google – or that Apple Pay announced its release in the largest EU market, Germany. NFC payments rule! Of course, this activity in the mobile payments sphere prompts interest in other areas, and this year we have seen European banks responding with proprietary apps to try and take their piece of NFC action.
However, at Computop, we have not seen many new and relevant payment methods emerging. Instead, our merchants are focusing on implementing the infrastructure that will allow omnichannel payments on an international scale. Good examples of this are international car-rental firm Sixt, which now has highly encrypted P2PE terminals in its locations in Europe and the US, and German fashion company s.Oliver, with click-and-collect and ship-from-store solutions and many other advanced services.
In 2019, 2FA will start with PSD2 retail technical standards stepping into power in September. Merchants should start to find ways now to convince customers to put them on the 2FA whitelists in order to avoid repeated authentication every time customers pay for an order.
One solution to avoid 2FA friction is SEPA direct debit in Germany, Austria and Switzerland. Given the friction involved with 2FA, we will see a huge take-up of biometrics by consumers, banks and merchants – not only for payments but also for all other use cases where biometrics can replace passwords.
The rise of NFC payments with biometric authentication is the beginning of the demise of POS terminals. As IoT gains momentum, NFC allows ‘things’ to be transactional and run payments. An NFC signal will be good enough to process payments with Google Pay, Apple Pay or other banking apps; POS terminals will no longer be needed. Sales for terminals will peak in three years and slowly decline afterwards.
However, payment is a serious subject and consumers do not jump on payment trends. Adoption will be slow, so we should not expect rapid changes, but we will gradually see payments becoming more and more invisible. We are entering the world of the ‘Silent Payment’ and NFC payments.
Russell Robinson, MD – Customer Communications Services, EMEA, FICO
2019 will be a challenging year for payments and compliance. With less than 12 months to go until EU banks implement their Strong Customer Authentication (SCA) solutions, project teams are facing tough decisions about the most important aspect of the business – customers making payments.
I meet many banks that are in the process of compiling their requirements and vendor selection, and know some of these final designs are either non-compliant or will create an unacceptable customer experience.
Some banks believe they can achieve SCA compliance by relying too heavily on sending one-time passcodes. While this will suit many consumers, based on consumer research across the EU (October 2018), 60% of consumers do not want a one-time passcode by SMS. In addition, 30% of consumers said in a recent survey that they would complain if they are unable to select their preferred channel to enable SCA — for example, not with an SMS.
The industry is making moves to prepare customers for SCA with requests for current contact details. However, we are seeing signs that prescriptive demands to enable future user access are not being well received. That is evident by the John Lewis article in the Guardian and comments from readers. It is well worth reading some of these comments, if you are in any way involved with SCA.
My prediction is that many banks are going to implement point solutions to achieve compliance, and the programme managers that executed this will move on. Due to these point solutions not meeting consumer acceptance, lack of up-to-date contact details, meeting regulations and many other issues, there will be a significant number of complaints, unacceptable fraud false-positive rates, and consumer payments not completed to a level we have not seen before.
If this happens, the people who inherit the SCA programmes of 2019 are going to have their work cut out unpicking this stuff and looking to replace them with a platform approach to SCA. They will need to enable SCA extensibility and rapid integration to new authentication use cases and channels as demands require or novel fraud attacks appear in the environment.
On a related point, many banks understand phone device profiling, and SIM-swap or call-forwarding solutions are essential. However, many are expecting that SIM-swap services offered by MNOs will have evolved before SCA implementation. I believe this will be true for some MNOs, but suspect alignment will not be in place across all UK MNOs in 2019. Therefore, banks need to plan better around how they secure the SMS channel, and deal with the higher false-positive ratio using traditional methods.
Cristina Astore, International Division Director, SIA
2018 saw a number of significant developments in the financial services industry, which are likely to bring very attracting – and sometimes ground-breaking – new ways to consider how we make payments and manage our accounts.
Firstly, the deployment of Instant Payments by an increasing number of banks in the SEPA area proved to be a success, passing the five million transaction mark in October. In 2019, we foresee an acceleration of the move towards them, with more financial institutions joining EBA Clearing’s instant payment system RT1 and also the European Central Bank’s TIPS platform.
With more account holders able to send and receive Instant Payments, we are likely to see this new method of payment increasingly adopted alongside the more ‘traditional’ cards.
However, Instant Payments have to be integrated in the retail environment to be more successful. To adopt it, consumers should be able to pay seamlessly and securely with their smartphone in retail shops or on the internet. Many fintechs are experimenting solutions in that direction, but they will have to co-operate with banks to make them interoperable and reach critical mass. Those service providers that cover the whole value chain – from the POS to the current account – will be in the best position to benefit from this move.
Secondly, the most disruptive change introduced by the revised Payment Service Directives, the ability for Third-Party Payment Services Providers to access any bank account, will also boost the adoption of Instant Payments for retail when PSD2 really goes into force in 2019.
Furthermore, the convergence move between cards and digital payment actors started in Italy in 2018, with the agreement between Italian domestic card scheme Bancomat and SIA to use its mobile real-time payment service, Jiffy, to be branded Bancomat Pay, will certainly not remain isolated, with other domestic schemes teaming up with electronic payment initiatives.
Finally, the multiplication of blockchain implementations, such as the SIAChain private infrastructure, promises to provide innovative applications in many areas of the industry and beyond.
Christer Holloman, CEO and co-founder, Divido
2018 was another significant year for the banking and payments ecosystem. Driven by e-commerce and end-consumer demand for convenient, digital and personalised payment, the ‘second wave’ of fintechs have emerged from the shadows of their predecessors and begun to stamp their authority on the market.
These fintechs, unlike the first wave, are not looking to compete with banks, but instead collaborate and ultimately share success; a example of this can be seen in Tandem Bank’s recent partnership with Stripe. Aided by the Open Banking legislation and the opening of APIs, these partnerships are starting to appear, and this trend is set to continue in a big way as we head into 2019.
In 2019, we will continue to see more and more fintechs and banks collaborating together to achieve a common goal. Alongside this, we will see younger generations, such as millennials and Gen Z, begin to move away from traditional credit cards transactions and instead look to alternative payment options such as point-of-purchase finance as they search for cost-effective solutions to better manage their finances.
Additionally, as the banking space becomes more and more competitive, we will also continue to see the rapid rise of digital-only challenger banks such as Monzo as viable alternatives to the traditional banking powerhouses of the world.
Over the past 12 months, Divido has continued to go from strength to strength. The biggest highlight for us as a business was securing official backing from both Mastercard and American Express Ventures in our $15m Series A funding round – this will see us supercharge our international roll-out over the next 12 months. Alongside this, 2018 also saw us announce the appointment of our new chair: Renier Lemmens, former CEO of PayPal EMEA.
Divido has its sights set on international expansion and growth over the next 12 months. By 2019, Divido will be live in 10-plus countries, including the US, the Nordics and Australia. Along with this, Divido is on track to process $1bn of POS credit applications in the next 12 months.
Ed Maslaveckas, co-founder, Bud
Research that we have conducted has uncovered that many bank customers feel a real sense of anxiety linked to ‘the desire to do more’ versus the realities of their finances. This is propagated by constant peer comparison and assessment: the endless cycle of triumphs and achievements viewed through the unforgiving lens of social media.
Banks can cement their relevance in this context by looking to create new value in transactional data – building new experiences by cleverly linking data from the products and services that make up their customers’ financial worlds. We expect to see this trend really take off in 2019, as banks take advantage of Open Banking to power products that will help them stand out from the crowd in their customers’ eyes – this year, personal finance will have to get really personal.
Sarah Kaiser, Diversity and Inclusion Lead, Fujitsu EMEIA
2018 has been something of a breakout year for diversity and inclusion (D&I) in organisations across the UK. It was the year that 100% of qualifying companies published their gender pay gap reports, and the government announced that it will be reviewing the Gender Recognition Act to help trans people receive legal recognition of their acquired gender.
Meanwhile the conversation around D&I has become far more prominent, and organisations are beginning to embrace a more transparent approach to tackling the issue. However, while there have certainly been steps in the right direction, organisations still have plenty to do.
Here is what we expect to see in 2019: 1. Businesses will change their internal approaches Change must always start from within, and organisations need to review how they support employees without causing unnecessary harm. Trans people who simply wish to change their name and details within the business often face artificial barriers that not only waste time and energy, but can come across as disrespectful towards their chosen identity. 2. D&I reform will take place on a global scale With many organisations having a presence in multiple countries, D&I efforts need to take a more global approach. As D&I means different things to different people, companies will have to take into consideration the social and legal differences between the countries they operate in. This will help to produce a more holistic approach rather than siloed approach to diversity and inclusion. We will also see more global D&I roles come into play to manage this process. 3. Men will become more engaged While this prediction may not necessarily be new to 2019, it is still vital that men are as engaged in diversity and inclusion as women. Initiatives that exclude men from participating – such as exclusive women-only networks – will need to change. Although these initiatives are well intentioned, everyone must be involved if gender disparities are to be addressed and solved. Seeing more people stepping forward and become allies, will be key to 2019.
There are many positives and changes to look forward to in 2019. These trends will help to drive the D&I work in 2018 to promote an environment in which everyone feels supported and included.
Roland Brandli, Product Manager – TLM Aurora, SmartStream
2018 has seen increases in activity both in the regions of digital payments and instant payments. The further growth of alternative payment systems such as Apple Pay, Samsung Pay and Alipay have led to institutions looking for ways to enforce stricter control frameworks around these payments and card transactions in general. High volume, low value means organisations are turning to us to increase automation and transactional control over the entire lifecycle, from authorisation to settlement, identifying exceptions and following through on their correction as quickly as possible. Simple point-to-point reconciliations are no longer enough; it introduces complication running across many departments and leads to delays in resolving customer issues. In order to meet the customer expectation of instant payment/instant resolution a new approach has to be taken, requiring the monitoring of multiple, complex transaction lifecycles and presenting them in a simple way that users can find, track and resolve exceptions faster. We see a very similar evolution taking place on the more traditional international payments with the introduction of SWIFT GPI, here by providing a unique tracker for payments, SWIFT has enhanced transparency and customers are looking to manage their exceptions in a more automated and rapid manner. For next year we see a similar focus, with the paradigm being: yesterday’s challenge was ‘end of day’; today’s challenge is ‘intraday’; tomorrow’s challenge is ‘instant’. SEPA will be introducing mandatory ISO 20022 Investigation messages in November 2019. Many banks in Europe are looking also to launch SEPA instant payments and in many other countries across the globe we see similar payment initiatives being launched. With the introduction of TLM Aurora, SmartStream has launched two brand new Solutions: Digital Payments Control and Payment Exception Control. Both Modules are designed to address the initiatives and issues that come with reconciling across the transaction lifecycle and automating the exception management process. Together with our new innovation labs, we will be looking to further improve these new solutions with the introduction of machine learning during the year. Customer expectations are changing. With the fact that a payment can now be conducted within seconds or minutes – even cross-border – not only do they expect quick payments, they expect issues or exceptions to be resolved in similar timeframes. It is, therefore, important to provide the control framework and the exception management capabilities that allow customers to address these expectations and further improve their turnaround times.
Tom Weaver, CEO, Flyt
2018 has been a challenging year for the restaurant industry with notable brands shutting hundreds of locations across the UK. While this is certainly worrying, new YouGov research Flyt commissioned has uncovered the key frustrations with dining out at the moment and young people’s expectations for how tech can reduce these pains. The poll shows that 40% of millennials want to be able to book a table via an app or social media, 32% want to be able to use their smartphones to get more accurate wait times for a table, and 26% want to be able to order food on a tablet provided by the restaurant – or on their own device. With this in mind, I believe 2019 is the year restaurants will really step up their efforts to introduce cutting-edge technology to streamline the dining out experience and propel people to eat out more. In 2019, payments companies need partners that do not just help them navigate the complexities of the industry, but ones that have the local market experience to hit the ground running in some of the most exciting pockets of the world. The sentiment ‘two heads are better than one’ has proven successful time and again in the payments industry. It is one that must remain at its core throughout 2019.
Stan Swearingen, CEO, IDEX Biometrics
In 2014, mobile payments were hailed as the next revolution in payments by major payment providers such as American Express, MasterCard and Visa. However, this payment method has failed to meet its anticipated high expectations, with card prevailing as the firm favourite for UK consumers. In fact, according to recent Idex research, 65% of respondents said they would not give up their debit card in favour of mobile payments, and a further 78% also admitted to feeling more secure using their debit card in comparison to mobile payments. This is a trend that we believe will continue into 2019, as security remains a key factor driving consumer payment behaviour. To stay relevant, banks must focus on the clear consumer preference for cards and use it to focus innovation that directly meets the wider demand for greater emphasis on security, but also to comply with Strong Customer Authentication under the Second Payment Services Derivative (PSD2) regulators in order to combat fraud. This will mean everyday transactions – including contactless payments – will become subject to two-factor authentication to combat fraud. We anticipate that biometric authentication for card payments is set to play a key role in the two-factor authentication process, and will help shift payment authentication methods away from what we know or can remember (PINs), to who we are and what we can physically prove, such as our fingerprints. In turn, this will remove the ability to easily share PINs or have them fraudulently stolen, and deliver greater security to combat fraud. The desire to ditch the PIN is one that is shared by consumers too. From our recent research, a resounding 56% of those surveyed stated that they would be happy to use biometric methods of authentication to replace PINs, if banks could assure them that their fingerprint biometric data would be safe and not held in a central bank-controlled database. In fact, 52% would feel more confident if their fingerprint biometric data was stored on their payment card, rather than a bank’s central database. The consumer demand for fingerprint methods of authentication is a reality, with two-thirds (66%) of UK consumers expecting their roll-out to authenticate in-store card transactions by 2019. We are preparing for what we believe is the true tipping point of biometric smart cards. We predict that by 2019 biometric bank card adoption will go into many millions. When this becomes a reality, payment card adoption is likely to be the springboard to us accepting biometrics more broadly in other areas of our lives.