In a world where the bank is no longer a place you go, and banking has become something you just do (‘Banking’s new normal), the role of branches is back in the spotlight.

The prospect of closing branches — always a sensitive political issue— has returned, following the release of a UBS report that says growth in online transactions, which approached two billion in the past year, is making retail branches redundant.

The number of branches, at 5,588, is at a 13-year high, representing a significant expense at a time when banks are closely scrutinising costs amid revenue pressures and a weakened credit environment.

“A substantial proportion of the banks’ expenses are borne running the branch network and occupancy expenses,” says UBS analyst Jonathan Mott.

Westpac is tipped to move first on branch closures, given its agreement with the government to avoid branch closures in the wake of the St George merger recently expired.

Meanwhile, the Commonwealth Bank continues to invest in its always expanding mobile offering, and smaller institutions, never reliant on a large branch network, are stepping up their social media efforts to reach new customers.

But these investments remain small fry compared to the millions spent on branches by the major banks each year.

Why are branch investments still measured in millions while mobile investments come with a lot less zeroes?

Retail banking remains ripe for disruption says Brett King, and the more a bank insists on physicality, the more it risks becoming irrelevant to ustomers. It’s a big call, and King has been predicting the demise of branches for some time. Financial pressure could prove to be the real death notice for branches.

BY CHARIS PALMER

Banks need to move beyond private cloud computing to cloud banking if they are to capitalise on the financial benefits and new business models offered by cloud computing, argues Gartner analyst Peter Redshaw.

Speaking to a group of banking CIOs and IT leaders at last year’s Gartner Symposium, Redshaw argued most cloud computing initiatives currently being undertaken by banks amount to little more than “cottage industries”, with few industry utilities or examples of public cloud initiatives.

“At present, there is very little uptake. It’s mostly pilots, proof of concept and it tends to be non-critical stuff,” says Redshaw.

But a Gartner survey of CIOs in the Asia Pacific region has found almost 50 per cent believe they will be doing more than half of all transactions they manage via cloud computing by 2015.

More broadly, Gartner is predicting year-on-year growth of 19 per cent for the next five years for public cloud computing, with public cloud services to grow at five times the rate of overall IT industry spending.

“So whether you’re buying it in the public market, or building it yourself, cloud should be your first approach to computing,” argues Gartner global head of research Peter Sonderguard.

So what will this look like for banks?

Redshaw says one example that could inspire further development is the New York Stock Exchange partnership with VMware, which is an infrastructure as a service platform for financial firms.

“I would expect other people to move into this space,” says Redshaw.

“Initially, you’ll be buying capacity at some sort of spot price, but why would you also not think ahead and say I want an option on a future price, I want to lock that in, because that’s going to help my budgeting cycle.”

This could ultimately lead to a secondary market for storage capacity, argues Redshaw. “Why do we not trade those kinds of things, so if I’ve got excess, I could sell all the contracts I have? That would be an interesting development.”

Reverse auctions move forward

Another example of cloud banking is reverse auctions.

“At the moment, I’m offered three cards based on prehistoric data, or I could use a price comparison site, but they’re still standard products,” says Redshaw.
“What if I could wave my money in the air and say, ‘come and get it’…allow banks to bid for my business, or not.”

Running such auctions on an industrial scale would have been economically unfeasible without the cloud, but a willingness to embrace it changes the equation.

Another example of true cloud banking would be open development platforms, where more than one vendor could access a software development kit to help build a new service.

“You could take 90_95 per cent of a vendor solution, and create your own core components to differentiate.”

And then there’s the idea of opening development up to a wider community, made up of not just vendors, but internal and external developers.

“Think how much more productive that would be and a great way to gather that crowdsourcing of innovations,” says Redshaw.
Cloud banking could also be used to completely change the business model for online banking, argues Redshaw.

“Online banking is getting more expensive to do and yet we give this stuff away for free.”

Redshaw acknowledges the majority of people will never pay for online banking, but what if you could create an “Online banking SETI” that treats online banking users as a valuable private community?

“Maybe you can mine their data in return for free online banking…maybe you can utilise idle cycles on their machine.”

What would it take for these visions to become a reality?

Firstly, Gartner says vendors need to become more sophisticated, offering solutions that are tailored specifically to the banking sector. More consistency from regulators is also required.

But ultimately, bankers needs to move away from the idea that cloud is a binary yes or no decision. It’s much more subtle than that, argues Redshaw.

“Cloud banking is going to be transformative, it’s going to enable you to do things which currently are either impossible, or if they’re technically possible, you wouldn’t actually do them in a business sense because it’s not economically feasible right now.”

BY STEPHEN WILSON

‘Break down the silos” is one of the catch cries of modern management practice, and a special rallying call in the Federated Identity movement. Nobody denies that myriad passwords and security devices has become a huge headache, but attempts to solve the problem by sharing identities across different contexts all too often come unstuck.

Banking strategists and financial regulators working in online banking urgently need new ways of looking at these challenges.

Regular readers will be familiar with my critiques of Federated Identity. I have often defended identity silos for the way they safeguard risk-managed relationships between banks and their customers. Business relationships do not interoperate as readily as Federated Identity proponents would like. Even standardised relationships like bank accounts are surprisingly difficult to share across institutions, as the MAMBO project found the hard way (see MAMBO misses the point).

Instead of breaking down and re-building them, I believe we need to fundamentally reframe identity silos. We need to better understand what identity silos mean, why they arise and the forces that act on them, before we can reliably re-use their contents, namely precious customer data. This takes care. Identity silos cannot be busted open and joined up any which way, just as wheat farmers and corn growers cannot join up their grain silos!

Everyone in banking technology will have come across the term ‘ecosystem’ in recent years. It’s become the trendy euphemism for IT marketplace.

With a politically correct ring to it, ‘ecosystem’ is used by vendors to lift the customer conversation above the hurly-burly of competition, and to attract more active government support.

But for all the talk of ecosystems, genuine ecological thinking has been lacking in contemporary identity theory.

The computer scientist Gerald Weinberg famously said “things are the way they are because they got that way”. That is, everything has a natural history. Looking at the rich variety of identities we have in both the real and digital worlds, we should ask: How did they get here?

Multiple personalities

Digital identities are proxies for the various relationships we have with banks, employers, government agencies and so on. Each of these organisations usually knows its customers by an identifier of some sort, which represents the customer’s standing, their entitlements and obligations in a defined context. The fact that we have multiple digital identities is a logical result of having multiple relationships.

For the longest time, most of us have lived happily with a dozen or more digital identities. To confirm this, simply look in your wallet or purse and count the different cards you carry.
While the Federated Identity movement calls for a brand new ecosystem to be built, it’s oblivious to the existing ecology of business, which has spawned different arrangements for managing risk in each of the local contexts we deal in.

Think about the fact that a formal protocol governs the way we sign up with a bank, an insurance company, an employer, a university or a professional association. These protocols are not static; rather they evolve over time. Know-your-customer (or member) rules always embody a mix of local business practices, and legislated elements, especially in regulated industries like finance, aviation and healthcare.

Local rules and legislation alike are continuously varied in response to changing risk dynamics. As new risks emerge, identification protocols are strengthened. And they’re steadily augmented with improved technologies, like document verification, tamper resistance, two factor authentication, smart chips, and real-time risk scoring.

All these factors can be seen as memes: heritable ‘cultural’ units that combine to define how each of us is known in each business context. Identity management processes and technologies are subject to natural selection, exerting survival pressures act on all those elements.

For instance, to deal with escalating money laundering and terrorist financing, prudential regulators have tightened the requirements for account opening. In response to ID theft, banks have added SMS codes or one time passwords. On the other hand, some environmental pressures act to weaken identity practices. For example, heightened privacy awareness means employers may collect less ID from new staff when they join up than they might otherwise prefer.

The ecological frame shows that identity silos are an inevitable result of risk management. They’re like ecological niches. They don’t automatically interoperate – and identities cannot automatically federate – because different businesses manage risk in their own ways.

The dream has been to take a digital identity like a bank account out of its natural niche and use it in other contexts like government or even other banks. But now we see that this is a bit like taking a salt water fish and dropping it into a fresh water tank. Easier said than done!

Stephen Wilson, founder of the Lockstep Group, is an analyst, consultant and innovator in digital identity and privacy.

BY JAROSLAW KNAPIK

Salesforce.com has a vision of a social enterprise – an enterprise that leverages the social media and networks ecosystem. We are now in an era of social revolution that includes a plethora of social platforms and apps, but should the banking industry care about the social trends and take an active posture in the world of social businesses?

Ovum’s business trends survey conducted at the end of 2010 indicated low current and short-term future interest in leveraging social media for marketing campaigns or customer service. Most of the banks simply have either no specific plans in this respect or they just don’t care.

The retail banking industry is not part of the ’social revolution’ – at least not yet. However, newer ’social’ technologies or clear compliance guidelines may accelerate adoption of the concept of a social enterprise.

Banks should not ignore tools that enable social enterprise computing

Salesforce’s vision has three major components: Social Customer Profile, Employee Social Networks, and Customer/Product Social Networks. The core of the social enterprise is multi-tenant cloud computing, which is Salesforce’s DNA, and we can be part of this enterprise via any PC, tablet, or mobile device connected to the cloud via the internet.

The data foundation is database.com, which is the database used for salesforce.com, Salesforce’s applications, and is open to third parties. Many banks will be pleased to hear that Salesforce is planning to launch a Data Residency Option (DRO) for this service. The major function of the DRO is that it enables customers to encrypt sensitive data and store it behind their own firewall or in their databases in Salesforce’s cloud.

This allows the creation of a distributed database system, which can be securely accessed by Salesforce applications without allowing the software-as-a-service (SaaS) provider to view the sensitive data. This is a significant development that banks should pay attention to, as there have been a number of outsourcing or SaaS initiatives in the past that have failed due to a number of restrictions related to customer data protection. However, as with every new technology, this still needs to be proven and, in many cases, approved by local regulators.
Social Employee Network is another component of Salesforce.com’s vision. Chatter, a collaboration tool, offers employee profiles, app updates, file sharing, groups, feeds, or status updates. Some call it a “Facebook for enterprises”.

The final component, Customer and Product Social Networks, includes social marketing, and listening to and analysing customers’ conversations. Social marketing is based on the created social customer profiles and social CRM tools discussed above. In addition, Salesforce offers Heroku, which is a cloud application platform, based on Ruby programming language and now also open for Java developers.

This service allows the creation of apps, many of which are designed to work with social platforms such as Facebook. Salesforce also provides a tool for social media monitoring, Radian6 – an analytic tool that enables listening to and analysing of online conversations, and engaging with customers.

In Ovum’s view, it is not enough to simply engage with customers via social media. For social CRM to work successfully, banks also must use monitoring technologies to prevent potential issues. However, the wide range of recently developed ’social’ solutions cannot be ignored; banks must adapt to a changing business environment.

Uncertainty around adoption of a social enterprise vision will remain

While the growth of social media and networks has been phenomenal, the channel’s relative nascence in the banking sector explains why national regulators in most countries have yet to implement policies relating to usage, with the exception of the FSA in the UK and FINRA in the US. The regulatory bodies have a cautious approach and there is a notion that authorities are not quite up-to-date in understanding the extremely fast-changing social media and networks environment, and the nuances of social business.

This is not entirely surprising as in the current difficult climate for financial services, many national regulators are mainly focused on making foundations stronger for the industry they supervise. So far, limited time and resources have been available for the topic of a social enterprise, where it is still difficult to judge the degree of legislation required to monitor, intervene and protect.

Regulators are struggling to keep up with retail banks adopting various strategies, business processes, and technology tools that enable doing business by social means. With this in mind, banks and regulators will benefit from the actions and experiences of others finding their way through the minefield that is social enterprise-related banking regulation. This in turn is creating a ‘wait and see’ approach to innovation, and it is hard to expect banks to be early adopters of the social enterprise vision.

It is important to note that the choice of medium does not change compliance requirements around message or communication (eg. communication record keeping or client suitability for financial promotion). Consequently, banks need to manage the use of social media in this context.

However, we could see newcomers to the industry – in the same way as we have already witnessed various innovators such as M-Pesa in Kenya or Octopus card in Hong Kong – but this time leveraging the social media business. Banks should care about new ways of doing business but time will tell how the vision of a social enterprise will be adopted in the industry.

Jaroslaw Knapik is a Senior Analyst within Ovum’s Financial Services Technology team.

BY BRETT KING

Recently, I’ve been discussing with bankers, economists, strategists and futurists the future of the banking industry. At a time when we’ve got the likes of Occupy Wall Street (#OWS) through to discussions in various camps about the very survival of banking as we know it, a question you might ask is how did we get here so quickly? Ten years ago, discussing the collapse of the modern day banking system and widespread loss of trust in bankers, might have been ludicrous, unthinkable – but today it is happening.

The ‘new normal’ is inherently unstable

As bankers, most of us would have preferred if things had just stayed the same as they were, or at least returned to the ‘good ole days’ once the dust from the global financial crisis had settled. Instead, we’re faced with talk of a ‘New normal’, of increased volatility and of sustained uncertainty. There’s now a growing concern that a Greek default will trigger a crisis in the Eurozone, which in turn will bring on a new ‘Great Depression’.

It is not lost on the public at large that this is a financial crisis we probably didn’t need to have. It is a financial crisis that was brought on by the ultimate in speculative investment behaviour, the creation of financial instruments designed to create wealth and trading momentum from underlying, sub-prime debt that really should never have been readjusted as collateralised ‘AAA’ rated securities. So here we are today with so-called blue chip or developed economies that have higher volatility and risk, than so-called emerging markets. Since when did China and Brazil become better bets than the US as investments?

The perfect storm for a financial system in crisis is not just the failure of the banking system to self-regulate, or the default of sovereign nations in respect to servicing their national debt. The perfect storm is driven by three primary mechanisms that aren’t normally discussed as macro-economic factors, but are critical as part of a discussion around reforming the banking industry. They are:
1.  Increased transparency and visibility;
2.  The reassessment of the role of risk and regulation, and;
3.  The loss of physicality.

Adjusting to a transparent world

The response to bailouts, banker bonuses, new rates and fees structures, and to the financial crisis itself is indicative of the fact that bankers can no longer just assume that the public at large will trust banks know what they are doing. How has the industry at large responded to this increased transparency? At first with incredulity, then with a defence of the indefensible, and finally with begrudging acceptance.

There are still many banks today, for example, that not only prohibit the use of social media in the workplace, but refuse to engage with end consumers in any really useful way through social media. In a world where dictators can be overturned, where public opinion is expressed in mentions, tweets, likes and fan pages, and where consumers can be as loud and effective as your most expensive marketing initiative – how do you adjust?

Understanding that you now answer to the public and you need to defend your positions with openness, logic and fair value, Brian Moynihan’s defence of BofA’s recent fee hikes shows a lack of nuance in this new, socially transparent world:

“I have an inherent duty as a CEO of a publicly owned company to get a return for my shareholders,” Moynihan said in an interview with CNBC’s Larry Kudlow at the Washington Ideas Forum… “Customers and shareholders will “understand what we’re doing,”… “Understand we have a right to make a profit.”
Brian Moynihan, CEO – Bank of America

As a bank, you do have the right to make a profit, but customers now understand more acutely than at any time in history that they have rights too. It’s not that customers don’t want to pay for banking, it’s not that they are unreasonable; it’s that they now demand value and they are assessing that value, and exposing your shortcomings when you don’t meet up to their expectations.

In this way, what we need to do as an industry is better understand our value in the system. Right now, we have trouble articulating that because we’ve become too historically focused on ‘banking’ as the system, rather than banking as a financial service to those that have the right to pay and choose. The balance has tipped in favour of the voice of the consumer.

There are bigger risks than risk

I attended a conference in Oslo earlier this year and was talking about the need for retail banks to adjust to serving their customers better, no matter when or where they needed banking, and a banker in the audience defended the need for a strict, traditional approach to physical KYC (Know-Your-Customer) because banking is first and foremost about ‘managing risk’ – at least that’s what he said. With our almost myopic focus as an industry on risk management and risk mitigation, we’ve perhaps missed the biggest risk of all – the fact that we are putting so much of the risk workload back on to the customer and the front-end of the business, that we’re starting to become a problem.

I’ve talked at length previously about the huge amount of time the front-end staff and customers spend in an attempt to reduce the potential legal or regulatory enforcement risk. When I, as a customer, am spending 50 per cent, 60 per cent or perhaps 90 per cent longer doing a simple task like opening an account or applying for a loan than I did 20 years ago – do I see that as progress, or do I feel it a burden? Do I see such moves as a reduction of risk, or do I merely see it as an increase in complexity? In such a risk adverse environment, the bank is no longer serving the customer, the customer is serving the bank – and the customer is increasingly getting intimidated by the thought of having to navigate this complexity before he can get to the actual product or service he wants.

If you look at the biggest consumer shifts in the past 15_20 years, the biggest shifts have been driven around change in process or distribution that makes life simpler and easier. Here are a few examples:

• Mobile phone versus landline
• Google search versus catalogue
• Online trading/travel versus broker/agent
• Multi-touch screen versus stylus/keyboard
• iPad/Tablet versus PC
• Kindle/eBook versus paper books
• Online news/streams versus newspaper
• Email/SMS/Facebook versus mail/telephone

The threat here is complexity, and invariably as we try to manage risk, we’re actually making customer facing processes more complex. This is bucking the trend of almost every other core customer interaction we’re seeing today.

The loss of physicality

I recently posted on American Banker/BankThink about my views around branches, checks/cheques and all things physical in banking. I suggest you read that separately, but a key consideration or thought in that article is as follows:

“The bank is no longer a place you go. Banking has becoming something you do. It is now contextual, and measured in terms of utility – how easily someone can use bank products or services to accomplish a task like shopping, travelling or buying a car or a home. The more a bank insists on physicality, the more it risks becoming irrelevant to customers who no longer cherish the traditional processes and artefacts. In just four years, that will be the vast majority of your customer base – not a marginal demographic, as some would prefer to believe.”

In this environment, retail banking is ripe for disruption. Why? Because instead of understanding the shifts around us, we’re digging in – levying fees, increasing complexity, and arguing that customers are just going to have to suck it up. After all, where else are they going to go?

Increasingly, customers have a choice. Whether it is pre-paid debit cards, mobile wallets, PayPal, or other challenges to day-to-day financial interactions, the concept that as a regulated industry we’re protected from having to make the hard decisions and actually reform the way we work, is foolhardy.

We need to start working very differently.

Brett King is an advisor to the financial services sector, blogger and author of the best-selling
book Banking 2.0. This article was first published at banking4tomorrow.com.

BY JAROSLAW KNAPSIK

The cost of combating financial crime is on the rise. This in turn is driving banks to seek synergies between anti-fraud and anti-money laundering (AML) systems and to look for solutions that allow crime detection with high accuracy that can reduce related costs.

As a result, the competitive landscape has become crowded with a large and diverse set of solution providers, making the selection process more complicated for banks. In response to this, Ovum has identified four anti-financial crime solution vendors that for most retail banks will be worth short-listing in an enterprise-wide platform selection process.

These vendors provide offerings that combine strong underlying technology with a broad functionality depth and have established a leading market position from a worldwide perspective. This selection includes Detica NetReveal, Fiserv, NICE Actimize and SAS Institute. The detailed analyses of this solution area are published in Ovum’s report Selecting an Anti-Financial Crime Solution in Retail Banking.

Standardising anti-fraud and AML processes

To avoid duplication of resources and processes, and to reduce the overall cost of fighting fraud and money laundering, banks must ensure that their applications are linked to shared components across point solutions. However, not many banks are at the stage of standardising processes and managing data across various areas of risk and compliance.

It is essential that banks integrate all their anti-fraud and AML solutions as seamlessly as possible. This will not only lower the overall cost but will also heighten the effectiveness of financial crime detection and prevention.

Well-integrated anti-fraud and AML systems can enable banks to gain a more precise view of financial crime activity, and information derived from numerous channels can provide an invaluable source of crime intelligence. If this information is used effectively, it can reduce the overall cost of combating financial crime and can improve customer satisfaction.

Ovum’s shortlist: Detica NetReveal, Fiserv, NICE Actimize and SAS Institute

After their acquisition by BAE Systems, Detica NetReveal and Norkom Technologies recently merged their operations and consequently unified their go-to-market strategy and started to integrate their solutions. It is still too early to comment on the outcome of this integration, but Norkom was already a leading vendor in this area, and enhancing this offering with Detica’s technology will only boost the technology’s functional depth and innovativeness, including the embedding of link analysis technology, for example. With a number of functional components on offer, Detica is now able to offer solutions that address almost every aspect of financial crime, which is key for enterprise-wide anti-financial crime platforms.

Fiserv
The vendor built out its anti-financial crime offering mainly through the acquisitions of NetEconomy and CheckFree. Since then, Fiserv has made substantial progress in integrating various siloed point solutions and standardising on underlying technology. The company also has a very strong impact on the banking industry, offering solutions for almost any technology a retail bank may need. This translates to aggressive customer acquisition through cross-selling, as many existing Fiserv clients are adding anti-financial crime solutions from the same vendor. The growing customer base and revenue quickly boosted investments into further development and ongoing integration of point solutions on offer. Consequently, Ovum expects Fiserv to retain its strong position and evolve further.

NICE Actimize
The vendor specialises only in anti-financial crime solutions. Recent acquisitions, such as that of Fortent, only boosted its expertise in this area. NICE Actimize offers a high level of out-of-the-box functionality for nearly every aspect of an enterprise-wide platform, including both anti-fraud and AML sides. Actimize users mainly indicate well-performing risk models, with high fraud detection and low false-positive rates, as the major strength of the solutions on offer. With an already proven customer base, the vendor has a significant impact on this market. In addition, most of the components are based on a single underlying technology platform, Analytics Intelligence Server, which makes it easier for retail banks to manage fraud and money laundering processes in a more unified way.

SAS Institute
The company is a relatively recent entrant to the anti-financial crime packaged software solution market, but with leading underlying technology, scalability and flexibility, SAS Institute has managed to leverage its overall strength in business analytics to become a significant solution provider in this area. The vendor provides strong technology tools for the development of risk models, and together with its clients it has developed dedicated models that detect various types of financial crime. Now the functionality is packaged into dedicated solutions, which provide decent out-of-the-box functionality but most of all the flexibility needed for customisation and further development.

Jaroslaw Knapik is a Senior Analyst within Ovum’s Financial Services Technology team.

BY SIMON VAN WYK

You may have seen that Google/IPSOS recently published some interesting research findings on smartphone usage around the globe. While Australia scored second highest for smartphone penetration, the research found that only 20 per cent of Australian businesses actually have a mobile-optimised website.

Furthermore, the research claimed that many businesses were confusing having a mobile app as having a mobile strategy. Believe me, it’s not the same thing. A mobile strategy includes acknowledging the multifaceted mobile landscape instead of focusing on just a few devices.

So, in the process of conducting some of my own research prior to an event I was attending, I searched for a handful of banks and financial institutions to see what they looked like on my iPhone.

It wasn’t pretty.

Good news

I’m not going to name names, but I searched 30 brands in all and discovered that just 11 of the sites were optimised for mobile – whether with a mobile site, mobile app or both. This represents 37 per cent, which is some way ahead of the Google/IPSOS research findings (admittedly using a very small sample) – but it’s clearly nothing to celebrate. Particularly for an industry that is often praised for its mobile thinking.

Bad news

Worryingly, 19 of these sites were not in the least bit optimised for mobile users. The non-optimised sites simply presented me with the standard version of their website. And while I don’t have butcher’s fingers, navigating a website designed for 1,024×768 pixels on a screen that’s 320_480 pixels is just not good business.

Remember, Australia has the second highest penetration of smartphone usage in the world. And this number is set to climb to 60 per cent in the coming 12 months which can only mean more and more people will be hopping online from just about everywhere.

While you may offer a compelling and engaging web experience from a PC or laptop, if the experience is woeful on a mobile device, you just won’t be relevant to the increasing smartphone audience and missing out on the opportunity to remain constantly connected to your customers as they ‘go mobile’.

You can’t afford to be Apple centric

And it’s not about simply creating an iPhone app and considering the job done. You have to think carefully about your target market and cover all options. While a large number of your customers may have an iPhone, an equally large number may have a Blackberry, Motorola, Nokia or other brand of smartphone.

You need to give your customers a truly seamless brand experience regardless of whether it’s a mobile website or native mobile application.

You need to think about mobile in exactly the same way as you plan your website developments. The mobile experience needs to be as good as the optimal web experience you provide. You need to understand your customers and determine what they need when they’re on the move, and work out how your mobile site will help them do it.

As smartphones become an inseparable part of our lives, if mobile isn’t a focal point of your marketing strategy, then I can only suggest that you address this now before you’re left behind.

Simon van Wyk is founder of digital marketing agency HotHouse.

BY ELTON CANE

MiiCard, a start-up company that has regularly demonstrated its online identity proposition at financial conferences such as Sibos and Finnovate during the past 15 months, has gone live.

The basic proposition for miiCard is that users can create a virtual identity card purely online within about five-minutes, by filling in various personal details (name, address, phone number, email accounts etc) and linking the card to one or more valid online banking accounts. It’s this element, possible through miiCard’s partnership with account aggregation specialist Yodlee, that it says differentiates it from other online ID services. Social media accounts can also be linked.

The virtual card is a live server-generated image that users can add to places such as email signatures, social media or eBay profiles by inserting a small piece of unique code. When someone presses ‘Click to Verify’ on the virtual ID they are taken to a public identity profile page hosted by miiCard.

The first part of miiCard’s use case is that consumers can use the virtual ID card to create trust in their person-to-person interactions online. This could be useful for auction and classifieds sites, as well as online dating.

But the big opportunity miiCard is trying to address is to enable financial and professional services companies to sell online, and complete the sale purely online without having to go offline to sign documents and present their passport, driver’s licence and utility bills in person.

Citing a 70 to 90 per cent drop off rate in financial customer acquisition once the offline part of the sign-up process is reached at UK financial institutions, miiCard CEO James Varga says consultation with the banking sector has been crucial during the product’s development. But he acknowledges they are not the first to try tackling this problem.

Relationships with layers

“We’re aware of a few other online ID verification services, like GreenID in Australia. But the problem is if I go online and use my passport number to prove myself, you don’t know it’s me using the passport,” says Varga. “The challenge for miiCard to overcome was having to use something not on a database or publicly accessible. It’s that limitation that stops those identities fully complying in many cases with legal requirements.”

Linking a current account is the basic step required to create a miiCard, and the name on the miiCard obviously needs to match the bank account details.
miiCard claims to offer flexibility, so the vendor accepting the miiCard as ID can decide what kind of linked bank account it will accept for verification, even down to that account having  a certain number of transactions each month.

“For a fairly low-risk savings account application, maybe any bank account reference point would be enough,” says Varga. “But for a $20,000 loan, maybe I’d want you to link a current account and a credit card account. For a mortgage, maybe the linked account needs to have regular salary coming in.

“We can add layers of validation and integrity checks on top of just the relationship.”

miiCard re-verifies the validity of linked reference accounts daily, and it says this combined with the deeper checks of account activity will help minimise the use of new fraudulently created accounts. And if an account is shut down by a bank, that account will be removed automatically as a valid reference on the miiCard.

The company has been taking registrations of interest on its website for well over a year, and in October it began inviting customers to register for their miiCard, dangling the carrot that early registrants – the first 10,000 – would receive the product free for life. miiCard claims this would save registrants £12 or US$20 annually, although Varga says actual pricing of the product might change post-launch.

In mid November, it began sending out invitation keys and said it would be giving activation preference to those users who were the top referrers of new registrations via social media sharing.

“We’re not doing a huge amount of marketing,” says Varga. “Part of the exercise is to qualify the market and see what kind of interest there is.

“It’s mostly about getting involvement from these people. Like any online product, success is determined by how user-centric it is. We want people to be able to get in there and use it so we can keep tweaking and developing it for how they want to use it.”

Keeping it online

As well as pushing to get early adopters using miiCard as individuals, the company is also having conversations with financial institutions in the UK, North America, South Africa and Australia about accepting miiCard to complete online product sales completely online.

“Big retail banks with largely offline channels have said, ‘Yeah, as soon as you get traction we’ll use it because we’ll have to’. Just like MasterCard, SecureCode is being used by everyone,” says Varga. “And then there are those operating purely or mainly online who are trying to be competitive with traditional offline banks and this is really where the main activity is. But it’s also in areas such as consumer finance and leasing for cars and appliances. They can sell online now but just can’t complete online, and this is why they’re interested.”

Initially, it expects traction in the UK through its own local efforts and board-level connections, and with North American financial institutions through its Yodlee partnership.

Conversations in other countries are at an early stage, says Varga, but miiCard expects further partnerships may help it with adoption.

BY BRETT KING

The announcement that the Canadian carrier Rogers Telecom has applied for a banking licence should hardly come as a shock to the retail banking fraternity. There is already a plethora of mobile carriers fully engaged in mobile payments right now, from Safaricom in Kenya, Orange (with Barclays) in the UK, the ISIS collaboration in the US, LG Telecom in South Korea, and the list goes on.

Everywhere you look right now, there are carriers trying to muscle in on the mobile wallet and payments space.

Should banks be worried?

They should be terrified.  The fact is that it makes perfect sense for mobile operators to start thinking about offering banking products and services as we dispense with plastic and start using our mobile phones as payment devices. Increasingly, banks are being detached from the end consumer by a technology layer. Let me prove it.

PayPal reinvented the customer experience layer around payments and, in doing so, set the benchmark by which peer-to-peer payments are made. Sure, there are banks at the back-end of PayPal, but today I can take out my phone or get online and send you money and all I need to know is your email address or your mobile phone number. This is compared with the average wire transfer, which requires account number, account name, bank name, bank address, SWIFT Code/ABA Routing Number or IBAN, etc. Now we’re all wondering why it’s simpler and, in many cases, cheaper, to use PayPal than a wire transfer through our traditional bank.

Why go back to complexity and friction?

Today, if a bank wants to allow its customers access to mobile banking, it has to go through a layer of technology called an App Store (or Marketplace). Sure, there are HTML5 and mini-browser mobile sites, but the fact is that if you want best-in-class interaction and engagement, you need to go App. So today, a bank must ask Google, Apple or RIM for permission to have clients access their bank via a smartphone.

Are telcos a threat to banks?

Well, yes and no.  If you look at the broader offerings of financial service products, then mobile operators really don’t want to play in that arena. What most of the mobile operators are looking to do is play in the payments space, taking control of the wallet on your phone or offering pre-paid debit card type services.

In 2008, about 17 per cent of the US mobile subscriber base was on prepaid deals, but since the Global Financial Crisis approximately 65 per cent of net new subscribers are prepaid users. In emerging markets like India and China, 90 per cent plus of the subscriber base is prepaid, and the same counts for sub-Saharan Africa, and broadly across Eastern Europe and Asia.

So what does this have to do with banking?

Prepaid subscribers for mobile phones, generally speaking, are more likely to be at the lower end of the scale for retail banking (less profitable, under-banked) or even in the unbanked segments. These are customers who don’t have extensive multi-bank relationships and who are moving increasingly to products like prepaid debit cards to facilitate their day-to-day banking needs.

So guess what happens when you combine a prepaid debit card with a prepaid mobile phone? It’s a marriage made in heaven! What’s the difference between making a telephone call, an ATM withdrawal or a debit card transaction at a merchant – they are all just transactions from a value store.

It’s likely that as telcos figure this ’secret’ out that they will go aggressively after that marginal layer of customers that are under-banked, and promising utility that a bank can’t provide in the payments space. The combination of prepaid phone deal with a prepaid debit card will likely result in the loss of about 10 per cent of the retail banking consumer market in developed economies in the next five years, in my opinion, as they migrate to this type of modality.

So what? We can afford to lose a few marginal customers

This will be the justification for lack of action from many retail banks; that the loss of these less profitable customers is not a bad thing. There are two problems with that logic.

First, this shift will create momentum behind changing payments behaviour that will fragment day-to-day banking for many customers. Increasingly, even your best, most profitable customers will be abandoning the old ways of payments to go for the utility of a combined mobile phone and payment device. Once I am managing your day-to-day spending activity, I can start to influence your decisions, spending and choices for more complex financial products, too.

Second, the fact is that even these ‘marginal customers’ will likely be extremely profitable for telcos because, to them, it is just new revenue, and they don’t have all the expensive infrastructure that banks have around the very traditional (some would say ‘antiquated’) retail banking system.

The implications for banks is that they lose touch day-to-day with customers, and the day-to-day retail front-end of banking becomes owned by telcos, App stores, social networks and marketing organisations. The bank becomes the back-end manager of risk and the product manufacturer, with the lowest margin of the whole value chain.

Brett King is an advisor to the financial services sector, blogger and author of the best-selling
book Banking 2.0. This article was first published at banking4tomorrow.com.

BY PAUL DUCKLIN

Two years ago, in 2009, an open-source, peer-to-peer digital cash system launched.

Cutely called Bitcoin, it was based on an academically-flavoured paper entitled Bitcoin: A Peer-to-Peer Electronic Cash System.

The paper’s author, and the creator of the Bitcoin project, was the enigmatically-named Satoshi Nakamoto.

No one seems to know – or, more accurately, no one is saying – who Satoshi is, where he lives, what his real name might be, or any other background information. That’s hardly unexpected for someone who’s passionate about online anonymity.

The benefits of an anonymous worldwide digital currency are obvious. A reliable system would be more useful than traditional cash, as it could be used online and between countries. No need to post banknotes overseas, visit currency dealers, pay exorbitant commissions and worry about arbitrage.

Better still, anonymous digital cash means that you don’t need to worry about leaving an eternal trail of information about your buying habits, which might get sold on to less-than-scrupulous marketing companies, or used to bombard you with credit offers you don’t want, or incorrectly recorded and held against you later, leaked in a hack, or abused by an authoritarian government to bundle you off to a re-education camp for buying ‘unsuitable’ stuff.

For just the same reasons, many governments and law enforcement agencies are publicly opposed to cash of all sorts, or at least to its unregulated anonymous use. Most countries now have strict reporting regulations concerning withdrawals, deposits, or even just the possession, of amounts of cash more than a few thousand dollars. And as long as the ‘unsuitable’ stuff some fans of cash are buying and selling is a threat to public order _ illegally-manufactured drugs, unlicensed weapons, human traffic _ you can see their point.

Furthermore, most countries have strict controls on the issue of official cash currency, relying on a central bank to regulate how, and in what quantity, official currency is created.

Done properly, central regulation helps prevent both counterfeiting and devaluation. Done badly, of course, it can have catastrophic results.

So the Bitcoin experiment has always been controversial. It’s a currency, of sorts, but it’s not regulated by any official authority, and it’s (almost entirely) anonymous.

Sadly _ whatever your viewpoint on anonymity in purchasing _ the experiment has just suffered a huge setback.

Bitcoin’s own site still isn’t saying what happened, but it looks as though the servers of one of its ‘Bitcoin-to-real-money’ gateways, known as Mt. Gox, were hacked. Badly-hashed passwords were stolen and usable logins recovered. Uncontrolled fraudulent trades then quickly pushed the real-world value of Bitcoins close to zero.

And a Bitcoin user calling himself Kevin claims legitimately (if rather fortunately) to have spotted the plunge in the Bitcoin market, and to have snuck in a bid _ at $0.0101 per Bitcoin _ apparently just one per cent above the market-manipulator’s own ‘bottom of the market’ bid.

Kevin ended up with Bitcoins recently worth nearly $5,000,000 for just less than $3,000.

But the Mt. Gox operators rolled back the seemingly fraudulent transactions that caused the currency to crash, restoring the value of each Bitcoin to about $17.50.

That’s probably a satisfactory result for most people _ except, perhaps for Kevin, assuming he’s telling the truth. He won’t make the killing he might have hoped. (On the other hand, he won’t be stuck with $3,000 of worthless Bitcoins, which might have happened if the system had imploded altogether.)

Nevertheless, this sort of interventionist ‘regulated market correction’ isn’t quite what you’d expect from a worldwide, anonymous, libertarian-style digital cash market. Whatever happens from now on, it’s a blow to the sustainability of the Bitcoin experiment.

And the Mt. Gox response contains some interesting wording, such as:

“It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so, in effect, the site was not hacked.”

It’s probably more accurate to say that the site was indeed, in effect, hacked. After all, the effect of the breach was unauthorised access and the theft of a critical database.

So what are the lessons to be learned?

• Trust is hard to win and easy to lose.

• Passwords should NEVER be stored in plaintext or poorly-hashed.

• Contractors must always be required to meet or exceed your own data security standards. You can’t outsource your accountability.

• If you are breached, you should be prompt, clear and open in your response. Skip the excuses _ they just waste time.

• If you’re an unofficial upstart who wants to compete with strongly-regulated financial institutions, you need to outdo them in the value you give to the security of your customer’s information.

The last point applies to us all.

The sooner we start seeing information security as something to do well because it adds value, rather than merely as a drain on expenditure that we need to minimise, the better.

Paul Ducklin is the Asia Pacific Head of Technology for security software company Sophos. You can read his blog here.