The big bank cyber cover-up

Something that I have long suspected (and been aware of) is that banks don’t like admitting when money goes missing. It doesn’t matter if it is their money, or yours and mine, the point is if anything goes missing it looks bad for an institution that is supposed to be your secure holder of money. It really doesn’t matter the circumstances either, be it with a dodgy employee doing something naughty at the cashier’s desk, or customers being subjected to cybercrime and fraud, the fact is the bank won’t report it…This thought of mine is backed up by a statement made by the City of London Police chief Adrian Leppard, claiming that he believes up to 80% of online crime goes unreported. Have a read of this article in finextra http://www.finextra.com/news/fullstory.aspx?newsitemid=27226

The challenge

So why is cybercrime growing so massively? The simple fact is, something I’ve been complaining about for a long long time now, is that no matter what you do, you cannot secure something that is inherently not secure. What do I mean? Well card details are not secure. They are printed on the thing, nothing sophisticated is needed to get hold of card details at all. This means card schemes, banks, payment service providers, online payment gateways, businesses, all have to spend vast amounts of money on trying to prove that those card details (at the point of a purchase) are in the hand of the owner. The simple fact that I can get those card details so easily, means that for a person willing to undertake some cyber fraud or card fraud in general, it’s easy, it’s a weak point in the system.

My point is proven even when you add technology upon technology upon technology. Just look at the recent issues with Apple Pay. Apple, claiming the system is so secure is actually not a million miles away from the truth, if Apple could secure the card details that were added to the device, but since these are not secure in any way shape or form, it’s easy to just add other peoples card details to my own Apple device and away I go…

The solution?

The solution is so blatantly simple it frustrates me. Move away from Cards! We don’t move away from cards because of the cost of the card scheme infrastructure, an infrastructure that is so massively outdated in today’s cyber world. Card schemes are simply easy pickings for cyber fraudsters.

When I say move away from cards, I don’t mean just replace the physical card with your phone, ala Apple Pay, I mean ditch the scheme itself. There really is no need for a card to be required in a transaction, this is proven by a number of mobile payment technologies out there that move away from card schemes and look at their own scheme effectively, utilising “e-money”. These businesses / schemes have a massive opportunity to provide security that simply removes fraud, build technology built with modern day living security in mind, and all of a sudden, the fraudster’s life is much much harder. If you detach from the dependency on a card scheme, you have payment systems that are secure, you reduce fraud, you reduce risk, and you drastically reduce the cost of a transaction for a business, and ultimately the cost of products / services consumers purchase.

The only issue, business adoption, educating businesses of the benefits to them, the cost savings and the difference in user experience. That’s the massive challenge, something why mobile payment start-ups are failing. Business owners simply don’t have the time to be educated on this stuff….

So the company that cracks that nut, could get a new scheme out there and start reducing the levels of cyber-crime….Sure the banks eventually will like that idea!

Will HCE revive NFC mobile payments? No.

As of late there has been a lot of press coverage regarding HCE (Host Card Emulation), which in a nutshell allows devices to make NFC based mobile payments without needing the mobile operators secure element on the device. Both VISA and MasterCard are backing this new approach, in the hope that finally, they can kick start mobile payment offering with NFC, effectively locking merchants back into the card schemes for mobile. Google is also heavily behind HCE, because they need a way of getting their Wallet distributed on actual devices and networks. Google has already had a rocky time with NFC, supporting it, then ditching it, only to now attempt to bring it back to their offering through HCE.

There are many companies pinning their hopes to HCE, touting their solutions and the promise of mobile payments. But is HCE really the saviour of NFC based mobile payments, or is it simply the same old issues dressed up in a new party frock?

 

Secure NFC in the cloud

Effectively HCE allows secure details to be stored in the cloud. This makes a lot of sense if you want to bypass the mobile operators and effectively quash their mobile payment offerings (ISIS in the USA and WEAVE here in the UK). But does it actually add any value for the consumer or for the merchant? Is there actually any real difference? The answer is pretty much no.

If you are using the solution in its pure form, then your phone (no matter how it gets details, from the cloud or a secure element on the device) will broadcast card scheme data to the merchant’s terminal. No matter what that data is, it is being broadcast and is data that is used to complete the payment. This is actually very powerful if you are looking for mass distribution, potentially. I say potentially because though there are businesses accepting NFC contactless payments, they are still small in their numbers. In addition, the merchant still has to opt into accepting contactless payments – and it is worth noting that contactless payments in pure card form are not the same as contactless payments using your mobile phone. In many cases the “handshake” is different requiring businesses to invest yet again in contactless for mobile phone. Do we really think SME owners will continue to invest in technology for zero benefit to their business?

So does HCE make any difference here? No…

 

Availability

HCE and NFC are only available on Android based devices (and not all of them). Though Windows Phone 8 supports NFC, it is locked very much into the Secure Elements, so no HCE support there. If we then look at the most successful mobile smartphone out there (iPhone), we should note no NFC or HCE support (and it doesn’t look like there ever will be). So with this in mind, you are only available to customers on 1 of the top 3 mobile platforms. Though many will say that Android has the lion share in the mobile world, it’s worth noting that they are a distant third in their share regarding mobile web being used. This indicates that the majority of Android users are not embracing all the features on their smartphone, and as such, these probably are the same users that will not look to be early adopters of any form of mobile payment.

Essentially, the consumer base that could potentially look to HCE and NFC payments is quite limited.

 

The customer experience

Many articles will talk about adding value into the mobile phone payment option, but when we do this, any distribution advantages you may have due to card schemes and contactless being accepted vanishes. You may ask why, but the fact is that the acquiring banks (the people who actually operate those contactless card devices) will not be accepting data regarding a discount, or loyalty scheme. To be blunt, they simply can’t accept that data as it’s meaningless to VISA, MasterCard, the Acquiring bank and the customers bank. So in order to accept that data, the mobile payment provider needs to sign the merchant up to their particular version of mobile payments, in order for them to enjoy any added value. Therefore the argument for NFC as an open loop environment using card scheme rails doesn’t fly.

So what does HCE bring my customers in terms of experience over what they have currently with a card. The answer is nothing, unless I buy into a particular vision of HCE by a particular company, and if I am going to do that, I may as well look at alternative payment solutions, that save my business money.

 

Payment processing costs

Do these decrease with HCE? Nope, the poor old merchant is still paying full wack for their card processing, and maybe in some situations more. They will be paying for more expensive NFC based infrastructure on a monthly basis too, so mobile is now costing businesses more to accept. That’s simply not good news for any business owner.

 

HCE a game changer? Nope…

To make mobile attractive to businesses it must be cheaper for businesses to run, maintain and it must bring some added value to their business. It also needs to be available to the vast majority of my customers, so that means available to the top 3 mobile operating systems (Android, iOS, Windows Phone). HCE simply doesn’t stack up on any of these basic business needs. It’s more expensive and provides no added value.

Mobile will no doubt be a game changer in the payments world, but it will not be changed by solutions that look to the same old rails dressed up in a pretty new mobile dress. It will be companies that offer real added value through mobile services, and companies that deliver savings back to businesses with large reductions in payment processing fees.

So if you are a small business, look to see what alternative payment solutions out there provide you with the added value and services you want to move your company forward, helping you increase sales and increase your profitability? It’s an exciting time, and a chance for businesses to break away from the old and embrace the new more productive world.

Zapp mobile payments, great concept or dead idea?

Zapp has been getting a lot of press coverage these past few days, no doubt to help bolster their fund raising efforts. (Read an article here at Finextra and have a look through the comments made too, very insightful) The company that hopes to deliver mobile payments for UK banks is trying to raise £100m on-top of the £16m funding it has already received to date. But what is Zapp? What will it deliver?

Zapp, great concept or dead end idea?

We must start with the cold fact that Zapp has not got an actual solution for mobile payments. Zapp has to date delivered nothing in terms or architecture and physical code. With that in mind, everything we read from Zapp is vision based, it’s fluffy and isn’t backed by something tangible like an actual real live working environment. So we must take their comments on what they can deliver with a little pinch of salt, as no one as yet has tried to deliver what they are claiming.

 

The proposition

So let’s now look at the proposition in the wake of Zapp announcing a number of major banks signing up to their solution. When you first read articles or headlines regarding Zapp, you may believe that Zapp has access to your bank account, and that means they can complete payments directly from your bank account for you. The fact is, this is wrong. Zapp does not have direct access to any consumer’s bank account, not ever consumers of those banks that have signed up to the Zapp vision. In addition, Zapp doesn’t have access to faster payments either, again something that many believe they do have. So what do they have that warrants the headlines coming from Zapp….

Well, what they have is an understanding with the signed up banks to be able to send information from their Zapp wallet app to the banks mobile banking app. This information is pretty basic, essentially it’s a reference, an amount and a destination bank account. So in the world of Zapp, you use your Zapp wallet to get a transaction under way, however, in order to actually pay, you are then pushed from your Zapp mobile app into your banks mobile banking application. There you input your PIN for your banks mobile app and then confirm the faster payments transaction that Zapp has set up for you. Complete it in your banks mobile banking app, and then back to the Zapp app you go. It’s also this integration that lets Zapp show you your bank balances in the Zapp app (no direct access to your bank account at all, rather a copy of functionality from Microsoft’s Wallet and Apples Passbook, reading data from other apps).

 

Great concept or dead end idea?

So, is this a winning mobile solution? Should companies like PayPal, Visa, MasterCard, CloudZync be worried. Well the short answer is no. Zapp isn’t offering anything that hasn’t been shown before. Zapp isn’t providing me as a consumer with any incentive to use the app, nor are they providing any incentive to a business to accept Zapp mobile payments. The experience isn’t even one that sounds “cool” for a consumer. Moving between two apps to manually authorise a bank payment is not exactly smooth. But, you can see why the banks they have on board are interested, these are all banks that have no form of P2P transaction apps, nor any foot in the door of the mobile payments industry. Of course they are going to sign up to Zapp, after all the promise is Zapp delivers mobile payments through their own current banking apps. The real proof that Zapp offers nothing new or an experience that consumers will opt for can be seen by looking at Barclays position. Barclays have NOT signed up to Zapp, and you can see why. Why would they, when Zapp is simply a very clunky vision of Barclays own Pingit/buyit app, of which isn’t pie in the sky, is an actual app already out there in the wild with millions of downloads and one that works a lot smoother than the Zapp proposition.

Mobile payments will not take off if we view them as simply an evolution of card payments onto mobile, and this is where Zapp is standing. There is no point for consumers or businesses to invest time and money in an evolution that delivers no improvement for either party. Mobile payments will only succeed when there is incentive and added value to a transaction, and that is why companies like CloudZync and their Zwallet mobile app are light years ahead of the competition. Wrapping other peoples technology to try and make something a little smoother (such as inputting payment information for a faster payments transaction) isn’t visionary and its hardly innovative. When we look at mobile and digital wallets, they need to be innovative, they need to provide real tangible and easily measurable incentives to businesses and consumers to make a conscious effort to use mobile phone as opposed to cards and cash. That’s exactly what Zwallet delivers…

Zapp future

I have no idea what’s ahead for Zapp. I am sure they can deliver the technology to wrap a banks mobile app, it’s hardly rocket science and they aren’t attempting to solve anything that hasn’t been solved already. The question really regarding Zapp is why do they need that size of investment? Do they have anything else planned or is it all marketing, marketing and more marketing money? Who knows.

What I do know is that Zapp is already behind the competition, and has a lot of thinking outside of the box to do if it wants to deliver experiences that get close to its competitors…