Community

We can all agree that PSD2 Open API is not easy to integrate to old CBSs.  And, both speed and security must be maximized in the process. 

Each bank has its own way of integrating to the CBS and regulatory guidelines for integrating to the world....with the expectation of publishing their interface specifications.  The killer app will be the application of Stronger Customer Authentication in a realtime interface using Open APIs to perform SCT-Inst transaction originated by millions of devices that are not necessarily known to the bank by regulated providers also not known to the bank.  A new industry is developing around this effort.  In the meantime, banks will be cautious and PISPs will have limited success.  

To your point about the customers' interest in using Open Banking, the customer is not likely to know if he/she is using Open APIs or not.  

As for replacing the CBS, the product/functional silos of these systems are being re-written with each day that passes.  Incumbents are breaking apart their Universal Banking Systems in order to look like micro-services that can be license function-by-function while others are starting from the ground up building new banking systems with modern architecture, data structures, coding techniques, etc.   The cost to do either have reached an equlibrium where many challengers are attempting to build from scratch rather than implement a UBS from an incumbent.  Creating micro-service farms that can rationalize the functions and interdependencies of existing UBSs is the challenge. Time will tell if it is even possible, much less, can they deliver the features in a distributed fashion where best-in-class services are bought and sold among banks and vendors to service targeted customer segments.  But, the march to replace the the UBS has begun. 

More interesting is to determine what, if any, CBS functions are really needed any longer.  The Millennials appear to be saying they do not care about the nuanced features we perfected and used to differentiate or products from the competition at a time when life was not digital.  They just want an account with basic core functions.  Differentiation is handled on the front-end with service levels like nothing we have seen since the days of personal, customer care in the bank branch while interacting with the world's best CRM tool, our local banker.  With technological/digital focus on customer care and mobile devices to deliver the goods, only now, we can expect to be fully satisfied by the level of care provided by FIs in the digital age.  Technology is no longer about the cost/income ratio but  rather digital customer engagement and lifetime customer value. 

Eventually, the CBS services will be distributed micro-services delivered by highly specialized teams/systems capable of flexing and scaling their product(s) to the demands of the consumer.  Banks will specialize and segment the markets in order to cut costs and up their game for "their" target customers.  

My guess is 10 years to reach the tipping point and another 10 before today's CBS is fully retired.  

Agreed.  In 2007, I was issued a MC branded pin-only-debit card by an Austrian bank.  The number on the face of the card is merely a reference number.  It has no magstripe and the chip contains the real number.  The point is that everything you mentioned is possible but requires the market players to adopt it including the consumer.  

Payment markets are set to fragment in its deployment of cards and other payment solutions.  Europe has/will regulate standards with the implementation of PSD2 and ultimately disintermediate cards altogether.  

Mobile will help us accomplish fit-for-purpose via instant issue, HCE, user driven card consoles, new security features like 2Factor, etc.  The thing to remember is from where we came.  Today security concerns and CNP e-comm are ubiquitous and card issuers have been unwilling to set limitations of use that would diminish the use of cards.  Top of wallet with interchange income is more important that fraud losses.  With thieves continuing to improve and payments becoming more competitive, the evolution will only continue.  

Improvement is, in this case, the enemy of Innovation.   

That is a strong rebuke for a standard that recently celebrated its 10th anniversary.  The standard sets out requirements and ongoing process for segmenting comm networks having sensitive data, encrypting the issuing and acquiring data bases, and encrypting the channel/message and tokenizing the payment credentials.  

Every player (cardholders, banks, merchants, acquirers, processors)  in the payment value chain is susceptible to criminals trying to steal the data; thus, we all must take responsibility for our area.  If anyone in the chain fails to provide sufficient protection, we all lose.  

Large and small merchants alike need only take a certified POS device from a certified provider and avoid doing anything to circumvent the built-in security. Problem solved for a few hundred quid.  Of course, as the data is needed to manage ones business, careful management of payment credentials is an absolute requirement that is all too often overlooked (50% apparently).  

The focus for the past few years has been to "devalue the data", making it useless to the criminal.  Preventing access to data and sufficiently encrypting and tokenizing the same will eventually have the desired result if the standards are applied.  I encourage you to make use of the standards and resources available in the market today. 

Alternatively, I would like to know your thoughts on what is now "fit for purpose", today?