Community

Maybe I’m suffering from a time warp but I've been living in this world for a long time: 

1. Outlook, BlackBerry, Android Mail and other apps that have been around for ages don’t need users to enter a password every time they check their email.
2. Fingerprint-scanner equipped smartphones that can unlock themselves without passwords have been around for a while now.
3. Employees have been tapping their chip-embedded ID cards on RFID readers to enter their offices for over 10 years. They’ve also been using physical ID cards to prove their identity with third parties e.g. merchants who offer discounts for employees of certain companies (but not others). It’s technically possible for an NFC-equipped smartphone to replace cards but how would that support the current multipurpose nature of physical cards?

@KittredgeC: TY for your detailed clarifications. My observations were baselined on an industry-standard SaaS solution since it's not often that I read about company-specific offerings on Finextra. 

@DanielE:

Absolutely. Like I observed when SQUARE was launched - it moved hitherto cash transactions to bank-issued credit cards and thereby expand the pool of transactions from which banks could earn interchange revenues. 

There are rumors that banks are planning to “outsource” the task of authentication of all Apple Pay transactions to Apple. While the rumors further say that banks would pay Apple 20 - 50 bps of transaction value for this job, the point is moot: Since “Apple doesn’t know what you bought, where you bought it, or how much you paid.”, it doesn't know the transaction value. Therefore, what's to stop the card networks / issuers from telling Apple that the consumer paid $5 for something when they really paid $500, as Ron S has rightly asks here? Who knows, Apple Pay may give one more chance for banks to go laughing all the way to the bank!

@HarinD: I agree that payment habits - like many other habits - have huge generational bias. Having observed a generational habits in Desktop Email v. WebMail and a few other areas, if our children wave a mobile phone rather than plastic, it'd be because "they've always done that". I don't think they'd be able to explain why.

@KittredgeC:

TY for your detailed reply. 

From what I know of a classical multi-tenanted SaaS model:

1. An individual customer can only decide whether to subscribe to a particular feature or not. But, having subscribed to a particular feature by way of signing up for a certain plan, they CANNOT decide whether to switch on / off a change to that feature. Content and frequency of such updates are determined UNILATERALLY by the vendor and apply universally to all customers the very next time they log on to the software. 
2. I haven't heard anything like "integration architecture", a term you've alluded to many times.
3. My TCO cutoff of 24-36 months does consider the other recurring costs you've mentioned. 

Now if you're referring to a private cloud or a shared service or some other proprietary form of cloud-based offering from your company, I admit my above mentioned observations about industry-standard SaaS might no longer apply. 

@ChetanG: Any idea why Fidor uses Ripple to handle payments to its own branches instead of simply using intra-bank book entries?

@Anon: You seem to be impressed quite easily:) As for me, it takes at least one "disrupt" and "disintermediate" per sentence to float my boat!

Nice post. Besides, spreadsheets can't record the "Dog that Didn’t Bark In The Night”, an equivalent of which which ESMA reportedly wants FIs to do in the Level 2 text of MiFID II! (https://www.finextra.com/blogs/fullblog.aspx?blogid=9965)

A couple of years ago, I'd expressed fond hopes for my banks to introduce 2-way SMS for fraud alerts (https://www.finextra.com/blogs/fullblog.aspx?blogid=5801). While my banks haven't obliged, good to know that Barclaycard supports this feature. In a lighter vein, your longing for "a bit of authentication earlier in the process" is another example that reinforces the essence of the German proverb quoted at the end of my post:)

Talking about security versus convenience, after a lot of introspection and deliberation, I'm led to conclude that basic human nature precludes the emergence of a golden mean between the two. Users want convenience as long as the feature is used by the genuine user but they want security to kick in if the feature falls in the wrong hands. Whereas, the service provider has no way to know in advance if the feature is used by the legitimate user or not and can reach this conclusion only after it has subjected the "user" to the feature - with its present level of security and convenience.   

For a long time to come, I predict that we're going to have to accept security over convenience or vice versa. My guess is the choice made by the regulator will be driven as much by cultural factors as anything else.

In India, by enforcing 2FA measures like PIN and Mobile OTP for offline and online card transactions respectively, RBI has long hinted its leaning towards security. In ruling that UBER must use 2FA for card payments for taxi fare, the Indian regulator went on record saying, "security first, convenience next".

OTOH, nearly ten years have elapsed since FFIEC mandated 2FA for online payments in USA. Still, I haven't come across a single US website that asks for VbV - some don’t even ask for CVV - for accepting card payments. It's clear that convenience comes ahead of security in USA.

Yet another solution seeking a problem and, that too, in a very contrived and non-scaleable manner. At least I hope it has FDA approval. The last thing you want is a slightly erratic heartbeat - believe me, it happens more often than believed - causing authentication to fail, which leads to car door not opening, which aggravates the heartbeat problem even further.

Oh yes, Starbucks customers use mobile devices to pay at POS - about 1 in 6 of them, that is.

Okay, thanks, @BjornS.