This is where the terrorists get the upper hand. Everyone in the IT or finance industries is so terrified of the reputational damage from a hit like this that no one is talking about what happened or what they could have done differently to have avoided the infection.
Maybe they were stupid and they left themselves open to the attack but maybe the attackers had a clever new vector that we are all open to. We are certainly not going to be any better prepared after reading this article
07 Dec 2023 08:58 Read comment
It's interesting that what we currently have now is called a "four party model". Clearly this represents the card holder, issuer, acquirer and merchant. What about the card schemes? Surely, they are a party to the transaction. They certainly take a cut of the transaction fees. Or the processors? It's way too technical and expensive to integrate with the card schemes directly so there must be separate entities (internal or external) to allow a financial institution to connect. Then there are the Payment Service Providers (PSPs) who provide the interfaces for the merchants, the AI developers who provide the systems to check for fraud, the PCI auditors who check that all the other parties are looking after the card details properly, etc, etc, etc... It's no wonder the transaction fees are so high. I guess it would irritate me less if the service provided by the card schemes was better. Provide decent interfaces so that processors and PSPs weren't required. Provide decent security so the fraud systems and PCI DSS auditors weren't required. But they don't. What's needed is a new and better type of payment network. This would take courage, vision and some fairly deep pockets. If you know anyone like that I would be very keen to talk to them.
02 Oct 2017 11:46 Read comment
Thank you both for taking the time to comment on my article. I think the terminology I chose was making me unclear. Perhaps if I define my terms it will make more sense. A "prepaid platform" is one where the card is synonomous with the account. There appear to be many such systems in use. I fully accept that you can use a pre-paid card as an access point for an account and, if you're using an account platform, such a system would provide all the features described above and allow induction of mortgages, loans and credit as part of a continuous development. Within my narrow definition of a pre-paid card platform that would be impossible. An "account management platform" then, is one which separates people, from accounts, from access mechanisms for those accounts. It's "core banking lite" if you will. But they will run your entire financial instituion from accounting to customer service. And the prices for such systems are much lower than you might imagine.
17 Jul 2017 17:58 Read comment
That's a great blog, thanks Ketharaman. Yes, there are elements of that, that I would like to see replicated. The frictionless onboarding, high profile user education and viral marketing are all key elements to growth of the service. Where this differs to PayTM is the network on which it's based. One that will allow real-time payments of any type anywhere in the world, will enforce transaction security and enhance AML compliance. Because the UX I described above is connected to a bank account that has been enabled by this network, the hope is that it will entice customers to give up their cards.
11 Jul 2017 08:56 Read comment
This is very much the crux of what I have been saying David. Replacing the card scheme networks and all the other payments networks with a single new universal payments system would provide a great deal of quantifiable value to the banks and the merchants (reduced fraud, reduced settlement and reconciliation costs, better liquidity control, reduced fees, reduced fines, an end to the PCI council). None of this has any bearing on the customer however. I am proposing a multi-facetted approach that will be good for all parties and it will clearly be a huge undertaking but sometimes you have to look at something and understand that it is broken and needs to be replaced, not just patched up. Part of that process must be to design a new user experience that is desirable and will provide the very fundamental reason for customers to learn a new system when they are perfectly happy with what they have. The new system will include instant notification of payments, a full itemised transaction receipt, real-time payments anywhere in the world addressed by phone-number or email address... and availability of use at any merchant, however small. The same system can be used online, with username and password, to validate the transaction and manage delivery addresses.
10 Jul 2017 17:57 Read comment
Hi David, thank you for your comment. Let me try to answer each point in order: Cost: there must be some cost disadvantage to small merchants in taking card transactions. Within 10m of the door to my office there is a cafe and a barber that cannot or will not. On Tuesdays there is a market and none of the stall-holders take plastic. Under the new scheme I have in mind all of these people would be served. Using cards: in order to get that initial sign-up as described it would be necessary to allow people to load their account using one of their existing cards. I grant you that this is an example of continuing to use the old rails like all the myriads of others but I do not envisage people doing that for any extended duration. They have a new bank account now and it has new features and benefits over their old one. This will quickly become their current account of choice and they will deposit funds into it as would would into any other bank account. Card scheme benefits: the card schemes have had many decades to build their networks and are the best we have available. That doesn't mean we should strive for something better when they aren't responding to the requirements of the market. Focus areas: agreed, all of those issues need to be addressed and more besides. I have written at some length on the topic in previous blogs on this site. In this one I was very much concentrating on what we need to do to boost customer take-up of a new customer wallet since this is where everything has ground to a halt previously. I hope that clarifies some of my thinking.
10 Jul 2017 09:12 Read comment
@Susan Hall: As you say, each of the payment types has grown over time to meet the needs of the payment type in question. The card schemes grew to meet the needs of the shopping transactions, SWIFT grew to meet the needs of international transactions and the local payment types also came into being largely in a vacuum. The reality is though, that each is simply moving funds from one regulated entity to another while complying with the different requirements of the payment type. Perhaps now is the time to architect a single solution that is better by design. The technology can make it work. It's the mindset of the stakeholders that will determine the reality.
26 Jun 2017 16:40 Read comment
@David Godfrey: Hi, I agree that instant SEPA will be a huge step forward for Euro payments from account to account within Europe, both in terms of speed and cost. Even within Europe this is only part of the story however. My argument is not with any one payment system (even though Instant SEPA does sound like it will be a particularly good one) but with 3rd party payments as a generality and the wild profusion of different payment systems for different payment types. Compliance, AML, sanctions screening and so on is clearly a large conversation, and one I am very willing to have. This is where any new network will be made or lost. As a customer you must be reasonably confident that if you send a payment it will get to its destination if you have provided the information requested and you must be 100% confident that if it doesn't it will be returned immediately. As a bank you must be confident that the partners you are dealing with, with whom you may have no direct relationship, have done their jobs properly in capturing KYC and screening for PEPs and sanctions and that the information provided by them is correct and complete. I'm not sure how any 3rd party network (without regulatory powers) could achieve either of those things. A community of banks could though.
26 Jun 2017 10:09 Read comment
@Susan Hall: Hi, I agree that this blog is a generalisation. Unfortunately, a blog such as this isn't the vehicle for a detailed analysis of each point, although I am very happy to have that conversation with you. The point I was trying to make is that all of the payment systems around the world have issues, as evidenced by all the work that is going in to try and address those issues. There comes a time when thought must be given to replacing the proliferation of different, often-patched systems with a single new system that will do it all well.
26 Jun 2017 10:08 Read comment
In my opinion the reason why all the mobile wallet/payment systems have failed is precisely because they have endeavoured to layer them on top of the existing card scheme's rails rather than creating something that's new, better and more pervasive than that which has gone before. I would go further and say that all of the current payment systems used by banks today are inefficient, expensive, slow and/or exclusive. That is very much a blog topic in it's own right however
21 Jun 2017 17:44 Read comment
Michael WarrinerCTO at iE
N CohenCTO at NCX2
Gav CollinsCTO at Neptune
Simon KnowlesCTO at vabble.io
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.