Community

Stephen,

I guess that's another reason why Movenbank is going to be considered a disruptor. It's interesting because we've figured out ways to meet FFIEC and KYC requirements to the regulators satisfaction, with social sign as part of the user experience - all while making the workload for customers dramatically less than existing bank onboarding and being safer than most IB experiences today.

I'm sure that traditional bank lawyers would be mystified, however, our reading of the situation is that our approach is not only compliant, but in reality less risky and less exposed than current approaches which are hopelessly outdated in a digital landscape.

I'm sure there will be plenty watching our moves carefully...

Brett King
BANK 2.0 

Stephen,

The validity of presenting you a Utility bill that actually goes unverified, versus 100 people in social networks verifying that they trust you is very powerful. 

Does the regulator recognize it today? No. Should they - they'll have to is my view. The fact is identity theft today is made easy because traditional KYC is weak. We're seeing governments working on strengthening identity right now (https://www.finextra.com/news/fullstory.aspx?newsitemid=23132) and banks are a good place to start as keepers of secure data. It's just that the things we hold as 'identity' are not as secure or uniquely verifiable as they once were. 

In terms of whether social data can be used in the KYC process. I think you're dead wrong. 

If I approve you using my data from a social network to fill an application form (for example) and then verify that data is my own - that is warrantable. As long as I back that up with other verification, the original source of data on the form is essentially immaterial.

There's two components here. Simplifying user experience for onboarding, versus verification of identity. You don't need to use social sign in to be a verified identity, but using social data to prefill an application form (for example) would result in a dramatically reduced workload for the consumer, and be no 'less' safer than a traditional paper application form - surely?

There is absolutely a role for integration of social data. To shut it down because you don't know how the regulator's going to respond to that, just means you're not thinking creatively enough about user experience.

Brett King
BANK 2.0 

All,

Some great feedback. 

I think the concerns are valid, but I'm really trying to figure out how to reduce the workload for customers on the KYC and IDV side essentially, and we've got a ready made social framework emerging where you've already worked hard to establish an 'identity'. How do we reconcile that social identity with the requirements of the regulator? That's one issue.

I firmly believe if you dramatically reduce a customer's workload, and make the application process simplified by allowing me to trawl basic data like name, date of birth, etc from a central register, that as a customer I'd be willing to make that trade off. After all, I can still verify the data after you've grabbed it - as long as that process is simple and I can trust who is using the data, then most today would accept this as a superior solution to asking me repeatedly over and over for data that is readily available elsewhere.

The second issue is really around the security. Is social sign-in secure? Not on it's own clearly, but are there elements of a relationship that could be managed via SSI? Absolutely. For example, would I allow a bank to send me a fraud alert via a Twitter Direct Message? Why not? So writing off Social-Sign-In as insecure is a mistake. We have to look at the methods of inclusion of social identity, and not just simply classify it as problematic. 

Right now today I can tell you that details from social networks on an individual customer are far more valuable to a bank than a fax number or utility bill, but we're ignoring those because we're threatened by the exposure in the medium. Instead, we should be working out a strategy of inclusion, limiting exposure and making things simpler for customers. 

Simplicity is the new value. The old security and KYC mechanisms are under threat because they add no value to customers. 

Let's ask the question of what is the right thing to do for long-term customer improvement. Let's look for ways to make it work.

Brett King
BANK 2.0 

Anon,

You might be right, however, the key issue for consumers is not about security - it's about ease of use. The mental load for customers around usernames and passwords is the issue. I'm agnostic to Facebook, versus Twitter, versus LinkedIn or new services like Connect.me. I think that a single-sign on is the way we're going, and the driver isn't security, it's simplicity.

As an industry, we simply have to find a way to make the simple, secure.

Anything else is irrelevant, because if we don't the push towards simplicity could drive a decrease in security as you've said.

Incidentally, there are many ways of making a single sign-in methodology secure. We can do location based, device based (registration), we can incorporate 2FA. It's not as simple as Facebook is not as secure as current UID/PWD methods. That's a very simplistic view.

BK 

The Innotribe team is becoming the incubator of the global banking sector. There really is no better 'collective' in terms of assisting start-ups and innovative players to showcase and refine their business models. This is a great initiative. If member banks take advantage of collaborating with Innotribe they'll really find massive benefit.

Finovate is good - but doesn't offer the depth of network and experience that Innotribe brings to the table. Their 'innovation network' is phenomenal.

Actually Liz, Amazon did exactly that which you say they didn't with Borders. In 2001, Borders - fearing the dot com bubble collapse - wrote off their online business. They outsourced it to Amazon.

http://www.computerworld.com/s/article/59638/Borders_Turns_to_Amazon_for_Outsourcing

By 2006, Amazon was doing $170m through the Borders.com website. 

Why did Borders go the way of the Dodo? Maybe because they had no alternative revenue...

The analogy fits.

BK

Liz,

I appreciate that this is largely tongue in cheek, but thankfully FinExtra gives me the ability to defend snarky slights against my verbose character :)

In my defense the comment you dissected was made with the severe transmission limitations of Twitter's 140 characters. So calling me out for not giving clarity to a statement via the Twitter medium is a little tough. It was a provactive statement, I'll grant you. It may even require further explanation if you've never heard my ideas in that respect before. However, Twitter as a medium, is not articulate enough to provide that which you say you are looking for in a serious discussion about the industry.

I do often talk about disruptive behavioral shifts, for example, and I believe I've explained my thoughts on that via numerous forums with abundant clarity - I'm sure no one is unsure of what my views on the matter are and why I classify it as such. The fact is, disrupted by dramatic consumer behaviour shifts is exactly the right term to describe what is happening in the retail FI space. Water it down with less dramatic language and you might let a banker think that he has plenty of time before he has to change the way he does business - he does not.

Just ask Borders and Blockbuster if consumer behavioral changes have been disruptive to their businesses or dramatic?

I stand by the emphatic nature of my language, if only because we are in desparate times and need a big change in our approach and thinking. Being soft on this, or pulling punches because it may be seen as a little dramatic, isn't going to help anyone - consumers or industry pundits alike. 

And don't worry... I have plenty left to talk about :)

Brett King
BANK 2.0 

I hear a lot of mentions about privacy or IDV concerns when Facebook comes up in the banking circles. But are banks so niave as to think that their customers will actually stop using Facebook and social media if their bank asks them to? Should we be warning customers of the 'risks' of social media and privacy/identity?

The fact is that the current identity platforms we use are exposed in social media, not because social media is bad/evil, but because current IDV/KYC constructs are simply weak today. The only long-term solution to the 'friction' between social media and privacy/identity concerns is better identity.

Facebook is not the problem - Identity is the problem. 

I can respond to that on behalf of Movenbank.

Essentially right now we're building out our CRED engagement model, of which Facebook, Twitter, LinkedIn profiles are a component of the data model. 51% of 'web' users today use Facebook to engage with eCommerce sites, so it's a common standard for basic identification.

Once the bank product is launched, that will be backed up by a second layer of Identity Verification that is more stringent and traditional. However, that deep level of KYC is simply not required for the interactions we're having with our customers right now.

This is a perfect illustration of what is broken in the current KYC model. I don't need ALL your identity information to start this relationship. I might later, but I can build that over time and still have a very secure, safe relationship with the customer.

I think suggesting that Facebook is diametrically opposed to security shows a rather traditional view of interactions. The fact is, social media is not going away. We need to figure out its place in the interaction, but still protect the consumer long-term.

That's is what Movenbank is all about. 

Katharaman,

I think your comments reflect your experience with the market in India versus the US market. Certainly the fact is that PayPal and pre-paid debit cards are already a strong alternative here in the US, and the fee structures are cheaper than traditional checking accounts and wire transfer mechanisms. Regardless of who started pre-paid, right now the banks are nowhere near it because they see the users of pre-paid as unattractive financially.

However, the typical profile of a pre-paid debit card user is a 50% likelihood of a college education, and 25% likely to have a prime credit rating and professional career. The reason for them opting out of the banking system is irrelevance of the day-to-day banking system.

Try to defend it as you will. A lot of traditional banking just doesn't make sense to these kids anymore. You can't educate them around to your way of thinking - they just don't get it.

BK