Community

@FinextraM:

I agree with your point about falling for sales pitches for PC / Wintel systems claiming to be as failsafe as Tandem, Stratus and other big-iron that supported true redundancy.

As for remote operations, certain activities - e.g. changing switch encyrption keys - require the personal visit of one of very few highly specialized engineers and can't be done remotely for security reasons. I've also come across more than one bank where certain tasks can only be performed onsite. I don't know why such policies exist but they do pose severe challenges to keep the lights on in the event of a disaster.

Not sure if this is an instance of regulators sitting in ivory towers and passing judgement at banks and FIs who are the ones really facing the brunt of the disaster. I partly blame technology vendors for conveying the impression that you can throw in an extra RAID here, install an extra blade server there, run a redundant cable between here and there, and be completely assured of business continuity. Having been through a couple of DR tests, it's virtually impossible to verify that the DR site can be activated and will work fine when the catastrophe actually strikes. Besides, all this talk of technology ignores the people angle. Amidst all the travel disruption that usually accompanies natural disasters, it's not easy to get the right people - who normally work out of the primary site - to the DR site in time, especially if it's located far away from the primary site.

Having said that, banks and FIs should do more than rely on a mop and bucket as their chief DR strategy - which is what one bank allegedly did - in the event of their data centers getting flooded!

Take any major bank, you'd find hundreds of social media mentions about it every day. Most of them are not actionable in that they convey a neutral sentiment. Imagine the tedium faced by someone having to review scores of such messages before they can spot one that calls for action. This highlights the challenge of "listening" on social media.

Fortunately, a new crop of social media sentiment analysis apps uses natural language processing techniques to separate the "wheat from the chaff" by discarding a bulk of neutral messages and honing in directly into messages with a distinct positive or negative sentiment. I know a couple of banks who use such tools to listen to what people are saying about them and their competitors on social media and tailor their responses individually viz. encourage brand advocates to spread the good word around and entice disgruntled customers of competing banks with special offers. The tools are there. It remains to be seen how many banks use them to ensure that their prospects and customers find their social media communications valuable or at least interesting, instead of ticking them off with pesky junk mail or cold calls.

Quite frankly, making a payment is hardly an example of Bond-esque coolness, whether it's done with cash or NFC. Now, if someone came up with a way to use NFC to avoid making payments altogether - "it's our privilege to serve some people, they don't need to pay" - that would vault NFC into a different league and guarantee its entry into the Bond world. Just joking...

On second thoughts, not. Contactless plastic cards do come close to this vision of coolness: You can walk past a reader without taking out the card from your pocket or bag or wherever and the payment is still made, as I've done several times with Oyster Card. Onlookers can be dazed at how you can walk past payment terminals without paying when others with NFC mobiles fidget around with their smartphone, switch on NFC, fire up the mobile wallet app, choose the right card, hope for network coverage, and so forth.

On a more serious note, this is perhaps just another reminder of why mobile payments in general, and NFC based ones in particular, are solutions chasing a problem.

Props for a balanced post but, having played a role in creating their storyboard, payment hubs have been positioned to solve business problems - rather than just as cutting-edge technology solutions - for at least 4-5 years now. The hassle is, while solving a few old business problems, they introduce a few new ones. I've witnessed how a high value payment missing a cutoff can nearly bring a bank down. I've subsequently begun to wonder if it isn't better to invest in a separate hub for high value payments and gaining a certain level of redundancy for their processing instead of processing both high and low value payments in a single hub and risking a single point of failure that can have catastrophic consequences for the bank.

Declaration is required only for cash and cash-equivalents. For all practical purposes, prepaid card balances are equivalent to cash. So, in principle, the US government's move has long been pending. Practical difficulties of the nature pointed out in the article remain. 

Although banks might treat a prepaid card as a form of debit card, the two are vastly different from the perspective of the cardholder and the regulator. For example, a debit card holder knows the bank account to which the card is linked (in fact, the account comes first, the debit card follows), whereas a prepaid card holder only knows the name of the logo partner (e.g. NetSpend). It's even likely that there's no 1-to-1 mapping between a prepaid card account and the underlying bank account (which is why monies in prepaid cards are not always FDIC-insured). Banks are obliged to report several bank account transactions to regulators, whereas transaction-level reporting is not mandatory for anyone involved in the prepaid card chain. Therefore, what's applicable for prepaid cards is not necessarily applicable to debit cards, which don't need to come under the purview of the new laws that only seek to regulate cash and cash-equivalents.

I agree with Gartner's view that banks can better serve their customers by following the approach so well illustrated by the example of the automatic mortgage refinancing app. I can think of many other examples viz. rejigging fixed deposit portfolios to maximize yield whenever interest rates undergo changes in nations like India where corporates and individuals alike keep a lot of money in fixed deposits that carry as high as 10% p.a interest rates while carrying zero risk. I personally use an Excel spreadsheet to simulate whether it's worth breaking an FD earning (say) 8% and reinvesting it when the rate has gone up to (say) 9.5% even at the cost of losing 1% point interest for premature withdrawal OR leave it where it is even if it earns 1.5% point lower interest. If my bank introduced a smartphone / PC web app to keep doing this in the background and gives me suggestions proactively, I'd use this app to my great benefit. 

However, as I'd pointed out in this post, banks might actually lose money by giving me such an app. More than "loss of control" or any other factor listed by Gartner, I surmise that it's this fear of loss of revenue and / or profit that acts as a greater barrier in banks' adoption of the approach recommended by Gartner.

My hitherto favorable views about virtual currency recently underwent a 180-degree turnaround when I switched on my B&N Nook Color a couple of days ago and found that several eBooks suddenly opened up to blank screens. In this case, a little bit of Googling followed by a hard reset solved the problem. I shudder to think what'd happen if I'm struck with a similar problem with my virtual currency. To recover some of my lost money, I'd have to first go bankrupt (equivalent of losing all content after a "hard reset") under the hope that all my money comes back. I don't know how many people will feel comfortable fooling around so much with money - certainly, I won't. Therefore, I tend to agree with @FinextraM's point about "technological stability" being a major stumbling block for the mainstream adoption of virtual currency. Before someone jumps in to point out that my entire bank balance is held by my bank electronically, it might be virtual for the bank but, as far the relationship between me and my bank is concerned, it's real money. The same is not true when I hold my money as virtual currency myself.

For over a decade, I've been waiting for the day when security doesn't imply friction. Many people, including me at one point, have expected / promised that "biometrics will become the standard for security in the next 2-3 years" - for the last 10-15 years. "Behind the scenes" security technologies and biometrics still don't cut it since they're still plagued by unacceptably high false-positive levels. This research paper explains very well why, warts and all, passwords "are more widely used and firmly entrenched than ever", why they'll be "with us for some time" and how they "are the solution which best fits the scenario of use". Personally, I find the combination of username, passwords and hardware tokens to strike the best balance between security and convenience, although I've heard several people complain that it's painful to carry hardware tokens around. 

The popularity of services like Mint in the USA, the near-complete absence of 2FA among leading e-tailers in the USA, the dominance of "cash on delivery" as the mode of payment for ecommerce in India - in these, I see evidence of my long-held belief that (a) People don't bother too much about security when a service offers true value (b) Greater security inevitably causes greater friction, so companies anxious to boost conversion rates take the risk of lowering security (c) Where the regulators enforce greater security, consumers resist the greater friction contained in them by opting for unorthodox alternatives that are more frictionless. 

I do agree that native mobile apps are intrinsically more secure than desktop / mobile web apps. However, the same can't be said about the "mobile experience" since I feel very confident that no one can impersonate me at a bank branch or forge my signature or steal my Internet Banking credentials. However, when it comes to my mobile phone, I'm not half as sure that I won't lose it. So, intrinsic security at the level of technology is one thing but what really bothers me about mobile is what would happen if my smartphone fell into the wrong hands even if it happened due to my negligence. Mainstream adoption of mobile banking depends on how well banks and their mobile technology providers address this basic concern. Most people don't use lockscreen passwords on their smartphones, requiring a password for the mobile banking app adds more friction than doing the same on a PC or making a signature at the branch. So, providing this assurance is not likely to be so easy either.