In a world where payments become more invisible the more digital they become, there’s never been a better opportunity to consider new ways to enable the digital transformation of financial services in a secure and compliant way.
Or watch its digital disruption.
There’s just one problem: The current digital environment has introduced whole new varieties of risks, threats and emerging competitors — making the switch to digital for financial institutions fraught with challenges and the prospect of enabling friction-free consumer experiences more difficult.
That’s the backdrop for the nearly hour-long conversation that Karen Webster had about the role of payments security in digital business transformation with CA Technologies Director of Payments Security James Jenkins.
Here are the highlights of that conversation.
Payments Security As A Digital Business Enabler
Payments security, Jenkins said, has always been important but long been thought of as a defensive move. New technologies and the move to digital commerce, he said, force banks and payments providers to think about it in very different terms. Jenkins sees two worlds — banks and payments — that both need to come together to address cybersecurity.
“Payments had been relatively static with innovation around cash, checks and credit cards. Then, there was sudden exponential growth in innovation. In the last four years, we’ve had the adoption of bitcoin, Samsung and Apple Pay and the explosion of FinTech,” said Jenkins.
Payments security is no longer the passenger but the driver of a great experience for the bank, the payments enabler and the consumer.
The Pace Of Business Transformation
It’s not exactly a newsflash, Jenkins said, that the rate of innovation in payments over the last four years has been fast-paced, transformative and disruptive. Netflix — not TV and Uber, not taxis — are now the fabric of our lives and, according to Jenkins, are exhibits one and two of how financial services could be next.
Of course, it’s not just the FinTech industry and tech-savvy millennials who are fueling digital change. “The rapid adoption of contactless payments in Europe is accredited in part to the over-60s, who like the fact that they can pay without having to put on their reading glasses,” said Jenkins.
Jenkins also referenced the mind shift — not just the technology shift — that is accelerating the pace of innovation. Citing the 2014 North America Consumer Digital Banking Survey by Accenture, amazingly, 50 percent of people would use banking services from a Square app if they were offered one, and 41 percent would use banking services from PayPal. Telcos and retailers weren’t far down the list.
This leaves banks and payments schemes vulnerable. Bank branches are at their lowest numbers in a decade, around 93,000, according to Jenkins. And there’s a huge land grab for mobile wallet space, so banks are trying to achieve a seamless customer experience. Issuers want their card to be the one that is loaded into the digital wallet and stays there — for a long time.
Amidst a sea of increasingly sophisticated competition and threats.
Jenkins also emphasized the notion that with new opportunities and new players come new and increasingly sophisticated threats.
Citing the PYMNTS Global Fraud Attack Index, Jenkins explained that there were 27 fraud attacks for every 1,000 transactions in Q4 2015, an increase of 215 percent over 12 months.
According to Jenkins: “Fraud used to be largely brick-and-mortar-based fraud, but it has now morphed into organized crime and gone cyber — something that is almost impossible to fight without Big Data analytics and supercomputers for tracking.”
CA Technologies’ Roadmap
For CA Technologies, the move to digital requires aligning the financial institution’s objectives, which differ for credit unions, processors of high-net worth individuals and processors, with “Agile” technology.
For banks, the challenges in becoming omnichannel are overwhelming; disruption, security concerns, getting apps out in time, operational issues, maintaining existing infrastructure and regulation and compliance concerns leave few resources available to invest in a move to digital.
Application programming interfaces (APIs) are the crucial element, according to Jenkins. Using APIs, a bank can transition from a traditional model to a mobile service model to an omnichannel model, which features loyalty partner APIs and wealth management APIs.
Jenkins described four best practices for how FIs can minimize the speedbumps on their journey to digital transformation.
It’s all about the “I” — the API: The first is to embrace APIs. This is what connects a bank’s services with third parties. APIs can optimize the customer experience by being live and secure.
It’s all about the data: Second is to use Big Data analytics to get an omnichannel perspective. APIs pull together and collect data, but algorithms can obtain intelligent data for new services. The more a financial institution knows about its customer, the better it can target loyalty programs, and customers expect this type of technology and service.
It’s about outcomes: Third is “Agile” software development. A scalable focus should not be an output but one of the outcomes that affects the customer — for example, factors such as time to value, churn abandonment, conversions and customer satisfaction rate.
Jenkins used the example of PayPal, which had 85 bottlenecks fragmenting the customer experience.
“After the introduction of ‘Agile,’ they transformed the delivery of these services. In the 18 months prior to implementing Agile, they rolled out three products, and in the six months after rolling out Agile, they rolled out 58 new products and features,” said Jenkins.
It’s about collaboration: Fourth is uniting development operations, “Dev Ops” as CA Technologies calls it, which is the alignment of development and operations with CEO strategy.
“If you are looking to launch an app and build speed, if you have those two things [development and operations] working together, and there is an adequate level of testing, using Dev Ops, an app can be brought to market much quicker. We’ve had examples where, before using Dev Ops, projects have taken over a year to launch. With Dev Ops, it can be completed in a matter of weeks,” said Jenkins.
Security As A Business Enabler
Jenkins explained that some projects don’t ever see the light of day given the perceptions that the security challenges are too great and the lift on the part of the bank or the payments enabler is too high a hurdle to clear. That means that, if there’s a tradeoff between the customer experience and security, customer experience falls to a level that is unacceptable, and the project dies.
But Big Data, Jenkins said, is transforming how security is viewed. Security activity is happening at the back end and is invisible to the cardholder or the customer. For example, Jenkins described an organization that wanted to launch a new service online that would involve its customers applying for a loan using using its portal, but the portal was deemed insecure. It would have involved using 100 percent authentication, and that authentication method was weak. Ultimately, the organization was unable to launch a loan app through the portal with that level of security. When it considered increasing the level of security to strong authentication for every transaction, it was deemed too cumbersome, and the project stalled.
So, an alternative mechanism that Jenkins described is to replace a cumbersome strong authentication method with a risk-based approach, using Big Data analytics, that is convenient and secure enough to meet the requirements of the business to move forward.
According to Jenkins, if the IT team can say, “We can do that without affecting the customer,” the product can get to market because security isn’t a stumbling block but an enabler to a new way of doing business.
“Security has been seen as almost a brake pedal, but it needs to be the oil in the engine. It can no longer be a bolt-on; it must be aligned with everything else.”
James Jenkins, Director at CA Technologies, is an authority on the areas of the intersection of SaaS, payments and cybersecurity. While leading CA’s Northern Europe Payment Security division, he pioneered a range of innovative solutions in authentication and fraud detection for issuers. Now located in the U.S., James manages the global TSYS partnership, supports the implementation of eCommerce payment security solutions and assists customers with the eCommerce implications of EMV.