Looks like destiny is telling me I have to write now my next post.
First BA trip to SMEfinanceforum in Perth, late flight from Brussels, lost connection in London, few hours in the lounge (and in the plane).
This post is about bank devices, identity and security.
Back from my SWIFT time, when I still had a “in the box” job, I was dealing with the mythical “SWIFT for Corporates” solution. In a nutshell, the treasury department of a corporation has often dozens (if not hundreds) of bank accounts in several banks, and the poor treasurer (talking of 10 years ago) had a number of bank devices/proprietary connection (HSBCnet, CITIDirect, etc.) to validate their payments (and more often than not to retrieve the bank statements).
SWIFT came up with the idea of mutualising the connection to the system using a bank-like interface, connecting the corporations to the SWIFT network, allowing to reach out to every bank connected to SWIFT, subscribing and implementing the service. In this way, the channel became a commodity, and each bank had to differentiate itself with the service (needless to say this made much easier to switch between one bank to another, reason why banks were a bit resistant at the beginning).
Now, thousands of corporations later, this looks like a no brainer.
In the retail space, we saw the rise of the Mint and Yodlee of this planet.
You can consolidate in one app your different bank accounts and also do some fancy analytics about how much you spend at Starbucks across all your accounts last month, if you remotely care (one day I will do some cynicism around these “spending apps”).
It does not work well in Europe though.
Many banks have these fancies little devices not only to validate your payments, but also to simply access your online banking services. It’s the case for bnpparibasfortis in Belgium for instance.
Now : can someone explain me why we are still at Stone Age in this matter ?
It s about digital identity. I get it.
But WHY is has to be considered a differentiation factor ?
None of this would be ideal, but already if…
1- I could use my phone to generate the unique code to access my account instead of these stupid devices (that by the way have batteries, so need to be replaced etc.). This for each bank, both for login and payments approval. Embedded in their banking app. Few Startups are in this space. Sequent is one of them
Still not ideal …
2- I could use my phone to generate the unique code for ALL my bank accounts.
It’s a generated unique code with a timestamp. It’s not rocket science. Could not at least banks in the same country agree about that?
Better, but what about multiple accounts in different countries?
3- If I could prove that I am who I am. Cause that’s the only thing that bank would need to approve a transaction in an account they know it’s mine, right ?
In the credit card AND E-commerce space, this need has been well understood, recently.
I saw few Startups (Wallabi, TrustPay, Cards Prepaid and others) that have been created with the purpose of consolidate, simplify and enrich the payment experience of the retail customer (a topic for another post, by the way).
Back in the past, few large banks partnered and created Identrust, but technology wasn’t there yet.
The intention was good though.
SWIFT tried (Innotribe, actually) with the Digital Asset Grid, to tackle some of these issues. Technically, DAG had a way broader scope than identity, but it took the problem from the right, open, portable, institutions-agnostic point.
Respect Network deals with the concept of “your private cloud”, where your data can be stored and access being given to applications, according to the principle that “data don’t move, only access to them does”. In other words, I am not giving my data to anyone, I am simply allowing others to access to them.
So my question remains. For how long do I need to carry stupid code-generating devices, in some case not even the same for a personal and a business account within the same bank ?
Probably few startups will react claiming they have solved the problem and I am sure that – technically – they have.
Point is, until few big fellows will agree on cross-operational adoption or some smart regulator with noble intentions won’t interfere, I’ll just need to buy bigger bags.
Putting an image concerning the same problem, but in the telco space…
A whole other issue here … And smaller items ;-)