Home / The SIBOS Blog / Mobile and cybersecurity: what’s the latest (#SIBOS 8)

Mobile and cybersecurity: what’s the latest (#SIBOS 8)

What an afternoon. It’s all been a bit of a whirlwind and started with an indepth review of cybersecurity practices in banking with:

  • Sankar Aiyar, CTO of CLS;
  • Rich Bolstridge, Chief Strategist for Financial Services with Akamai; and
  • Nigel Hayward, CTO for International Treasury Services with JPMorgan

and chaired by Greg MacSweeney, Editorial Director with Wall Street & Technology.

It wasn’t the most stimulating affair, although the audience votes were interesting.

First, Greg asked: what type of security event concerns you the most? and the audience voted:

  • 30% from internal threats from rogue employees
  • 10% from phishing attacks and data breaches 
  • 7% from organised criminals
  • 5% from DDoS (Distributed Denial of Service) attacks
  • 5% from Hactivism;

and 43%  from all of the above.

Asked whether their budgets would go up next year, almost 60% said they would increase, with the majority saying it would be by more than 10%, although some 3% said their budgets will go down.

This led to some dialogue between the panel about how data is golden, so make sure you know it and tag it and look after it properly.  The guys thought that we could probably learn from the music industry with Digital Rights Management in this area and that real-time data analysis is the hygiene level for a secure defence. 

There wasn’t a great deal more in this area, so I left and wandered the exhibition floor.

The buzz here was around Baoshong Bank’s Mongolian singing (don’t ask) and the gifts that could be garnered if you walked up to the right booths (more on that later this week).

Then another session came up about innovations in mobile, so I had to attend.

This one was a panel with:

  • Ineke Bussemaker, EVP for Payment Services with Rabobank International;
  • Gautam Jain, Global Head of Client Access with Standard Chartered; and
  • Mike Kennedy, EVP for Innovation and Payments with Wells Fargo;

Debating the state of play, ably facilitated by Paul Taylor, US Editor for Technology and Telecoms with the Financial Times.

Rabo talked about how they are rolling out a mobile contactless pilot using NFC over the next three months, and this will lead to a more comprehensive commitment next year probably.  They are also providing mobile wallets and P2P payments. 

Standard Chartered are using mobile as a channel for payments as almost a billion people in Asia don’t have bank accounts, but they do have mobile phones.  Having said that, they felt that wallets are far more interesting.

Wells Fargo noted that there are more things you can deliver for the consumer experience using phone capabilities, such as the camera and GPS location, that you cannot do online.  By way of example, Wells did over four billion dollars in wire transfers last year alone on mobile.

That led to some more audience votes, including two questions that gave surprising results.

The first was How high is the adoption rate of mobile banking in your country? and the audience showed that it’s pretty high in many countries:

0-20% 23%

20-40% 29%

40-60% 21%

60-80% 15%

80-100% 12%

This was followed by asking: How high is the adoption rate of mobile payments in your country? 

0-20% 45%

20-40% 28%

40-60% 14%

60-80% 10%

80-100% 4%

Gautam from Standard Chartered was particularly surprised by this as 43 percent of Kenya’s GDP now goes through mobile money.  What this shows is that where there is a need, the demand is there and it will take off.  Where there are more developed markets, where there were many ways to send payments already, this would not be so much in demand maybe.

In the USA, Wells Fargo are seeing 30 percent year-on-year growth, and three banks now have over ten million mobile customers each (wells, JPM and BoA).  There has not been so much use of mobile payments though, which corroborates the need factor.  Maybe this is because the magnetic stripe is not broken in the USA and that’s still an easy payment, so the phone as a payment mechanism is not so vital.  This is changing as apps with order ahead, digital receipts, coupons linked in and speed of checkout, gives an ease of use above and beyond that of card so we will see that change over time.

You also have to remember that payments is a two-sided market.  If there are benefits for merchant, there has to be equal benefits for the consumer and vice versa.  That’s something that also needs to be cracked.

There’s also been a big difference in the USA and Europe and Asia, as mass transit has been a key promoter of the use of mobile contactless in Europe and Asia, but that does not work so well in America.

In Europe, there is the SEPA and PSD projects, which are now also looking at mobile payments too.  The aim being to create a mobile payment mechanism that is pan-European, but the agreement on the mechanism and standards for that to happen are not there yet.  In the meantime, if you have an NFC-enabled card, you could probably use that acorss Euroep as the chip is the same in all uses.

Another key is the handsets and dominant providers, which are changing fast.

In 2010 android had 15 percent market share, by 2013 it’s 51 percent, so you must not get too hung up on the devices and operating systems for this technology.

Equally, there is a debate about whether to use QR codes versus NFC chips.  QR codes tend to be OTP, whilst NFC carries the card information with the transaction.  The upside is that QR codes make it easy but you have to reach out and exchange tokens, whilst the NFC approach doesn’t need that but it does need the chip in the phone and an upgrade to the merchant terminals.  Wells are seeing what consumers prefer and trying out both methods.

Most Android makers support NFC but Apple does not, so that’s also an issue.  There’s also the consortium of Isis in the USA, a joint venture between AT&T, Verizon and T-Mobile.  Isis is putting NFC into their phones, but it can only be used with the Isis app.  That means that you might be using a Google phone with NFC but, if it’s from AT&T, you cannot use the Google apps but must switch to the Isis app.

The issue with NFC is that it’s an evolution of payments and, because it has a hardware attribute it is difficult to maintain.  So it’s not likely to rule because of the hardware step.  Meanwhile, apps on smartphones can change much faster and much more easily, in overnight updates on a regular basis, so QR is likely to win out long-term.

Finally, security is an arms race.  You create the next big thing for security and something rapidly takes over.  We are all interested now in using the iPhone with fingerprint security and that’s our next step, but there are two important things to remember: you need to use the same infrastructure behind mobile for security as you do for other services, to avoid reinventing everything; and people are much more conscious of where there telephone is.  Compared to their wallet, they are far more likely to know if they’ve lost something on their telephone.

So we’ve had to explain to customers that mobile is as secure as card or other payment forms, as we would not have rolled this out otherwise, but customers are suspicious.   There’s this balance between ease-of-use and security.  If you make it 100 percent easy to use, the security is flawed; but if you make it 100 percent secure, it becomes very hard to use.

The session finished with another audience vote, with the question: By when will mobile payments be bigger than cash and card payments for retail0?

3% Now

9% 2015

53% 2020

35% Later than 2020

A long way away?

Anyways, with that over I went to the Standards Forum’s tenth birthday party, where Gottfried and I lamented the lack of internet access together …


… and now off to party!

Tell you more tomorrow.

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

Gottfried Leibbrandt

The Finanser Interviews: Gottfried Leibbrandt, Chief Executive Officer, SWIFT

This week the Finanser talks with Gottfried Leibbrandt, CEO of SWIFT about cryptocurrencies, bitcoin, Ripple and all …