Security, fraud, and risk Model Bank profiles: Alfa Bank and USAA

Security, fraud, and risk Model Bank profiles: Alfa Bank and USAA

Banks have worked hard to manage the different risks across their institutions. It has been and will remain costly, time consuming and a top priority. Celent profiles two award-winning banks who have modelled excellence in their use of risk management technologies across their banks.

They demonstrated:

  1. Degree of innovation
  2. Degree of difficulty
  3. Measurable, quantitative business results achieved
(Left to right, Martin Pilecky, CIO Alfa-Bank; Gary McAlum, SVP Enterprise Security Group USAA; Joan McGowan, Senior Analyst Celent)

(Left to right, Martin Pilecky, CIO Alfa-Bank; Gary McAlum, SVP Enterprise Security Group USAA; Joan McGowan, Senior Analyst Celent)

ALFA-BANK: SETS THE STANDARDS FOR BASEL COMPLIANCE IN RUSSIA

Alfa-Bank built a centralized and robust credit risk platform to implement Basel II and III standards, simultaneously, under very tight local regulatory deadlines. The bank decided to centralize all corporate credit-risk information onto a single platform that connected to front office systems and processes. Using Misys FusionRisk, Alfa-Bank was able to implement a central default system with a risk rating and risk-weighted asset calculations engine. The initiative is seen as one of the most important initiatives in the bank’s history. The successful completion of the project has placed Alfa-Bank at the forefront for setting standards and best practice methodologies for capital management regulations for the Russian banking industry and Central Bank.

USAA: SECURITY SELFIE, NATIVE FINGERPRINT, AND VOICE SIGNATURE

The game-changer for USAA is to deliver flawless, contextual customer application services that are secured through less intrusive authentication options. The use of biometrics (fingerprint, facial and vocal) to access its mobile banking application positions USAA to be able to compete with Fintechs across the digital banking ecosystem and offer exceptional service to its military and family members.

USAA worked with Daon Inc. to provide biometric solutions paired with its “Quick Logon” dynamic security token technology, which is embedded in the USAA Mobile App for trusted mobile devices. Biometric and token validation focus on who the user is and who the verifiers are and it addresses increasing concerns around the high level of compromise of static user names, passwords, and predictable security questions from sophisticated phishing attacks, external data breaches, and off-the-shelf credential-stealing malware.

For more information on these initiatives, please see the case study abstract on our website.     

The banking railroad of innovation: Follow the river

The banking railroad of innovation: Follow the river

I'm a big fan of the old movie classics. The TMC channel was a loyal companion during my graduate school days at the University of Illinois, offering a comforting black and white backdrop to frequent all-day programming sessions, and today I frequently call on TMC to get me through my daily hour-long treadmill sessions.

This weekend TMC offered up Jimmy Stewart as railroad detective Grant McLaine in 1957's Night Passage. A classic Western, McLaine was fired in disgrace over a railroad robbery carried out by his estranged brother, only to be offered a second chance to prove his loyalty to the railroad by being the courier for a large cash payroll being sent to the workers at the rail head.

Night Passage Poster

Grant's companion during the critical train ride to the rail head was young Joey.  Riding with Grant on a flatbed car as the train twisted and turned through the Rocky Mountains, Joey asked Grant how the railroad builders knew the best route through the harsh terrain.  This question gives Jimmy Stewart the rare opportunity to showcase his singing and accordion-playing skills as he responds by singing a song called "Follow The River".  The song ends with the chorus:

"Follow the river,
Wherever you may be,
Follow the river back to me."

Just as the railroad builders used the river to guide the design and layout of the early railroads, bankers have used technology to guide how banking services are designed and built.  In an interesting bit of historical irony, the first use of machine-based bank processing was being rolled out by the Bank of America just as Night Passage was hitting the movie theaters.

The system was called ERMA (Electronic Recording Method of Accounting), a machine-driven approach to electronically reading checks and processing the bank's accounts.  ERMA was co-developed by Bank of America and the Stanford Research Institute, launched in 1958, and was able to process 50,000 accounts per day.  While ERMA's initial capacity was small by today's standards, in those days, it represented an outlandish number in comparison with 10,000 accounts per month that BOA estimated it could process using existing paper-based manual methods.

ERMA ushered in the era of Big Iron in banking (a term also used to describe railroad locomotives), as improvements in the speed and capacity of what we today call the mainframe computer facilitated the rapid growth of the large banks during the 1960s and 70s.  Mainframe computers running programs powered by Rear Admiral Grace Hopper's newly developed Common Business Oriented Language (COBOL) became the river that banks followed when planning and building new banking systems like Electronic Payments (EFT), Electronic Tellers (ATM), and others to meet emerging customer demands.

Mainframe computers are interesting from operational processing perspective in that data (specifically customer accounts and daily transaction data) takes a while to load, but once loaded accounts can be processed at a lightning-fast rate.  While ERMA could process only 50,000 accounts in a day, modern mainframes can process millions of accounts in a matter of a few hours.  COBOL itself as a programming language was scorned nearly from Day One by the computer science cognoscenti as a crude and unstructured way to build an enterprise system. 

In 1975, a respected Dutch computer scientist named Edsger Dijkstra made the famous comment that: "With respect to COBOL you can really do only one of two things: fight the disease or pretend that it does not exist, " before concluding, "the use of COBOL cripples the mind; its teaching should therefore be regarded as a criminal offense."  Despite the withering criticism from academia, mainframe vendors and banks moved forward on the basis that the systems simply workedThroughput is the key to understanding how high-volume banking systems and today's railroad system works. 

A case in point is the Canadian National railroad's purchase in 2007 of the Elgin, Joliet & Eastern Line (EJE) to facilitate its rail connection of parts east and west through Chicago.  While the distrance from Gary, Indiana to Waukegan, Illinois is only 70 miles by car, CN now connects these points using EJE's 198 miles of track.  This makes no apparent sense until you consider that CN is now able to route cross-country trains around the busy hub of Chicago, where previously CN endured a variety of operational restrictions and traffic jams arising from the many at-grade crossings through the congested urban core.  To CN, routing traffic around Chicago rather than through Chicago resulted in more throughput and fewer train delays, more than compensating for the additional mileage.

And so it has gone for the banking processing. The use of oft-criticized COBOL and the unique operating characteristics of mainframe computers was tolerated as there were no other alternatives for banks requiring reliable processing at very high scale. That is, until recently.

Just as the river in Night Passage twisted and turned through the Rockies, the path of technological progress has twisted in an unexpected way to many bankers, as cloud services are now challenging the hegemony of mainframe-based banking systems. While a top of the line mainframe computer can be purchased with more than a 100 lightning fast processors, a bank can "rent" thousands, even tens of thousands, processors for 10 minutes, 10 days, or 10 years. Using software that is tuned to manage the distributed processing of bank accounts across thousands of virtual machines, banks can now meet and exceed the enormous throughput of their mainframe computers at a fraction of the cost.

The king of mainframe computing, IBM, clearly understands and has responded to the changing role of the mainframe in banking.  During the 50th Anniversary celebration of the mainframe in 2014, IBM rolled out its new vision of the mainframe as an uber-sized cloud server, allowing for the hosting of several thousand virtual machines at one time.  Last summer, IBM upped the ante with the annoucement of IBM LinuxONE Emperor, a z13-based server allowing for up to 8,000 virtual machines to be hosted on a single machine.

While banks have experimented with cloud services to varying degrees, most of the innovation has taken place at the channel services level, with new online and (particularly) mobile banking applications getting a technology refresh through the unique benefits of cloud services.  While each bank will need to build its own business case for the gradual porting of COBOL-based account processing systems to modern programming languges that are "cloud-ready", it is clear that cloud-based account processing will allow the level of agility in product development that is increasingly called for as channel and payment systems continue to evolve.

Cloud-backed innovation in back office systems has been slow to develop, with many banks citing security and the fear of regulatory issues as inhibitors to adoption.  As the recent two-part Celent report Banking in the Cloud:  Between Rogues and Regulators establishes, regulators in fact do not have any objections to banks hosting their banking services in the cloud, provided that banks follow the same standard of care (including encryption, access controls, data masking, etc.) that they manage for in their own data center.

In time, I expect that the banking railroad will continue to follow the river of innovation that is now leading us directly into the age of cloud services. The proven yet inflexible COBOL-based systems that have served the industry reliably for 50 years will be replaced with agile and cloud ready account processing platforms that will over time both reduce costs and the drive service quality improvements that banks will need to compete and survive in the increasingly competitive world of financial services.

Digital banking is ready to take off in Latin America

Digital banking is ready to take off in Latin America

Digital is the new reality in Latin America. In a recent Celent survey 100% of the participants recognized that a scenario where all financial products get digitized needs to be addressed sometime in the next 7 years and 59% of them believe it needs to be addressed immediately. There is also a general consensus that most banks are entering into Digital late, despite some are already moving in that direction. Threat of fintechs is also a reality. Over 80 fintechs in Brazil and 60 in Colombia are a good sense that the industry is already being challenged beyond incumbents.

In other geographies Banks have responded to this threat by becoming extremely digital and also neo-banks have been launched to attract those customers seeking for a more friendly and digital relationship with its financial institution. Atom Bank in the UK, Fidor Bank in Germany, and mBank in Poland are only a few to mention. In Latin America the major milestones in Digital development we had seen were Nubank (Brazil – Market Cap $500M) and Bankaool (Mexico – ~$142M in assets), until March of 2016 when Banco Original (~$1,67Bn in assets) launched in Brazil.

While Nubank is focused entirely in offering a credit card with a customer friendly personalized real-time view of expenses and modern contact channels (email, call or chat), Bankaool is mainly focused in a checking account with a debit card, SME loans and investment vehicles.

Banco Original is the 3rd step in this digital only bank strategy in the region, becoming the 1st universal digital only bank in Latin America.  As part of its strategy to position the bank as different and innovative they launched this advertising campaign featuring Usain Bolt. As part of a strategic definition in 2013 the bank started a ~$152M investment over the period of 3 years to become a digital bank. They launched in March of this year . The bank has no branches and the interaction is 100% through digital channels and a call center. This move was central to its strategy of becoming a universal bank moving away of being solely focused in agribusiness.

While most of neo-banks and fintechs looking to change the customer experience in financial services have adopted in-house development to support their digital strategy, this is not the case of Banco Original which relied in a 3rd party Open API solution. Commercially available solutions that can support a digital only bank means that as an industry we are ready to take off. There is no reason now why other banks should not follow, and software vendors will do their part pushing their offering into banks of all sizes.

I believe that we are in a tipping point were banks in Latin America will need to re-think their investments and strategies towards digital: the threat is now real.

Two upcoming reports will be covering Digital and a couple of disruptive scenarios in the banking industry in Latin America, so expect to have more information soon if you are a Celent customer. If you would like to become a Celent customer please contact Fabio Sarrico (fsarrico@celent.com).

 

Top trends in corporate banking webinar

Top trends in corporate banking webinar

Please join me on Thursday, April 21st at noon EST for an overview of the 2016 edition of our Top Trends in Corporate Banking report, which was published in March.

2016-04-18_15-40-50

Corporate banks continue to place an enormous focus on investing in digital channels to meet the ever-increasing demands of clients for enhanced tools while boosting security and fraud prevention. Despite this investment, corporate banking has lagged in terms of adoption of innovative technologies. To improve that performance, corporate banking lines of business are undertaking a broad set of initiatives to overcome the inertia that has left clients behind in terms of innovation. Among the top trends, we will examine the opportunities in trade finance and customer onboarding for improving efficiency and enhancing client satisfaction.  Other top trends include fintech partnerships, distributed ledger technology and open APIs and adapting liquidity management strategies.  I look forward to having you join us on Thursday! 

Click here to register

 

 

 

Congratulations to Celent Model Bank 2016 Winners!

Congratulations to Celent Model Bank 2016 Winners!

Last week many of us at Celent were in New York attending our Innovation and Insight Day on April 13th. It is Celent's flagship event during which we announce Model Bank and Model Insurer winners and celebrate their achievements. In addition, the program includes keynote speeches from industry leaders and Celent analysts, plenty of opportunities to network with peers, and even to experience some of the latest technologies first hand, courtesy of our sponsors.

The theme of this year's event was "Financial Services Reborn", and the Museum of American Finance on Wall Street provided an inspiring setting to celebrate innovation in financial services. Craig Weber, Celent CEO, kicked off the proceedings drawing insightful parallels between the battle of Alamo and the future of financial services. It must have been the first time in Craig's career that he had to come up on stage to the soundtrack of hip hop music, an extract from the Broadway musical "Hamilton", but it set the tone for the rest of the day – to expect the unexpected and to be open to new ideas.

Both of our guest speakers – Nadeem Shaikh, Co-Founder and CEO of Anthemis Group, and Leanne Kemp, Founder and CEO of Everledger – thrilled the audience and opened everyone's eyes to the opportunities presented by Fintech and Blockchain respectively, while our colleague Will Trout spoke eloquently about consumer-led convergence. A big 'thank you' to all the speakers, as well as the sponsors supporting the event!

The rest of the day was all about celebrating the achievements of Model Bank and Model Insurance award winners. As many of this blog's readers know, the vision for Celent’s Model Bank research, now in its ninth year, is to spotlight effective uses of technology in banking. This year we received a record number of submissions – well over 100 – that came from all over the world; the nominations were spread equally between North America, EMEA and APAC. The award winners come from four continents and nine countries and range from credit unions and microfinance institutions to the world's largest banks.

Celent Model Bank 2016 winners are:

  Model Bank 2016 Categories

  Award Winners

  1. Digital Banking Transformation

  Citizens Bank, US

  DenizBank, Turkey

  Garanti Bank, Turkey

  Santander, US

  2. Omnichannel Banking

  BECU, US

  Beyond Bank, Australia

  Standard Chartered Bank, Korea

  3. Digital Payments and Cards

  Bank of America Merrill Lynch, US

  RBC, Canada

  4. Corporate Payments and Infrastructure Modernization

  Bank of China, China

  CBW Bank, US

  5. Cash Management and Trade Finance

  CIBC, Canada

  HBL (Habib Bank), Pakistan

  6. Security, Fraud, and Risk Management

  Alfa-Bank, Russia

  USAA, US

  7. Legacy Transformation

  Sberbank, Russia

  Umpqua Bank, US

  Vietnam Bank For Social Policies, Vietnam

  Model Bank of the Year

  Eastern Bank, US

As always, we published a series of reports with detailed case studies of all winning initiatives. Celent research subscription clients can access the Model Bank of the Year and individual category reports via our website.

This year we also introduced a new award, Model Bank Vendor. We wanted to acknowledge the vendor role in helping multiple clients achieve technology or implementation excellence, one of our judging criteria, and to extend our appreciation to the entire vendor community, which is instrumental in the ongoing success of the Model Bank program. Celent recognized two companies as Model Bank Vendors for 2016:

  • EdgeVerve Systems
  • Nucleus Software

Congratulations to all our award winners! We are grateful to have been exposed to so many extraordinary initiatives and the talented individuals responsible for their success. We look forward to continuing with the Model Bank program next year to identify and award the most impressive banking technology initiatives from around the world, and will begin accepting nominations again in September – stay tuned!

 

The iPhone, the FBI, and the lessons for bankers

The iPhone, the FBI, and the lessons for bankers

With today’s news comes the interesting development that the FBI has apparently used a “tool” acquired from an unnamed third-party white hat security firm to gain access to the locked iPhone of one of the San Bernardino shooters without requiring Apple’s cooperation.  This issue had been the subject of a recent tug-of-war between Tim Cook and the US Department of Justice.

While FBI Director James Comey has been mum on the details, some in the IT security community have speculated that the new tool employs a so-called “brute force attack” on the iPhone by sequentially guessing the device’s passcode until the device unlocks itself.  While the lock-out feature is user-configurable, an iPhone running the current version of iOS will normally give the user 10 chances to input  the passcode correctly before permanently locking the user out while deleting all user data from the device.

Cloud services to the rescue.  The speculation is that the newly acquired FBI tool was able to get around this measure by simply cloning the software from the perpetrator’s iPhone — including the operating system and all of the user data files — hundreds or thousands of times and performing what is effectively a “distributed brute force attack” by repeatedly guessing passcodes from a master checklist across the clones in parallel.  When an individual clone became locked, that clone is discarded and the tool continues the guessing game with other clones on a reduced list of candidate passcodes until one of the guesses finally works.

The likely reason why the FBI has apparently succeeded is the fact that the perpetrator’s passcode was static, meaning it didn’t change during the course of the many times that the FBI tried one guess after another.  (In this context, it was important that the perpetrator was caught, as otherwise  he would have changed his passcode and/or wiped the data remotely, a capability that Apple provides to all iPhone users.)

What does this have to do with banking security?  As demonstrated by the success of the FBI’s  new white hat tool in breaking Apple’s device security, the simple reality of data protection is that no encryption technique is foolproof, particularly from the threat of a brute force attack.

Given the power of the cloud to solve a large computational problem like guessing an large encryption key using a cloud-based “divide and conquer” approach, bankers need to pay attention to the need to employ strong encryption keys while rotating their keys on a regular basis.

The definition of “regular basis” will depend on the sensitivity of the data to be protected, but one thing is for sure:  the bank that creates an enterprise encryption key once and thinks the bank is protected forever is dangerously vulnerable to a future cyber attack based on a distributed brute force technique such as the one that was quite possibly used by the  FBI’s white-hat vendor.

Given the importance of encryption to maintaining a safe and FFIEC-compliant environment for the safekeeping of NPI, and especially in light of the emergence of  services like Blockchain that are dependent on encryption for success, banks ought to be paying close attention.

There are *exactly* 608 US firms offering banking fingerprint authentication

There are *exactly* 608 US firms offering banking fingerprint authentication
Biometrics are hot. Fingerprint authentication (Apple’s version is Touch ID) is one of the most common forms of biometric verification. So, quick – how many American banks let customers log on to their accounts using this method? Based on the press, you might optimistically think a few thousand, right? And, in fact, ApplePay just activated its 1000th bank (adoption is another story, and the subject of another post). Well, as of January 31, the actual number (not an estimate, not an extrapolation, and not a piece of data from Apple) was 608. That’s 9.52% of the 6,388 FIs offering a mobile banking application. How does that compare to three months ago, at the end of October 2015? At that point just 252 FIs were offering it. That’s an increase of 241% in a quarter, certainly a sign of robust growth. Some of the increase comes from clients implementing from their hosted solution provider. Others (generally bigger banks) are developing it in-house. And yet, it’s not as popular with the large banks as one might think (of the 21 with more than $100bn in assets, only 8 offer fingerprint authentication; 3 of the top 4 have it). Bucketed Adoption Does fingerprint authentication pay off? By one measure, something we call “feature lift,” it does indeed make a difference for customers. Banks whose customers have installed fingerprint authentication have an uplift of 53% in enrolled customers per deposit account relative to banks who don’t offer it. While this is correlation, not causality, it shows that the banks who offer this feature have more customers enrolled in mobile banking than those who don’t. We’re looking forward to analyzing many more mobile banking features to see which ones offer the biggest impact on customer enrollment. Uplift How did we access this information? I’m very excited to say that Celent is collaborating with FI Navigator to analyze the mobile banking market in an unprecedented depth of detail. FI Navigator has assembled a database of every US bank and credit union offering retail mobile banking, together with the vendors who host them. We’re feverishly analyzing this trove of data to bring you a report at the end of April. It’s different from, and additive to, work made available to our existing clients; you can find the particulars here. To let you in on how the sausage is made, we originally tried to find out how many banks offered fingerprint ID by doing a standard search (which turned up press releases and the like) and by contacting a few vendors. We were able to arrive at roughly 250 banks in total, including several dozen from one vendor (from whom it was difficult to get precise answers in terms of commitments, scheduled go-lives, and actual implementations). It turns out that we undercounted by more than half. The beauty of the FI Navigator data is that it’s derived from a variety of sources – on a monthly basis – that let us deduce and infer a huge amount of actual information about the entire US retail mobile banking population, not just a subset. By integrating unstructured website data and conventional financial institution data, FI Navigator expands the depth of peer analytics and the breadth of market research to create vertical analytics on financial institutions and their technology providers. So, in addition to my excitement at this new and powerful data source, I have three takeaways about fingerprint authentication:
  1. The gap between hype and reality for fingerprint authentication is big, but shrinking;
  2. Banks don’t have to be large to do this; and
  3. More banks should be offering fingerprint authentication.
Why is your bank or credit union not offering your customers the chance to authenticate with their fingerprint?

The UK open banking API framework – more questions than answers?

The UK open banking API framework – more questions than answers?

This week the Open Banking Working Group (OBWG) published its framework for the UK Open Banking Standard. The framework seeks to create:
• An open API for data that is shared, including, but not limited to, customer data, and
• An open data API for market information and relevant open data

Secure, publicly accessible Web APIs have been around for more than ten years in the financial services sector. Many popular eCommerce platforms employ APIs to increase adoption by exposing various features of the underlying platform to third-party application developers. These include PayPal, Stripe, Authorize.Net and LevelUp. Payment APIs have grown by almost 2,000% since 2009, with Financial APIs growing at more than 470% during that time.

Banks embrace APIs to modernize and streamline back-office connectivity, especially for customer-facing digital channels. However, except for a smattering of bank API hackathons featuring mock customer account data and the well-publicized external APIs made available by digital bank Fidor, banks are reluctant to publish open, external APIs for customers or third-party to access financial data. Two major government initiatives are forcing their hands.

The account access provisions of PSD2 require Euro Area banks to open access to customer information where third-parties have the explicit consent of the customer. The UK HM Treasury Open Banking initiative strives to improve competition and consumer outcomes by giving customers the ability to share their transaction data with third party providers (3PPs) using an open API standard for UK treasury.

The UK government established the Open Banking Working Group in August 2015, giving it the remit to design a detailed framework for the development of an open API standard in the UK. The detailed framework was published this week after review by the HM Treasury.

Open Banking Framework

Sifting through the 128-page report, several key issues remain to be addressed:

Governance: The report recommends the creation of an independent authority to oversee the development and deployment of the Open Banking Standard. As co-chair of the OBWG, is the Open Data Institute vying to become that independent authority? IMHO, the banking industry doesn’t need yet another standards body. Why not engage the expertise of an existing organization like the International Organization for Standardization (ISO), the governance body of the popular ISO 20022 standard, to ensure an internationally agreed upon approach with the involvement of a diverse group of stakeholders?

Data Standard: The report recommends that existing standards, datasets and structures be reused where possible but also mentions further investigation as to whether the Open Banking Standard will need a separate reference data model. I hope that the OBWG examines the widespread adoption of the ISO 20022 financial industry message scheme and its contribution to standardizing and simplifying financial data exchange worldwide.

Data Protection: The report states that banking customers (individuals and businesses) need to understand their responsibility for informed customer consent and ensuring their data is protected. This is problematic in light of continued social engineering banking losses, an emerging global fraud threat. The report acknowledges that it is likely that cyber-criminals will specifically focus on the open API as a new attack vector. Consumer education needs to be the responsibility of the Open Banking ecosystem: Banks, 3PPs, government agencies, and consumer watchdog groups.

Developer Resources: The recommendation that a central developer hub be created to support developers is a seemingly practical idea. However, there are a number of leading API platform providers and no universally accepted RESTful API design methodology, which will lead to a scramble by the proponents of RAML, SWAGGER and Apiary.io to be the provider (and language) of choice for creation of common open APIs and developer sandbox.

Implementation Schedule: The report outlines a multi-year release schedule with the first release to be completed within 12 months of the report’s publication—February 2017. This seems to be very aggressive considering that detailed design specifications are not yet complete, nor has an independent authority been selected to oversee development of the standard.

Monetization: Respondents to the February 2015 Call for Consultation estimated the cost of developing an open API standard would range from “negligible to tens of millions of pounds.” At first glance the Open Banking initiative seems to provide all of the benefit to fintech firms with all of the cost shouldered by UK financial institutions. Celent anticipates acceleration of bank/fintech partnerships aimed at creating differentiated value propositions.

Interoperability: Banks and solution providers are closely watching the intersection of the UK Open Banking initiative and the account access provisions of PSD2. There is significant overlap between the two initiatives and industry participants hope that they will be joined up, but for now the HM Treasury is actively seeking to take the lead with its aggressive implementation schedule. Interoperability across geographies and sectors fosters sustained innovation and broader participation by third parties, contributing to the UK Treasury’s goal of improving competition and consumer outcomes.

The recommendations for implementing the Open Banking Standard will be carried out by the Open Banking Implementation Entity. Celent analysts are watching developments closely and assessing their impact across our coverage areas. We welcome your feedback—what are your thoughts about opening up customer banking data to third-party providers?

Cardless ATMs and disappointing mobile wallet adoption

Cardless ATMs and disappointing mobile wallet adoption
While I’m an outspoken advocate of financial services technology, I have been a bit of a curmudgeon when it comes to mobile wallets. My skeptical attitude reached an apex when I dropped my smartphone in a glass of merlot several years ago and hasn’t recovered. Had my smartphone been my mobile wallet, embarrassment would have been the least of my problems. Said simply, I just don’t see a compelling use-case for most consumers. Until they arise, I expect industry press to continue to publish stories of lackluster adoption. There have been many. One in particular caught my eye. A recent article in Digital Transactions makes my point in its opening statement, “The introduction of cardless ATMs, which rely on a financial institution’s mobile wallet instead of a debit card to make an ATM withdrawal, could help further the adoption of mobile wallets and mobile payments.” Said another way, if the industry offers consumers enough reasons to configure and use a mobile wallet, adoption may eventually result. This doesn’t sound remotely compelling to me. I can hear the rebuttals now. In defense of Bank of America, BMO Harris, Chase, Peoples Bank and other institutions that have invested in cardless ATM access, physical debit card usage at the ATM could pose an annoyance to mobile wallet adopters, few that they are. With ATM usage roughly twice the customer penetration of mobile banking (below), the last thing banks need is a reason for customers to be dissatisfied with their ATM experience. In my opinion, that’s a more compelling rational for investment than some vein attempt to bolster mobile wallet adoption.

US P12M Channel Usage 2014Source: Consumers and Mobile Financial Services 2015, U.S. Federal Reserve, March 2015

In the article, one banker summed up the challenge associated with mobile cash access this way: “We found the biggest struggle is explaining what it is and the benefit it offers.” If the biggest struggle is communicating a compelling value proposition, then maybe the value proposition isn’t compelling. I don’t think it is – at least not yet. Please don’t misunderstand, I think cardless cash ATM access is a reasonable initiative, but not for the reason stated in the article. I applaud efforts to better integrate retail delivery channels, and ATM cash access is a baby step in that direction. Combine cardless ATM access with other capabilities such as broader P2P payment mechanisms, geo-location and a merchant-funded rewards program, and mobile wallets begin to look compelling. Until then, banks have a bevy of higher priority initiatives to deliver in my opinion. But, even if my bank enabled cardless cash access, I still wouldn’t abandon my physical wallet. In the event of another tragic merlot mishap, traditional ATM cash access might be a real life-saver.

The paradox of digital payments

The paradox of digital payments
At Celent we run a couple of Banking research panels – one on Branch transformation and another on Digital – where any US-based bank or credit union can participate in surveys we administer on a regular basis. Last week we published the report with findings of our survey we conducted in November 2015 on Digital Payments. 42 institutions participated and answered our questions on:
  • How important are digital payments in the context of other priorities?
  • What has been the industry’s experience with digital payments?
  • Where is the industry in its EMV migration journey?
The survey results highlighted the paradox of digital payments:
  • Nearly everyone thinks that digital payments are important, but only 13% view it as strategic priority, aim to lead and invest accordingly. 63% aim to be fast followers and another 23% only invest to stay on par with peers.
  • 71% of participants agree that financial institutions (FIs) should offer branded digital payments (e.g. own digital wallet), but they are more likely to participate in third party wallets, such as Apple Pay, Android Pay and others, than to invest into their own HCE wallets – 46% have no plans for HCE.
So, what should the FIs do in digital payments? Accept that “payments are disappearing” and focus on ensuring that their payment credentials are available for customers to use wherever they want them or fight back with their own branded wallets? Does it have to be an “either/ or” choice? Can they/ should they do both? What are your thoughts? P.S. Our panels are open to any FI in the US – Celent clients and non-clients – and we share the results report with all respondents. If you’re a banker and would like to participate in future Digital Panels, please contact info@celent.com.