AFP 2010 Roundup

AFP 2010 Roundup
Conference season has concluded. After several weeks on the road, I finally hit the last stop on the fall conference circuit – The AFP Annual Conference. This popular business banking conference took place last week in lovely San Antonio, Texas. The trend of increased attendance figures continues (see my BAI Retail Delivery post here), as the conference halls were loaded with attendees. The exhibit hall did seem a tad smaller than usual, although perhaps that was just due to the shape of the hall. In any case, after several days of good meetings with banks and software vendors, I noted the following themes:
  • Mobile solutions for corporates are becoming mainstream. My colleague Zil and I noted the start of this trend at the recent SIBOS conference in Amsterdam. There were a ton of announcements, and demos were being showcased in the exhibit hall. Announcements were made by PNC, Union Bank, and Citizens Financial Group to name a few. Bank of America Merrill Lynch was also showcasing a mobile demo for its CashPro product. I first wrote a report on corporate mobile banking in 2007, complete with a case study on Wells Fargo’s CEO Mobile. My report was a tad early for the market, and now that things are progressing I will revisit the topic in a 2011 report. Stay tuned!
  • Growing interest in small business online banking solutions. Many of the conversations I had at the AFP were on the topic of small business online banking. The majority of banks still have no clue what differentiates a small business online banking solution from a corporate cash management solution. Luckily, I have addressed this topic with a vendor evaluation of small business online banking solutions. The report was released last week, just in time for the AFP, and provided for lots of questions from banks and vendors. A second report on the subject is forthcoming and should be released by the end of the month.
  • Portal perplexity. To portal or not to portal? Several banks I spoke to are in the middle of trying to determine if they should build a corporate banking portal that would encompass all transaction banking services. This dashboard would provide quick task execution, at a glance info, and be fully customizable. The build versus buy debate was raging, coupled with the difficulty of integrating multiple vendor solutions.
  • The cash management market is still on fire. The number of banks that have sent out RFIs or RFPs is staggering. I am still amazed at how many banks are undertaking decisions here. The fact is however that some of these fires are the same ones we witnessed last year – sales cycles and decision making times are long. Solution replacement growth is still quite strong and I expect it to continue well into 2011.

 

Those are my quick hits from the conference. I welcome all comments and thoughts. I also encourage those of you who were in attendance to share your experiences!

Small Business and Corporate Mobile Banking Solutions Gaining Popularity

Small Business and Corporate Mobile Banking Solutions Gaining Popularity
Consumer mobile banking has already created quite a stir. Hefty marketing campaigns aimed at the consumer market are being used to promote mobile banking services. While the potential of the consumer mobile banking market is certainly attractive, little emphasis is being placed on the corporate or small business markets. This is quite surprising given the penetration of mobile devices in the business world. Mobile access is a natural and innovative add-on to today’s cash management services. Businesses of all sizes are already indicating that they would like to gain access to mobile services. Banks have to be able to offer these services in order to innovate, respond to market demand, and remain competitive in a crowded and highly mature playing field. The time to provide mobile banking services to business customers is now. The state of the mobile world is opening an array of opportunities for corporate users. Because corporate users are so in tune with the benefits and flexibility of mobile technology, they make excellent candidates for mobile banking services. Device evolution, Blackberry and iPhone mania, faster networks, and the prevalence of data plans will drive the adoption of small business and corporate mobile banking services. Introductory mobile solutions are already providing static information in the form of alerts, account balances, customer service features, etc. As applications mature and customers begin to appreciate the value that they are obtaining from mobile access, additional banks will begin to introduce more interactive functionalities like positive pay decisioning, payment approvals and some forms of payment initiation. There are first movers in this space. Wells Fargo is the pioneer Рthey launched their CEO Mobile solution back in 2007. This product has now evolved to encompass many of the features mentioned above. More recently, other banks have started to dabble in this space. Most have basic small business solutions that provide traditional consumer mobile features, although a few have taken a step forward to provide more sophisticated functionality. Small business examples include Chase, CIBC, Wachovia, and Wells. Large corporate examples are still few and far between, however, there are a number of banks that have fully developed solutions and it is only a matter of time before they are marketed to the masses. I would love to hear your thoughts on the market for business mobile banking solutions. Do you think this is something all banks will have? Is there a business case or strong value proposition here?

Online Appointment Scheduling – Great tool or Gimmicky Feature?

Online Appointment Scheduling – Great tool or Gimmicky Feature?
Last week someone pointed out a new feature to me on the Bank of America web site. If you enter the location finder tool, you are given a subtle option to “schedule a small business appointment.” The feature isn’t available for all branches and is being targeted at those branches that are equipped to handle small business needs.

bofa1

Once you click to schedule the appointment, a new window opens and you are asked a few simple questions.

bofa2

After filling out the form, the user is directed to a new screen where they select an appointment date/time from a calendar.

bofa3

The final screen asks the user to input their contact information and confirm the appointment. This is an interesting move by Bank of America as it provides an automated tool to small businesses while focusing on the importance of the relationship between the bank and the business. The problem is that this tool is buried within the branch location finder and is not tied to the small business section of the bank’s web site. Perhaps it is still a very new tool and is not fully rolled out, but it would make sense to have it properly integrated within the appropriate sections of the web site and mobile banking offerings. Bank of America has the right idea with this tool and I expect other banks to follow with similar offerings. I welcome your comments and am curious to hear what you think of this initiative – please feel free to post your comments and questions. I am starting to see a lot more emphasis on small business banking in 2010 and this is just the tip of the iceberg. I am currently working on a small business online banking report, please stay tuned for more info.

Business Swindled Online – Who is to Blame?

Business Swindled Online – Who is to Blame?
I recently blogged about why Businesses Require Better Protection Online. The writeup was based on a warning from the FDIC that was aimed at businesses who bank online. Last week, a firm called Genlabs Corp. had $437,000 fly out of their account. Username, password, and token were compromised as fraudsters gained access to the account. Yesterday evening, Brian Krebs from the Washington Post blogged about the story and provided some additional updates. Turns out a Genlabs computer became infected with a trojan horse that, “allowed the attackers to re-write the bank’s login screen as displayed on the employee’s computer, so that the credentials were intercepted before they could be sent on to the bank’s actual Web site.” A forensics expert who examined the computer determined that standard Windows-based scanning tools were unable to detect the infection. This raises some interesting questions about who is responsible for this mishap. The fraudsters are obviously the criminals, but catching them and recovering the funds is another story. In the meantime, who is responsible for the loss of funds?
  • If Genlabs had software protection (that did not spot the infection) should they be held responsible? Would it matter if their software was up-to-date?
  • Should the anti-virus/malware software company be responsible if their tool was unable to detect the infection, but a competing software tool could (hypothetical)?
  • Should the bank be held responsible since their online security had been compromised?



It’s an interesting discussion topic, and I invite you all to express your thoughts.

Businesses Require Better Protection Online

Businesses Require Better Protection Online
Banks have taken many steps to protect customers online. Multifactor authentication (MFA) , policies for online banking, and consumer education, are among some of the sentries in place. The FDIC however issued a warning last week specifically aimed at the business online banking / cash management space. The alert relates to financial institutions that provide payment services online, and indicates that over the past year there has been an increase in the number of reports and losses related to online EFTs. The alert specifically mentions, “malicious software, including trojan horse programs, key loggers, and other spoofing techniques, designed to circumvent online authentication methods.” This is of particular concern as more banks are attempting to increase usage of the online channel for payments. For example, Celent is seeing a trend towards banks offering small businesses the ability to send wires online. Even consumers in some instances are being offered the ability to send wires online (see the NetBanker blog, “Bank of America to Eliminate Wire Transfers from Branches, Moving Volume to Online Banking.” In Celent’s opinion, small businesses and consumers are quite vulnerable since they do not have a corporate IT department that can update virus protection or teach them what to watch out for. Additionally, most small businesses have not been issued the appropriate MFA solutions required to send a wire or other payment online. Relying on the familiar image/phrase and/or challenge questions won’t cut it. I’m not saying that MFA is perfect – it too can be bypassed. However, Celent does believe in the use of tokens (hard or soft), or out of band authentication when dealing with high value payments. There are several steps banks should take:
  • Banks should implement a transaction monitoring solution (if they have not done so already)
  • Banks should adopt out of band authentication solutions (e.g. replace traditional token by sending a one-time password to a mobile phone via SMS)
  • Banks should consider offering mobile soft tokens (e.g. an application on an iPhone or Blackberry that provides a one-time password). For more details see the following Celent blog entry, “Move Over Token, My iPhone Can do The Trick
  • Banks should revise certain policies and procedures (e.g. require a token, more frequent password resets)
  • Banks should emphasize new customer education tools (e.g. training videos / blogs / podcasts on online risks, importance of virus protection, etc.)

Move Over Token! My Phone Can do The Trick.

Move Over Token! My Phone Can do The Trick.
2009-04-01_1643Banks have been issuing tokens to their business and corporate customers for some time. These multifactor authentication devices typically generate a one-time password that the user is required to provide upon login or to confirm a specific activity (e.g. the release of a wire transfer). Customers with multiple banking relationships end up lugging around a bunch of different tokens. They are easily misplaced, and the cost of these devices can also add up quickly (whether they are being paid for by the bank or the customer). Is there an alternative to the good old token? The mobile phone could be a great alternative in the form of out of band authentication (typically a text message sent to the phone containing the one-time password) or an one-time password generating application that resides on the phone. Out of band authentication hasn’t caught on too quickly in the North American marketplace, but Celent predicts that adoption will gather speed as business users rely more on their mobile devices. The password generating application holds a lot of promise as well. Yesterday, Verisign announced the availability of a one-time password generating iPhone application (dubbed VIP Access) that would be a great alternative to a token. The app will be available for other devices as well (Blackberry, etc.). It can currently be used on select consumer sites (PayPal, EBay, AOL, etc.) and a handful of Australian credit unions (click here for list of supported sites). It will be interesting to see which US bank is the first to use this app for online banking MFA. I doubt US banks will be too keen on integrating this into consumer online banking as the bother factor is too high. Consumers are finicky and can get thrown off by too much technical change and interruption. It’s a great small business banking idea however and could have ramifications in the corporate space, particularly if it’s available for Blackberry models.