There are many ways to conduct banking transactions today — so many in fact, that it’s a rare occasion when you need to visit your local branch, if you even have one. Consumers worldwide are increasingly using digital wallets with apps like Venmo, Apple Pay, Zelle, Alipay, Square Cash, and Google Wallet to handle daily transactions because they are quick, simple, and allow users to leave their pocket litter at home. A 2018 study by ING found that one in five consumers (21 percent) have transferred money via organizations other than their main bank in the last 12 months. Fifteen percent have done so to make peer-to-peer payments, 13 percent used digital banking services, and 9 percent borrowed money using new digital services.
Dozens of fintech upstarts are chasing the tails of the leading mobile payment apps and traditional modes of banking, making it possible for tech-savvy consumers to circumvent the regulated banking industry altogether. “The traditional large bank has had to make use of technology in a way they had never even dreamed of, and there is acceptance that in order to survive they must outsource or produce their own products to compete with emerging fintech startups,” says Sarah Pearce, a London-based partner at Paul Hastings who focuses her practice on privacy and cyber security.
It’s not just millennials who are using these apps, according to Pearce, who counsels clients on the legal and regulatory landscape surrounding mobile payment services: “People of all ages have gained confidence in these services, and we’re going to see more of these apps coming into existence and a growing use of them.”
Regulatory impact on the mobile payments space
These are still early days for mobile payments, though in some regions, like Asia, the technology has been escalating quickly. China’s WeChat, for instance, has more than 1 billion users. Japan’s PayPay, offered through SoftBank, and linked to users’ Yahoo Wallet, demonstrated exponential growth from its 2018 launch due to user cash back incentives for using this new technology. Market maturity and consumer demand is segmenting these apps into different categories. Some apps, like Venmo, simply enable transferring money between peers, yet others can handle more complex transactions such as applying for a mortgage, or enabling consumers to borrow funds until their next paycheck.
“One of the key differentiators between these apps is the level to which regulations apply to the services offered,” Pearce says. “The more regulated they are, the safer they are and the more consumers will turn to them.” This affects how companies develop and launch applications to their user base, especially when cross-border transactions are involved.
A common and best practice, says Pearce, is to develop apps and services according to the most stringent region’s regulatory norms. The EU’s strong protections for privacy under the General Data Protection Regulations (GDPR) are a good example of heightened regulation and may account for the EU’s overall slower pace of adoption in new mobile payment services as companies determine how to meet GDPR requirements related to safeguarding personal data. California’s hotly anticipated and still indeterminate California Consumer Protection Act (CCPA) and a swath of state and ostensibly federal privacy legislation is not far behind. New York’s cybersecurity regulations, released in 2017, have relevance here too for covered financial entities. Of course, the “high compliance”/”best practice” pathway is more expensive and time-consuming and leaner startups may prioritize innovation over compliance in order to swiftly get a product to market.
Balancing security needs with user experience
Equally paramount to building “sticky” apps that consumers will use in lieu of traditional tools is securing the data that run through these new services. In the near future, mobile payment providers will need to implement stronger authentication methods, such as multi-factor access, to secure user data. This will be challenging, Pearce admits, since we’re all accustomed to the simplicity and speed of using facial recognition or one touch access to apps. “The criticism is that this extra layer of authentication harms the seamless consumer experience, but ultimately most users want that extra layer and it will increase confidence and user uptake,” she says.
Securing APIs with vendors is another critical area. Companies offering new digital financial services should conduct thorough security checks to ensure that the third-party vendor meets all regulatory and industry requirements aligned with the business. “What we often see in big data breaches is that the breach begins through the third-party vendor,” Pearce says. The 2013 Target breach that compromised the data of 70 million customers is a textbook example of how a Zeus virus variant was unleashed within Target’s network through the missteps of a refrigeration contractor.
On the flipside, with the proper security protocols in place, mobile payment apps can sidestep hackers’ payment card skimming exploits, such as those experienced by 38,000 British Airways customers who had their contact and payment information stolen in a breach last year. With a recently announced proposed fine of $230 million representing 1.5 percent of British Airway’s 2017 revenue for the breach being bandied about by UK’s privacy watchdog ICO, it’s arguable that an investment in mobile payment apps that close the door on web-based skimming exploits could pay off for companies who are willing to shore up their defenses against other exploits that could affect mobile payment user data.
Futuristic fintech
What lies ahead in fintech is a groundswell of rapidly and constantly developing regulatory requirements, unbridled opportunity and market share, and evolving meant to satisfy a global and therefore culturally diverse consumer base.
Pearce says that there will be an increasing move toward the use of cryptocurrency to facilitate money transfers between countries. This blockchain approach is becoming popular due to the security advantages and efficiencies of a distributed ledger, including saving on transaction costs, reduction in fraud, and reduced time in clearing and settling accounts. According to Pearce, “what this means is that, by not transferring in a normal currency there’s no need to use regulated services — we’re going to see more inventive and disruptive use of the public ledger in that way.”
Despite talk of market disruption for large financial services companies due to the rapid growth of agile fintech startups, traditional banks have everything to gain by being aggressive and more in touch with changing consumer expectations. For one, deeper pockets are better able to absorb the risk that comes with unveiling new technology from a fiscal and reputational standpoint. Traditional financial institutions also have decades of experience managing and protecting customer data with robust teams. But there is plenty of room for everyone in this space, especially for startups who can think outside of the box, says Pearce: “A major benefit of increased activity, actors and innovation in this space is increased competition. The larger banks are having to compete with these nimble startups and it’s bringing everything to an equal playing field in terms of the services. Consumers can only stand to benefit from that.”
Jennifer DeTrani is General Counsel and EVP of Nisos, a technology-enabled cybersecurity firm. She co-founded a secure messaging platform, Wickr, where she served as General Counsel for five years. You can connect with Jennifer on Wickr (dtrain), LinkedIn or by email at [email protected].