FinTech

FinTech vs The Status Quo

There is an old wisdom story about a truck that gets stuck under a bridge. The details vary, but the gist is that all conventional [old school] thinking fails to solve the problem, but out-of-the-box thinking [a young girl/boy] gets the job done.

If you’ve not heard this overused (and yes, [pun intended] ‘tired’) analogy, the premise is that:

  1. a truck get stuck under a bridge/overpass;
  2. all the best [old] engineers around cannot solve the problem, and their solutions include:
    • force the truck through, likely damaging both truck and bridge;
    • drag truck back out so it won’t reach destination; and
    • raise the entire bridge.
  3. a child [young/fresh] comes along and says to take air out of the tires, thereby lowering the truck just enough to pass under the bridge.

Call it common sense, call it obvious, but the solution was only clear to someone with a completely fresh pair of eyes and no preconceived notions of the ‘right’ way to do something.

This is where we find ourselves in the world of FinTech. Defined as; “the new technology and innovation that aims to compete with traditional financial methods in the delivery of financial services.”, FinTech as a buzzword has been out for over 25 years, but what has it achieved?

If you see ‘invisible payments‘ and seamless feature-rich ancillary services (loyalty points / rewards for example) as the ultimate goals of FinTech, where are we in 2019?

We have the technology [most of it anyway], we have a growing interest, but what we still DON’T have is the support of those with a vested interest in the status quo.

Hardly surprising, right?

From banks, to payment card brands, to payment terminal manufacturers, and even regulators, it in their best interests to keep things the same. But the brave new world that IS coming has no place for those unprepared / unwilling to change or adapt.

There’s no denying that management and transfer of value (a.k.a. money) in 2019 is both massively complex and monolithic, but that’s really no excuse, not with the billions being invested in innovation. And while I do not want to trivialise the truly enormous effort required to effect the necessary changes, I resent the active obstruction.

On BOTH sides.

Instead of working together, both sides are doing their damnedest to grab the biggest piece of the pie. Like there’s not billions of £/$/€ to go around. Capitalism and sheer greed are ensuring that the best ideas are not being made available to the end consumer. And it’s OUR money their playing with!

The prevalence of the buzzphrase ‘disruptive’ is the perfect indicator that FinTech has little interest in bringing the old school along for the ride, so is it any wonder that the old school wants to ‘defend’ itself? All the old-school have to do is lobby the regulators and FinTechs run out of money before their ideas make the light of day.

It’s us that lose.

I want access to MY money wherever, whenever, and HOW ever I want. I also want as many features as possible around the use of my money as I deem relevant. From loyalty programs, to instant coupons, to money management, to whatever comes next, the old-school has proven its inability to innovate [adequately], which is WHY we have FinTech in the first place.

Clearly I have no solutions in this rather useless blog, but if one person comes over to the light-side (sustaining innovation), I’ll consider this worthwhile.

[If you liked this article, please share! Want more like it, subscribe!]

Procrastination

GDPR: Advice for Every Small Business

According to every statistic I’ve read, there is still a huge chunk of business owners who have not even read the GDPR yet, let alone done anything about it. To be clear; no matter the size of your business, you have to comply.

For example, Core Concept Security Ltd. (my company) is very small, but even I have to pay a ‘Data Protection Fee’ and sort out my contracts and privacy notices. What I DON’T have to do is:

  1. Designate a data protection officer (DPO) – Article 37, because I meet none of the criteria in 37(1)(a-c); or
  2. Produce a ‘record of processing’ – Article 30 because my company is under 250 employees and I do not meet any of the 30(5) criteria.

I know all of this because I HAVE read the GDPR, I HAVE sorted out my contracts and privacy notices, and I HAVE paid my data protection fee. There is no excuse I have heard to date for EVERY other small business not to do the same.

Follow these steps, and you’ll have done the most important thing imaginable; something: Continue reading

GDPR Fines

Does ISO 27001 Certification Give You Immunity From GDPR Fines?

I was actually chuckling to myself as I wrote that title because I know you were thinking [the equivalent of] one of the following as you clicked on the link:
  • If you have not read the GDPR: “That would be awesome!”
  • If you have read the GDPR: “Don’t be so bloody stupid.”
No, of course ISO 27001 certification won’t give you immunity from GDPR fines, even those related to data security breaches, which is the only thing 27001 actually covers. Data security (as opposed to data processing) is a single Article out of 99, and the fines related to data loss aren’t even the big ones (2%, not 4%). That said, I believe there is a much greater chance of you being fined for lack of security than for any illegalities in your personal data processing. It’s a matter of exposure. Continue reading
GDPR Expert

Finding the Right GDPR ‘Expert’ to Help Your Business

I have lost count of the number of times I have included phrases like; “You have to ask the right questions.” into my blogs, or into conversations with prospective clients. One of my primary roles as a consultant is to to either help my clients do just that, or to give them the right answers first if they are just too far behind the curve. This is very easy in security, the ‘basics’ have not changed for generations, nor will they ever. So, for example, the question is never; “What technology do I need?”, it’s; “What function does the risk assessment say I need?” But when it comes to GDPR, asking the right questions involves a significant amount of research and homework. Not only do you actually have to read the damned thing several times yourself, you have to understand it enough to apply it to your unique requirements. You have to be able to take the next step or nothing will happen. Continue reading
Right to Erasure

GDPR: The Right to Erasure Does Not Always Mean Forgotten

The title should actually be more in question form; Did you know that there’s even a difference between being erased and being forgotten? Article 17 of the GDPR is “Right to erasure (‘right to be forgotten’)“, which suggests they are the same thing. They are not [quite], and I think the only reason the right to be forgotten was added in brackets is because everyone was already calling it that. But it’s just not accurate …enough. The right to be forgotten is intended to allow an individual to “determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past.” For example; you may have been guilty of a minor criminal offence 30 years ago, which in the UK would likely make that offence “spent” (i.e. it should not be considered in any decisions against you related to insurance, employment, loans and so forth). However, if this criminal record has been posted online then duplicated in numerous forms all over the place, it will never go away. In other words, you’ve paid your ‘debt to society’ but it will haunt you for the rest of your days. Continue reading