If You Need to be ‘Disruptive’ to Sell your Security Product, Make a Better Product

You’ve all seen the ads; “Service X is disrupting the Y industry!“, or worse; “We’re using Artificial Intelligence to disrupt…”.

At this point I will look no further at what you have to offer, because if your product/service could stand on its merits, why would you to resort to using tired and almost entirely inaccurate marketing drivel? And are you really to solve my problems or just make money?

Yes, that was a rhetorical question.

Continue reading

Cybersecurity Vendors: Masters of Distracting Innovation

I’ve heard that the best writers draw inspiration from the people around them. Clearly this works for crap writers too, because I totally stole the phrase ‘distracting innovation’ from a friend of mine. So thank you for that Gareth.

I have dedicated the last half of my career to providing my clients the only thing that makes sense to me; an appropriate security program that supports and enables the needs of the business. I have also chosen to predicate the implementation of that program on the following well established cornerstones. In order of importance:

Continue reading
Disruptive Innovation

Enough With the Disruptive Innovation. Collaborate or Fail.


[This is taken in large part from from an earlier blog, but I feel it needs updating to include more than just payments.]

‘Disruptive Innovation’ has become a common cry for anyone wanting to displace the existing players. It is defined as; “an innovation that helps create a new market and value network, and eventually disrupts an existing market and value network (over a few years or decades), displacing an earlier technology.

Unfortunately the original concept is now grossly misapplied. But like how ‘irony’ now has several meanings, I guess disruptive innovation will have different meaning based on its context.

However, I’ve never heard anyone using the phrase ‘Sustaining Innovation’, which; “does not create new markets or value networks but rather only evolves existing ones with better value, allowing the firms within to compete against each other’s sustaining improvements.

So why is everyone so interesting in disrupting the existing ecosystems? And by “everyone” I of course mean those who are trying to either break into market, or those trying to wrest even more control for themselves. In payments – as my example -, non-cash payments work [mostly], and you have a large degree of faith in your bank’s ability to protect your monetary assets. Do you really want the whole thing to change? Do you even know what it is that you want that’s different?

But do things even need to change? Well yes actually, they do. And are there innovations available NOW that make the payments process easier, cheaper, and more secure for the consumer? Yes, there are. However, can we expect the entire payment industry to throw out everything they have spent billions on over the last few decades, are used BY billions, just to make room for every start-up with a good idea? No, we can’t, and that’s the real issue here.

In the last 10 years there have only been 2 true [potential] disruptors in the payments industry; the mobile phone, and block chains (Bitcoin et al), neither of which has achieved anywhere near its full potential. Yet. Not because the technologies are flawed [necessarily], but because the introduction OF the technologies was done poorly. For mobile devices, the payments challenges included the ‘fight’ between NFC and BlueTooth, the numerous options for security on the device (Secure Elements, Trusted Execution Environments and so on), and the presumed insecurity of the technology overall. For block chains is was, and still is, the almost complete lack of understanding of how they even work in the first place. I’ve looked into them and I still find the concept nearly incomprehensible.

But even these disruptors need current context, and they represent a fundamental shift from our overly complicated view of payments back to its basics; I go to work to earn value (money), the value gets stored somewhere (a bank), and I access the value when I want it regardless of time or location (mobile payment). This would suggest that the only disruption we really need is the disintermediation of some of the players. There are simply too many middle-men whose only input to the new world of payments will be value erosion. Thank God the Mobile Network Operators (MNOs) are too busy bickering amongst themselves or this would be even more complicated!

As a consumer who has a very good idea of what he want to see change, I know that only those who help the payments industry evolve will have a lasting positive impact, and this will only be through collaboration and fair competition.

I’ve used payments as an example, because that’s what I know the best, but the same can be said for almost every other industry sector. The drive to take away what others have, instead of providing a better service for the common good, is capitalism at its worst. And no, I’m not proposing some sort of socialism, it’s just logic; What’s easier? Completely replacing something, or improving what we have in collaboration with multiple players?

It’s not like there isn’t enough to go around.

[If you liked this article, please share! Want more like it, subscribe!]

Payments Innovation Should NOT be Disruptive!


By now I think everyone has heard the phrase ‘Disruptive Innovation’, as defined by; “an innovation that helps create a new market and value network, and eventually disrupts an existing market and value network (over a few years or decades), displacing an earlier technology.“. This phase is especially bandied around in payments.

But how many of you have heard the phrase; ‘Sustaining Innovation’, which; “does not create new markets or value networks but rather only evolves existing ones with better value, allowing the firms within to compete against each other’s sustaining improvements.

So if you accept that a payment itself is just a way for you to access your stored value (what we call money) any time / place of your choosing, why is everyone so interesting in disrupting the existing payment ecosystem? And by “everyone” I of course mean those who are trying to either break into market, or those trying to wrest even more control for themselves. Non-cash payments work [for the most part], and you have a large degree of faith in your bank’s ability to protect your monetary assets, do you really want the whole thing to change? Do you even know what it is that you want that’s different from what you have today?

Do things even need to change? Yes, they do. Are there innovations available NOW that make the payments process easier, cheaper, and more secure for the consumer? Yes, there are. Can we expect the entire payment industry to throw out everything they have spent billions on over the last few decades, are used BY billions, just to make room for every start-up with a good idea? No, we can’t, and that’s the real issue here.

In the last 10 years there have only been 2 true disruptors in the payments industry; the mobile phone, and block chains (Bitcoin et al), neither of which has achieved anywhere near its full potential. Yet. Not because the technologies are flawed [necessarily], but because the introduction OF the technologies was done poorly. For mobile devices, the payments challenges included the ‘fight’ between NFC and BlueTooth, the numerous options for security on the device (Secure Elements, Trusted Execution Environments and so on), and the presumed insecurity of the technology overall. For block chains is was, and still is, the almost complete lack of understanding of how they even work in the first place. I’ve looked into them and I still find the concept nearly incomprehensible.

But even these disruptors need current context, and they represent a fundamental shift from our overly complicated view of payments back to its basics; I go to work to earn value (money), the value gets stored somewhere (a bank), and I access the value when I want it regardless of time or location (mobile payment). This would suggest that the only disruption we really need is the disintermediation of some of the players. There are simply too many middle-men whose only input to the new world of payments will be value erosion. Thank God the Mobile Network Operators (MNOs) are too busy bickering amongst themselves or this would be even more complicated!

As a consumer who has a very good idea of what he want to see change, I know that only those who help the payments industry evolve will have a lasting positive impact, and this will only be though collaboration and fair competition.

The greedy can stay home.

[If you liked this article, please share! Want more like it, subscribe!]

Payments Disintermediation

Disintermediation in Payments, Disin’what Now?


An almost 50 year old concept is now all the rage in the payments space; disintermediation, which according to Wikipedia is; “…the removal of intermediaries in a supply chain, or “cutting out the middlemen.

It might be a cliché, and I hate any buzz-phrase not invented by me, but in the payments space this one makes perfect sense.

For example, to make a branded card payment you have not one, but several middlemen, all of whom add cost to the overall price of the goods you buy;

1. Terminal Manufacturers – those devices you slide / swipe your card into are a cost, If they are PTS and SRED compliant, a significant cost. Target, for example, spent $100 MILLION to replace theirs after their well publicised breach.

2. Acquiring Banks – The bank who authorises the payment charges roughly 0.02% of the total value of each transaction.

3. Issuing Banks – The institution who issued the card itself charges the lion’s share at a very rough average of 1.7% of the transaction value.

4. Card Schemes – The brands (Visa, MasterCard etc.) vary in the slice they take, but for the sake of argument, let’s say it’s around 0.1% of the transaction value.

5. Your Bank (in general) – May or may not charge you for the ‘privilege’ of having a card, mine does, but let’s ignore this for now.

According to statista.com the volume of credit card transactions in  2012 was around $6,000,000,000,000 (or 6 TRILLION USD), so let’s put that into perspective:

Terminal Manufactures – I cannot even begin to guess how many payment terminals there are worldwide. But I’m going to put my reputation on the line and say it’s a lot. Manufacturers have also received a very significant boost in the last year or so with the enforcement of EMV on our US brethren. For the sake of this blog, we’ll just assume many millions are spent by retail merchants on these devices.

Acquiring Banks – 0.2% of $6 trillion is $12 billion.

Issuing Banks – 1.7% of $6 trillion is $105 billion.

Card Schemes – 0.1% of $6 trillion is $6 billion.

In other words, the cost associated of using credit cards exceeds 120 billion USD!

This is actually not meant as a criticism. They provide a service, many services in fact (including paying for the inevitable fraud), and we are all very likely utilising the benefits of the non-cash services on a daily basis. My point is that we ALREADY have the ability to remove the majority of these middlemen sitting in our pockets; our mobile phones.

Your bank wants to be paid for storing, protecting, and providing access to your worth. The phone company wants to be paid for providing the bandwidth to get to your worth. That’s fair, but why should anyone else be paid? It certainly isn’t the retail merchant who’s absorbing the middleman costs, it’s us, the end consumer. And it’s about time we start demanding more options.

The disintermediation of the non-cash payments systems will be a slow process of disruptive innovation. One side will try desperately to hold on to what they have, and the other side is trying to move too fast to change everything. BOTH sides need to understand that things WILL change, but can only do so when the replacement mechanisms are truly fit for purpose. We simply aren’t there yet.

Card Schemes need time to turn their enormous ships onto a new course; banks need to take over the fraud loss liabilities; and biometrics companies need to shut the hell up about the death of password and the ridiculousness of their single factor solutions. Most of all, the consumers need to ask for something they don’t even know they need yet.

So yes, disintermediation in payments is coming, but likely not any time soon. Even with PSD2.

[If you liked this article, please share! Want more like it, subscribe!]