The Next Best Thing to Innovation?

…is the appearance of innovation.

Well, it certainly seems that way; Can’t sell services over the Internet? Call them The Cloud. Can’t sell Risk Assessments and Vulnerability Management? Call it Operational Resilience. Can’t sell data management and access control on mobile? Call it BYOD.

When it becomes clear that there is no-where left to go with your existing product or service, the appearance of innovation seems to be the go-to place for institutions staring down the barrel of obsolescence. Instead of working on their customer service, value-adds, or – God forbid – actually improving their offerings, too many organisations resort to smoke and mirrors to stay competitive.

And the worst part? We let them.

The payments sector is perfect target for this blog, especially given the fact that I know little else. Take these two examples from the last few month; There’s a New Way to Pay With a Selfie, and TD, MasterCard and Nymi Pilot Heartbeat-Authenticated Contactless Payments.

Where is the innovation here, we’ve had biometrics for years? The only thing new is the ability to actually bring the biometrics to bear, which is an advance in mobile technology, not payments. The payment itself  hasn’t changed, we’re still stuck with the same primary account number (PAN) being used by the same intermediaries (Acquirer, Issuer & Card Scheme), over the same systems we’ve had for decades. Even if you build in tokenisation with these systems they’re still mapped to a PAN in the back-end somewhere.

If you accept that a payment is just a transfer of value from one place to another, true innovation must involve the complete disintermediation of almost every player in the current ecosystem except the banks. Sure, there can be service provider intermediaries, but they will be providing true benefits to consumers and banks alike in the fields of identity management / authentication, anti-fraud, customer service, loyalty and reward programs, ratings and reviews, big data analytics and host of others services of which I can barely conceive.

To be worthy of the term ‘innovative’, any service or product offering must have the following attributes:

  1. Be of practical use, and not just theoretical
  2. Provide long-lasting benefit to all stakeholders
  3. Cannot knowingly stifle or exclude competition

For payments, there are a few more:

  1. Be available to the largest portion of the population possible (including those with disabilities)
  2. Be frictionless to the average consumer, or better yet, invisible
  3. Maintain appropriate confidentiality, integrity and availability of all underlying sensitive data, to meet – or exceed – all current legislation, regulation and best practices

Not one, or even ALL of these things at once should be too much to ask, but it’s never that simple. There will always be those existing players whose power and position can make some of these requirements all but impossible for newcomers. And the newcomers themselves rarely do themselves any favours; disruptive innovation, competitive advantage, and blatant greed all prevent true innovation from reaching the mainstream.

In payments, like most industry sectors, collaboration is the key to significant and beneficial change, and in a market worth tens of TRILLIONS of £/€/$, I would have thought there was enough to go around.

 

2 thoughts on “The Next Best Thing to Innovation?

  1. Hi David,

    Oh boy, do we need some real innovation.

    When I started guiding my company through PCI:DSS and PA:DSS, the strategy was to remove the PAN from the POS.

    Approx a decade later we now have P2PE and tokens…

    … except my QSA tells me that the POS is back in scope because those are high-value tokens.

    So I started with a problem caused by a sequence of digits, and have ended with a problem caused by a sequence of digits, and spent a lot of time and money along the way.

    I can’t see the situation improving until the brands stop using a single sequence to both identify and authenticate (CNP).

    • I feel your pain Mark! Can’t say I’m familiar with “high value tokens”, it’s either a live PAN, or it’s not, you may want to look to a second opinion!

      Roll-on bank-to-bank transfers effected through mobile-based multi-factor auth. No more plastic, no more PANs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.