In part 3 of our interview series, 'Ask The Experts: The Future of Banking & FinTech in Light of PSD2' we interview Avi Cohen, Co-Founder, CEO at The Floor- Israel's Fintech Hub
Avi Cohen is one of the co-founders and CEO of The Floor, an international innovation center created as a bridge between Fintech companies and international banks seeking to work together. The Floor is cooperating with some of the largest banks in the world, including HSBC, RBS, Intesa Sanpaolo, Santander, Deutsche Bank, and CTBC.
Taking Steps in the Right Direction
Question: It seems that PSD2/Open Banking has not come as a huge surprise to banks and FinTech. From working in the UK you’ve seen it before it was coming to Europe. What are your thoughts on these new directives?
Answer: I think it’s the right move. Regulation is a positive thing when it’s properly formulated to encourage competition and innovation and to catalyze change that would otherwise not occur. With the new initiatives, both the UK and the EU are trying to encourage more competition and improve access to financial services at the customer's level.
Banks are getting ready to welcome that change. Some are more ready than others. But I think that it’s definitely something to be taken seriously because it may affect significantly the way that things will move forward for the financial industry.
Q: Have you seen negative reactions, especially from more traditional bankinginstitutions?
A: I don’t think that the majority is perceiving it as something negative. It is being seen by some as a threat and by others as an opportunity. Those that see it as an opportunity are trying to plan forward and how to be ready for it, whether it’s the beginning of 2018 or maybe sitting on the sidelines andwatching what everyone is doing. They might then decide, “OK, this is a good strategy for me.I’m going to do that as well.” I’ve heard concerns about capturing the role of the banking in this new environment and what should the banks do next.
The Implications of Open APIs
Q: One of the main concerns about PSD2 and Open Banking is security. What do you see as the main implications of data privacy with respect to open APIs and who has got theresponsibility in providing the security over the shared data?
A: PSD2 will force the banks to open their APIs, so the banks will be exposed to new threats that didn’t exist before when they were operating as closed entities. As a result, banks need to be ready to face these new threats, especially when it comes data privacy and sharing client information and PII with third-party providers. The main question is: which tools, technologies and solutions you’ll need to utilize to protect the customer data and provide a safe environment for that exchange to happen.
The question arises: who owns the data and who has the responsibility of keeping it protected? The thing is, with PSD2, some of it will be delegated to third parties. I’m assuming that in order to be eligible for providing these services, third parties will need to provide the same standard of protection to the customer as the banks are expected to provide for their customers.
There needs to be ongoing dialogue between the two entities. Banks will need to ensure that their customers are still protected, even if third-party providers are involved. I do not expect the banks to just sit on the sidelines and say, “OK, we’re counting on those third parties to do the same job at protecting our customers as we do.” They will need to work together with the third-party providers to make sure that their security guidelines are as up-to- date as their own.
As we know, regulation, and especially privacy regulation, is very strict in the banking sector. I don’t expect it to be lower for the third-party providers. They will be expected to provide the same level type of protection as the banks do.
Q: Are you seeing banks and Fintech companies developing tools to ensure that the data is secure?
A: Definitely. Banks are preparing for the implications of opening their APIs to third parties. From banks’ side, everyone is trying to strategize and build adequate protection to prepare for the new environment.
From the payment provider and third-party provider sides, as I see right now, the main focus is on the business opportunity rather than security. However, thanks to the strict regulations that are being enforced within the banking sector, third party providers will need to prioritize security.
The banks have always been entities that are more threatened by cyber attacks, that are mostly trying to be as much as up to date with cyber security solutions in order to maintain a saferenvironment for customers. So I don’t think that PSD2 will change that.
Banks have Options
Q: PISPs can potentially cut into banks’ profits. How are the banks responding to this? Can they find a way to use this to their advantage?
A: On one hand there is a threat which banks are definitely acknowledging: will the new regulation eventually make the banks obsolete? Will they be perceived by customers as mere infrastructures for transferring the money from point A to point B in a world controlled by third party suppliers? Banks want to maintain the personal engagement with the customer; they don’t want be in a position where an external entity is managing this relationship. I think that’s the biggest fear.
So on one hand, they’re trying to develop in-house solutions that are as innovative as what the third-parties are trying to provide. But there is another route - building partnerships and working together with innovative companies to provide cutting edge services.
At this stage, where new players are entering the space and the established technologyplayers are becoming more active, there is a clear threat to incumbents. But at the same time, I believe that when I look at this from the customer level and assessing where I want to keep my money, it’s not - Google and Apple are not my first choice. It’s unlikely that I will go to Google and say, “Here, here’s all my money. Just put it in your accounts.” I still see and perceive the bank as a trustable entity and that’s where I want to keep my money.
I may want to fragment some of the services that I’m getting from the bank into different entities. And that I think is the biggest problem. What happens when you have a bank that holds your money but all the different financial services are being fragmented into small services providers? All of a sudden managing these micro-services for the customer's becomes a big headache for the bank. That’s where the biggest threat for banks, and even for customers, lies. I wouldn’t want to be in a position where I’m managing too many third-party, four-party, fifth-party type of service providers even if I still have my bank which is just safekeeping my money.
Jumping Through Hoops to Improve User Experience
Q: Do API gateways mean more security hoops to jump through? For example, step-up authentication, restricted session lengths, and multi-factor authentication. How will that fit the user experience?
A: I think it’s a major challenge both for the banks and the third-party payment providers.The main challenge is to create a seamless experience for the customer. The last thing banks want is driving the customer crazy with the authentication process that goes on during the payment journey: from the minute I log in to the minute I’m completing transactions.
From my point of view, authentication should be seamless but also should be visible. I don’t want to handle anything that deals with authentication. It needs to somehow be integrated into the whole banking and financial experience without forcing me to doing anything that revolves around authentication.
For example, I no longer need to connect to the internet anymore, I am just connected. I remember the time when there was the big box next to our computer that forced us to connect to the internet. I no longer need to authenticate myself to connect, it is built in. This is what needs to happen here.
Q: For us, improved user experience and user security is important. What are your thoughts on behavioral biometrics? How does it stand in comparison to otherauthentication solutions and user experience solutions for authentication?
A: Behavioral biometrics is the future of the authentication space. It is the most non-invasive type of authentication process available today and is pretty much as seamless as possible for the user.
Financial institutions mostly heavily rely on old legacy infrastructures that still enforce the old methods of authentication. That’s something that’s somewhat difficult to change, but I think it’s already gradually changing with the widespread adoption of mobile phones and mobile banking.
Biometrics and behavioral analytics is something that needs to be seamlessly integrated into the user experience while protecting the customer from any potential threats. If there are any potential threats, then there’s the need to notify the user and the bank. But until that point, authentication solution needs to run silently in the background, invisibly protecting the user all the time. As we move to the next generation type of authentication, we want to look at things that integrate authentication and user experience, rather than something that differentiates between them.
Think 'Mobile First', Think Behavioral Biometrics
Q: What would you say to a bank that’s considering applying behavioral biometrics to their mobile offerings?
A: I think that the main challenge for adoption today is that it is still a relatively new technology. Banks still need to evaluate the solution for accuracy and its strength vis-a-vis existing solutions.
Banks need to see concrete results, KPIs that demonstrate advantages of behavioral biometrics over other technologies.
Every bank today should focus first and foremost on mobile channels. And when it comes to “mobile first” banks, the advantages of behavioral biometrics are difficult to ignore.
Q: Why is behavioral biometrics more than just a security issue and why does it solve other challenges in mobile banking?
A: I actually see behavioral biometrics as more of a user experience technology, rather than just security solution. Step up authentication methods, as well as 2FA and MFA interrupt customer experience. Old methods such as these are still quite common. Sometimes it is a question of legacy technologies, but quite often it is also due to regulation.
However, we are now gradually seeing more of an interest in a seamless user experience approach and acknowledgement that authentication should be an integral part of the user experience, enhancing the experience and enabling the customer to enjoy the financial servicesexperience as much as possible.
When it comes to user experience, the banks are taking some of the biggest technology providers such as Apple and Samsung as a point of reference. Suddenly, certain technologies that are integrated on the devices by tech giants have become a must for the banks to take advantage of. In a way they force the banks to say, “If this is already something that is integrated into the devices, then we can enforce it as part of our authentication process.”
Forcing Banks to Be Agile and Innovative
Q: What opportunities do PSD2 and open banking present to the FinTech ecosystem as a whole but also to The Floor?
A: I think that in the last years we’ve seen a lot of emerging competition and I would say a fair amount of destruction in the financial industry. All of a sudden, client information and payment processing are opened up to Fintech companies by PSD2.
Emerging FinTech companies are leveraging this new opportunity that is giving them access to specific services that up until today were the domain of banking institutions.
Financial technology companies have a gateway, through the banks’ APIs, to the personal data of hundreds of thousands of customers and the accompanying business opportunities. In terms of scale FinTech gained access to a massive client base that hasn’t been accessible to them up until now.
It’s also forcing the financial institutions to be as agile and spurs on the innovation. Increased competition from FinTech forces the incumbents to get on the same track and focus on customer experience, before losing business to emerging Fintech companies.
From The Floor’s perspective, as we act as an innovation center, our focus is uncovering new strategies and technologies that we can bring forward to banks to help them cope and take advantage of the new environment created by PSD2.
We are focused on helping the banks be better prepared for PSD2, possibly accelerate some of the technologies on a local level here in Israel to help them tackle PSD2 much better. I think, as we grow, we will also see PSD2 become a global standard. Other regions such as the USA, Asia and others will need to deal with the same issues that are now being generated in Europe.
Our aim is to share ideas, share experiences, and to build a proposition that will be very valuable for the financial institutions that are working with us today.
Q: What are you looking most forward to in the future of Fintech?
A: I definitely see Fintech forming more and more partnerships with the incumbent financial institutions.
For part 1 of this series, we interviewed Damian Richardson of RBS. Check it out here
For part 2 of this series, we interviewed Savino Damico of Intesa Sanpaolo. Check it out here