Banking Technology Forum 2015 afternoon sessions: mobile, regulation data and cyber

The afternoon sessions at the Banking Technology Forum 2015 focused on mobile payments, the data dilemma, cyber-security and regulation with speakers from Zapp, GSMA, EY and many others, writes Neil Ainger. You can see the morning report & follow the twitter stream by clicking on the highlighted text.

The 2015 Banking Technology Forum continued in the afternoon with an opening panel looking at mobile payments. The convergence of smartphones and contactless payments, NFC, apps and merchant’s online and in-store payment options is at last happening. New launches such as ApplePay, AndroidPay and tokenisation players are also part of this changing ecosystem.

Addressing the mobile FS technology scene were:

• Peter Keenan, chief executive, Zapp
• Claire Maslen, senior manager, financial services, GSMA
• David Gardner, Technology & Intellectual Property Partner TLT LLP

“GSMA is the trade body for mobile network operators, but interestingly we are starting to get members from the financial community now,” said Claire Maslen, senior manager, FS at GSMA. This reflects the technology convergence that is going on and the merging of business lines and increased collaboration that is occurring between banks, app developers, MNOs, card schemes and others. The aim is to deliver interoperability and ensure widespread adoption.

Maslen was involved in the 02 Wallet back in 2007 when turf wars between banks and MNOs were hogging the headlines, but she believes cooperation now reigns in the search for users. A consolidated omni-channel gets users and delivers ease-of-use benefits.

This is where Zapp, a UK mobile payment offering comes into play. “It’s not an app you can find on the App Store,” said Peter Keenan, chief executive of Zapp. “But instead we’ve signed up half of the UK banks, with more joining all the time. They offer it on their own mobile banking apps, with associated security, and merchants across the UK have signed up too in order to create an ecosystem.” Zapp runs upon the UK FPS on the back end and describes itself as an independent company within the VocaLink group. It will face stiff competition from Apple Pay and its ilk.

The legal aspects of the convergence that is underway were addressed by David Gardner, Technology & Intellectual Property Partner at law firm, TLT. “Data is key,” he said, pointing out how it can be used for ticketing, marketing promotions and so forth. “But you have to ensure you don’t contravene the EU data protection act (DPA) or infringe on collaborators’ intellectual property (IP).”

The panel went on to discuss the role of the SIM card, secure element, PSPs, interchange fees and so forth.

“Contactless has also reached a tipping point,” said GSMA’s Maslen. It’s been helped by TfL transport adoption in London and UK banks agreeing to put the technology on their Visa and MasterCard debit cards.

NFC is growing so quick in the UK that Zapp will be launching an NFC solution next year, said Keenan, as it seeks to diversify.

The data dilemma
The issue of the data deluge was up next. From new regulatory-driven trade reporting duties on capital market participants to consumer behaviour data from mobile apps, data is growing and growing. Know Your Customer (KYC) anti-financial crime and sanctions data is also another key driver of the data deluge, as is social media.

“There are typically four million messages per second in one dealer room, in one bank, in one city,” said Chris Pickles, an independent financial technology expert who used to work for BT Radianz. “If you multiply that by the number of global users you get an idea of how much data is out there and the challenge.”

The US Dodd Frank Act, EU EMIR, MiFID II and other such regulations are key drivers of the data deluge with trade repositories, collateral reporting and other such obligations key parts of the new post-crash environment emanating from the 2009 G20 meeting in Pittsburgh, US. The impact of regulation was later addressed by PJ Di Giammarino of JWG and Dr Anthony Kirby, director of regulatory reform and risk management at EY.

For Alison Deighton, head of data protection & privacy at the TLT law firm, the key data topic at the moment is the so-called ‘right to be forgotten’ whereby citizens can call for companies to delete online or database information about them. This is one aspect of the EU replacement of the DPA which is due by year end. The ‘right to be forgotten’ places a huge obligation on banks, internet, mobile, media and other companies that store vast quantities of data.

“The European Parliament, Commission (EC) and other bodies are finalising the DPA replacement right now, so I’d urge attendees to keep an eye on this,” said Deighton.

Cyber-security
In the final session of the day the topic of cyber-security was front and centre. Banks, PSPs and others have an obligation to protect their customers against hack attacks, ID theft and fraud and the increasing digitalisation of banking is opening up new consumer threats. Internal threats are also proliferating.

“Most cyber-attacks are over in four days and only one in six firms even find out if they’ve suffered a data breach,” said Phil Huggins, vice president of security science at Stroz Friedberg.

“Previously we used to call cyber e-crime. I’ve no doubt it will be called something else in five years time,” added David Porter, an advisor at Digital Shadows. “Whatever you call it it’s the same old motivation to commit ID theft and commit fraud and there are a number of basic preventive measures all firms and individuals should take – install AV and authentication technology; use strong passwords and protect them; do regular patch management.”

Sage advice there, as the one-day conference came to an end, and the 200-plus attendees adjourned to the networking area for some well-earned drinks and snacks.

You can see the morning report here