Despite the hype, research by IDEX Biometrics has revealed that mobile payments are almost as unpopular as cheques. In fact, the payment card is still the number one payment method when it comes to in-store purchases for UK consumers. Three quarters (75%) of respondents stated that they use cards, including contactless, most often, compared to cash (21%), mobile payments (3%), and cheques (1%).

Unfortunately, there doesn’t seem to be a glimpse of hope for mobile payments on the horizon, with 72% stating they are concerned about the possibility of no longer having access to a physical debit card and needing to rely on mobile payments only.

It seems consumers’ personal attachment to the payment card is virtually unbreakable. Nearly two-thirds (65%) of respondents stated that carrying their debit cards provides a sense of security. It’s not surprising then that 75% say they always take a debit card with them when they leave the house. 65% of those questioned said that they wouldn’t give up their debit card in favour of mobile payments and a further 78% admit to feeling more secure using their debit card in comparison to mobile payments.

A further 60% also stated they would be worried people would have access to their accounts if they lost their mobile phone, amplifying the clear consumer distrust in mobile payments and their personal attachment to payment cards.

“It is evident that the UK public won’t be ditching payment cards in favour of mobile payments in the near, or even distant, future. Banks must face this and innovate with cards, which have stayed largely the same for decades,” comments Dave Orme, IDEX Biometrics SVP.

“With a resounding 53% of consumers stating they would trust the use of their fingerprint to authenticate payments more than the traditional PIN, this must be where the UK banking industry focuses its attention. Chip and PIN is now 12 years old, and has seen its course. It is time to elevate the traditional payment card and evolve authentication methods to make contactless transactions even more convenient and secure by adding seamless fingerprint biometric authentication”, added Orme.

(Source: IDEX Biometrics)

Banking apps are set to have the biggest impact on commercial banking within the next five years according to more than two thirds (68%) of commercial bankers, a study has revealed.

Banking apps are also predicted to become one of the most disruptive technologies during the same time period. Only cryptocurrencies (56%) and virtual assistants (48%) are expected to be greater disrupters, according to a study by Fraedom that polled 1000 decision-makers in commercial banks including senior managers, middle managers and shareholders.

The research also found that just under half (45%) of respondents listed digital wallets to have a substantial impact on the industry while nearly one third (32%) noted machine learning as having a future influence.

Kyle Ferguson, CEO, Fraedom, said: “The research highlights that the commercial banking world is beginning to shift towards a more consumer focused approach. Business executives are increasingly wanting a real-time view for their payments, just like they can in their personal lives. This trend is also mirrored by commercial banks who are planning to invest in the key technology areas to make consumerisation possible.”

The study revealed that data analytics (55%) and enhanced mobility (41%) are two of the most likely areas of a commercial bank to receive investment within the next five years. Unsurprisingly updating security systems was most likely area to receive an investment boost, as cited by 65% of respondents.

The research also uncovered that almost half (45%) of financial services organisations believe that increased regulation will drive the adoption of new technologies, with 32% predicting it will lead to better customer engagement. In addition to this, nearly two thirds (60%) of commercial bankers believe that a more ‘consumer focused’ approach to engagement is the most important factor when strengthening relationships with SME customers.

“Regulations have transformed the commercial banking sector over the past few years, and while this appears to be restrictive approach, this research proves that banks are seeing regulation as an opportunity to adopt new technologies and improve customer engagement,” said Ferguson.

(Source: Fraedom)

By as early as next year more consumers will use apps on their smartphone than a computer to do their banking, according to forecasts.

It has also been predicted that 35 million people - or 72% of the UK adult population - will bank via a phone app by 2023.

Ian Bradbury, CTO Financial Services at Fujitsu comments: “This is a tipping point for the industry. Mobile is rapidly becoming the channel of choice, and it’s no surprise – it’s easy to use,  with an emphasis on customer experience and convenience, and it’s with consumers wherever they go.

“However, the migration of banking onto mobile phones will certainly put more pressure on banks to up their security - more frequent mobile banking use, with devices which can be easily lost or stolen, means criminals can potentially do more damage to more people.  This is where we will increasingly see banks use higher-grade biometric based solutions to secure banking apps and transactions, which phones are now beginning to incorporate.

“The experience customers have with their mobile banking app will also be crucial in retaining and attracting customers. With many organisations outside Banking setting a high standard of what good customer experience for mobile apps looks like, banks will have to bear in mind that a smooth customer journey for their app can be the next ‘make or break’ element.

“Looking forward, we can expect to see more and more use of voice to control Banking Apps, enabled by the use of AI enabled robotic assistants.  Once again, it will be the customer experience that will be key in supporting the uptake of this channel.”

(Source: Fujitsu)

Contactless and online banking have pulled cash out of the pockets of most people, and while there are those that believe cash will always be a vital part of the international economy, there are some parts of the world that are borderline cashless. Below Shane Leahy, CEO of Tola Mobile, elves into the possibilities of cashless countries around the world.

With more digital payment options now readily available to consumers than ever before, the depreciation in use of traditional forms of payment, such as bank notes and the humble coin, has been inevitable. When we would once delve into our pockets for some cash, consumers today are now increasingly reaching for their mobile devices to complete purchases quickly and conveniently.

The rise of mobile payments technology over the last few years has played a particularly huge hand in enabling both merchants and customers worldwide to facilitate more cashless transactions. With the global mobile payment transaction market forecast to reach US$2.89 trillion in revenue by 2020, the rapid uptake of mobile-centric methods and the resulting shift towards a more cashless consumer culture is showing no signs of slowing.

Yet, not only have these technologies made fast digital payments accessible for smartphone owners in the more technologically advanced areas of the world; it has also empowered consumers in many emerging markets around the world to undertake instant and secure payments through their mobiles, without the need for physical cash or a registered bank accounts. In fact, it is these same developing regions in which we are now seeing the most widespread and advanced adoptions of mobile payment solutions, which are rapidly eliminating cash as a dominant form of payment amongst consumers within these markets.

One particular area of the world in which cashless payments have broken down many of the previous barriers to entry for both merchants and consumers is Sub-Saharan Africa. It has been demonstrating a rapid mass-market adoption of mobile money services of late and has so far outstripped the rest of the world in terms of its approach to cashless payments. So much so that it now accounts for more than half of the total 277 mobile money deployments worldwide.

One of the biggest driving forces behind this development has been mPesa, the mobile phone based money transfer service which now boasts over 30 million subscribers across various African countries, including Kenya, Congo, Tanzania, Mozambique and Ghana. Unlike apps such as Paypal and NFC-based mobile enabled credit card methods like Apple Pay and Samsung Pay which have been gaining traction in Western regions, the sheer simplicity of the technology required to conduct cashless payments across Africa has contributed to its growing uptake of mobile money options.

In contrast to these methods, which require users to invest in a modern and more expensive smartphones to utilise the technology, mobile money transactions across Africa can be carried out using the most basic handset and without needing an internet or data connection. By leveraging a low-level service menu provided on every GSM phone, this technology is widely accessible and therefore able to support the region’s current technological infrastructure.

What’s more, services such as Apple Pay and Paypal still also require users to link a bank account in order to complete mobile payments, making these methods largely inaccessible for the millions of unbanked consumers in developing regions. These factors also have an impact on merchants as they will have to pay more to process transactions conducted through a linked bank account, than they would if it was made directly through a physical credit or debit card.

With this and the growing preference towards cashless payment methods globally combined, it is unsurprising that the rate at which Sub-Saharan Africa is adopting mobile money is much faster than that of any other region. At the end of 2016, there were over 500m registered mobile money accounts in the region alone, a figure which has undoubtedly now significantly increased.

The establishment of mobile money across Sub-Saharan Africa is now giving much of its previously unbanked population unprecedented levels of financial inclusion and freedom to make purchases anywhere, at any time, a move which has undoubtedly played a significant role in the growth of cashless transactions and gradual decline in other payment methods. What’s more, these services have significantly reduced the concerns over carrying physical cash for consumers within these countries and have replaced them with a simple and secure means for them to instantly access funds and pay for goods and services.

Not only has this rise in mobile money use facilitated an increase in consumer empowerment; it has also paved way for merchants who have previously combatted against the region’s developing infrastructure, in which periods of downtime and network outages cause huge disruption and can often lead to lost funds when payments are made via credit cards. By ensuring a seamless and instant digital transfer of funds from customers to the merchants, the appeal of cashless options has increased dramatically, providing merchants with more business continuity and offering these countries an opportunity to drive economic growth.

While there is still some way to go before cash is rendered expendable globally, there are various countries Sub-Saharan Africa, such as Kenya and Tanzania which are currently leading the way in terms of changing consumer behaviour and quickly adopting a cashless approach. For now, cash still remains king across most Western and other countries. However, as consumers continue to seek convenience and security, it is certain that we will see a growing shift towards digital payment methods and a continued demise of physical cash worldwide.

Most conversations about doing business in Africa will include words such as “challenges,” “instability” and “risk.” Nat Davison, Partner at foreign exchange and international payments firm, Frontierpay, explains for Finance Monthly the promises and pitfalls behind payments across the African continent.

The same three words are often applied to managing currency risk and making payments throughout Africa. Costly transmission fees, unestablished banking systems, central bank restrictions and market volatility are all obstacles keeping treasury managers and payroll teams up at night.

That said, Africa also has a lot to offer from a payments perspective. The continent is becoming a hub of new payments technology, same-day payments are possible in countries such as Nigeria and there is a booming mobile payments landscape.

In short, while there is some volatility, if payroll teams are aware of the potential pitfalls and how best to avoid them, there are plenty of rewards to be reaped in the continent.

Finding the right supplier

When looking at currency markets, risk is a constant. Before even considering how currency fluctuations could affect your business though, you first need to gain access to any of Africa’s local currencies; a process which isn’t always as straightforward as it might sound.

In an ideal world, a single supplier would be able to meet most, if not all, of a business’ currency requirements. The reality though, is that many high street banks have a limited or restricted offering and are unable to provide a solution that covers multiple African nations. It’s important, therefore, when preparing to do business in the continent, to find a partner who can cover as many currencies as possible. Not only will this help to smooth internal processes, but it will also enable more effective currency hedging.

Companies often try to get around liquidity limitations in Africa by making payments in US dollars instead. The problem in doing so is that unless the beneficiary bank account is denominated in USD, the payment will be converted to the local currency before crediting at an arbitrary and more than likely unfavourable rate of exchange. Furthermore, it’s impossible to pay a supplier or employee a fixed amount using this system.

Currency volatility

Markets can be fickle beasts and to use even a commonly traded currency such as the South African rand can require a thick skin and heightened awareness of risk. Last year, the currency dropped 7.5% in the last four days of March, only to rise by the same amount in a nine-day stretch in April. Shifts of this nature are more than capable of affecting your payment costs and can hit with little warning.

On the flip-side, anyone with the nerve to have played the rand over the long term will have seen a downward slide of more than 50% in its value between 2011 and 2015, only for it to rise by 13% in 2016 and outperform every EM currency except Brazil’s real and Russia’s rouble.

To remove a degree of the uncertainty from trading the rand, I would advise anyone who hopes to do business with South Africa to have an understanding of the carry trade; a strategy that involves borrowing a currency with a low interest rate in order to fund the purchase of another with a higher rate.

Payment risk

As a result of the combined political and currency volatility in the region, knowledge and experience of South Africa’s local markets are key to successfully negotiating the pitfalls that could cost you time and money.

Where possible, work with partners who can demonstrate a strong track record and broad network within the region, to speed up the delivery of payments and avoid overblown fees. Some banks and payment partners may be able to deliver funds to Nigeria, for example, but not all will have access to local banking systems. Having this capability would open up the possibility of naira crediting bank accounts within hours rather than days.

Pricing is affected in the same way. A deeper knowledge of local market conditions, parallel markets and FX volatility will allow you access to much more favourable currency rates and the most efficient processes available within the rapidly developing continent.

Banking requirements are also fluid, with differing beneficiary data needed in different countries – in stark contrast with the EU and Single European Payment Area. Specialist experience when it comes to making payments in less-developed regions, such as Mozambique or Lesotho, will help to avoid lengthy delays, payment rejections and administration charges.

Volatility in Chinese economy

Africa’s prosperity increasingly depends on China. Over the past 20 years, China has become its largest trading partner and a significant source of investment and lending, paving the way for deep economic ties between the two countries.

As a result, recent signs of a slowdown in the Chinese economy are likely to be a very bad omen for Africa, which is massively dependent on China to not only purchase its natural resources, but also to upgrade its decaying national infrastructure.

Ultimately, a slowing China will hinder Africa’s ability to grow. However, as a decelerated China is looking ever more like an inevitability than a possibility, any business with exposure to Africa must ensure they are monitoring the landscape in China just as closely.

In conclusion

As a market to do business in, Africa is gathering global interest. Widespread urbanisation is fostering large cities in which to set up shop and readily available workforces to recruit from. New consumer markets, such as a growing middle class, are presenting previously untold opportunities to trade and the region is seeing strong growth, both economically and from a perspective of technological innovation.

However, for any new business, success on the currency and payments front needs to be an immediate concern. Failure to manage currency risk can fundamentally jeopardise your business, while holes in your liquidity provision may even leave you unable to pay suppliers or employees. Familiarise yourself with your required currencies and the local banking infrastructure, and invest time in finding a partner with the knowledge to keep any potential risk under control.

The Cambridge Analytica revelations have put the issue of data privacy front and centre in the minds of consumers, policy-makers and businesses. Facebook has taken up much of the media’s attention but with other recent and notable data breaches involving many millions of customer credentials, companies are being scrutinised for their data-handling practices like never before. Below Finance Monthly gains expert insight from Nick Caley, VP of Financial Services and Regulatory at ForgeRock, who delves deep into the implications of the data scandal on open banking.

In this era of heightened privacy awareness, it’s clear that there will be implications for businesses across all sectors.

This all raises significant questions for the financial sector. At a time when the banking industry is seeking to open up and encourage data sharing as part of the Open Banking initiative how should banks react to growing concerns from consumers about the risks and realities of online data sharing?

Firstly, UK banks need to prepare for their data management capabilities to be put under extra scrutiny. Banks are already well underway with their preparations for the EU General Data Protection Regulation, which comes into effect in May, and this provides them a solid foundation to work from.

However, the flurry of headlines around data protection and privacy will certainly make consumers more nervous about how and where their data is being used and, as a result, banks must be extra vigilant in order to maintain and grow customers’ trust.

For those already familiar with these issues, the reaction to the Cambridge Analytica story will not have come as a surprise. In a survey commissioned by ForgeRock before the Facebook revelations, only a third (36%) of UK consumers said they would be happy to share data in order to get a more personalised service. Yet over half (53%) said they would not be comfortable for their personal information to be shared with a third party under any circumstances at all. At the same time,

57% of UK consumers said they were worried about how much personal data they have shared online and 63% admitted that they know little or nothing about their rights regarding their own data.

Although this presents a challenge, incumbent banks do hold a considerable advantage over fintech companies and challenger banks when it comes to asking customers to share data: they are already trusted entities with a long track record of safely storing and managing customer data. As such, the demands of securing API access to high value customer data has been the focus of most Bank’s security teams for years. Investment in security expertise, well defined security operations and the latest technologies being tested ‘under fire’ and ‘at scale’ on a continuous basis lead to much greater levels of assurance. Standards such as OAuth 2, Open ID Connect and User Managed Access, which authenticate and authorize only trusted third parties, reinforce this access control model.

Our research shows that consumers do tend to trust banks and financial services companies to handle their personal data responsibly, especially when compared to more digitally native companies. ForgeRock’s survey found that banks and credit card companies were amongst the most trusted holders of personal data, with over 80% of UK consumers saying they trusted banks and credit card companies to store and use their data responsibly. In comparison, just 63% said they would trust social networks with the same data. This is very positive news for the UK banking sector particularly at a time when Open Banking is set to unleash a new wave of competition from digital-first competitors.

Why are banks considered trustworthy? Our research revealed a clear correlation between how in control of their data consumers feel, and how much they trust companies. Banks and credit card companies were ranked among the organisations that gave users most control over their data. This suggests that, particularly at a time when attention is being paid to data policies and privacy controls, banks must continue to invest in systems and processes that put control over data firmly in the hands of users.

The management of customer consent must be central to this strategy as it will only be possible to maintain and build trust if customers know they can turn data sharing on and off at their convenience. Putting consumers more in control of their data through consent and giving users transparency and control over how and under what circumstances their information can be used will allow banks to not only ensure compliance with Open Banking and GDPR, but also establish a basis on which they can build trusted relationships with their customers. They will then be well-placed to offer additional, more personalised services to their existing customers, allowing them to add valuable real time, context-based insights and offers for users, that in turn will create new revenue opportunities.

The Cambridge Analytica scandal combined with the regulatory changes that GDPR and Open Banking will bring appears to mark a turning point in how businesses approach issues around data sharing. The good news for banks is that they are already starting from a strong position as trusted holder of personal data. They now have a real opportunity to build on this and become true leaders in the next era of digital finance - by giving customers greater visibility, choice and control over their own data.

Like the digitisation of all things, challenges will be faced and there are benefits to reap, but often such progress doesn’t take place because the correlation between the two isn’t a positive or favourable one. Below Gemma Young, CEO and Co-Founder of Settled, discusses with Finance Monthly the future of digital in the property sector.

Property is our most important asset class, it's also our most emotional asset. Therefore, getting our home sale or purchase right is not just a big deal for consumers, it's a big deal for the wider UK economy.

Unlike other industries (travel, music, taxi services to name but a few), the real estate model has clung to its traditional roots. Even with the advent of “online” estate agents now in existence for the majority of this past decade, the industry has been slow to adopt the opportunities a digital revolution presents. It’s therefore unsurprising that we're still seeing the same issues; typical property transactions take over 3 months with 1 in 3 transactions breaking. This drives consumer losses in excess of £250m each year.

Looking forward, is 2018 going to be the year for true transformation? Will ‘proper’ property technology companies make a dent in the things that matter?

What drives transformation?

Technology

The emergence of truly disruptive technologies including artificial intelligence, virtual reality, blockchain and drones all hold their potential disruptive keys to a more progressive future. Not only are technologies proliferating, consumers also have easy access to them from their smartphones.

Empowered individuals

Tech-enabled consumers search for greater transparency, more control and ultimately more progressive solutions to age-old problems. Their quests for modern, digital solutions provide exciting opportunities for change.

Investment

2017 saw the most significant investment in ‘proper’ proptech to date, with a new and forward-focused collective attracting financial backing from VCs and traditional property players.

Regulation

Central and regulatory initiatives represent a particularly exciting shift. The latest Government call for evidence “Improving the home buying and selling process” and the HM Land Registry’s Digital Street scheme look towards a future where technology (including blockchain) will make the transfer of property ownership much more fluid. Such initiatives shine a light on the underlying problems apparent in the UK property market and signal a commitment to a more open and less guarded future.

How does this future look?

As we see this convergence in consumer, regulatory and technology worlds, this more futuristic property market is well within reach. So who wins? The opportunity to embrace and adopt new technology is open to all, however, historically, traditional incumbents have been slow to move in many sectors. They, therefore, get left behind or quite simply, left out. We don’t have to look far to see examples; Blockbuster and HMV are businesses which didn’t, in time, connect to the opportunities of the next generation. As a result, nimble and forward-focused entrants Netflix and Spotify won the respective leading positions in the new world. Much like in the movie and music sectors, forward-focused businesses tend to win in other worlds.

Settled.co.uk is one example of a real estate business that is connecting across these converging elements at quite a unique time in real estate history. Settled’s unique technology has significantly increased the likelihood of completing on a home and has cut the time it takes to sell and buy in half. It presents the hope that, in the future, its technology will enable people to buy and sell properties in moments, not months. This is the kind transformation this sector needs.

Stephen Ufford, Founder and CEO of Trulioo, discusses how mobile can offer increasing protection against modern fraud.

In a world where interaction is increasingly made through screens rather than face-to-face, it is often difficult for companies to tell exactly who their customers are online, which poses a serious risk to security and compliance.

This threat is doubled by increasing legislative pressure. A host of new regulations passed at the end of 2017 mean that companies have to focus more and more on knowing exactly who their customers are.

The end of January was the final deadline for financial services firms to register ‘ultimate beneficial owners’ so that the individuals behind every account, and those who benefit from it, are clearer. The Fourth Anti-Money Laundering Directive (4AMLD) stipulates that companies need to be aware of the ultimate identity of business entities. Prevents the development of shell companies for tax evasion and money laundering, among other financial crimes.

Under the Second Payment Services Directive (PSD2), which also passed in January, any transaction above 30€ needs to be subject to a two-factor authentication process, which verifies the identity of the customer through two separate pieces of information.

This can be based on something they know, such as a password; something intrinsic about them, such as biometric data like fingerprints or facial appearance; or something they possess, such as specific documentation.

In a digital age, this is easier said than done. Gone are the days when customers walk into a branch to set up their bank account in person. The vast majority of financial interactions nowadays are carried out simply through the click of a mouse or, more recently, the swipe of a phone. The number of mobile phone users in the world is expected to surpass the 5 billion mark by next year.[1] Last year, mobile transactions overtook those made online and in branches – according to data by Visa. [2]

But this increasing shift to mobile devices can provide a KYC opportunity, offering another item that customers possess, and can use to identify themselves. With access to Mobile Network Operators (MNOs), financial services firms can access another form of identification – possession of a specific handheld device.

This usually involves an SMS text message being sent with a verification code to the user’s mobile. The code can then be used to authenticate that the account being accessed is by the owner of the phone, verifying identity through possession of the device. MNOs already have access to extensive identity information on their subscription holders, as they are also expected to meet stringent KYC requirements. Financial Services firms can use this vital layer of identification and compare it against other pieces of evidence, such as document and passwords, for the benefit of all parties.

Another useful function of handheld devices is their capacity to record biometric data. The majority of smartphones include a front-facing camera that can be used to take a photo, capturing inherent data about a person’s appearance.

As technology on phones improves, this opens up opportunities for further layers of authentication. Many iPhones have the capacity to register fingerprints, as well as the facial recognition capacity extensively advertised in the iPhone X.

At the moment, these innovations are limited to higher-end devices. However, as this capability becomes more widespread amongst devices, using further biometric data proofs for customers will become increasingly feasible.

Additionally, the ability of mobile devices to verify identity has a wider potential for citizens of the world. Vast numbers of the global population are unbanked, not included in the financial system, and without a financial identity. But the extreme reach of mobile technology could change this.

In Mexico, for instance, only 40 percent of adults have a bank account, yet there are 80 phone subscriptions for every 100 people. Being unconnected to any formal bank can leave many people financially disempowered, unable to access any kind of financial services, which leaves their funds insecure and without growth potential. The ability to verify identity through mobiles means that previously unbanked individuals can be provided with access to financial services in the future.

In an increasingly globalised world, borders are becoming more fluid. The global population is more mobile than ever, with many people moving between borders for work or shopping in foreign countries over the internet. Cross-border e-commerce, for instance, is growing at 25 percent annually.[3] As individuals and money routinely travel increasing distances between geographical and legislative areas, this makes securing identity and tracing transactions more difficult than ever.

But mobile devices can be taken across borders and connected to their original MNO via other local networks. In a growingly interconnected world, as fraud threats become more sophisticated and regulation more stringent, mobiles and their networks can provide a consistent proof of identity that brings security and increased access to financial services for everyone.

[1] https://www.statista.com/statistics/274774/forecast-of-mobile-phone-users-worldwide/

[2] https://www.visaeurope.com/media/pdf/40172.pdf

[3] http://www.dhl.com/en/press/releases/releases_2017/all/express/cross_border_ecommerce_is_one_of_the_fastest_growth_opportunities_in_retail_according_to_dhl_report.html

Electroneum, the first British cryptocurrency, has reported a successful first month of its mobile mining BETA trial, giving millions of smartphone users global access to mine cryptocurrency through their mobile devices.

Electroneum’s worldwide survey of over 44,000 participants saw 93% of users being young males, 64% labelled “crypto newbies” and 56% anticipating they will use the mobile mining experience all the time.

Designed to be the most user friendly and mainstream cryptocurrency in the world, Electroneum is the first company of its kind to offer mobile mining on the go, helping with the adoption of cryptocurrency into the mainstream market.

The mobile mining experience is a simulation of real computer mining, which allows users to obtain Electroneum coins whilst playing ‘games’ to increase the amount of coins they receive. The survey also found that a quarter (24.7%) of its users were located in North America, home to one of the largest bitcoin mining data centres, with Europe (21.9%) following closely behind.

Richard Ells, CEO and Founder of Electroneum said: “The past couple of years has seen a significant shift within the cryptocurrency market, with Bitcoin increasing its value at an exponential rate in 2017 alone. However, Bitcoin can be difficult to get hold of, trade in and spend so with the creation of our mobile mining BETA trial we know it will provide our users with the freedom, security and accessibility which you get from mining on a computer.

Electroneum’s mobile mining will be live in January 2018 after the success and response from its beta trial.

(Source: Electroneum)

You may have seen the headlines just a few weeks back: Intel computer processors at risk form hackers. The computer technology firm owned up to some serious flaws in their systems and began to implement patches. Below Rusty Carter, VP of Product at Arxan Technologies, explains the ordeal and touches on the detail of the vulnerabilities, from CPUs to mobile banking.

Earlier this year the appearance of two vulnerabilities, Meltdown and Spectre, which affected a significant proportion of the world computer processors, hit the headlines and gained serious attention across the security and application industries.

The critical vulnerabilities that were recently found in Intel and other Central Processing Units (CPU) represent a significant security risk. Because the flaw is so low level, the usual protections that web developers are accustomed to, do not apply. Due to the vulnerabilities existing in the underlying system architecture, they can be exceptionally long-lived, providing attackers with sufficient time to develop direct attacks aimed at the hottest targets, a big one being the mobile banking and payments industry.

Both Meltdown and Spectre can affect devices used within the banking industry, an obvious one being mobile banking applications. Although similar, the vulnerabilities do have their differences. They both affect Intel; must have code execution on the system; and can be managed or mitigated through software patching. However, they each have slightly different methods of attack – both use speculative execution, but Meltdown also uses Intel privilege escalation, whilst Spectre uses branch prediction. Thus, they each have slightly different impacts. Additionally, Meltdown only affects Intel whereas Spectre can affect Intel, ARM, and AMD.

The location of the vulnerabilities makes them particularly hard to protect against. This is because it is the processor, its registers, and also its memory, that are being attacked. This creates unique challenges for protection, however, does not make protection impossible. Meltdown has now been patched in most cases, therefore, Spectre is the more concerning of the two.

With both vulnerabilities, the exfiltration occurs via the registers or memory addresses of legitimate programs in use, meaning cryptography-related items such as decryption keys and API credentials will be the likely first targets. This is because the vulnerabilities go across users of an application and, therefore, can provide ‘keys to the kingdom’. Follow-on targets are likely to be individual users’ personal information managed by marquee applications.

The banking industry is likely to suffer the effects of both these vulnerabilities, especially with regards to mobile banking and payments. Customer data such as account numbers and user credentials are very likely to be exposed.

With the rising popularity of mobile banking, applications are seeing more and more security risks affecting them. Even well written applications are still vulnerable. Whilst most applications maintain security by encrypting data between the app and the data centre, this is not enough. In order to be fully protected, banks need to encrypt the data within their application, only decrypting it at the moment it is needed, and then encrypting it again. Further application protection that is highly recommended for banks to incorporate into the security of their applications is anti-reverse engineering and anti-tampering.

For customers using mobile banking, it is vital they remember to turn off JavaScript if possible and to ensure they exit applications they do not need, or are not using at the time. Ultimately the application is run on a processor, when there is a vulnerability there, nothing is really safe. However, if a mobile application is not running, these vulnerabilities cannot facilitate the stealing of data. Encrypting data and implementing application protection that uses a variety of different techniques, can make it much more difficult to read memory out of a register, or to leverage a vulnerability such as Spectre. By doing this, banks can put themselves ahead of others within the industry, as well as protecting their customers and overall reputation.

You wouldn’t think that poverty stricken lands in the huge continent of Africa are actually rich with communications technologies, and in particular mobile phones. Below, Michael Brown at Credit Angel sheds a light on what this looks like, and how in fact, the proliferation of mobile technology is helping eradicate poverty in some areas.

The mobile market has thrived for some two decades now, and all signs point to further expansion. The industry will continue to grow globally, as consumers seek further convenience in their day-to-day lives.

It’s also a lucrative market financially, for banks, monetary institutions and innovators. Alongside mobile growth, financial technology (FinTech) is thriving alongside it as a natural consequence of increasing users and use. And payment systems that prove both convenient to the consumer and profitable for the providers will only expand until the next big innovation comes along.

However, alongside the global appeal of profit and convenience, the mobile market is thriving as an enabling tool in parts of the world where profit does not come first.

Background

It may surprise people to learn that mobile phones are thriving in parts of rural Africa. In villages distant from major towns and cities, where most people do not have bank accounts or secure ways of storing their money, it’s here where perhaps the biggest benefit of mobile use can be found. In fact, whilst the West has been dipping its toe into the combination of mobile and FinTech, rural African communities have been miles ahead in their acceptance of the new technology.

The lack of a bank account is clearly a security concern for all individuals. Any income made by those in rural settings once had to be carried or guarded by the individual. Cash, as we know, is perhaps the least secure of currency forms worldwide. It’s easy to steal, and virtually impossible to claim back once lost. Such a rural economy makes life incredibly difficult for everyone. Not only is there little money to go around in the first place, but any amount lost or stolen can quickly mean extreme poverty for individuals.

The Contactless Revolution

Whilst the West has been debating the safety of contactless cards in recent times, the United Bank of Africa (UBA) had already mobilised the facility across much of Nigeria. Most of us have reaped the benefits of contactless payments when we’ve found ourselves short of cash and far from a bank. But the UBA extended the benefits to include the likes of public transport and even taxis, and all this whilst Western buses remained cash-only, and Uber was nothing more than a German word meaning ‘above’. The gradual shift from contactless cards to mobile payments is simple common sense – why carry two devices when one will do?

The African economy as a whole is reaping the benefits of making its citizens mobile. In a society without landline telecommunications, it’s estimated that the continent gains a 0.5% rise in gross domestic profit, every time it enables a further 10% of its population to access mobile technology.

Beyond FinTech

The mobile market is thriving in rural Africa, and not just for directly-financial reasons. As farmers the world over know, the weather plays a huge part in their success. Instead of having to play a guessing game and potentially losing one’s whole crop and income, rural African farmers are using their mobiles for weather reports via the internet.

With such information at their fingertips, farmers know the best times to plant crops, sow seeds and harvest. The situation of families having no products to sell and thus no food for themselves has been greatly reduced as a result. Judge this against a rural economy in which around half the people are small-scale farmers and the difference mobile phones have made in fighting poverty is clear to see.

The introduction of mobile devices to the region have also helped with healthcare. Many people are too distant from hospitals and surgeries in emergency situations, meaning a high mortality rate, particularly amongst the young. Infections and diseases that are easily-treatable often claim lives in rural Africa, and it’s often for reasons of accessibility and remoteness. Many can now contact healthcare professionals for diagnoses and advice thanks to their handheld companions.

It’s a similar situation regarding education. There are now apps set up allowing teacher-pupil communication online, as well as online course, not dissimilar to the Open University. The economic opportunities for those living in rural economies have been increased tenfold, and the figures say it all. Mobile payment app M-Pesa is one company that has invested in rural Africa, and its innovations have brought nearly 200,000 Kenyans alone out of poverty over the last decade.

The Future

The relationship between FinTech and mobile tech is inexplicably linked, and the two are set to continue to grow together. Given that the number of mobile users will increase as time ticks on, this naturally means an increase in app-users and all other mobile mod-cons.

It’s estimated that 90% of smartphone users will have made a mobile payment by 2020. The world as a whole is moving away from cash-based transactions towards more convenient, secure and profitable ways of paying.

FinTech in Africa shows how a cashless society can work, as well as the untold benefits and freedoms such a set-up can provide for the individual. As it stands, the introduction of mobile phones to rural Africa ranks highly amongst factors credited with reducing poverty in the region, and it may well prove to be the number one factor in years to come. Discover more about mobile innovations and the future of spending.

The security of banks’ and other financial institutions’ websites has been in the spotlight recently, notably in the case of NatWest bank which was involved in a public discussion regarding its site. Below Jacob Ghanty, Head of Financial Regulation at Kemp Little LLP, discusses the legal implications of website security, along with the potential consequences and of course some solutions to follow up on.

Importance of bank website security

With the diminishment of the physical branch networks that UK banks have maintained traditionally, banks’ online services are a fundamental means through which they deliver core banking services to their customers.

In the case of NatWest, a security expert identified that the bank was not using an encrypted https (Hypertext Transfer Protocol Secure) connection for a customer-facing website (in contrast with its connection for online banking services). The security expert suggested that hackers could redirect site visitors away from NatWest to other sites using similar names. NatWest stated that it would work towards upgrading to https within 48 hours.

Legal obligation to protect customer data

This type of issue is not new and has affected other banks as well. As long ago as 2007, the Information Commissioner’s Office (ICO) named and shamed 11 banks for unacceptable data security practice.

From a data privacy law perspective, under current legislation (the Data Protection Act 1998 (DPA)) organisations are required to have appropriate technical and organisational measures in place to protect data against unauthorised or unlawful processing, and against accidental loss or destruction of or damage to personal data (data security breach). The DPA does not define "appropriate technical and organisational measures" but the interpretive provisions state that, to comply with the seventh data protection principle, data controllers must take into account the state of technical development and the cost of implementing such measures. Moreover, security measures must ensure a level of security appropriate to both: the harm that might result from such a data security breach; and the nature of the personal data to be protected.

From a financial services regulatory perspective, banks are subject to a requirement in the Prudential Regulation Authority Rulebook to: “…establish, implement and maintain systems and procedures that are adequate to safeguard the security, integrity and confidentiality of information, taking into account the nature of the information in question. … a firm must have sound security mechanisms in place to guarantee the security and authentication of the means of transfer of information, minimise the risk of data corruption and unauthorised access and to prevent information leakage maintaining the confidentiality of the data at all times.” Breach of this and related rules (including a requirement to implement adequate systems and controls to monitor and detect financial crime) would leave banks open to disciplinary action.

The importance of an HTTPS connection

Any data sent between a customer’s device and a website that utilises https is encrypted and accordingly unusable by anyone intercepting that data unless they hold the encryption key. Without https protection, hackers could, in principle, alter a bank’s website and re-direct users to a fake or “phishing” website where their data could be stolen. Phishing sites are designed to appear like a bank’s own website to lure customers to disclose their personal data. Many such sites are quite sophisticated (incorporating fake log-in mechanisms, and so on) and present genuine risks to customers’ data.

Legal and financial consequences for banks who fail to protect their customers’ data

From a data privacy law standpoint, the ICO has the power to impose financial penalties on data controllers of up to £500,000 for a serious breach of the data protection principles. For example, in October 2016, the ICO imposed a £400,000 fine on TalkTalk for a breach of the seventh data protection principle.

The EU’s General Data Protection Regulation (GDPR) will take effect from 25 May 2018. The GDPR will impose stricter obligations on data controllers than those that apply under the DPA.  The GDPR will significantly increase maximum fines for data controllers and processors in two tiers, as follows: up to 2% of annual worldwide turnover of the preceding financial year or 10 million euros (whichever is the greater) for violations relating to internal record keeping, data processor contracts, data security and breach notification, data protection officers, and data protection by design and default; and up to 4% of annual worldwide turnover of the preceding financial year or 20 million euros (whichever is the greater) for violations relating to breaches of the data protection principles, conditions for consent, data subjects’ rights and international data transfers.

Key next steps for banks to protect financial and customer data

There are several obvious steps that banks can take to protect financial and customer data including carrying out a cyber security audit, maintaining adequate detection capabilities and putting in place recovery and response systems to enable them to carry on in case of an unexpected interruption.

There are number of useful sources of information in this area including: the FCA’s speech in September 2016 on its supervisory approach to cyber security in financial services firms; various ICO guides on information security; the FCA’s Financial Crime Guide; and the FSA’s Thematic Review Report on data security in the financial services sector of April 2008.