A library of snippets
xxx
The top online retailers in the US were already too shrewd from the outset to take the network tokenization bait from Visa and Mastercard. The likes of Amazon, Walmart, etc. said no thank you to network tokenization, preferring instead to stick with good old fashioned acquirer tokenization or even vaulting cardholder data themselves where they are fully PCI compliant.
xxx
I had all three of my main payments cards replaced in the last year or so: a Visa card that I thought I’d lost (but hadn’t), an Amex card that expired and a Mastercard that was switched from one issuer to another. I think I’m fariyl typical Stripe reported last year that some 40% of cardholders had to replace a card in the previous because of the card expiring, getting lost, or being compromised by fraud. I didn’t mind. In fact, adding some friction to my purchasing processes had some advantages.
Now, on the one hand it’s been quite annoying to keep having my shopping process interrupted because the card details needed to be updated and what seemed like a thousand merchants. But on the other it was quite useful. For example: I received a number of messages from organisations saying “we tried to take your subscription but it failed”, most of them for services I had no idea that I still subscribed to and some for services that I’m pretty sure I’d never subscribed to. A newsletter that I never read any more, some app that I need three years ago to convert from one file type to another, an archive that I needed one article from last Christmas.
xxx
It’s easy to see how customers become complacent about such measures, viewing them as introducing friction into a process they believe should be seamless. As Sandra Peaston, Director of Research and Development at fraud prevention service CIFAS points out, when they are applied to all transactions — fraudulent or otherwise — “consumers then tend to treat them in a manner not dissimilar to reading Ts&Cs, as just something that they have to skip past in order to do what they want.”
However, that doesn’t mean it’s entirely the victim’s fault — the blind application of warnings to all new payees occurs because banks aren’t able to assess which transactions are likely to be fraudulent due to a lack of data. Many consumers, and increasingly regulators, argue that’s a situation banks should be investing more into to change.
xxx
I agree with Sophie Guibaud and Scarlett Sieber’s vision — in their 2022 book How Embedded Finance Takes Over the World — of a world in which transactions will frictionless and invisible, where our digital wallets will do our transacting for us, autonomously and with our permission. They think that in 2030, small routine transactions will be autonomous, machine-to-machine. Purchases will not require interacting with a cashier or even a website or app shopping cart. The purchase will be logged, invisibly but transparently, and your wallet will pay the merchant.
What is the right kind of friction in this process?
xxx
While the number of U.S. banks may be high relative to many other countries, the truth is that we don’t need more traditional banks — we need different kinds of banks.
From How “Payment Banks” Could Prevent the Next Bank Collapse:
xxx
xxx
Fortunately, other countries have begun to figure out solutions to this problem. The United Kingdom, Australia, and Singapore have all been innovating and we can usefully learn from their efforts. There are effectively two possible solutions: Allow nonbanks to access the payment system as the UK and others have allowed, or create banks that do nothing more than solve this “payroll problem.” We prefer the latter.
To solve the uninsured creditor problem without distorting incentives for risk-taking, the U.S. should create a special class of bank called a “payment bank” that does nothing more than process payments. Their deposit bases would be large and potentially volatile, they would be very tightly regulated (even more so than money market funds), and they would be unable to take any credit or maturity risk. In short, they would take payroll deposits and other similar large B2B transactions and facilitate access to the payments system.
What would the business model be for these payment banks? There are two possibilities: They could earn a safe return by investing these deposits with the Federal Reserve at the federal funds rate, or they could charge their clients a very small fee for facilitating these large payments. Investing large amounts of these deposits for very short periods in a riskless manner can yield sizable revenues, especially in the current environment, and it’s possible that some of this revenue could even be rebated back to the depositors.
From How “Payment Banks” Could Prevent the Next Bank Collapse:
xxx
xxx
One solution is for Alex to use what is known as a custodial wallet. With a custodial wallet, another party controls Alex’s private key. In other words, Alex trusts a third party to secure her funds and return them if she wanted to trade or send them somewhere else.
xxx
xxx
In fact, recent changes to SCA rules which were announced by the European Banking Authority (EBA) in December will extend the 90-day “reauthentication rule” to 180 days, doubling the time frame during which consumers have to reconsent to third parties accessing their account data.
The U.K., on the other hand, has done away with reauthentication requirements altogether, with customers no longer required to reauthenticate with their bank when a third-party account information services provider (AISP) accesses their bank account data via the open banking scheme.
From Barclaycard: Detect-and-Protect Mindset Needed | PYMNTS.com:
xxx
xxx
Moving away from the “one-size-fits-all approach of the European Union’s GDPR, the Data Protection and Digital Information (No. 2) Bill will benefit businesses by “taking the best elements of GDPR and providing businesses with more flexibility about how they comply with the new data laws.”
The Bill will “Provide organisations with greater confidence about when they can process personal data without consent” while reducing paperwork and costs if businesses are already compliant with current data regulation.
A release estimates that data-driven trade made up 85 percent of the UK’s service exports, contributing £259 billion in 2021. Although in the same year, the impact of Brexit-related fresh bureaucracy saw UK goods and service exports to the EU fall 14 percent on 2020 or 25 percent compared to 2019, reported The Guardian.
The impact assessment estimates a net benefit of anywhere from £1.3 billion to £8.5 billion.From ‘New and improved’ UK GDPR to save £4.7B over ten years, ensure data adequacy | Biometric Update:
xxx
xxx
However, very large online platforms identified under the Digital Services Act, like Google and Facebook, will have to support the wallet for logging into their service.
From EU institutions prepare to negotiate the European Digital Identity – EURACTIV.com:
xxx
xxx
The MEPs also clarified the relationship with the EU General Data Protection Regulation. They included the right for users to use pseudonyms to protect their personal data when there is no legal requirement for identification.
From EU institutions prepare to negotiate the European Digital Identity – EURACTIV.com:
xxx
Ilya Sutskever, OpenAI’s chief scientist and co-founder
“On the safety side, I would say that the safety side is not yet as salient a reason as the competitive side. But it’s going to change, and it’s basically as follows. These models are very potent and they’re becoming more and more potent. At some point it will be quite easy, if one wanted, to cause a great deal of harm with those models. And as the capabilities get higher it makes sense that you don’t want want to disclose them.”
From OpenAI co-founder on company’s past approach to openly sharing research: ‘We were wrong’ – The Verge:
xxx
xxx
But it remains the case that high street lenders are generally working with an older patchwork of systems than their neobank, fintech or digital-only competitors. “The IT systems at traditional banks tend to be old and they are often running multiple different platforms assembled through mergers and iterative developments,” says Amanda Gray, co-head of financial services at Addleshaw Goddard.
This is costly, inefficient and probably annoying for everyone involved. But it also presents a looming regulatory risk. From the beginning of July, UK banks will be subject to a new consumer duty — a broad requirement on financial services companies to prove they have acted in customers’ best interests and produced “good outcomes” for clients.
On a basic level, this requires you to be able to monitor what customers are doing with you, across different products and services, monitor how they’re faring, and produce evidence that all is well. This, at the risk of stating the obvious, is harder to do across six or seven old tech platforms that don’t talk to each other. The Financial Conduct Authority in January flagged that some firms hadn’t properly considered the data requirements of the new duty or were assuming they could simply repackage existing data. Other lenders have the data but aren’t necessarily able to use it.
From Why crummy bank IT is a looming regulatory risk | Financial Times:
xxx
Snippings