The ease of use of mobile services such as mobile banking are making me lazy and perhaps not as focused as I should be when it comes do doing stuff online.
This week is a great example. I went on the SIBOS website to sign up for a press pass for the upcoming SIBOS 2019 in London’s ExCeL.
Probably my fault but I didn’t get very far. Enter password, click on email link, fill in loads of details, “oops only numbers in the telephone number box.” Try again “oops only numbers in the telephone number box.” I could go into more details had if I could remember but it is safe to say it got messy and I ended up having my account, which somehow managed to be set up, locked.
So I went for the tried and tested press office route to sort it out, which did the trick.
But this got me thinking why was it easier to open a current account with a challenger bank than it was to get a press pass for SIBOS online? I did open an account with one of the challengers and I have to say it was very easy through a mobile phone. Similarly opening new accounts on the mobile app of my existing bank is a doddle.
It is all about identity and how much information about yourself you are willing to share in return for easier to use services If an app has all you details and you have approved it, using it becomes easy and secure with the right authentication. It is only when the service doesn’t know you that things become more difficult, with more to do for the user. A digital identity or digital passport will make things easier. IO imaging if SIBOS had all my details already it would have been simple.
Anyway the experience made me change my views on Bank branches. I always thought we don’t need them anymore but maybe we do. If an online automated experience doesn’t live up to expectations customers need a fall back option, particularly when it comes to money, and for many that will be the branch.
The fintech company behind HSBC’s open banking features has cut 20% of its workforce of about 100 as it strives to recruit different types of people.
Fintech Bud said the cuts are part of a process of refocusing its business. Mainly support staff will be reduced with continued investment in software engineers as if concentrates on developing open banking capabilities for its financial services customers.
The company, which is based in Old Street London, started life in 2016 as a B2C platform to help people improve their financial well-being, before moving into banking with a platform that allows banks to harnesses open banking.
This year received $20m Series it received funding from HSBC, Goldman Sachs, ANZ and Investec amongst others.
According to a statement from Bud its priorities have changed as a result of growth. “This results in a need to reconfigure businesses from time to time. In our case we need to focus on the core areas of the business that will help the company progress to the next stage of growth and become the market leading provider of open banking technology.
“We have made some changes to our company structure, primarily in the support functions of the business designed to ensure we can focus on the task at hand. We are continuing to hire in key areas where are to bolstering our proposition.” According to a report in The Telegraph fintech Bud continues to hire engineers
Bud’s flagship customer is HSBC. Bud worked with HSBC to develop a money management app, called artha, to help customers of First Direct, understand their spending from different providers through a single login. It also analysed their behaviour and make recommendations. This was later turned off with the best features integrated into the bank’s mobile app.
The employees that were cut were mainly in Bud’s marketing department.
The advantage that fintechs have over banks is the fact they are small and agile and can change focus when required.
CEO Ed Maslaveckas told The Telegraph that part of being an agile tech business is that you can respond quickly to changes in the market.
“We’re adapting our strategy to focus 100% on delivering value to business customers and that means we need a different group of people to deliver it. For example, the strategy also means we’re hiring more in our sales and development teams.”
The original deadline for PSD2 compliance quietly passed by at the weekend but it will be another 18 months before UK businesses meet the regulation’s rules on customer authentication.
Nick Caley vice president of financial services and regulation at authentication technology supplier ForgeRock, provided his opinion on what the delay means to companies that must comply.
PSD2 security deadline extension is not a reason for further can kicking
By Nick Caley,
September 14th marked the original deadline by which banks were required to implement the final element of the PSD2 regulation – Strong Customer Authentication (SCA). However, due to a lack of preparedness across Europe, the authorities responsible for supervising the implementations have provided extensions, with the UK’s Financial Conduct Authority (FCA) pushing it back by another 18 months.
It’s not as if the industry hasn’t had plenty of time to prepare: the long established deadline comes after a phased implementation ‘roadmap’ which has given banks visibility of the required changes to deploy new methods of authenticating customers since 2015. It’s also certainly not for a lack of technology: there are a variety of options on the market that can deliver improved security with frictionless convenience through multi-factor authentication, such as biometrics.
The delays in delivering SCA therefore serve to highlight just how painfully slow the speed of change is amongst the established banking and payment providers across Europe, and this is having a knock-on effect for both consumers and the wider industry.
No SCA? No way…
SCA – which requires that electronic payments are performed with multi-factor authentication – is a crucial element of PSD2. Without it the high-value credentials that customers use to unlock access to their money could be exposed to security threats and the ever-present risk of fraud. Despite security now being capable of seamless experiences, banks have failed to implement it successfully, presenting a potential “cliff edge” scenario that has been prevented only by the European Banking Authority’s decision to offer flexibility on extensions.
This is the latest in a series of shortcomings from the vast majority of banks across Europe, who have failed to provide robust APIs for some time now. Such slow progress is causing a great deal of frustration among the fintech community, who have been developing open banking innovations, and rely on these APIs for their products to work.
However, the real losers here are the banks’ customers, who are getting increasingly frustrated at the frictions, margins and delays involved in their use of day-to-day digital banking, and who often prefer a mobile-only experience, which most banks are struggling to provide. Add to this the increased levels of fraud and cyber-attacks, which put consumers’ vital financial information at risk, and you begin to see why banks need to start prioritising security across their digital transformation as they build exceptional user experiences that put their customers at the centre.
Don’t just comply – compete
Technology innovation is a market force that adheres to no deadlines, and digital leaders in Banking are increasingly delivering better, faster, easier and safer banking experiences. Accenture recently charted the rise of British-based digital only banks, who have grown their combined customer base to 13 million and could triple growth around the globe, having already doubled in the last 12 months — such is the reality of the ongoing shift to customer-centric business models.
This is why banks cannot afford to view this 18-month extension as an opportunity to kick the security of their digital transformation into the long grass. Doing so would risk getting outcompeted by the more agile digital natives. With fintech and big tech poised for the mass adoption of Open Banking enabled services, there is far more at stake for digital laggards than the scrutiny of the regulator.
Evolution AI is creating machines that can read documents in any language so humans don’t have to and is taking some decision making out of their hands as well.
The company is one of the increasing number of startups that target the banking sector as a main customer base, but are not actually providing financial services.
There is a bit of a blurring of lines between fintechs, insurtechs and regtechs. Evolution AI has mainly financial services companies as customers, hence the fintech alignment but as its work often involves compliance for banks it also fits snuggly into the Regtech sector.
For example the company has done work for Royal Bank of Scotland (RBS) to automate its Know Your Customer (KYC) process. When potential customers sign up to RBS products and services all their documentation is read and cross checked automatically by Evolution AI software, which can then automatically make a decision on whether the customer qualifies. In the past people would read all documents and then make decisions.
Martin Goodson, who founded Evolution AI and is now CEO, was a machine learning scientist and had run data science teams at some London based startups. He them met Rafal Kwasny who had been working at investment banks in IT departments with a focus on big data and analytics.
It was 2015 when they kicked off the company. They had the tech expertise but having not worked in the business side of finance the two techies had to initially spend time talking to potential customers to help them understand the business needs.
Goodson said: “We needed to try and understand the marketplace and what where the very document based processes in banks. We knew the technology really well and wanted to understand how we could bring this to the enterprise world.”
The interest began much earlier. At an event in 2011 Goodson did a workshop in Deep Learning, before it was famous. “It was a small workshop and no one had really heard of it but it was really exciting. We saw what natural language processing, which teaches computers to read or understand human language, could do.”
So it wasn’t frustration in the workplace that triggered the founding of the startup but the realisation that a technology could revolutionise the way businesses work.
“We have an assumption that if we can teach computers to read documents and make decisions based on this there are a hell of a lot of business processes that could be automated,” added Goodson.
It was 2015 when Goodson and his co-founder built the first version of the platform combining their combined expertise in big data and machine learning. It could handle millions of documents, read them and make decisions based on that.
It got its first customer in 2016 when commercial data, analytics, and insights for businesses Dun and Bradstreet (D&B) signed up. In finance D&B provides services such as credit scoring and provides data to support KYC compliance. “It is an important part of the financial services ecosystem,” said Goodson. Dun and Bradstreet still uses the software.
KYC is the ideal home for Evolution AI’s software with its document heavy, labour intensive and repetitive nature.
In 2017 RBS Evolution AI’s first banking customer. The companies are working together on several projects, including RBS’s KYC project, but many have not been made public yet, said Goodson. “Other than UK government departments and Dun & Bradstreet all our customers are in the banking sector.”
For example Goodson said the company is working with another UK bank on reading invoices. “Most invoices contain similar information, but traditionally it has been difficult to automate the extraction of data because they come in many different varieties and formats. As a result businesses use humans to process them.”
For example Optical Character Recognition technology works well if the reader knows where to look on the page, but with invoices you can’t do that because the information could be anywhere.
“But our technology has a lot of cognitive flexibility and can understand overall document structure just by looking at the visual element on the page, much like a human does.”
Evolution AI has ten members of staff in London where its research and development is done, so most are engineers. I also has a small team in Poland.
The company received a large AI grant, about £800,000, from the UK government through Innovate UK.
“We demonstrated why our technology was more advanced than anything in the market and were successful,” explained Goodson. It has used the money to expand its capabilities to be able to read text in images. For example text in PDFs.
“It can read text in any format. Machine readable or not, we don’t care.”
How accurate is Evolution AI technology? Well the company has SLAs with customers today that mean accuracy has to be 99.5%. “The system knows when it doesn’t know and will pass to a human to check when this happens. It also learns from any corrections and improves.
The company is aiming to double its revenues every year. “We now need to get out there and communicate to the world what the technology can do.”
It recently launched fully self-service platform which allows customers to train the AI themseves.
Read the previous fintech interviews
Part 26 Funding Options, Part 25 FutureBricks, Part 24 Esme, Part 23 The ID Co, Part 22 Currencycloud, Part 21 Tandem, Part 20 Tink, Part 19 Goldex, Part 18 Azimo, Part 17 Yoyo, Part 16 Bud, Part 15 Previse, Part 14 Finastra, Part 13 InstaReM, Part 12 Eucaps, Part 11 AimBrain, Part 10 Meniga, Part 9 TrueLayer, Part 8 InvestCloud, Part 7 ClauseMatch, Part 6 Rebuilding Society, Part 5 Honcho, Part 4 Akoni, Part 3 Wrisk, Part 2 CreditLadder, Part 1 Taina Technology
There is billions of pounds being funnelled into fintech and it is usually this that makes the headlines. But sometimes I feel like I lose track of what fintech actually offers.
It sometimes feels that the fintech industry is just a sector designed to make money, when actually it is democratising money.
Fintech is providing financial services that are out of the control of the big banks that used to dominate the sector. As a result it is opening financial services up to more people, some of which would have had no access via traditional channels.
Charlotte Crosswell has contributed an opinion article to the blog on the very subject.
Look beyond the headlines – fintech is about tackling every day challenges
By Charlotte Crosswell is CEO of Innovate Finance
Much has been made about the dramatic rise of fintech in the last few years. Record-breaking investment, strong employment figures and trailblazing expertise has enabled the UK to become a world leading hub at the heart of the innovation revolution changing the face of financial services.
But beyond the excitement around investment figures, it is clear the rise of purpose driven fintech solutions has wider ramifications for society as whole.
At times, this impact has been overlooked, but scratch beneath the surface and there are numerous examples of businesses building innovative products that solve some of the most challenging problems facing consumers and businesses today.
At its core, fintech is transforming the way in which we exchange and allocate resources. This is about improving our ability to cooperate and coordinate at scale, which relies on monetary systems that govern commerce, exchange and value. The start-ups which appeal to investors have a clear vision of how they want to change the world, reaching across society to provide real opportunities for people to improve their lives.
As a result, fintech is a sector driven by innovation and inspiring leaders who are helping solve the most pressing issues facing us all, using innovation to fix our financial system and open it up to more people.
Fintech is making a big impact in three key areas: inclusion, choice and transparency.
There are currently 1.5 million adults in the UK who are unbanked, with 40% of the working age population with less than £100 in savings. At present, reliance on payday loans is a reality for many, as are the astronomical interest rates that can often mean borrowers remain in a poverty cycle.
The knock-on effect is that a significant portion of the population is financially excluded from a process that most of us take for granted. This in turn creates poverty premiums, with service providers putting the most financial strain on those who can afford it the least.
This is just one area where fintech is creating workable solutions. Some fintechs have built products which help companies provide affordable, salary-deducted loans for their employees. Other fintechs provide salary-advance services, which enable workers to access their pay as they earn, diminishing the risk of falling into a high-cost debt like a payday loan.
Elsewhere, fintechs are helping consumers build their credit history and credit score, giving people access to a range of financial products and entry to the formal financial system in a way they never had before.
Similarly, fintechs who are utilising open banking are looking to transform the future of financial services, increase competition and create a better consumer experience.
But beyond increased flexibility, fintech is democratising access, increasing transparency and enabling fair finance. Innovation can be used to empower those at the fringes of our economy and society, or those who believe financial wellness and stability is an unreachable goal.
It is also enabling safer and cheaper cross-border transfers, allowing those supporting their families abroad to do so with fewer limitations and red tape. Consumers have been losing millions in hidden exchange mark-ups due to non-transparent pricing models. Digital peer-to-peer lending services eliminate this risk by connecting consumers directly with lenders, giving consumers a clearer view of pricing without expensive overheads, saving them money and empowering them in the transaction.
The UK is at the heart of it all and we are in a strong – and unique – position to continue leading the way. Fintech has so much more to offer the world and we are only just starting to realise its full potential.
Let’s not lose sight of this purpose and its capacity as a powerful force for good.
Digital challenger bank Tandem is accelerating the training of its artificial intelligence technology to offer customers tailored banking services with the appointment of a seasoned expert to train its artificial intelligence (AI) engine.
The ability to automate services that use customer insights to offer banking services that people want is a key strand to Tandem’s business model. It uses AI and open banking technologies to make banking easier and helping customers better manage their money.
These personalised insights enable app features such as automatic savings, and will be an important to Tandem’s upcoming mortgage offering.
Tandem was incorporated in 2013 took on its first employee, unsurprisingly a chief technology officer in 2015, and got its banking license in 2018.
Tandem has appointed Noam Zeigerson, who has 18 years’ experience, as chief data officer
Zeigerson said there is no one-size-fits-all in banking. “Every day we are training AI, harnessing the power across app features to give each user an experience that is tailored to their needs.”
For example Ricky Knox, CEO at Tandem, told me that the company is currently running a beta of its proposed mortgage offering which will personalise them for customers. He said the product will be available next year.
It is this kind of challenge that attract the top talent to challenger banks, where salaries might not be as high as at traditional banks.
It seems AI experts are kids in sweet shops, when it comes to applying there expertise in the challenger bank sector.
Knox said Zeigerson who previously worked at Bank Hapoalim, one of Israel’s biggest banks, was attracted by the opportunity to combine the huge amount of data available in banking with a startup development mentality. “The problem working for a big bank is everything takes 14 times longer,” added Knox.
Cross border money transfer firm Azimo has made its first profit and set its sights on expansion in Asia.
Set up in 2012 Azimo enables people to make cross border transactions in seconds via a smart phone app at a considerably lower cost than traditional high street money transfer shops. I interviewed CEO and founder Michael Kent in March as part of a series of Fintech interviews.
In the 7 to 15 seconds it typically takes for a transfer to go through the Azimo time and complexity is removed by automating a number of steps. These are: initiate the payment – take the money – trade the money – check the compliance – terminate the payment.
The company has now transacted $2bn worth of transactions from more than a million people and hit its first profit in the second quarter 2019.
This is set to increase as Azimo extends its services. Before the end of 2019 it will enable customers to send money from Asia. It currently enables payments to Asia but not from. In May Azimo gained a European licence, through a Dutch subsidiary it set up, to protect its business as Brexit approaches made headlines in March as one of the only UK fintech companies to secure a European licence ahead of Brexit.
Kent has now moved to an executive chairman role. “The time is now right to hand over the role of CEO to my successor, Richard Ambrose (formerly COO), who has played a big part in the company’s development since he joined Azimo two years ago,” said Kent. “I will continue to work closely with him and the rest of the team to make sure that our success story continues.”
Read more about Azimo
Azimo safeguards its EU passporting rights with Dutch licence
Azimo is stripping high streets and denting the universe: Fintech interview part 18
I have been on a bit of a roll this week when it comes to the security around PSD2. The announcement that the FCA was given permission to give extensions to companies implementing Strong Customer Authentication (SCA) was a gentle reminder to me that a major deadline was close.
Here is another opinion article. Here Paul Adams, director of acquiring at Barclaycard Payment Solutions, shares his thoughts on meeting the SCA standard and gives detailed advice to companies that will have to meet the standard.
SCA: Setting the record straight and making the most of the new payments regulation
By Paul Adams,
Ever since Strong Customer Authentication (SCA) was first announced as part of PSD2 in 2015, we have seen a number of myths and inaccuracies floating around the industry. While general awareness and understanding has certainly improved over the past four years, the recent opinion published by the European Banking Authority (EBA), which gave the FCA, CBOI, and their European counterparts more flexibility to grant SCA deadline extensions, has resulted in a resurgence of some of these myths, some of which are placing UK businesses at risk.
Businesses understand the impending changes – not only around how and when to prepare for the transition deadlines, but also how to think about SCA differently, in order to turn it into a strategic advantage.
Be the Ant, not the Grasshopper: The SCA deadline is still September 14
The most dangerous myth we’re seeing at the moment is that some businesses have taken the EBA’s announcement as an excuse to take their foot off the gas when it comes to complying with the new legislation, in anticipation of a deadline extension.
In reality, while the EBA’s announcement does give the FCA and CBOI more flexibility to grant deadline extensions in the UK and Ireland, right now the compliance deadline of 14 September has not changed. What’s more, if the FCA and CBOI do decide to extend the deadline for certain SCA activities, they will need to set out clear compliance roadmaps, and we expect 3-D secure version 2 (3DS2) to be one of the first milestones for which businesses are held accountable.
Therefore, any businesses pushing compliance down their list of priorities could be lulling themselves into a false sense of security.
It is of the utmost importance that businesses continue to push towards preparing themselves for SCA, in particular by embedding 3DS2 into their payment journeys, in order to avoid a situation where they have too much to do, in too little time. If they don’t comply in time, there’s a very real risk that they could start seeing their customers’ transactions automatically declined.
Is this the end of One Time Passcodes (OTPs)?
Prior to the EBA’s announcement, many issuers had been planning to send One Time Passcodes (OTPs) via SMS to customers going through SCA. With SCA requiring consumers two provide two out of three of ‘something they know’, ‘something they have’, and ‘something they are’, it was generally thought that OTPs would qualify as ‘something they know’, which could then be used in conjunction with a ‘something they have’, such as credit card details, to pass through SCA successfully.
However, the EBA announcement also made it clear that OTPs would qualify as a possession factor, rather than a knowledge factor, which means that OTPs and credit card details now fall under the same category. As a result, those two methods can no longer be used in isolation in order to pass SCA.
This has had a major impact on the banks / issuers who had been hoping to offer OTP as one of their authentication methods. Those providers now need to review their remaining authentication journeys to make sure that they are still able to provide their entire customer base with a compliant solution. If the removal of OTP leaves a gap for certain customers, they may need to build and promote another method, e.g. biometrics.
The knock-on impact this could have on merchants is that if an issuer hasn’t properly promoted their compliant SCA solution, or hasn’t designed a slick authentication journey, merchants could see an increase in that issuer’s customers abandoning their baskets.
However, that doesn’t mean that OTPs will disappear overnight – they do still have value in keeping fraud low. For now, we expect many issuers to continue using OTPs at a possession factor, at least until consumers are more comfortable with newer and better authentication methods.
New complexities for multi-national businesses
Before the recent EBA announcement, all merchants, issuers and acquirers were working towards the same, pan-European compliance date – September 14. However, the EBA’s recent announcement means that the FCA, CBOI and each of their European counterparts have the flexibility to impose their own compliance deadlines and country-specific exceptions. While that might seem to make sense at an in-country level, this has the potential to cause quite a lot of confusion.
For merchants operating in more than one country, things could get complicated quickly, because they could be subject to multiple overlapping deadlines. At Barclaycard, we believe that a harmonised, pan-European approach would benefit both merchants and consumers, and we will continue to advocate for that with the help of key industry stakeholders and regulators.
Having said that, the best thing that merchants can do to minimise any cross-European complexity will be to keep working towards becoming SCA compliant ahead of September 14.
Challenging the customer experience myth
Alongside misconceptions around the implementation deadline, we have also seen concerns that SCA will have a detrimental impact on business revenue.
First of all, it’s important to note that these concerns are not entirely unfounded – while the primary purpose of SCA remains to tackle cybercrime, SCA will introduce friction into the shopper journey, and this friction could lead to an increase in basket abandonment, resulting in a decline in sales.
However, a lot of that fear stems from people’s personal experiences with the current 3-D secure authentication technology, known as 3DS1. While innovative when it first launched, by today’s standards 3DS1 has started to feel clunky, and its use of pop-up windows might seem suspicious to those who equate pop-ups with spam and phishing. It’s fair to say that 3DS1 has been rendered obsolete by the technology changes and security risks that brought about strong customer authentication in the first place.
As a result, the prospect of more customers being asked to authenticate themselves could understandably be alarming. However, the good news is that are two reasons why businesses don’t need to panic.
The first is that the payments industry has designed a new iteration of 3-D secure, known as 3DS2, and this newer version uses much more advanced infrastructure, and is far more dynamic and streamlined than its predecessor. This should mean that the 3DS2 authentication experience will be much smoother than with 3DS1, meaning that customers won’t feel as much of a break in the payment journey.
The second reason is that there are proactive steps that businesses can take to reduce the volume of their customers’ transactions that require full authentication, thereby taking away that additional friction.
That’s because, under SCA, certain types of transactions are exempt from full authentication, as long as certain criteria are met. Examples of exemptions include low value transactions, low risk transactions and transactions with merchants that the consumer has ‘white-listed’ with their credit card issuer / bank.
Businesses hoping to turn SCA into a strategic advantage should maximise and optimise their use of these exemptions, and in order to do that they should consider partnering with a trusted payments services provider to apply those exemptions on their behalf, once SCA comes into force.
Preparing your business for SCA success
As we approach the September deadline, it’s time to rethink SCA and re-evaluate the fears surrounding the new system. If solutions are implemented promptly and correctly, both consumers and businesses should see significant benefits.
Our advice to clients is to keep working towards embedding the new 3DS2 authentication technology into their payment journeys, and to speak to their payment acceptance / gateway provider if they have any questions. In addition, retailers should already be thinking about how to maximise their use of SCA exemptions, in order to minimise customer friction.
Funding Options is a fintech that started out with the aim of being like a MoneySuperMarket for business lending said Conrad Ford, CEO and founder, at the company. It later became more like a dating site, he added.
Ford had spent most of his career working in banking including at a large investment bank and most of his career at Barclays.
It was during his time at Barclays and more specifically when he was moved into an innovation unit at the bank, that his interest in developing tech led products was ignited.
“Fintech wasn’t a word at the time but like other banks Barclays created a standalone unit with high independence to build new propositions,” said Ford.
He said this was a bit different to some of the “fluffy incubators” initially set up by banks. “We were told to go and build real businesses with real revenues.”
He said within the unit he was in a team focused on creating new services for small businesses. “Barclays had a huge number of small business customers and there was an opportunity to go beyond traditional banking services.” This included creating a tool that small businesses could use to do credit checks on customers.
He said he did not go into the unit out of a desire to innovate or get fintech experience (before the term existed) but because he wanted management experience. He expected to move back into Barclays in a bigger operational role, he said: “But my taste for freedom was enough and I didn’t want to do that.”
This is when the genesis for Funding Options emerged, which he described as his mid-life crisis of sorts. He said he was in his late thirties and decided now was the time to turn his years of experience in the banking to something new.
He said startup founders in their late thirties and early forties are statistically the most successful because of experience. “Many have previously tried things out with other people money and failed.”
“I jokingly describe Funding Options as my mid-life crisis because at the time I had a good job in a large bank, but I wanted to go off and do my own thing.”
It was 2012 when Ford “got serious” about Funding Options.
He said because of his connections he was able to raise initial funding just on the business plan. This plan, was for a fintech that helps SMEs find funding, and it came in at a time when they were struggling to get access to loans.
“The peak of the impact of the financial global crisis in 2008 on small business lending was probably around 2010/2011.”
He said the challenges for small businesses getting loans was central to his thinking at the time. “It seemed to be the right business at the right time.”
This is when the idea of building a platform like MoneySuperMarket but for business lending. “There are lots of sources of funding, and even were during the crisis, but the problem is small businesses and lenders couldn’t find each other.”
“So there was a big problem that had to be solved,” added Ford.
He said too many startups are focused on either not big enough opportunities or not big enough problems.
Towards the end of 2012 Ford made his first entry into the market, which he said was an abject failure. “We are a perfect example of a company that takes a couple of year to get the right product/market fit.”
“Some startups get the right product in the right market straight away but this was not the case for us and it took a couple of years to get it right,” added Ford.
This was an important lesson for Ford. He said people think they can run a business but then realise very quickly that running a startup is very different from running a large company.
Keeping investors interested during the early years required some “very inspirational speech” Ford joked. “There were occasions in the early period when we came close to going under, with two or three occasions when the management wasn’t sure if it was going to be able to pay staff.”
Initially Ford and his team built what he described as a “tech heavy solution” to the problem using advanced technology, but he said it didn’t work for small business customers which can be relatively unsophisticated. The initial platform also used accountants as a channel to customers, which despite research showing this to be a good idea, didn’t work, said Ford. “There was a discrepancy in what the accountants do in practice and what they say in surveys.”
By 2014 Ford said the team had worked out how the business should look and managed to raise some venture capital funding. “We got a couple of million pounds which is the start of where we are today.”
The platform today is like a dating site for small businesses and lenders. A small business goes onto the platform and is asked for information about what they want to achieve, how much money they need, how quickly they need money as well as questions about the business. Funding Options’ proprietary algorithms quickly match these small businesses with the most appropriate lenders. External data sources is also being brought in to improve and speed up matching.
Ford said: “A dating site will say there are thousands of singles in London, but how do you find the three that are worth having dinner with?” He said Funding options applies the same type of technology as dating sites to small businesses and lender matching.
It currently instigates loans of about £100m a year.
In June Funding Options was awarded £5 million grant, from the Alternative Remedies Fund, to ensure finance choice for SMEs across the UK.
Funding Options has about 60 staff in London and is also growing its new operation in the Netherlands. This came about after Dutch bank ING invested in the company.
Expansion won’t end there. “We plan to be a pan-European business,” said Ford.
Read the previous fintech interviews
Part 25 FutureBricks, Part 24 Esme, Part 23 The ID Co, Part 22 Currencycloud, Part 21 Tandem, Part 20 Tink, Part 19 Goldex, Part 18 Azimo, Part 17 Yoyo, Part 16 Bud, Part 15 Previse, Part 14 Finastra, Part 13 InstaReM, Part 12 Eucaps, Part 11 AimBrain, Part 10 Meniga, Part 9 TrueLayer, Part 8 InvestCloud, Part 7 ClauseMatch, Part 6 Rebuilding Society, Part 5 Honcho, Part 4 Akoni, Part 3 Wrisk, Part 2 CreditLadder, Part 1 Taina Technology
I blogged yesterday about a conversation I had with an anti fraud expert about PSD2/open banking security. This post was focussed on the risks that human behaviour combined with the opening up of banking could increase the risks of social engineering from fraudsters. You can read it here.
There was also news yesterday of a study that shows that most fintech startups, like most banks, are failing to address vulnerabilities in the web and mobile application. Food for thought with the likely confusion that early open banking will bring to the market for consumers.
Banks and retailers have been given an extra 18 months to meet PSD2’s Strong Customer Authentication (SCA) rules as I previously wrote and have an interesting opinion piece from James Maude, head of threat research at UK security software company Netacea, on open banking security, which I thought timely.
Banks still unprepared for open banking security
By James Maude
Open Banking was the UK’s attempt to get ahead of PSD2 regulation, with an ambitious timetable for the biggest banks to create open Application Programming Interfaces (APIs). Despite this head start, the banks are underprepared for PSD2’s second major requirement, the demand for improved anti-fraud measures.
However, retailers and banks have a short reprieve. Strong Customer Authentication (SCA), the new EU rule that demands certain payments use two factor authentication, has just been kicked down the road by the Financial Conduct Authority (FCA). It was predicted that 25% of payments were set to fail, thanks to a lack of preparation, so an extended deadline of eighteen months is bound to be a relief.
Criminals and fraudsters will also be relieved. SCA will make their jobs significantly more difficult—they’ll have to work a lot harder to bypass extra authentication methods. Without this extra step, it’s far easier to perform card cracking, using bots to check thousands of stolen card details. These details, leaked by data breaches and sold on the dark web, are much less effective if hackers need to also try to subvert one-time passwords and other security methods.
The issue that banks and other financial service providers face is that when one method of attack is thwarted, cybercriminals won’t simply give in—instead, they look for another way in and PSD2 presents a prime opportunity: APIs. The UK has already gone some way to adopting banking APIs thanks to its Open Banking initiative, opening up banking data to fintechs and other providers for the benefit of consumers and to encourage competition. The introduction of SCA means these APIs are more likely to be targeted.
Access to APIs is restricted to regulated third party providers (TPPs) that have been subject to extensive verification of their security, operational governance and risk management controls. But this doesn’t mean that they are necessarily 100% safe from attack. APIs can extend the ways in which an attacker will attempt to gain entry—through the TPP, mobile applications, or access to the API directly. Plus, while Open Banking has defined API standards, PSD2 is more open to interpretation, potentially leading to confusion over exactly how a secure API should be implemented.
The problem for banks is that, even if they take every precaution to make sure that the API is secure, there are ways to attack it that are out of their control. A hacker with access to a TPP’s system could use it to scrape personal details, but it doesn’t have to be quite so direct. An improperly secured and poorly designed third-party app configured to share the bank’s data is a direct link to an API that can be exploited in a “supply chain” attack—in which instance, automated attacks that test credentials and card details and commit fraud become possible.
Blocking IPs and blacklisting will only go so far to beating this problem—but APIs also present a new problem. The influx of third-party data will mean banks will no longer fully understand the data traffic on their systems. Previously, while there was some understanding of a user’s behaviour, this will be lost on the other end of an API. The potential issues, however, go beyond a loss of market intelligence.
Right now, bots (both good and bad) and humans are interacting with online and mobile banking. Banks understand this traffic, know what it looks like and can identify ill intent to block some common automated attack techniques. But they do not have the same knowledge and understanding of traffic to new APIs. Their ability to separate the good from the bad will be limited—not only is this a new attack vector, it’s one where an attack won’t be immediately obvious.
PSD2 is a much-needed legislation that presents financial institutions with new challenges. It also presents ample opportunity for banks to update legacy systems, collaborate and improve their security platforms. But banks not only need to secure their APIs, they need to quickly get up to speed as to what is normal use and what bad intent looks like. PSD2 represents a new spirit of openness, but it’s vital that embracing this does not expose financial service providers or their customers to additional risk.