Whether it’s consumers getting comfortable with a new payments experience or a large financial institution (FI) getting comfortable sharing data with FinTechs, there’s one constant that needs to be in place to make it all happen; trusted infrastructure.
Those pipes — connecting old rails with new, leveraging application programming interfaces (APIs) to deliver innovation — not only have to meet a shifting assortment of global regulatory requirements, but they also must provide consumers with convenience and a sense of security as they permit banks to share their details and data.
We’re headed toward an ideal world for digital commerce through open banking. In that fully formed ecosystem, consumers could conceivably apply for any kind of loan or credit line from multiple sources — and even learn if they’ve been approved before sharing truly sensitive personal data online, thus keeping it safe from cyber thieves.
To get there, we’ll need a “zero-data” approach to move sensitive information and a whole lot of education, a quartet of FinTech executives told Karen Webster. Panelists included Very Good Security Co-founder and CEO Mahmoud Abdelkader, Belvo Co-founder and Co-CEO Pablo Viguera, Vise Co-founder and CEO Samir Vasavada and Fidel Founder and CEO Dev Subrata.
The discussion took place against a backdrop where, as PYMNTS research has shown, roughly half of consumers store payment credentials in their online accounts and have been ramping up their online engagement with platforms through the past year. But they’re also increasingly concerned about how their data are being used and stored. As many as 45 percent of consumers are afraid to share their PII.
Familiarity breeds comfort – and comfort breeds a willingness to share information. As many as 56 percent of consumers are at least “somewhat” willing to provide PII to the online platforms they currently use, and as many as 20 percent are “extremely” willing to do so.
Getting consumers to cross the Rubicon from being willing to share their information to actually giving permission to do so — which gives the FinTechs the access they need to create new financial services offerings — means being transparent about the value created in exchange for that permission.
“The vast majority of people prioritize convenience over everything else,” said Vasavada. “The job of a successful FinTech company with a successful consumer-facing application is to create a great experience and a convenient product.”
In the age of open banking and amid the great digital shift, he said, it’s been the job of companies like Vise to build the infrastructure that allows FinTechs and financial services platforms to connect and work together — without having the FinTech build and “embed that privacy layer” itself.
As Abdelkader said, “expecting people to build security for their entire product seems like a very far-fetched expectation, especially as they are also concentrating on consumer experience, conversion rates and usability.”
The panelists noted that in solving the frictions inherent in certain geographies and building modern connectivity layers on top of existing data rails — using APIs and platforms — privacy and consent are a critical part of what they do. After all, it is the consumer who has the final say in who sees their sensitive information.
Far-Flung Businesses, Common Goal
The businesses in the panel are far-flung: Fidel provides programmable cards; Vise has built a platform that uses artificial intelligence (AI) to analyze data about a client to identify their investment goals and needs and build automated portfolios and investments. Belvo is focused on building an open-finance AP platform for Latin America.
But no matter the business focus, the panelists noted common friction points: With innovation comes compliance and regulatory challenges — and building and cementing consumer trust is a marathon, not a sprint.
It’s getting harder for firms, especially FinTechs, to navigate the federal and local laws that mark nations and regions, such as the EU. Every geography has different rules on how to operate and maximize the values of databases that collect and store information on the citizenships where the companies are operating.
As Abdelkader noted, “every single one of these companies [on this panel], including my own, have had to build a DIY solution and build a company within a company just go to market.” In other words, there are the operations that build and scale the innovations, and then there are the operations that create the infrastructure for moving data, which must ensure that compliance and regulatory mandates are followed.
Having to maintain that broad range of back-end operations, said Abdelkader, means that companies “just don’t innovate as much as larger companies that have those deep pockets.”
As the panelists noted, true innovation comes with thinking about data and data security in new ways. Fidel’s Subrata noted that his firm, rather than existing as a data “vault,” transmits data from point A to point B for its clients through a secure tunnel.
“The best way to mitigate risk on our end, and for clients, is by not storing sensitive data at all,” he said. “We just use the data for as long as it’s needed — it takes milliseconds to tokenize it, and then we discard it.” That “right data at the right time” approach creates security across various touchpoints of consumer consent. For example, if a user links their card to Google Pay, they’d first have to give explicit permission that they are OK with Google seeing their transactions, and they would also select the merchants that will receive the transactions via Google. Other examples include explicit consumer controls where they can turn apps or cards on or off at will.
VGS’ “zero-data” strategy represents another approach toward the common theme of building convenience and security for the end user. According to Subrata, those end users will increasingly be concerned about how their data are being protected across all platforms with which they interact.
“There’s no longer this false dichotomy of usability and convenience versus security,” with zero data, said Abdelkader. For the FinTechs striving to become trusted brands and infrastructure, he said, the approach replaces sensitive data with “synthetic” data, which means the production and the custodianship of that information are kept separate.
The Education That’s Needed
Belvo’s Viguera noted that education is key across all of his firm’s markets — where the goal is to get data sharing in place to offer better and more inclusive financial services. And educating consumers on the value-add that comes with allowing access to their data is a process.
“If 30 years ago, you would have said you’d be paying people online with your credit card, people would have thought you were crazy,” he said, with a nod toward the concept of sharing Visa or Mastercard details online. Consumers need to know not just the “what,” but also why their information is being shared — and why it’s a winning proposition for them, said Viguera.
Brazil provides a bit of a microcosm for the challenges that lie ahead in open banking, he said. Surveys indicate that a significant number of consumers, as many as 45 percent, have indicated they are undecided about using open banking-powered solutions. Creating an ecosystem of trust for those potential users will drill down to educating them on how its SDKs connect consumers to FIs and offering guidance and tips on data privacy.
“It’s about creating that ecosystem where we work with regulators, extremely proactively,” Viguera explained.
Vise’s Vasavada added that there’s a gap in what the consumer knows or understands about their data privacy, which can be filled by outreach from the platforms themselves (think: Big Tech). “They have almost government-level influence at this point in time,” he remarked. “And the influence of these companies is only going to increase.”
Subrata maintained that there must be a joint effort between the tech companies, the regulators and the FIs to foster that consumer awareness and trust. “If you have a balanced approach where everybody’s interest is shared, I think you can reach a pretty good place,” he said, noting that new value will be created for consumers around the world as a result of these new infrastructure layers.
And, added Viguera: “Ten or 20 years from now, we’ll realize that 2021 was just part of the early phases of the adoption and rollout of these data-sharing models that we are all fostering.”