Streamlining Payments SecurityThe Importance of Channel Integration
Mobile banking platforms can speed financial transactions, but mobile payments take a lot of product-level work, says Marc West, senior vice president of banking and aggregation for the electronic payments business at Fiserv, an e-commerce provider.
Another problem for institutions is increased oversight from the federal government, which has made it difficult for banking institutions to quickly develop mobile solutions, he explains during this interview with Information Security Media Group [transcript below].
"To do that, as you can imagine, isn't as simple as just taking the current products and making them work faster," West says. "We take an open network approach, so we can partner with key people and make sure we provide the evidence and support to banks."
During this interview, West also discusses:
- Why real-time payments should be on every banking institutions' radar;
- How regulators are likely to analyze the security of payments; and
- Why vendor management is so challenging for many banks and credit unions.
At Fiserv, West oversees the development and delivery of money movement products, including the Popmoney personal payments service, as well as account aggregation tools. Previously, he served as president and CEO of Mamasource, an e-commerce site. He also served as managing director of e-business at Barclays Global Investors and held senior leadership positions at H&R Block and Electronic Arts.
TRACY KITTEN: What are the integrated payments challenges banking institutions face today?
MARC WEST: One of the challenges that all banks face is they have to have consumer services. Given what is going on in the market today with other choices for payments like PayPal, Venmo or Square, for example, banks need a compelling offer that will allow consumers to move money to whomever they want, whenever they want, but in a highly secure way. On top of that, all consumers are very interested in real-time payments. They want money moved now, not at the speed of traditional banking systems. To pull that all together requires an end-to-end systems approach. If you think about moving money from your account to somebody else's, whether it's paying a bill or just sending money to your babysitter, all of those things have an inordinate amount of complexity. It needs to get to the right place, to the right account. You need to be able to verify that the account it went to was the right account, owned by the right person, and that it was an open account. So there's a lot that goes into that, and we're real believers in an integrated payments approach, which says [from] end-to-end, we make sure it got to where it needed to, when it needed to and we're able to prove it.
Balancing Consumer Choice with Security
KITTEN: Is it challenging for banking institutions to balance consumer choice with security, as well as regulatory compliance?
WEST: When I mentioned end-to-end, one of the things that we focus on is understanding what it takes to identify, secure, deliver and provide all of the audit information. Unlike many other industries, banking institutions are undergoing increasing amounts of regulatory oversight. So, for example, the OCC [Office of the Comptroller of the Currency] recently came out with a new set of rules around banks having to know their vendors' capabilities, much like the Sarbanes-Oxley Act [requires] CEOs to sign off that they knew their business processes and provide that evidence as part of their role.
Banks are undergoing that same set of oversight today. We spend a fair bit of energy focused on this concept of, while we have an open network and partner with people and other registries, our goal is to make sure end-to-end that systems work. Banks need to prove that they can support their systems, not only to their customers, but also to the regulators and other parties that are interested in that information.
KITTEN: What are the challenges for mobile, when it comes to in-person payments?
WEST: There are two parts to it. One is from the system' perspective: Can you have the mobile device work as if it's a known device, especially with regard to your bank account? When you think about how you build that, it takes a lot of detailed product-level work. You don't just have a mobile app sitting on a mobile device. For example, we have an entire mobility suite where we integrate all of our personal payment capabilities.
One other point I think that is important that I'd like to add on top of this is that when you think mobile, most consumers are focused on instant, real-time transactions. Because you're on your mobile device, you don't want to wait three or four days for the money to move from point to point. ... All of the processes that I mentioned - the end-to-end systems, the know your customers rules, the knowledge-based authentication rules - those are being built into a set of capabilities that are launching right now in the market. You could send money to somebody instantly and have it available for them to use in their account. To do that, as you can imagine, isn't as simple as just taking the current products and making them work faster. When we go to this increased oversight for the banks, the increased complexity on consumer demand can mean consumers find their needs met in non-bank ways. Add on top of it this "need it there now" attitude and it's a very complex system to put together. So that is how we focus on it, as an end-to-end system. We take an open network approach so we can partner with key people, and make sure we provide the evidence and support to banks so they can say, "Yeah, we trust that this works exactly as it should every time, not just every now and then within a particular product."
KITTEN: What are the advantages to using an open network?
WEST: Let me share with you the size of just our P2P [person-to-person] network as an example. In our P2P network today we have over 56 million consumers, not only within the bank, but also through our website, PopMoney.com. That site works with the same protections and securities as it does within the banking environment. So when we talk about an open network, that is what we focus on. It's not about where the consumer connects into the network, but about when the consumer does connect in that he or she is treated in the same secure way. Consumers want to know they can trust that if there is a problem, they can pick up the phone and call somebody. Compliance risks and anti-money laundering rules go into it; we operate all those for the banks that we work with and other partners.