Inside Aadhaar, India’s massive digital identity program

Digital identity has become a hot topic in the last couple years among U.S. and European banks, who are already watching China leapfrog them in mobile payments. Now, add India to that list, with a digital identity scheme that will allow people to pay using just their biometric.

In 2008, India set up the Unique Identification Authority of India (UIDAI) to create what’s become known as the Aadhaar number for the country’s then 1.21 billion residents (now 1.32 billion). The point was to create a single, unique identification document or number that would link all people’s lives together across their accounts at various businesses. Now, it’s also the basis for banks’ regulatory reporting of customer information and a way for disadvantaged people to access services they’ve been denied because they lacked identification documents.

Aadhaar is hardly the gold standard of digital identity systems but identity experts often refer to it as an example of how an government-mandated scheme could work at scale. In the U.S. and Europe, customers give their personal information away freely to every company it does business with because that’s often the only way to consume a good or service in the digital world. It’s not always clear how that information’s being used or by whom. In India, customers only have to share it once: when they register for their Aadhaar number.

Here’s what you need to know about how Aadhaar works.

How does it work?
Indian residents can apply for an Aadhaar number by submitting their proof of identity, proof of address and registering their biometric (fingerprints and iris scan) information. The Aadhaar number (there’s also a card) doesn’t replace other forms of ID like passports or driver’s licenses, but it can be used in place of them when opening accounts at banks or other businesses that maintain customer profiles.

For example, money transfer giant Western Union has biometric capabilities turned on in India, so when someone wants to initiate a money transfer through Western Union, they can identify and verify themselves using their biometric fingerprint, without showing any paper or plastic documents. And in mid-2014 Indian Prime Minister Narendra Modi instructed banks to provide bank accounts to those who previously didn’t have them, using their newly minted Aadhaar numbers. In 2015, the country’s unbanked population was 233 million — half the number it was in 2011, at 557 million. The Aadhaar system wasn’t just beneficial to everyday people who didn’t have formal financial services, banks made new customers of hundreds of millions of people.

Why does it matter for payments?
China may be ahead in mobile payments, but Aadhaar Pay may usher in a post-mobile payments world, where people don’t need to carry their phones or wallets in order to make payments. They would only need their registered biometric linked to their Aadhaar number.

The Indian government this year mandated that all banks, ATM operations and authorized card payment networks migrate to Aadhaar-based biometric authentication for every transaction to improve security and prevent fraud as India continues its shift to becoming a completely cashless society. Fraud is an increasing concern for all parties of a financial transaction as the digital overhaul has raised the bar for bad actors.

Why does it matter for banks?
When the world became more digital, moving money became less about moving dollars and cents and more about moving customers’ data — and how companies manage, protect and otherwise use that data directly affect customer experience and customer trust. People are spending more time online or on mobile whether they’re on social media, they’re shopping, or even paying their bills and transferring money and as services crop up they’re opening more and more accounts with headache inducing passwords. And with such an overflow of customer information floating around the Internet, every trace of it is vulnerable to online attackers.

“Proving and vetting that you are who you say you are so you can access whatever you want to access online becomes more and more complex because your digital footprint does not have a bridge with your physical footprint,” said venture capital investor Pascal Bouvier.

Banks also have KYC requirements to comply with. Similar to the Canadian banks’ digital identity solution — in which customers wanting to open an account with a certain business would hand over their information through a mobile app in which they would biometrical authenticate that they’re sharing their personal information — Indian customers wanting to open accounts can provide their Aadhaar number as proof of identity and the business can use that information as needed. By contrast, when opening an account in the U.S., customers usually have to fill out some paperwork each time they sign up to use a different service because customer data is a business’s most important asset. And they don’t share that information with their competitors.

“Because banks are under such strong regulatory pressure, they need to vet everyone more and more to more to avoid the impact of bad actors in the system,” he said. “It becomes very complicated and it’s expensive so they take a prudent and conservative approach — which means if you’re an individual or a small business there’s a greater chance you’ll be declined or it’ll take you forever to open an account or continue a service.”

What are its flaws?
It’s not clear how much privacy its users get. That’s a huge part of why Western countries haven’t come together on a single digital identity solution: People are still debating various philosophies around identity — what it is, who should control it, how to let customers retain ownership of their identity while still monetizing it.

“There’s a lot to like about the Aadhaar approach in as much as there is simplicity in centralizing something and having all kinds of services that piggy back on that tech stack,” Bouvier said. “There are also things one has to be careful of.”

The point of the Aadhar system is to have a centralized database and one technology stack enforced on the entire country — that means one centralized point of failure. It’s not clear whether or not Aadhar is unhackable or, at the scale of 1.3 billion people, how it assures the anti-money laundering/KYC data it registers to create an identity in the system is accurate.

“If you want to suspend disbelief and say it can be solved then it is powerful,” Bouvier said. “But if you don’t then you have to be careful what you wish for. A government that all of a sudden has digital identity on everyone but also a central repository that could be breached would be a catastrophe.”

How Western Union is digitizing a 166-year-old business

Western Union

As young companies like TransferWise and WorldRemit move into the remittances arena, Western Union is working to maintain its dominant position.

As tech companies, these younger companies are often able to innovate faster because they aren’t subject to the intense regulatory scrutiny that slows down large institutions like Western Union — it’s one reason legacy and startup firms have begun various partnerships with each other. Western Union, for example, is running a pilot for cross-border settlements with Ripple and has partnerships with messaging platforms Viber and WeChat. (Incidentally, Ant Financial has bid $1.2 billion to acquire Western Union competitor MoneyGram.)

These partnerships should bring more value to customers, but Western Union also has compliance officers to please. So its also working on technology solutions internally to help strengthen security and reduce fraud, which pair data with biometric capabilities, a global identity system and “polymorphic” technologies that try to fake out automated attacks.

“We’ve built our foundation on big data technology,” said David Thompson, Western Union’s chief information officer. “We do a real time risk assessment of every transaction in real time… this allows us to take a lot of data elements where we make a decision on the transaction for risk.”

Western Union has built a global presence based on the ability to move money to and from almost anywhere in the physical world, but like most financial firms, how it handles customer data will have a big effect on its place in the digital world. There’s an overflow of customer information floating around the Internet and every trace of it is vulnerable to online attackers with the motivation to steal people’s identity and use it to commit financial fraud. It’s one reason digital identity has become such a hot topic in the financial world, where fraud is becoming more sophisticated with the financial systems themselves.

“You might have many different personas but from a compliance perspective we have to view you as ‘who you truly are,’” Thompson said. “The compliance systems need to know you’re one, individual human.”

Western Union processes 30 transactions per second, to which it must apply hundreds of compliance and risk rules, using a concept it calls Galactic ID. At different points in time, users can register at different parts of the site as different personas — like students or small businesses. Western Union snaps that information together through the elements the customer provides, like her name, birthday, address, serial number from the computer or phone on which she registered.

“If you change any type of data element we snap you back to your Galactic ID, and if we see you trying to use data elements to try to adjust your ID, the compliance officers can very quickly see [it],” Thompson said.

He wouldn’t comment on how Western Union might use customer data for a future use case. Right now, it’s focused on security and compliance.

Whereas some companies try to minimize the amount of data that’s transacted, Western Union is still collecting data and using polymorphic technologies to block hackers out of its system. The idea is that an attacker could program a bot to try to enter an application or financial transaction — it would tell the bot how many fields there are to complete and have a trove of stolen credentials to try to throw at it, to try to gain access to your application, or fund a transaction.

“When you have a bot attacking app or infrastructure, our app is constantly morphing itself so the bots can’t pick out certain fields, because 10 seconds later those fields appear in a different way,” Thompson said.

Western Union is also tying that concept it with biometrics capability. Biometrics are becoming more widely used for authentication in the developed world — customers can unlock their phones, pay for purchases or log into apps by pressing their fingerprint against their phones. But in more developing countries — like India, the Philippines and others in which Western Union operates — biometrics are being tied to national identity schemes, where governments register citizens’ fingerprints to their IDs.

“They’re opening up the system to financial services so if you walk into one of our retail locations you can put your thumb on an identity plate, it will bring up your ID and you can validate a transaction,” Thompson explained. “We’re trying to buy into that very quickly. It helps us keep folks out of our network that are blocked by that local government, that can be identified as a criminal that shouldn’t be pricing, or are on a sanctions list.”

What it will take to make digital identity real

The biggest problem with digital identity is that it’s just a pain in the ass.

As banks, governments and e-commerce giants try to solve the issue of customers having account overload and password amnesia, the problem becomes that security is just inconvenient: there are so many required security specs for passwords and so many different passwords to remember, it’s just easier to create an easy-to-remember password and use it for everything — and at the end of the day, if an account is hacked, the bank can just return the money. No big deal.

Passwords are how customers identify themselves for every service they use. They know the system is hackable but still entrust companies their data, even if they don’t actually trust them. Fixing the system means there has to be a single identifying entity that people trust, that has an established history of collecting and holding personal information. Banks are the best positioned to do so, but trust has to be part of the process of designing identity verification services and it should be clear who owns customer data and what happens to it.

“The use of digital identity will exceed the use of physical identity when more digital identity solutions emerge in the market — that’s what’s lacking today,” said Matthew Thompson, director of digital business development at Capital One, which launched a digital identity application programming interface (API) this week that lets websites and apps authenticate the identity of their customers against the identity information stored by their banks.

“We have to design for trust in the solutions: trust with the relying party or business partner that they can trust the assertion we’re making, and trust with the consumer that they want to use or share the information in this ecosystem. When those things come together you’ll see digital identity exceed the use of physical identity.”

Who has my data?
Collecting customer data is in the interest of the customer, banks (or any company, really) will tell you. By doing so, banks say, they can improve their products and services. Knowing more about customers — their preferences, routines, where they save and when they splurge — helps them personalize their offerings and deepen connections with customers, which makes them feel even more comfortable granting the banks even more of their data.

Right now, it’s not clear who owns customer data, whether it’s banks and our payment information or Facebook and the details we put on social media. Banks are held to higher standards of privacy and security; that’s part of what makes them so well positioned to take the lead on providing digital identity services.

“We don’t know who really owns our data but I bet you the large banks absolutely don’t want that” to be made explicit, said Pascal Bouvier, a venture partner with Santander InnoVentures, the Spanish bank’s fintech venture capital arm. “There [would] be clear liabilities as well as clear asset and cash flow streams that people either have access to — or don’t. In order for us to fully actualize federated digital identities built off data streams we create directly or indirectly, we need to have some type of clarity on that ownership.”

The ownership question is also more important now than ever, as startups and technology providers look to increase their data-sharing agreements with banks. Intuit has landed agreements with JPMorgan Chase and Wells Fargo; Finicity just signed one with Wells; Xero established similar deals with Wells, Silicon Valley Bank and most recently, Capital One. These initiatives also give banks safer ways to move data and help give customers control over how their data is used — the holy grail of digital identity — by using application programming interfaces instead of the more commonly used screen scraping method, in which customers log into the third party site or app with their bank credentials and that company “scrapes” the information to log in as the customer to retrieve account data as necessary.

Convenience over safety
The widely agreed upon solution is data minimization: That an organization will collect only the data it needs, using it only what it agreed to use it for and getting rid of it when the purpose is achieved. A bartender doesn’t know customers’ ages to serve them, she just needs to know it’s greater than or equal to a certain age.

One way is to let the customers opt in to having their data shared. The Canadian banks have a solution to this. Or put a disclaimer on the bank website that spells out how the data is going to be used. But that’s slightly inconvenient. And even when customers are cynical toward banks, they seem to be trusted enough to continue serving them.

“Consumers will always choose the path of least resistance, and if you rely on your consumers to be interested in their best interest when it comes to security, that’s probably not going to happen,” said Ryan Fox, director of consumer identity at Capital One. “We’re always two-step or multi-factor authenticating our customers. It’s always dynamic, always risk-based, aways multilayered.”

In 2015, Capital One launched SwiftID, which removes the friction of passwords by letting people authenticate biometrically from their phones when signing in from an unknown device. By designing security right in the banking experience, Fox says, the bank can send the customer a push notification they can respond to in a second instead of requiring them to read a lengthy security statement, Fox said.

The important thing for banks to remember when building on their security is that people don’t think about it in terms of what’s most secure; they think about what’s easiest, he said.

“That’s why touch ID had such an adoption rate,” Fox said. “We went away from knowledge-based login to something I can just touch. It was adopted not because it was a pattern they understood but because it took half the time. Is it easier? Yes. Do I have a cognitive load associated with doing this? No? Then I’ll do it.”

WTF is digital identity?

Moving shopping and banking online means our transactions are more than making money: They’re about getting data.

“People are extremely aware of how digitized their lives have become and how little control over that. They want to know that if they’re providing this info they’re getting something for it and it’s not just for banks or large technology companies to use for their own purposes,” said Steven Ehrlich, lead analyst for emerging technologies at Spitzberg Partners.

That data says a lot about us — a lot more than a piece of plastic with a photo and address on it. There lies the digital identity dilemma: legally accepted drivers licenses and passports supposedly show that we are who we say we are in the physical world, but don’t do the same in the digital world. As the digital world evolves, that could get complicated. But right now banks, technology firms and governments are all looking at how to make it easier for people to prove they are who say they are, effectively allowing customers to own their own identity. In this WTF, we dive deep into digital identity.

So, what’s a digital identity?
A guy walks into a bar and shows the bartender his ID. In doing so, he gives the bartender more information than he needs: his name, date of birth, address, height, weight, eye color, whether or not he’s an organ donor. But all the bartender needs to verify is this guy’s date of birth, because all he needs to know is if he’s of the age to be in a bar.

People do this online everyday: when they want to login somewhere or make a transaction they often give away more data than they may realize they want to, and to a company that doesn’t need all of that information.

“How the consumer behaves when online, what they share about themselves, where they’re located, how they interact with their device — all of those components are really what creates digital identity,” said Kim Sutherland, senior director of fraud and identity management strategy at LexisNexis Risk Solutions. “There are use cases where your digital identity never has been connected to the physical world and there are other times when your digital ID and physical ID do need to intersect.”

What’s the problem?
Everyone owns your identity, except you. According to the government, you are what your drivers license or identification card says you are. Amazon, Facebook and Google identify you by the places you check into and map, what you purchase and where you have it delivered. But the airline operating your flight home won’t believe you’re you if you give them the email tied to all that data. And Amazon doesn’t ask for your drivers license when you want to buy something, you enter a password.

Where do banks come into this?
Banks are well positioned to provide identity verification services because of the amount of data they hold and the level of trust consumers and corporations have in them as authoritative institutions. Even when confidence is low.

“Banks really think about their role as custodians of personal data and the identities of their customers,” said Ehrlich. “They recognize it’s becoming more important to have access to this information so they can optimize services but do it in a way that is transparent, secure and equitable so people continue to use the services and provide them with even more data.”

Now banks need to look at what data is necessary for them to conduct their operations and how they can best use the information to optimize their services in a way that makes their clients feel they really are equal partners.

What’s the solution?
The holy grail of digital identity is that people only provide the minimum data necessary for their purpose. There isn’t a credible plan to make it happen across the world and across industries. But everyone involved is working on it.

“In order to get to that situation we need to find a way for people to be in charge of their own information so they don’t necessarily have to trust a bank or Google or Facebook,” Ehrlich said.

Biometric authentication efforts are the most visible examples.

IBM is working with security company SecureKey and several major Canadian banks on an app that would push notifications to people when utility providers need access to their information. For example, when signing up for a new phone line, the customer would receive a notification saying the wireless provider needs to verify his or her name, address, date of birth and social security number, and that it will access that information through the customer’s bank. The customer approves, by biometrical authenticating on the phone, and the bank transfers that data to allow the customer to open the account.

“People will feel much more secure if they know they can control their information and permission it out only if they want to,” Ehrlich said.

He added that there’s a design element to the solutions as well. Organizations working on solutions worry that everyday people won’t have the tech savvy to work with encryption, but that can be solved by creating a user interface customers want to try and use.

How long will this take?
As they say in the Valley, it will change the world in our lifetime. Future generations will be taking this for granted.

How Mastercard is applying lessons from Apple Pay to its plastic cards

Apple may have gotten people used to the idea of authenticating payments and verifying identity with their fingerprint, but that Pay product hasn’t really taken off yet. Now, Mastercard wants to bring that behavioral habit to its cards.

The credit card giant revealed Thursday that it’s testing fingerprint biometrics in cards in South Africa to help it to detect and prevent fraud, with plans to run the same trial in Europe and Asia. A future version of the card will employ contactless technology, according to Mastercard.

“Companies are looking at Apple Pay’s failure to really take off and thinking about how to improve the user experience of both mobile and existing payments systems,” said George Avetisov, CEO of biometric security company HYPR Corp.

The card works with existing chip card terminals at the point of sale. Customers just insert the chip per usual while keeping their finger or thumbprint on the embedded sensor. At least for now, customers have to go to a physical bank branch in order to obtain the card and register their fingerprint to it.

It almost seems like a step back from global mobile payments efforts – but then again, mobile payments haven’t really reached their tipping point in most regions yet, with Asia being the exception.

Mastercard’s main business may be in cards but the company has already made strides in innovating mobile payments, most notably by launching payment technology in October that lets customers verify their identity with fingerprints or selfies when shopping online.

“It’s going to take a long time for biometrics to kill the password, but there will always be some kind of use case for the password as long as it’s around,” Avetisov said. “It’s the same thing here. It’ll take a long time for mobile payments to kill credit cards, and there will be interesting use cases for plastic credit cards.”

It is unrealistic that the biometric cards will come to the U.S., since its issuers have just migrating away from magstripe cards to chip cards requiring signatures from cardholders. The point of the migration was to increase security and reduce card present fraud but many argue the switch from stripe to chip makes little difference unless cardholders can enter their pin to verify a payment, versus providing a signature.

Many merchants and retailers still haven’t implemented a year and a half after the deadline to do so. The delay stems largely from the high costs associated with the migration, and it’s likely there will be similar pushback if they’re required to implement a chip-and-pin process.

“The next logical step in EMV authentication is chip-and-pin, however, most issuers have balked at the increased cost,” said Mike Moeser, director of payments at Javelin Strategy. “Deploying a fingerprint scan on a card would be a significantly more expensive EMV deployment that likely would not be cost justified.”

Nevertheless the biometric card is a useful innovation for the security and usability of credit cards. Mastercard should expect feedback from the test on how it can work with merchants in using biometrics to defeat counterfeit card fraud at retail locations, Moeser said. It’s also a useful application in areas with poor or no Internet connection and a stronger security measure for high value or no-limit credit cards, Avetisov said.

“People need to understand it’s going to be a very long time before we kill the credit card,” he said.

Inside Wells Fargo’s mission to create a password-less future

In a few years, when you need to get some cash out of the ATM, an eye scan may have replaced the need to enter your passcode.

At least, that’s what Wells Fargo is hoping. The bank is in the process of testing out various technologies in the arena of biometrics — whether it’s voice, fingerprints or eye scans — that it hopes will eventually phase out passwords altogether.

“One biometric doesn’t fit every situation,” said Steve Ellis, head of Wells Fargo’s innovation group. “Our view is they can decide which they want to use in the moment they’re trying to. For example, if I’m driving in my car and I want to talk to the bank, I’m not going to authenticate with my fingerprint but maybe my voice could be the password … we see this idea of biometrics replacing user IDs and passwords.”

Accessing a bank account through a thumbprint, voice print or eye print has become second nature in many parts of the world. Aadhar Pay, India’s system to unlock banking services through a thumbprint, will launch on Friday, and Australia’s ANZ Bank just announced a pilot program to let customers use their voices to authorize transactions of AUD 1,000 ($750) or more.

Banks in the United States lag behind as they figure out what combination of sign-on methods will work.

Wells Fargo has made notable strides on biometrics. For example, when you have to reach a call center, you don’t have to enter a pin; instead, you can use voice verification to get authenticated. In a more commonplace scenario, you can also use your fingerprints to access the bank’s mobile app. And late last year, it announced that by the end of this quarter, it will allow commercial customers to use eyeprints to authenticate customers. The software recognizes a customer by matching a picture of a user’s eye with information it has on the micro features of their eye, including blood vessels and other details. Wells Fargo is working with software developer EyeVerify, a company that was once part of its accelerator program that has since been acquired by Ant Financial.

Others in the United States that implemented biometric features include Citibank, which recently launched the capability to log into its mobile app through fingerprint, voice, facial recognition, PIN and password. Others, including U.S. Bank and JPMorgan Chase, let customers log into the mobile app with a fingerprint.

Companies that work on biometrics say what’s keeping banks from moving further is a mixture of concerns about regulation around biometric data and more importantly, a sense of skepticism from senior executives.

“Facial recognition is awesome, but do you really see yourself scanning your face to use an ATM?” said George Avetisov, CEO of HYPR, a biometric security company that works with major American banks. “There are banking executives that aren’t convinced.”

User habits also influence how quickly banks can roll out the technology. In many emerging markets, the transition to biometrics was easier because mobile banking has been a mainstay for a longer time.

“A lot of those countries skipped the desktop phase and went to mobile,” he said. “That’s why they’re more innovative on the mobile.”

U.S. banks also lag on biometric ATMs as well, in part because of the lack of a single standard that works across banks. “There is a lack of standards with regards to biometrics [for ATMs], which further delays in investment in biometric technology for fear of choosing the ‘wrong solution’,” said Dominic Hirsch, managing director of consulting firm RBR.

Hirsch added that data sharing and storage would also complicate a biometric ATM rollout. These concerns apply to emerging markets, although some countries (including India) have national biometric databases that can be used.

What may be the biggest influence on bringing biometric banking to mainstream may be the move towards internet-connected devices, which will help build a culture of biometrics in daily life.

“What’s going to be the catalyst is the internet of things,” said Avetisov. “You’re not going to lock your door with a password — these will be fully biometric experiences.”

Tanaya Macheel contributed reporting.

By investing in biometrics and AI, Wells Fargo is eyeing a move into voice payments

Wells Fargo is working on a voice-first payment capability it could soon make available for consumers.

That would go beyond where the rest of industry is at with voice interface, which, for the most part, has not yet advanced beyond basic requests like, “How much money do I have in my checking account?”

In 2015 for example USAA launched Nuance’s virtual assistant, Nina, on its website. Bank of America expects to launch Erica later this year as a virtual assistant integrated into the mobile banking app. Capital One has an Alexa skill. Customers can turn to their virtual financial assistant for basic day-to-day functions, like checking account balances and credit scores of scheduling bill payments.

But all of these things just scratch the surface, said Steve Ellis, head of Wells Fargo’s innovation group, who teased the bank’s own forthcoming voice-controlled payments offering.

“These digital assistants like Siri or Alexa — these things are just starting,” Ellis said. “There’s a really big future here for how our customers interact with us. We are starting to do proofs of concept with information exchange… but the idea of moving money from a fund to someone through a peer-to-peer payments system — that’s coming.”

He didn’t specify when it would introduce that functionality but hinted it would be “a shorter time frame than three to five years.” In the meantime, the bank is exploring how it uses the artificial intelligence that provides conversational banking abilities, and is bulking its biometric authentication practices necessary to nail mobile voice banking.

People are embracing the idea of conversing with digital assistants to exchange information and even make Amazon shopping purchases. Apps like Uber have raised customers’ standards for experiences that are fast, seamless and secure. Owners of smartphone devices are getting used to authenticating using their fingerprint, even if it’s just to unlock their phones; Apple claims a user will do this 80 times a day.

Banks, however, have yet to make the customer experience completely password- and PIN-less.

“We have about 5 billion-plus interactions with our customers every year and every one of them starts with authentication,” Ellis said. “If you can’t get that right, you can’t do anything else, so that’s always our first focus.”

Wells Fargo is no stranger to biometrics. Ellis himself co-launched its startup accelerator in 2014 when EyeVerify approached it with an idea to develop eye-recognition technology for security and identification purposes. Today, Wells uses EyeVerify’s eyeprint verification for its commercial banking customers.

Chatbot provider Kasisto, which Ellis described as a Siri for financial services, was selected for the same inaugural accelerator class. Whether Kasisto has the success of EyeVerify remains to be proven but last month the chatbot startup raised $9.2 million to expand its virtual assistant offerings. Ellis said Wells is “very close” to rolling out some of those virtual assistant capabilities to select employees and customers on a test-and-learn basis.

Besides the biometric factor, Wells and its peers need to work on the quality of the AI and its speech recognition as well as its ability to truly understand and process what a customer is saying on an emotional level, said Ron Shevlin, director of research at Cornerstone Advisors and author of Smarter Bank.

“There’s a lot of potential for [voice banking] but I’m afraid we’re conflating the voice interface with the AI capabilities needed to interact in a high quality, whether it’s providing service or advice, he said. “If it’s simple types of interaction then the bloom is off the rose… There’s no economic impact, no greater levels of customer satisfaction you’ve just created one more way for someone to check their account balance or account fraud or maybe pay a bill.”

Ellis identified three markers on the road to a voice-first future: information exchange, funds transfer and personalized advice. Most banks are at the beginning. Wells Fargo hopes to be an early mover into the second stage.

That was part of the reason for refocusing its efforts inside the Innovation Group. This week it announced it would be dedicated to AI as well as payments and application platform interfaces.

“AI is a baby step right now,” Ellis said. “It’s going to really adjust the way people think of how they use their phone get information and actually do things.”