Chase is using its Warriors deal to beef up Chase Pay offering

Chase is making a play to get into the music and ticketing business and may use its Chase Pay product to interact with customers in new ways and get more of their data.

The largest U.S. bank by assets inked a multi-year endorsement deal with Golden State Warriors’ star player Steph Curry in March of 2016; on Monday, it was named the official bank of the Warriors and it also has naming rights sponsor to the future home of the NBA championship team, Chase Center, opening in 2019.

“[Chase Pay] is not only a different way to pay; there’s a lot more information on you as a customer that will help us be more targeted” that Chase can gather through the app, said Frank Nakano, Chase’s head of sports and entertainment sponsorships. Nakano said it will “allow us to know that if you’re at a game five times in a month, we should push a special reward to you because we know you indeed were in the building and what you bought. It’s on us to make [Chase Pay] more enticing to the customer.”

Until now, it hasn’t been clear what Chase’s plans are for its Pay product. It hasn’t published any user numbers and it’s not obvious why customers should use it instead of Apple Pay, Samsung Pay, or the mobile app of one of its quick service restaurants partners that probably offers them some kind of rewards or loyalty incentive. Chase seems aware of this; it sponsored a research report conducted by Forrester Consulting that says for mobile payments to take off, retailers need to offer value beyond the actual payment at the point of sale that will bring more convenience to the customer or make them feel they’re getting something out of it.

Nakano said the Chase Center experience for Chase customers could borrow from that of an airline in the sense that people entering the arena will be able to upgrade their experiences upon checking in — upgrading their seats at a show or a game, offering a chance to visit the players after the game, getting to arrive through a special Chase entrance, being hosted in a VIP-like room, pushing more discounts on more things.

“You’ve checked in, you’ve been there, you’ve been spending money, so we’ll know you are a fan because of your presence in the building,” Nakano said. “You might get there and not realize you want something until these offers pop up. It makes it feel like we know you better. I think people expect that now — partners being more additive and not getting in the way of the experience.”

Citibank has staked its brand on that, making music and entertainment access through its longstanding partnership with LiveNation and sponsorship of the Global Citizen music festival part of its strategy. Chief marketing officer Jennifer Breithaupt has said that music is “part of Citi’s DNA” and that having these initiatives as part of its brand has forced bank marketers “be on the front lines with consumers” as customer banking relationships are deepened more and more in digital channels than physical branches.

A year ago it might have seemed like an ambitious marketing pursuit to get everyday people to think of banks as go-to resources for shows, sports events or even restaurant reservations. But the evolution of digital and mobile channels allows big old financial institutions like Chase to compete in that space if they want to.

“Digital and mobile has allowed us to be more timely,” Nakano said. “Part of the reason we do this is it’s something else to connect with our customers on rather than just product.”

To celebrate the their new deal, Chase and the Warriors are sending a giant golden basketball around to different spots in the Bay Area beginning this week for fans to take pictures, meet some players and cheerleaders and participate in small giveaways (think T-shirts and tickets). The “Golden Ball” will travel around until the first game of season, when they’ll celebrate last year’s championship. It’s all part of the build-up to the opening of Chase Center.

“Part of our philosophy is that we’re part of the community and were part of the team before Chase Center opened,” Nakano said. “We are present in the Bay Area we’re just showing that more.”

As much fanfare as there is around the Warriors, however, Nakano maintained that the real value for Chase comes from the nightly engagement with a community of passionate, loyal sports fans at a venue that hosts 200 events a year. When asked how Chase measures the return on investment of a sponsorship like that of the Warriors, he said the analytics team has created a “score card” to identify the value of an engaged customer — a collection of all of a customer’s touch points with the bank, from charge volume on tickets to concessions.

It also accounts for “brand lift” and community effect. There’s a community component to each of the bank’s sponsorships, he said.

“Sports and entertainment gives us an opportunity to engage customers with something they’re very passionate about,” Nakano said. “We use that passion as the core of everything we do and then we try to look at it as a fan.”

‘We can’t pawn it off on other companies’: Equifax has changed the industry’s approach to digital identity

Last week, 143 million Americans’ most personal information was compromised when data systems at Equifax, the major credit reporting bureau, were breached.

This isn’t the first large scale breach U.S. consumers have ever witnessed. Last year Yahoo, Verizon among others suffered data hacks. The year before it was Ashley Madison and Experian. But in the last two years, customers’ lives have become digital — and more and more companies are starting to view personal data as toxic assets instead of valuable ones.

The financial services industry often talks about trusted financial institutions as good potential custodians of data and providers of digital identity. But if Equifax-gate teaches us nothing else — people mostly know that their data is in the wild and being used in ways they don’t know or control — it’s that customers have to start taking control.

We asked attendees at the NYPAY/Consult Hyperion Unconference in New York Monday what the impact of the breach will be on the digital identity space.

Ghela Bosckovich, founder, FemTech Leaders 
When we look at the components of identity it’s much, much more than just a credit rating. This seems to be a less than well thought out solution to have a single provider do that. There needs to be cross-government, cross financial institutions, cross commerce validation of identity because we operate in all of those aspects. A holistic identity provider is not going to be just a credit rating it’ll be something that takes in my government validated identity, my movement, transactions, travel, digital footprint, spend, opinions, biometrics — these are all minimal inputs to identity. If you can’t solve for privacy, identity management is a moot subject.

Donnie Price, practice leader, Edge Consultancy
It’s going to make consumers and financial institutions question having single depositories for risk assessment and identity uses such as Know Your Customer. These are the companies that financial institutions rely on for this information yet being hacked has propounded the problem they’re supposed to be solving. In three to six months you’ll start seeing results of what just happened. I think people are going to seriously think about alternative sources for data — they haven’t jumped into that conversation yet — in the next eight to 12 months.

Digital payments consultant, EY
It reinforces everyone’s belief that all their information is already out there. It makes us think more about how we should be using authentication separate in ways that safeguard financial heatlh. We’re all shocked by Equifax because now it’s on us to safeguard everything when we were assuming the banks and credit bureaus were taking care of it. The Equifax hack brings into focus the fact that consumers have to take responsibility — we can’t pawn it off on these companies. This doesn’t solve the problem but it creates awareness that there are consequences.

Jane Barratt, CEO, Goldbean, an investing startup 
It should change how we think about identity and hopefully it will for the long term. In the short term it’s very disheartening that a private company without any consent has so much data on us and has the power to make or break us financially. And it all come down to your data. I hope this is an inflection point where people will both own and get value out of their own data. We have multiple generations of people who have given up their privacy for a digital experience — like Facebook or Google — we do it willingly because we get value from it. Something from Equifax is an enforced relationship, we’re not actually getting value out of it. People tolerated it before but this should call into question its very being. That data exists elsewhere.

Brandon DeWitt, CEO, Datavore
It doesn’t change the need for a better aproach to digital fingerprinting and identity verification but it remains an often paper-and-pencil business with a lot of legacy systems. This [event] is maybe the straw that broke the camel’s back and make it more top of mind for the industry to give it more of the focus that it deserves. Hopefully the pace of progress increases, but I’m 30 and when I was born I was still given a paper social security card. It takes a really long time to change legacy systems. I don’t think it will change in the near term but you’ll see a lot more companies cropping up and focusing on this, particularly from a cybersecurity standpoint.

Why Equifax is getting into digital identity

Equifax and FIS are the latest companies to put themselves forward as providers of people’s digital identities.

In doing so, Equifax is positioning itself to be “more than just a credit bureau,” according to a spokeswoman, and instead, a data and analytics company in the broader sense — and at a time when the U.S. Consumer Financial Protection Bureau is weighing the benefits and risks of using alternative data (rent payments and mobile phone bills) to evaluate individuals’ creditworthiness.

Equifax would not comment outright on its plans to use alternative data.

“The data that we as users have — the credit data, the transaction data you give to your bank — will always be the core of OnlyID,” said Kenneth Allen, svp of identity and fraud. “On top of that, we’re so data hungry to make sure we’re putting good data to use, so we’re looking at different options of data — including alternative data, because those are part of our business globally today.”

Equifax and FIS have spent the last 18 months co-creating a password-less, biometrically-enabled digital identity solution, called OnlyID, for individuals meant to reduce fraud, improve customer experiences and thereby increase consumer loyalty. The 12,000 banks and 30,000 retailers in their combined network need to opt in to the OnlyID Network but as of now those agreements aren’t in place yet, according to Allen.

Once they opt in, customers will be able to verify that they are who they say they are by using their biometric registered with their OnlyID identity, and it will be the only identifier they need across all the organizations in that network.

Today customers engage with businesses more digitally than they did just two or three years ago. As a result, the disconnect between how they identify themselves online to how their transactions are traced back to their physical lives has become more pronounced and lowered the bar for fraudulent activity.

Traditionally, an identity is created using addresses, names, Social Security numbers — things that are more associated with the physical world. Combining that information around virtual presence, online usage and how people interact with commerce and financial institutions are what will build an accurate digital footprint, said Kim Sutherland, senior director of fraud and identity management at LexisNexis Risk Solutions.

“We’re all striving to build out an ecosystem that has the least amount of friction for consumers and the strongest assurance for organizations trusting these identities,” Sutherland said. “The actual vehicle for asserting identity — whether with a biometric or common credential — will change, but the goal is to have one that is interoperable and secure.”

OnlyID is similar to other identity efforts, like the solution Canadian banks are developing, Capital One’s digital identity API or even the centralized database of identities in India’s Aadhaar initiative — only the identity providers in those cases are the banks and the government. There are almost 200 startups tackling this problem too.

With so many solutions in the market now, how the digital identity ecosystem looks in 10 years is unclear, but it may come down to consumers deciding which entities they trust most with their data.

“We haven’t figured out what’s going to have the most adoption and comfort,” Sutherland said, citing potential solutions by different banks, mobile phone companies, the U.S. Post Office and state motor vehicle departments. “The role of who is providing identity is going to be the organization the consumer feels comfortable with handling their information.”

Inside Aadhaar, India’s massive digital identity program

Digital identity has become a hot topic in the last couple years among U.S. and European banks, who are already watching China leapfrog them in mobile payments. Now, add India to that list, with a digital identity scheme that will allow people to pay using just their biometric.

In 2008, India set up the Unique Identification Authority of India (UIDAI) to create what’s become known as the Aadhaar number for the country’s then 1.21 billion residents (now 1.32 billion). The point was to create a single, unique identification document or number that would link all people’s lives together across their accounts at various businesses. Now, it’s also the basis for banks’ regulatory reporting of customer information and a way for disadvantaged people to access services they’ve been denied because they lacked identification documents.

Aadhaar is hardly the gold standard of digital identity systems but identity experts often refer to it as an example of how an government-mandated scheme could work at scale. In the U.S. and Europe, customers give their personal information away freely to every company it does business with because that’s often the only way to consume a good or service in the digital world. It’s not always clear how that information’s being used or by whom. In India, customers only have to share it once: when they register for their Aadhaar number.

Here’s what you need to know about how Aadhaar works.

How does it work?
Indian residents can apply for an Aadhaar number by submitting their proof of identity, proof of address and registering their biometric (fingerprints and iris scan) information. The Aadhaar number (there’s also a card) doesn’t replace other forms of ID like passports or driver’s licenses, but it can be used in place of them when opening accounts at banks or other businesses that maintain customer profiles.

For example, money transfer giant Western Union has biometric capabilities turned on in India, so when someone wants to initiate a money transfer through Western Union, they can identify and verify themselves using their biometric fingerprint, without showing any paper or plastic documents. And in mid-2014 Indian Prime Minister Narendra Modi instructed banks to provide bank accounts to those who previously didn’t have them, using their newly minted Aadhaar numbers. In 2015, the country’s unbanked population was 233 million — half the number it was in 2011, at 557 million. The Aadhaar system wasn’t just beneficial to everyday people who didn’t have formal financial services, banks made new customers of hundreds of millions of people.

Why does it matter for payments?
China may be ahead in mobile payments, but Aadhaar Pay may usher in a post-mobile payments world, where people don’t need to carry their phones or wallets in order to make payments. They would only need their registered biometric linked to their Aadhaar number.

The Indian government this year mandated that all banks, ATM operations and authorized card payment networks migrate to Aadhaar-based biometric authentication for every transaction to improve security and prevent fraud as India continues its shift to becoming a completely cashless society. Fraud is an increasing concern for all parties of a financial transaction as the digital overhaul has raised the bar for bad actors.

Why does it matter for banks?
When the world became more digital, moving money became less about moving dollars and cents and more about moving customers’ data — and how companies manage, protect and otherwise use that data directly affect customer experience and customer trust. People are spending more time online or on mobile whether they’re on social media, they’re shopping, or even paying their bills and transferring money and as services crop up they’re opening more and more accounts with headache inducing passwords. And with such an overflow of customer information floating around the Internet, every trace of it is vulnerable to online attackers.

“Proving and vetting that you are who you say you are so you can access whatever you want to access online becomes more and more complex because your digital footprint does not have a bridge with your physical footprint,” said venture capital investor Pascal Bouvier.

Banks also have KYC requirements to comply with. Similar to the Canadian banks’ digital identity solution — in which customers wanting to open an account with a certain business would hand over their information through a mobile app in which they would biometrical authenticate that they’re sharing their personal information — Indian customers wanting to open accounts can provide their Aadhaar number as proof of identity and the business can use that information as needed. By contrast, when opening an account in the U.S., customers usually have to fill out some paperwork each time they sign up to use a different service because customer data is a business’s most important asset. And they don’t share that information with their competitors.

“Because banks are under such strong regulatory pressure, they need to vet everyone more and more to more to avoid the impact of bad actors in the system,” he said. “It becomes very complicated and it’s expensive so they take a prudent and conservative approach — which means if you’re an individual or a small business there’s a greater chance you’ll be declined or it’ll take you forever to open an account or continue a service.”

What are its flaws?
It’s not clear how much privacy its users get. That’s a huge part of why Western countries haven’t come together on a single digital identity solution: People are still debating various philosophies around identity — what it is, who should control it, how to let customers retain ownership of their identity while still monetizing it.

“There’s a lot to like about the Aadhaar approach in as much as there is simplicity in centralizing something and having all kinds of services that piggy back on that tech stack,” Bouvier said. “There are also things one has to be careful of.”

The point of the Aadhar system is to have a centralized database and one technology stack enforced on the entire country — that means one centralized point of failure. It’s not clear whether or not Aadhar is unhackable or, at the scale of 1.3 billion people, how it assures the anti-money laundering/KYC data it registers to create an identity in the system is accurate.

“If you want to suspend disbelief and say it can be solved then it is powerful,” Bouvier said. “But if you don’t then you have to be careful what you wish for. A government that all of a sudden has digital identity on everyone but also a central repository that could be breached would be a catastrophe.”

PFM apps are folding as banks work them into their own apps

Consolidation is underway in the crowded personal finance management, known as PFM, market.

Last week,  Level Money, the money management app owned by Capital One Financial, said it will shut down on Sept. 1. Also last week, Prosper Marketplace said it would discontinue the Prosper Daily app and urged customers to bring their PFM needs to Clarity Money. Earlier last month, SoFi said it would nix the services by Zenbanx, just six months after it acquired the online banking company, and would use its technology and personnel for its own online bank.

“When we started Level Money back in 2013, there weren’t many tools to help people manage their money,” the company wrote on its homepage Thursday. “While we’ve had successes over the years, we are encouraged by how much the financial industry has changed — there are now a plethora of tools available to help you manage your money.”

The post also said that as part of Capital One, it would continue creating “ways for people to save and manage their money,” without further detail. Capital One did not respond to requests for comment by deadline.

PFM has never been a prominent feature of consumer bank accounts. For most of banks’ existence people had to balance their own checkbooks based on debits and credits. That’s changing now as banks realize the importance of personal financial management for continued customer engagement. And they’re starting to implement PFM features into their offerings to provide more complete banking experiences. As it is today, PFM is usually a separate entity found in entirely different apps like Clarity Money, Moven or Mint.

“Industry wide, there’s a reluctance to discuss [personal financial management],” said Stephen Greer, author of the Celent report Personal Financial Experiences, which asserts that while banks and startups got stuck trying to make PFM work, the customer need for PFM tools has evolved into the need for “personal financial experiences.”

“For a lot of banks that tried it, it was poorly executed; there would be modules within online banking that users rarely even knew existed or required a lot of manual intervention. The term really hasn’t evolved that much … companies were just putting a name out there to stick a flag in the ground, trying to describe and outline PFM. Now it’s really evolving to what digital banking in general is.”

For example, one of the biggest nuisances of PFM historically has been the lack of good financial data. Customers using an app would have to hand over their online banking credentials so the third party financial app could access their banking data to be able to provide users with their financial snapshot. The data that appeared on the home screen of their online banking wasn’t always in sync with what they would see in their PFM app.

Those standalone apps have done a lot for legacy financial firms; they’ve shown them how to provide “creative and innovative ways to help customers be more financially successful,” Wells Fargo’s Ben Soccorsy, head of digital payments product management, told Tearsheet last month in a discussion about its forthcoming Control Tower product.

The Control Tower, a tool within the Wells Fargo mobile banking app that gives customers a single view of their digital financial footprint and lets them turn on or off the sharing of their bank account information, is the perfect example of a bank establishing itself as a trusted advisor to the consumer, Greer said. It uses payment transaction data to push features that make it easier for customers to control their own finances instead of pushing them a new credit card they have a good chance of being qualified for, for example.

There’s an element of trust that most people seek in a financial advisor, human or digital, whether they’re positive or cynical about legacy financial institutions. As banks start to offer these features of financial advice that startups have been offering for much longer, that aspect is becoming more prominent.

“Incumbent banks have various little advantages” — trust, a large customer base and brand recognition and stability — “and they’re extremely underestimated,” Greer said.

Meanwhile, a lot of standalone apps have trouble launching and gaining any traction.

“What they have done very well is shown the market what is possible and what good looks like,” he added. “Larger banks have really taken notice and used that as inspiration for their digital strategies.”

That first became clear with earlier deals like BBVA’s acquisition of digital bank Simple or TD Bank’s partnership with Moven, which allows the Canadian bank to use Moven’s software in its own mobile banking app to give customers a single app in which to manage their financial activity.

‘We’re not there yet’: USAA’s Darrius Jones on security concerns in the next big channel — voice

People could soon be doing their banking over voice-activated channels. But there are major issues around security and privacy to iron out first.

On Wednesday, USAA began piloting an Alexa skill for Amazon home assistant devices that lets customers check balances, review spending history and get other account insights based on their transactions. USAA is keen on letting Alexa read back customers’ financial data, but it’s not ready to let Alexa make payments, said Darrius Jones, assistant vp at USAA Labs, a division of USAA.

Many industries, not just financial services, are getting concerned about Amazon inserting itself between them and their customers. Banks and fintech startups are interested in using voice platforms to reach customers, but data and identity security and privacy concerns loom.

Tearsheet caught up with Jones about the pilot, its relationship with Amazon and staying ahead of customers’ security needs. Answers have been edited for length and clarity.

What are some of the security challenges of this pilot?
Understanding Amazon’s role in security versus our role. Privacy is another. When you have one of these devices and you plug it in, it has to listen. That’s part of the challenge and what makes them work. It’s what you’re allowed to do with the things you hear that people are now kind of going back and forth on.

How do you mean?
You don’t want your information spewed out into the ether when anyone can be in your house and ask a question.

Or move money around.
We have not put any money movement capabilities on the platform at this point. [It] is not something our skill will accommodate because we’re not comfortable with the state of security for money movement on the platform. How do you do this seamlessly and securely? We’re just not there yet.

Is Amazon a competitor or a partner?
In this conversation we’re definitely in a partnership. We’ve had to asked them to help us better understand the technology platform, we’ve had to help them better understand our regulatory requirements.

Does Amazon keep USAA customers’ data?
Amazon only has access to what the member provides during the interaction with Alexa while using the USAA skill. We use OAuth 2.0 to provide the member with the ability to see what permissions Amazon will be granted and give them the power to decide whether to grant that permission, which they can also revoke at any time. Amazon knows the question that the member asks Alexa and the response that is provided, but not the raw data used to formulate the response. All the transaction data is USAA-owned data.

Customers often care less about privacy than they think and more about speed and convenience.
We’ve enabled secure key, a six-digit key enabled with the Alexa skill that has needs to be uttered upon invoking the USAA skill. Only once you do that will you be able to get personalized spending information and balances. It was something Amazon asked for, but even the way we implement it — having it directly on the Amazon platform, where you have to set it up to determine whether to keep it on or off — is another useful usage pattern we focus on.

How Wells Fargo is letting customers take back control of their financial data

People store card information in a lot of places. Netflix, Spotify, Uber; various apps for their favorite workout, lunch, shopping apps. There’s sensitive financial data flying all around us; it’s the risk people take in exchange for convenience.

Now, Wells Fargo is rolling out a tool that lets customers keep track of it all, an aptly named “Control Tower,” within its mobile banking app that gives them a single view of their digital financial footprint — which includes recurring payments, third parties, mobile wallets, subscriptions, different devices where they’re signed into their banking account — and lets them turn on or off the sharing of their bank account information.

For the bank, it’s about meeting customer expectations, which have evolved. People pay for things and manage their financial lives with other non-bank financial services providers just because they like them (and they’re usually free). Instead of trying to retain customers by replicating those other offerings — which is unrealistic for an institution of Wells Fargo’s size and scale — or somehow preventing customers from buying into their allure, Wells is letting them go about their financial lives as they like and incentivizing them to at least come home at the end of the day for dinner.

The bank is piloting the product with employees later this year and plans to launch it for customers in 2018.

Through a number of moves over the last year, Wells Fargo has positioned itself as leader of the crusade to give customers control over their financial data and how it’s used, but none so pronounced as the introduction of the Control Tower. Ben Soccorsy, head of digital payments product management at Wells Fargo, called it a new type of interaction model for customers — one based on control and trust.

“There are fintechs and other types of companies that can deliver pieces of this already,” Soccorsy said. “It’s not those pieces or the inherent technology that are new, it’s this new way of putting it together in a way that delivers new value to the customer. It’s not just data sharing here and turning your debit card on or off there, device management there. It’s one place.”

That customers expect self-service — ATM withdrawals and deposits, online bill pay, mobile money transfers — from their bank is perhaps the most visible way technology has changed banking. The Control Tower takes that a step further. Giving customers control over how their data is used is the holy grail of digital identity, and the bank has been taking steps toward that goal over the past year by signing agreements with Xero, Intuit — owner of QuickBooks, TurboTax and Mint — and Finicity that allow it to share customer data with the third party using application programming interfaces.

The Control Tower will be rolled out in stages as the bank pursues similar agreements with more third parties; they need to connect with the bank through an API in order for the customer to get the full benefits of the offering, Wells CEO Tim Sloan said at Fortune’s Brainstorm Tech conference in Aspen last week. That implies Wells Fargo is about to get pretty aggressive in its partnering strategy.

The first ambition of these arrangements is to move away from the commonly used screen-scraping method — where the third party “scrapes” the necessary information when customers log in with their bank credentials and hold onto it for future use. Wells has also been speaking out about the need for banks to take a stand against screen-scraping by creating industry standards for data exchange.

Beyond data security, the move by Wells is a sign of the industry’s new willingness to break down their silos and partner or collaborate with third party providers and in some cases products that could be considered competitors, like Apple Pay — all in the name of offering customers choice and developing emotional loyalty.

“We want our customers to have their financial relationship with Wells Fargo. If you want to use another payments provider because that’s your choice, that’s fine, as long as you come back to Wells Fargo,” Sloan said. “We want to offer our customers convenience as long as, ultimately, they come home.”

That’s similar to what JPMorgan Chase said when it announced its data sharing agreement with Finicity two weeks ago.

“Our customers really want to use these financial apps and they do use them a lot,” Trish Wexler, a JPMorgan spokeswoman, said at the time. “We want them to find a safe, secure and private way for them to be able to do that without having to hand over their bank password.”

How personal financial management apps like Moven, Clarity or even old timers like Intuit’s Mint survive in a world where all banks can show customers their entire financial snapshot beyond just their bank accounts is unclear. It’s too early to say, but there’s probably room for both types to exist, Wells Fargo’s Soccorsy said. Of course, the startups also provide a lot of inspiration.

“It’s a good thing we have companies out there looking at creative and innovative ways to help customers be more financially successful. They do it in a way that’s focused on probably one use case, one type of problem, one very specific need a customer has,” he said. “Our company has learned that they’ve been successful in doing that in pieces and parts; we are putting it together in more comprehensive ways.”

That’s one of the reasons innovation appears more difficult to execute at banks than at startups. Small announcements like credit card toggling and direct fraud alerts seem insignificant when they land in customers’ inboxes, but banks are often working to solve broader problems before customers even realize they’re problems. Whether Wells customers begin to care about who has their financial data and how it’s being used once they have the ability to control it remains to be seen.

“That’s part of the role we play. Control is about making you feel comfortable and it comes back to trust,” Soccorsy said. “Our company wants to build trust everyday with customers. This is a forward looking opportunity to do that, recognizing that customers aren’t asking for it by name today.”

How JPMorgan is pushing back against fraud in fintech

The market for consumer fintech apps may be a little saturated, but if customers want to use them, JPMorgan is going to let them — if it’s safe.

On Tuesday, the U.S. banking giant announced an API-sharing agreement with the Utah-based data aggregator Finicity, in which the bank would push customer data to Finicity through an application programming interface that would be shared with its various clients, digital lending and personal financial management apps of interest to Chase customers.

“Our customers really want to use these financial apps and they do use them a lot,” said Trish Wexler, a spokeswoman for JPMorgan Chase. “We want them to find a safe, secure and private way for them to be able to do that without having to hand over their bank password. We think using a tokenized method — instead of having an aggregator come in and screen scrape a customer’s full accounts — is a safer and more private way to do that.”

Screen scraping is the most common way for companies to access customer data. When customers log into third-party sites or apps with their bank credentials, their sensitive information gets “scraped” by the company and stored for re-use. That way, the company can log into the bank account as the customer in order to retrieve account data as necessary.

That makes any possible breach of the fintech app a breach of the bank account. Fraud is often a bigger problem for the bank than the customer; customers can usually rest assured the bank will investigate the transactions and return the funds to their accounts. But in a world where customers are sharing data carelessly and frequently in almost everything they do, they’re vulnerable to more extreme consequences of identity fraud.

It’s hard to make them care about that.

“It’s clear that when there’s a screen on a new app doing a refresh that says ‘click here to accept new terms of the agreement’ both of us would raise our hand and say yeah, I didn’t read that,” Wexler said. “It’s like leaving your keys on front door and walking away.”

This is JPMorgan’s second such agreement. At the beginning of the year, it formed a similar one with Intuit, in which it would share data on its customers that sign up for Intuit products and services — QuickBooks, TurboTax and Mint.

“For years, we have been describing the risks – to banks and customers – that arise when customers freely give away their bank passcodes to third-party services, allowing virtually unlimited access to their data,” JPMorgan CEO Jamie Dimon said in his annual letter to shareholders earlier this year. “Customers often do not know the liability this may create for them, if their passcode is misused, and, in many cases, they do not realize how their data are being used. For example, access to the data may continue for years after customers have stopped using the third-party services.”

JPMorgan spent 16 percent of its total expenses on technology in 2016, it said in its annual report. It allotted $3 billion of a total $9.5 billion in spending to “new initiatives,” $600 million of which it used for fintech partnerships and improving digital and mobile services.

It’s Finicity’s second deal with a bank too; in April it signed a deal with Wells Fargo, which wants to establish itself as the leader of the anti-screen-scraping movement. Wells formed a deal with Intuit in February and with Xero a year ago. Banks and other industry players are having many conversations about whether there should be more standardization where data sharing and exchanging is concerned and what those standards might be, Wexler said, adding that Chase has been in talks with “all major aggregators” and will continue having those conversations.

Finicity is slightly different from the other data aggregators in that allows its partners, Wells Fargo and Chase, to move data to the third-party fintech apps that work with it (like Mvelopes, Lendio, Drop and PocketGuard); whereas Intuit and Xero use banks’ customer information for their own financial applications. JPMorgan was swooping up fintech partners — Zelle, Roostify, OnDeck Capital, TrueCar, Symphony — long before the industry as a whole began embracing collaboration and declaring 2017 the year of bank-fintech partnerships.

“Under this arrangement, customers can choose whatever they would like to share and opting to turn these selections on or off  as they see fit,” Dimon said of the Intuit agreement in the annual letter. “We are hoping this sets a new standard for data-sharing relationships.”

5 charts that show where open APIs are taking banks

Open APIs will be essential for banks’ survival — whether it’s for fulfilling their customers’ expectations, meeting them in different channels or changing their business models.

Open APIs, or application programming interfaces, are what allow banks to share data with third party apps and service providers — whether it’s a nonbank provider of financial services like Digit or Acorns, or a provider of nonbank services that uses bank information for payments or rewards schemes — that customers like to have and use.

But so far banks’ exploration into open APIs has been about one-off agreements for the most part. As banks warm to that kind of external collaboration, however, it’s not a bad time to start thinking about the bigger picture, Capgemini found in its Retail Banking Report, published this week.

“The goal should be less about linking up with a series of independently-operated web pages, and more about taking part in an ecosystem of apps and APIs that support broad synergies between companies and consumers,” according to the report.

Here are five charts that show how how banks are thinking about APIs in their digital strategy today and how they think it could play out in the future.

Large banks are using APIs to improve their omnichannel experience
Of 112 large banks, those with more than $50 billion in assets, surveyed by Celent this February, 56 percent indicated that they would probably expose open APIs as part of their strategy to deliver an omnichannel experience. That point proved more popular than the other six options: 55 percent indicated they would migrate to a single digital technology stack; 50 percent indicated they would replace ATM software along with branch teller or platform sales systems. A large bank with a large budget can make many choices.

 

Just 26 percent of the mid-sized banks, those with under $50 billion in assets, indicated they would pursue an open API strategy (compared to the 50 percent that indicated they would migrate to a single digital channel tech stack); as did 22 percent of small banks, those with less than $1 billion in assets.

It’s important to note, however, that as banks of all asset classes are still trying to nail omnichannel, according to PwC, customers may already have moved beyond that. In 2012, 57 percent of customers indicated they prefer banking by both digital channels as well as human interactions, but that number has dropped to 45 percent today. In the same period, customer engagement with branches and call centers fell from 15 percent to 10 percent while people who use all digital channels — mobile devices, computers and tablets — to interact with the bank grew from 27 percent to 46 percent. (PwC is dubbing this new customer set the “omni-digital” customers.)

Banks aren’t putting up walls, but they have their doubts
A lot of the narrative today in fintech is about bank-startup partnerships and collaborations. Don’t be fooled, banks still want to maintain the status quo — in 2015, 48 percent of banks saw third parties as more of a threat than an opportunity, compared to 31 percent today; and 60 percent felt the need to tackle nonbank competition, compared to 54 percent today — but their change in attitude toward startups is loud and clear. In 2015 35 percent were ready to invest in an API platform, now almost half are; then, 30 percent said building an open banking platform was high up on the list of priorities and today more than half agree.

In the last year, Citibank, BBVA and Capital One, to name a few, have opened their APIs to third-party developers.

Others are doing this on a case-by-case basis. JPMorgan Chase and Wells Fargo have data sharing agreements with Intuit that employ APIs in order to share customer data more safely. Finicity recently signed a similar deal with Wells Fargo, as did Xero with Wells, Silicon Valley Bank and most recently, Capital One.

However, banks are still highly regulated, highly scrutinized businesses with a lot on the line. So it’s unsurprising that data security and privacy still raise a lot of red flags for banks thinking about opening an API platform. When Capgemini asked fintech startups for their concerns, their answers didn’t really differ from the banks’.

Banking as a platform
Most banks (56.5 percent) believe banks will remain the main channel for banking products and services (incidentally, so do 55 percent of fintech startups). But Capgemini said if it stays on that path could struggle to match competitors on time to market, according to its Retail Banking Report. Most banks (53.8 percent) also believe they’ll evolve into platforms that support cross industry players that tap into core banking systems, kind of like Amazon.

“An open banking model similarly presents new opportunities for creating and distributing products,” the report says. “Traditionally, banks have owned the process of building and selling products from end to end, and the only entity responsible for adding value to a product has been the bank itself. An open banking model turns this approach on its head… Collectively, these partners would give rise to much more creativity than the bank could muster on its own.”

How Western Union is digitizing a 166-year-old business

Western Union

As young companies like TransferWise and WorldRemit move into the remittances arena, Western Union is working to maintain its dominant position.

As tech companies, these younger companies are often able to innovate faster because they aren’t subject to the intense regulatory scrutiny that slows down large institutions like Western Union — it’s one reason legacy and startup firms have begun various partnerships with each other. Western Union, for example, is running a pilot for cross-border settlements with Ripple and has partnerships with messaging platforms Viber and WeChat. (Incidentally, Ant Financial has bid $1.2 billion to acquire Western Union competitor MoneyGram.)

These partnerships should bring more value to customers, but Western Union also has compliance officers to please. So its also working on technology solutions internally to help strengthen security and reduce fraud, which pair data with biometric capabilities, a global identity system and “polymorphic” technologies that try to fake out automated attacks.

“We’ve built our foundation on big data technology,” said David Thompson, Western Union’s chief information officer. “We do a real time risk assessment of every transaction in real time… this allows us to take a lot of data elements where we make a decision on the transaction for risk.”

Western Union has built a global presence based on the ability to move money to and from almost anywhere in the physical world, but like most financial firms, how it handles customer data will have a big effect on its place in the digital world. There’s an overflow of customer information floating around the Internet and every trace of it is vulnerable to online attackers with the motivation to steal people’s identity and use it to commit financial fraud. It’s one reason digital identity has become such a hot topic in the financial world, where fraud is becoming more sophisticated with the financial systems themselves.

“You might have many different personas but from a compliance perspective we have to view you as ‘who you truly are,’” Thompson said. “The compliance systems need to know you’re one, individual human.”

Western Union processes 30 transactions per second, to which it must apply hundreds of compliance and risk rules, using a concept it calls Galactic ID. At different points in time, users can register at different parts of the site as different personas — like students or small businesses. Western Union snaps that information together through the elements the customer provides, like her name, birthday, address, serial number from the computer or phone on which she registered.

“If you change any type of data element we snap you back to your Galactic ID, and if we see you trying to use data elements to try to adjust your ID, the compliance officers can very quickly see [it],” Thompson said.

He wouldn’t comment on how Western Union might use customer data for a future use case. Right now, it’s focused on security and compliance.

Whereas some companies try to minimize the amount of data that’s transacted, Western Union is still collecting data and using polymorphic technologies to block hackers out of its system. The idea is that an attacker could program a bot to try to enter an application or financial transaction — it would tell the bot how many fields there are to complete and have a trove of stolen credentials to try to throw at it, to try to gain access to your application, or fund a transaction.

“When you have a bot attacking app or infrastructure, our app is constantly morphing itself so the bots can’t pick out certain fields, because 10 seconds later those fields appear in a different way,” Thompson said.

Western Union is also tying that concept it with biometrics capability. Biometrics are becoming more widely used for authentication in the developed world — customers can unlock their phones, pay for purchases or log into apps by pressing their fingerprint against their phones. But in more developing countries — like India, the Philippines and others in which Western Union operates — biometrics are being tied to national identity schemes, where governments register citizens’ fingerprints to their IDs.

“They’re opening up the system to financial services so if you walk into one of our retail locations you can put your thumb on an identity plate, it will bring up your ID and you can validate a transaction,” Thompson explained. “We’re trying to buy into that very quickly. It helps us keep folks out of our network that are blocked by that local government, that can be identified as a criminal that shouldn’t be pricing, or are on a sanctions list.”