Security as a Critical Factor for Innovative Financial Services

• Together with regulations, IT security gains in relevance

• Security particularly demanded for payment transaction services

• BaFin regulates e-commerce companies

The topic of security continues to increase in importance for new players in the field of financial services. Lately the topic of regulations has also come to play a larger role in this field. This leads to higher obstacles for innovative concepts to overcome; however, the fact that these concepts are able to reach these obstacles is a sign of the continued progress of new developments.

Studies show that security and data privacy in banking are the most important concerns for customers. These two points have clear priority ahead of the cost/benefit analysis, convenience, and the information available. Customers’ expectations in terms of security and data privacy in this field are by no means consistent with their behavior in other fields, such as that of social media. The fact that users are willing to provide information about their personal lives while being highly sensitive about their financial and transaction data may be inconsistent,, but is a widely known phenomenon that is already no longer new.

At the moment, the question of security in innovative payment services is drawing particular attention. Already some time ago, the lack of security of NFC-based credit cards, whose data can be read using a smartphone app, became apparent. McAfee – a US manufacturer of anti-virus and security software – identified increased attacks on banking apps in the field of mobile services and on virtual currencies as important topics for the future. Some time ago, Google announced that it would certify its business apps according to the ISO 27001. This does not represent an independent standard, but the process does point to the sensitivity of this internet giant. The conflict between banks and telecommunications firms about the secure element in NFC-capable smartphones is also being carried out in this field. Last but not least, critics are questioning the security of the Google Wallet, and hackers recently demonstrated how smartphones can be taken over by third parties with the help of NFC technology and without users’ knowledge.

The term “security” here encompasses several different aspects: the security of money storage, services, and data. The field of security and data protection is particularly relevant for new market players. These data refer to information that is collected during individual transactions, and can also refer to information about the customers. Users not only expect their data to be protected against loss and accidents, but also demand that the data be protected from abuse. Users expect this protection from all market participants that collect information in the field of financial services in order to provide their products and services.

Aside from security in the sense of data protection, another topic of importance at the moment is the intensified application of regulations. Only at first glance does this seem to have little to do with security. In reality, regulations are justified on the basis that sensitive areas cannot be sufficiently secured through self-control mechanisms. Therefore, such areas are placed under government supervision. In particular, the requirements by the German Federal Financial Supervisory Authority (BaFin) for internet companies and retail firms are currently being discussed. The BaFin is demanding a license for the processing of payment transaction services that require extensive reporting. In principle, this affects all companies within the e-commerce field whose platforms enable other parties to conduct business with one another. The media have already begun to talk about the “death of start-ups” (Spiegel).

The fact that regulators are intervening in a field in which not only new but also large firms are present, and the fact that they are focusing on services within the field of payment transactions, is highly instructive. This is the field in which innovative solutions are most advanced. Furthermore, the regulations will not only affect firms catering to niches with exotic options for “unbanked” and “underbanked” economies, but also large players who are powerfully pushing onto the market and offering finely tuned services, thereby reshuffling the deck in market segments traditionally reserved for banks.

The increasing significance of these topics points to the fact that developments in the field of financial services are reaching a new level. The market participants now stand before an important new hurdle. Overcoming this obstacle requires not only the technological avant-garde and early adopters, but also a broader client base that expects banking solutions to adhere to certain standards.

What will be decisive for further development is the extent to which new market participants are able to take up the topic of security and turn it to their advantage. Most of these participants possess the competences necessary for shaping this topic as, in most cases, their history is closely linked to the internet. One wouldn’t want to accuse innovative concepts of being less sensitive toward security aspects due to their focus on online and mobile business fields. The opposite is more likely to be the case.

Study on security and data privacy as customer priorities for online banking

http://www.initiatived21.de/wp-content/uploads/2011/07/Fiducia_2011.pdf

Data theft from NFC credit cards

http://www.heise.de/newsticker/meldung/Kreditkartenklau-per-Smartphone-1611874.html

McAfee Labs 2012 Threat Predictions

http://www.mcafee.com/cf/about/news/2011/q4/20111228-01.aspx

Googles ISO 27001 Certification

http://www.computerwoche.de/management/cloud-computing/2513968/

Google Wallet-Security

http://www.pcworld.com/…google_wallet_security_concerns_raised.html

Smartphones hacked without the owners’ notice

http://www.heise.de/newsticker/meldung/Android-und-Nokia-Smartphones-per-NFC-uebernommen-1652934.html

BaFin demands banking license / eBay und Amazon

http://www.spiegel.de/netzwelt/netzpolitik/bafin-will-online-plattformen-regulieren-a-845608.html

http://coretechmonitor.com/innovative-finanz-services-vor-dem-hintergrund-regulatorischer-und-rechtlicher-anforderungen/

http://www.gruenderszene.de/allgemein/bafin-online-handel-erlaubnis