Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Profile
Location
Newcastle Upon Tyne
Member since
2018
Writes about
Payments Retail banking Identity

Giles's blog archive

2021 (1) 2018 (1)
Giles Sergant

Giles Sergant

Director at Consultant
Message Message me Posts: 2 Comments: 14
Bio I've been advising startup banks on payments & identity architecture, most recently designing an app based SCA compliant solution for 3DS (1.0.2 & EMV2.x) for a Nationwide debit card. Founder of Touch2id

Blogs

Banking Strategy, Digital and Transformation

Open Banking and the DCMS should get a room (banks should verify our identity attributes)

16 Aug 2021

In his address earlier this month to the American Enterprise Institute, the Fed’s Governor Chris Waller described CBDCs as “a solution looking for a problem”. Time will tell if he’s right. Many said the same of Open Banking in 2017 when it emerged freshly minted under PSD2. Commentators at the time (not just bankers) also questioned the sufficien...

Open Banking

The CMA's Open Banking 'nursery' is playing fast & loose with Customer Consent

02 Feb 2018

You'd be forgiven for thinking this long awaited and highly revered era of 21st Century 'Open banking' that's just been ushered into the UK with a spirited shove-in-the-back by its Competition & Markets Authority (CMA) hasn't exactly captured the public's interest. Open Banking is the central plank of the second most significant payments dire...

7

See all Giles's blogs

Giles is Commenting on

Fraud victims lose £28K to bank transfer scams every hour

  Agree Ed. In our son’s case his cash ended up in a non-CoP UK bank, so a UK mandating would at least help to close the door. In terms of consumer education (for account holders) …. it would help that effort if these scams could be referred to with something the general public can actually understand and that better describes the problem. Such as Identity Fraud Scams, for instance …. and not ‘APP fraud’ which appears in every media headline but is so tenuous even bankers struggle with it (despite it being essentially derived from bankers’ speak).

09 Mar 2022 Reply Read article

Fraud victims lose £28K to bank transfer scams every hour

  Thanks Jackie. When your bank’s app is in your phone, you are carrying their software (SaaS). Essentially you’re carrying a miniaturised branch around in your pocket and we need to be maximising the advantage of this … Applying modern use of in-app messaging or message-based-chat would make the phone line - where you have to be “taken through security” and are more often than not subjected to ‘hello 1989’ IVR before you are permitted to even talk to a human - largely redundant. It would be trivial instead to ping an app (push) notification and then serve up the ‘last three transactions’ …. “did you spend £15.22 at Aldi in Jesmond yesterday?” or whatever, in the App with a Y/N? field. No phone call required, utlising SCA (instead of the first two characters of your mother’s maiden name etc) and strong assurance for the account holder that they’re communicating directly with their actual provider.

09 Mar 2022 Reply Read article

Fraud victims lose £28K to bank transfer scams every hour

  APP fraud is identity fraud and banks should implement Secure Provider Authentication (SPA). To protect their customers from the indignity, the anxiety and the shame of being scammed, Banks need to focus energies on SHUTTING THE STABLE DOOR to prevent more of this from happening in the first place. Some people will always get scammed but right now that door is way too ajar. Big banks are just too easily impersonated and their comms channels to customers vulnerable and too easily compromised by their own behaviours. Last month our son at Uni fell victim to an APP scam and they emptied his account. Sufficiently sophisticated to fool a young adult with just a few yrs of banking familiarity. First a bogus txt from ‘Royal Mail’ about parcel redelivery: enough to elicit an address and bank name. Next an 0800 inbound call from ‘Santander’s fraud team’ alerting to suspicious activity. And so, driven by a fear of losing all his money … he lost all his money. Banks say “we will never contact you by…“ and “we will never ask you to ….” but the uncomfortable truth is they do and they have (less now than in the past) - and it’s those behaviours the scammers are exploiting. In the follow up with Santander’s real fraud team they’d called him on three different 0800 numbers, none of which he had any means to validate as real. At the start of each call he was “taken through security checks” but they gave him NO means to authenticate THEIR identity. Why? They could have sent an OTC to their App on his phone and recite it once he’d opened the App to view it using SCA. They’re leaving account holders vulnerable because it’s secure comms ONE WAY but NOT the other. Hardly a surprise that APP fraud on FPS now outstrips fraud on the card networks (which for so long held top billing). Significant for the customer tho as fraud on the former is far harder to recoup than the latter are your article points out. PSD2 gave banks no choice but to spend on SCA to ensure the account holder is verified by two factors when opening their App. Implementing 2FA to provide equivalence in the other direction ~ for the account holder ~ is non mandatory. So whilst it's technically trivial to enable, it’s a chunky £upgrade which needs to be signed off internally. Cost being commensurate with size / age: the CMA9 are the natural laggards and loom large on this heat-map. When the CRM payouts (mandated or otherwise) exceed the internal cost to upgrade I guess the decision becomes easier.  

09 Mar 2022 Reply Read article

Many BNPL users unclear what they're signing up to - survey

  Banks, cc companies (and any fintech that’s able to pivot) is rushing to the UK BNPL market because big positions are being taken in this niche corner of consumer payments, which is pre-regulation.  It's hot. Some trying to incept in this space (hoping to morph to something more profitable) others just covering positions, heat seeking or simply just the plain fear of missing out. Merchants just want to shift more gear and will engage with pretty much anything that might lower or equate to their current merchant service charges. But it’s a perfect storm for UK consumers, easily enticed by the accessibility of instant credit and allured by the “have what you want when you want” messaging which underpins it.  And okay BNPLs may not yet be making money and may not yet vbe taking extortionate fees, but it is driving gross consumer credit upwards (household debt) and when disposal income is flat and the friction to get credit lowers the pain spreads elsewhere. 10% of BNPL customers are already in arrears and 54% of BNPL payments in the UK are being made on credit cards. Worse of all, the traditional unsecured consumer credit market, such as hire purchase agreements, credit card limits and even payday loans, is regulated to ensure affordability checks are made and repayment capability assessed.  There’s no such overarching checks with BNPL, no tethering, no repayment dashboard.  Consumer can get hitched with as many BNPLS as they like: with the consumer left with the responsibility to assess their own gearing to repayment metric.  We know how this ends. Did someone just say Wonga?! When they said Open banking would pave the wave for killer apps, I doubt this is what they had in mind.  

07 Dec 2021 Reply Read article