Finextra Research
Sign in
Sign up
  • News
    • Latest news
    • Company updates
    • Long reads
  • TV
  • Research
  • Events
    • All
    • Conferences
    • Webinars
    • Popular
  • Community
    • Community latest
    • Latest expert opinions
    • Groups
    • Search members
  • Jobs
  • APIs
Sign in
Sign up
  • News
    • Back
    • News
    • Latest news
    • Company updates
    • Long reads
  • TV
  • Research
  • Events
    • Back
    • Events
    • All
    • Conferences
    • Webinars
    • Popular
  • Community
    • Back
    • Community
    • Community latest
    • Latest expert opinions
    • Groups
    • Search members
  • Jobs
  • APIs
  • payments
  • markets
  • retail
  • wholesale
  • wealth
  • regulation
  • crime
  • crypto
  • sustainable
  • startups
  • devops
  • identity
  • security
  • cloud
  • ai

Community

  • Your feed
  • Latest expert opinions
  • Groups

Join the Community

23,178
Expert opinions
43,805
Total members
380
New members (last 30 days)
181
New opinions (last 30 days)
29,037
Total comments
Join Sign in
Follow Unfollow

Giles Sergant

Director
Consultant
Member since
09 Jan 2018
Location
Newcastle Upon Tyne
Followers
0
Following
0
Opinions
2
Long reads
0
Followed by John Sims, Martha Boyle and 5 others you follow

Bio

I've been advising startup banks on payments & identity architecture, most recently designing an app based SCA compliant solution for 3DS (1.0.2 & EMV2.x) for a Nationwide debit card.

Founder of Touch2id

Experience

Director
Consultant
To Present
Show all experience

Latest opinions

Giles Sergant

Open Banking and the DCMS should get a room (banks should verify our identity attributes)

In his address earlier this month to the American Enterprise Institute, the Fed’s Governor Chris Waller described CBDCs as “a solution looking for a problem”. Time will tell if he’s right. Many said the same of Open Banking in 2017 when it emerged freshly minted under PSD2. Commentators at the time (not just bankers) also questioned the sufficien...

16 August 2021 Banking Strategy, Digital and Transformation

Giles Sergant

The CMA's Open Banking 'nursery' is playing fast & loose with Customer Consent

You'd be forgiven for thinking this long awaited and highly revered era of 21st Century 'Open banking' that's just been ushered into the UK with a spirited shove-in-the-back by its Competition & Markets Authority (CMA) hasn't exactly captured the public's interest. Open Banking is the central plank of the second most significant payments dire...

02 February 2018 Open Banking

Latest comments

Fraud victims lose £28K to bank transfer scams every hour

Agree Ed. In our son’s case his cash ended up in a non-CoP UK bank, so a UK mandating would at least help to close the door. In terms of consumer education (for account holders) …. it would help that effort if these scams could be referred to with something the general public can actually understand and that better describes the problem. Such as Identity Fraud Scams, for instance …. and not ‘APP fraud’ which appears in every media headline but is so tenuous even bankers struggle with it (despite it being essentially derived from bankers’ speak).

09 Mar 2022 11:09 Read comment

Fraud victims lose £28K to bank transfer scams every hour

Thanks Jackie. When your bank’s app is in your phone, you are carrying their software (SaaS). Essentially you’re carrying a miniaturised branch around in your pocket and we need to be maximising the advantage of this … Applying modern use of in-app messaging or message-based-chat would make the phone line - where you have to be “taken through security” and are more often than not subjected to ‘hello 1989’ IVR before you are permitted to even talk to a human - largely redundant. It would be trivial instead to ping an app (push) notification and then serve up the ‘last three transactions’ …. “did you spend £15.22 at Aldi in Jesmond yesterday?” or whatever, in the App with a Y/N? field. No phone call required, utlising SCA (instead of the first two characters of your mother’s maiden name etc) and strong assurance for the account holder that they’re communicating directly with their actual provider.

09 Mar 2022 10:54 Read comment

Fraud victims lose £28K to bank transfer scams every hour

APP fraud is identity fraud and banks should implement Secure Provider Authentication (SPA).

To protect their customers from the indignity, the anxiety and the shame of being scammed, Banks need to focus energies on SHUTTING THE STABLE DOOR to prevent more of this from happening in the first place.

Some people will always get scammed but right now that door is way too ajar.

Big banks are just too easily impersonated and their comms channels to customers vulnerable and too easily compromised by their own behaviours.

Last month our son at Uni fell victim to an APP scam and they emptied his account. Sufficiently sophisticated to fool a young adult with just a few yrs of banking familiarity.

First a bogus txt from ‘Royal Mail’ about parcel redelivery: enough to elicit an address and bank name. Next an 0800 inbound call from ‘Santander’s fraud team’ alerting to suspicious activity. And so, driven by a fear of losing all his money … he lost all his money.

Banks say “we will never contact you by…“ and “we will never ask you to ….” but the uncomfortable truth is they do and they have (less now than in the past) - and it’s those behaviours the scammers are exploiting.

In the follow up with Santander’s real fraud team they’d called him on three different 0800 numbers, none of which he had any means to validate as real. At the start of each call he was “taken through security checks” but they gave him NO means to authenticate THEIR identity.

Why? They could have sent an OTC to their App on his phone and recite it once he’d opened the App to view it using SCA. They’re leaving account holders vulnerable because it’s secure comms ONE WAY but NOT the other.

Hardly a surprise that APP fraud on FPS now outstrips fraud on the card networks (which for so long held top billing). Significant for the customer tho as fraud on the former is far harder to recoup than the latter are your article points out.

PSD2 gave banks no choice but to spend on SCA to ensure the account holder is verified by two factors when opening their App.

Implementing 2FA to provide equivalence in the other direction ~ for the account holder ~ is non mandatory. So whilst it's technically trivial to enable, it’s a chunky £upgrade which needs to be signed off internally.

Cost being commensurate with size / age: the CMA9 are the natural laggards and loom large on this heat-map.

When the CRM payouts (mandated or otherwise) exceed the internal cost to upgrade I guess the decision becomes easier.

 

09 Mar 2022 10:09 Read comment

See all 14 comments by Giles

Giles writes about

  • payments
  • retail banking
  • identity

Giles's opinion archive

  • 2021 (1)
  • 2018 (1)
ShowHide similar members

Similar members

Miles Quitmann

Miles Quitmann
Director at Proxama

Follow Unfollow
Olaf Ransome

Olaf Ransome
Director at 3C Advisory LLC

Follow Unfollow
Russell Bell

Russell Bell
Director at Fastbase Ltd

Follow Unfollow
Mark O'Keefe

Mark O'Keefe
Director at Optima Consultancy

Follow Unfollow
Matt Jones

Matt Jones
Director at Payments Culture

Follow Unfollow

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept
Finextra

Finextra

  • About

Community

  • Rules
  • Contact the community team

News

  • Guidance
  • Contact the news desk

Sales

  • Media pack
  • Contact the sales team

Get involved

  • Finextra Live@
  • Webinars
  • Finextra TV
  • Research
  • Finextra.jobs

Events

  • Sustainable Finance Live
  • NextGen Nordics
  • EBAday
  • NextGen:AI
Join the community Register for news alerts
Apple App Store Google App Store

© Finextra Research 2025

Terms of usePrivacy PolicyCookie Centre