16 August 2017
Arturo González Mac Dowell

Eurobits Technologies

Arturo González Mac Dowell - Eurobits Technologies

4Posts 21,044Views 5Comments
Online Banking

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

PSD2 and the Secure vs Insecure Staircase Debate

18 July 2017  |  6259 views  |  1
  • A few years after Bautista closed his business I casually met him in a cafe nearby the Town Hall. After saying hello to him and asking how were things going (not very well, I must say) we started talking about his business and why he had closed it down.

    He said that he did not understand why the Town Hall passed a law to promote competition in financial services. And that law ultimately forced all the Money Butlers that were putting the competitive pressure on the banks to close their business just because they were not allowed to climb through the staircases when the elevators where not working. All while traditional banks did not offer more competitive and transparent services to Villa Arriba’s consumers.

    - Look Bautista, isn’t that the Mayor down there? Let’s take our coffees and ask him.

    -Hello Mayor, may we sit with you to enjoy our coffees and discuss about this Money Butler law?

    -Sure Arturo and Bautista, please do sit down and let’s talk about the issue.

    -Mr. Mayor, Bautista tells me that the reason he and all the other Money Butlers had to close their business is because you did not allow them to climb through the staircase when the elevator was not working. Why did you do that?

    -Well, we did it for two reasons. Performance and security. We all know that elevators are faster, and the banks claimed that they are also more secure than staircases. In the Town Hall we all took this for a fact. You know, elevators look so good!

    -Is this true Bautista? I asked.

    -Well, yes… It is true that elevators are faster, when they work properly that is, which was not always the case. I am not so sure about them being more secure.

    -What do you mean asked the Mayor?

    -Well, if the staircases are not secure, why did you allow regular customers to access the bank branches through the staircases? I understand that the elevators were only for the Money Butlers, not for the customers. Is the Town Hall more concerned about our security than the security of the bank’s customers?

    -Yeah, what about my security? I said

    -The Mayor said that we did not understand the issue. Of course, the stairs are secure, otherwise they wouldn’t allow customers through them, he said looking to me.

    -Then what is the security issue with the staircases?

    -Well, the banks need to be able to distinguish when the customer is accessing the staircase by himself, from when it is the Money Butler doing it for him. Said the Mayor.

    -The Branch Manager of one of Villa Arriba’s banks who had just asked for a cup of coffee and joined the conversation nodded.

    -To which I replied. Isn’t it enough that I have signed this paper that allows Bautista to access my accounts on my behalf?

    -Imagine this paper gets stolen, said the branch manager.

    -Bautista swiftly said, well, I have a Money Butler license. I am not allowed to get the elevator if I do not show my license first. Couldn’t I also show my license before climbing the staircase?

    -Oh, this would be very expensive for us, said the branch manager.

    -Expensive? Couldn’t you share the same desk that is in front of the elevator to identify Money Butlers climbing the staircase? After all, the elevator and the staircase are side by side.

    -Yes, I guess we could, but that wouldn’t prevent someone that has stolen that written authorisation that Arturo gave you, to climb the staircase as a regular customer. He would then be able to enter the branch on his behalf and steal his money!!!

    -What??? Was my money at risk when I signed that paper to you Bautista???

    -Cool down Arturo, that paper you signed just allowed me to get your account balances and transactions. Don’t you remember that every time I asked to move your money the branch manager had to call you over the phone to make sure you authorised?

    I was relieved to hear that and said,

    -I had forgotten Bautista!

    -Besides, continued Bautista. If someone stole Arturo’s authorisation, he would never use the elevator to access the branch. He would have soon learnt that without a Money Butler license he would not be able to take the elevator. He would climb the staircase just like any regular customer would. Right?

    -Right, mumbled the branch manager.

    -But you are missing the point Bautista. What is at stake here is the security of Arturo’s banking information! Arturo, those written authorisations that allow Bautista to get your statements are very broad. We have no way of knowing if you want Bautista to access all your accounts or just this one in particular. Mind you Bautista, I have nothing against you, but there were many other Money Butlers that, I am not so sure about them...Said the Branch Manager.

    -Well, I have known Bautista for some time, and I trust him. I said.

    Bautista firmly pushed me back and asked me to let him handle this.

    -Look Mr. Branch Manager, I had to obtain a Money Butler license from the Town Hall, obtain an insurance policy and fill a lot of paperwork. And that makes me as respectable and trustworthy as you with your banking license. The same goes for all the other Money Butlers.

    -Am I right Mr. Mayor?

    -Yes, you are right Bautista, he sighed.

    -Am I right that you can inspect me as often as you want? just like the bank? And if I access information from Arturo that I have no permission to access, you will take my license away?

    -Yes Bautista, you are right again.

    -Lastly Mr. Mayor, was one of the duties of the bank to check for what accounts had Arturo given me permission to access?

    -No Bautista, that is not what we devised.

    -Then, we can all agree that the staircases are not an insecure method for Money Butlers to access the accounts from people like Arturo. Right?

    -The Branch Manager left a coin in the table for his coffee and quickly rose and left after politely saying good bye and excusing himself for a meeting.

    I was a bit puzzled. And said,

    -So yes, the elevator is better. I know Bautista is not dumb and will take it whenever it works properly. Why will he climb the staircase when the elevator works? But, if the elevator is not working, or if there is too large a queue, why shouldn’t he be allowed to use the staircase after identifying himself? Specially since we now know it is as secure as the elevator! All these years climbing the branch stairs for no reason! After all, all I care as a customer is that I have the information I want, when I want it. To be honest Bautista, I was not that worried if you had to sweat your way up the staircase or climb comfortably in an air-conditioned elevator. Sorry for being so clear, to which Bautista grinned.

    The Mayor looked to the floor and said,

    -Bautista, Arturo, you are both right. We made a mistake. We shouldn’t have closed Bautista’s access through the staircases, after all, they were secure. But look, we will revise the law and change that.

    -That is great news Mr. Mayor… for my son! I will retire next year, and you know, haven’t had much success since I closed my Money Butler service. My pension will be minimal. But I hope you will treat me to a coffee every now and then we meet… Besides, nobody is trying to do different things in Villa Arriba any more. They either move to Villa Abajo, or keep doing business the traditional way.

    If you are interested in the subject, you can continue to the third and final part of the trilogy here:

  • PSD2 and The Cost of Using the Staircase When the Elevator Fails 

    In case you missed the first part, here you have it:

PSD2 and the Secure vs Insecure Staircase Debate TagsPaymentsRisk & regulation

Comments: (1)

Paul Love
Paul Love - Compass Plus - Nottingham | 26 July, 2017, 15:00

This is an excelelent analogy to the current spat over APIs.

I have used account aggregation services without a problem for almost as long as Internet banking has existed, but since Windows 10 Edge replaced Internet Explorer none of my services seem to work without ActiveX.

We seem to be in the middle of a two steps forward-one step back period, and unfortunately, as your analogy so clearly illustrates, this is being driven by policy rather than competion or customer service.

I am sure the brave new post-PSD2 world will be wonderful, but we have to get through a lot of fog first.

1 thumb up! 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Arturo

PSD2 and the Cost of Using the Staircase When the Elevator Fails

23 July 2017  |  4210 views  |  0 comments | recomends Recommends 1 TagsPaymentsRisk & regulationGroupOnline Banking

PSD2 and the Secure vs Insecure Staircase Debate

18 July 2017  |  6259 views  |  1 comments | recomends Recommends 1 TagsPaymentsRisk & regulationGroupOnline Banking

PSD2 and the Elevator vs Staircase Paradox

15 July 2017  |  5092 views  |  0 comments | recomends Recommends 1 TagsPaymentsRisk & regulationGroupOnline Banking

Why EBA hasn’t understood PSD 2!

07 April 2017  |  5484 views  |  0 comments | recomends Recommends 1 TagsRetail bankingInnovationGroupFintech innovation and startups

Arturo's profile

job title President & CEO
location Madrid
member since 2013
Summary profile See full profile »
Since 2.004 I lead Eurobits Technologies as the first Account Information Services Player in the EU.

Arturo's expertise

Member since 2010
0 posts5 comments
What Arturo reads
Arturo's blog archive
July 2017 (3)April 2017 (1)

Who's commenting on Arturo's posts

Paul Love