“The more things change, the more they stay the same.” The wisdom in this old adage appears to ring true when applied to the early phases of the evolution of Open Banking (or open payments). Especially when you contrast it with the early days of
ATM withdrawals; particularly those made in the dead of night so you could pay cash for your after-party greasy feast.
In both scenarios, a real-time balance is essential to ensure cleared funds are honoured. Decades ago, consumer demand for accessible after-hours cash was resolved through the illusion of real-time account availability, made possible by clever systems
like BASE24. These systems managed balances safely and securely, even when old-fashioned account systems retired overnight to attend to their batched-up housekeeping duties.
Over the last couple of decades, the magical illusion of 24/7 availability has been perpetuated, and it now seems that banks are obligated to conjure that same magic to provide the ‘always-on’ real-time balance data required by third parties in new Open
Banking initiatives. That’s because many banks’ modern Open Banking capabilities, delivered using new technology constructs like Application Programming Interfaces (APIs) and real-time payments, are still dependent on core banking systems with the same old
Real-time authorisation for the digital era
It is an interesting paradox that many of the world’s biggest retail banks (and indeed a fair proportion of disruptive new banks) are investing in user experience-driven banking apps to support always-connected users – but taking the capabilities of core
accounting systems for granted. New, easy-to-use, front-end apps are important, obviously, but it is a mistake to view the core authorisation systems just as rather boring ‘back office’ overheads. These services are a crucial piece of the ‘always connected’
design goal, and to offering high levels of personalisation.
The modern requirement for personalisation builds on traditional authorisation functions (i.e. “is the card valid?” “are there sufficient funds?) by layering on extra preferences, such as the ability to turn accounts on/off, creating geographical blocks
and restricting usage by retailer segment. Further checks need to be made to avoid fraud and to comply with new regulations relating to authentication requirements, where multi-factor authentication (beyond traditional card and PIN) needs to be executed.
New “authentication ceremonies” will need to be supported – allowing consumers to approve transactions using safe and secure methods that feel most natural. These are needed when a consumer accesses a bank directly using the bank’s own services. But they
are also needed for indirect access, for example, when a consumer uses a third-party provider’s app to access the bank via new Open Banking APIs. Modern authorisation and authentication systems are anything but ‘back office’ – they are about to become major
customer service differentiators.
Understanding Open Banking transactions flows – what happens when it goes wrong?
The new world of Open Banking promises new innovative services, offered by both new companies and by established brands now able to aggregate information from consumers’ multiple bank accounts and to initiate payments on their behalf. However, there are
some uncertainties in these new transaction scenarios – not a great surprise given the new and radical nature of some of these interactions, which is giving rise to varying interpretations of public policy and regulatory statements.
Arguably, new payment flows might be simpler; real-time (immediate) payments as an alternative to cards carry the promise of lower costs, faster settlement and no provision for disputes and chargebacks. But normal people can make mistakes and queries, so
disputes and correction facilities will inevitably need to be provided. In the card payments world, the ownership of liability and risk for these scenarios is clearly prescribed by the card schemes. But, in the world of Open Banking, these operational support
facilities still need to evolve.
The existence of equivalent rules and policies in card payments ensures the continued use of cards as the default payment rails – at least until we see improved definitions for liability ownership within the real-time and open payments market.
What new magic is needed to deliver modern Open Banking?
So, is a 24/7 illusion still needed in the era of modern Open Banking?
It seems evident (and somewhat surprising) that many contemporary financial institutions are still not operating truly 24/7 core processing systems. There are exceptions, particularly among the new breed of start-up banks dotted around fintech capitals of
the world, but in general, the need for a resilient proxy to manage real-time balance information still exists.
It may no longer be sufficient to stick to the old magic tricks, however. In addition to the basics of safe transaction authorisation, modern transaction handling systems need to step up to the challenges of strong authentication, the complex logic of personalised
financial services and being able to handle alternative payment methods.
It may be appealing to dispense with the magic and go to the core of the problem, although this would mean addressing and upgrading existing banking systems to become genuinely real time. This can be a high-risk strategy though, fraught with existential
dangers that go beyond the world of payments. It’s also a high cost, long-term option. Tricky, if a business needs to keep their options open as consumer opinions (and the actions of regulators) start to shake out.
Ultimately, the trick banks need to perfect is ensuring their customers get what they want. No one needs to believe in magic for this to work – you just need to recognise that magical things can happen if you get the payments story staged right.