When the EU regulation known as the Payment Services Directive 2 (PSD2) takes effect, in January 2018, banks will be required to open their businesses to outside service providers. That includes offering these outsiders access to application programming interfaces (APIs), which are the digital protocols that allow third parties to build apps linking to a business. In the UK, the Competition and Markets Authority (CMA) has instructed banks to allow third-party providers direct access to their data (with permission from each individual consumer). This is roughly what the concept of open banking means. The idea is that consumers’ financial data will not be housed in walled-off individual bank websites, but on platforms that give access to the different applications chosen by each account holder. “We need a mindset shift to understand the possibilities brought by open banking”, says Adizah Tejani, director of marketing for Europe, the Middle East and Africa (EMEA) for Token, an open banking platform provider. “It’s not just about complying with PSD2. It’s about what is beyond it. Institutions that think strategically and long term about what the next ten years will look like are the ones that will come out on top.” Tejani spoke on 8 November with LSE Business Review’s managing editor, Helena Vieira, during Web Summit, in Lisbon.
Can you explain how Token Inc works?
Token is a fintech company from California that works in the open banking space. There is a piece of regulation across Europe called PSD2 which is mandating banks to open up data to third parties and this actually means that third parties can request access to someone’s bank account. With that, it brings a whole raft of changes to the ecosystem, to try to open it up. The regulation comes into force in January 2018. However these discussions have been going on for quite a while.
I presented at another conference in 2015 called Sibos in Singapore about how open banking was being approached within the UK market, and really it is about making sure that you have smart APIs to look at how data is moving across banking at platforms, and across bank account information versus having things like scraping (crawling the Web to retrieve information from different pages).
So having an API or an API-driven approach actually allows you to have cleaner data and also smarter data for all parties. This is actually a three-sided problem because it affects the banks, it affects the merchants and it also affects the customer. And overall it will bring us towards a better, stronger ecosystem. One way to conceptualise it is to think of a smartphone. Before apps came along you were unable to do certain things and now, ten years later, we can’t imagine our lives without a smart phone and its apps. Open banking will allow developers and merchants to develop applications that customers really want. That sort of opens it out to make sure that consumers will be able to use applications in a way that works in their best interest.
If I have open banking, to whom can I give access to my account ?
To a third party. But that third party may need to go through different levels of registration in different jurisdictions – it’s important to remember that security is as important as user experience. There needs to be that strong combination and I think it’ll take time to understand which use cases will work best. A classic example is when the first smartphones were launched. People didn’t necessarily think that they would use their smartphone for email, to do calculations, and all these different types of applications, so I think the next 18 months will be very interesting as APIs go live from different banks and we see how much we’ll be able to take advantage of that when it comes to their transactions
And this third party could be a merchant?
The third party could be another bank, could be a merchant, and could also be a stand-alone developer. For instance, in Germany, there’s a system called FinTS. This is why a number of German banking institutions have started companies that are API-driven. For instance, Fidor, in Germany, is an example of a bank that already has externalised their APIs, which now means that they’re able to do more. Token has a partnership with Fidor in order to bring open banking to their customers. But I do think that there’s a bit of a mindset shift that needs to take place in order for different banking institutions and different merchants to understand what the possibilities are when it comes to open banking.
How does customer account data aggregation work?
It’s really about how you as a customer can get a single viewpoint of your accounts. We have a video now…
It’s about making sure that you as a customer have the best user experience regardless of where you bank. That means that you’re able to almost have a single point of view of your banking experience. How many bank accounts today do you have? You may have three or four. You as a customer could say to your bank, “I would like to pay all my energy bills, my TV licence or other things directly from my bank account, which also reduces the cost for merchants when it comes to the number of fees that they’re charged. It also improves the bank’s reconciliation internally, so this is also something that affects businesses as customers as well, from a B2B perspective. I’m not sure if you’ve ever had to do a bank reconciliation like I have. It’s very painful, so if you’re able to get faster information from your business bank account you’re able to understand where your business is faster, and you’re able to make faster decisions. When people look at open banking, they also have to look at it from the perspective of who their customer is.
Token Inc. acts as the link between the different accounts, is that right?
Our system integrates into the bank system (like an operating system). The third parties then can work with us. It’s almost this marketplace-driven approach where it’ll take time to get there but we as technologists and experts in security, building tech, and building great products can enable the bank to do more than just comply with open banking. Because some banking institutions are looking at it as, “All right, the regulator said I need to do this, so I’ll do it”. However, if they take a strategic look at it, a bank could request information from another bank – what new opportunities can be driven forward with these capabilities?
Your site says that you never store username and passwords because you use digital signatures…
That’s right, when interacting with the Token system as a consumer, bank, or merchant, no usernames and passwords (aka “shared secrets”) are used. Shared secrets is a poor security model because they can quite easily be compromised and are susceptible to mass breaches. Instead, we use digital signatures, which are based on cryptography. This model avoids security breaches and provides non-repudiation, meaning there is no question who initiated the transaction. It’s really important for open banking businesses and companies to think about the security element. And that’s what we’ve been thinking about from the get-go in our design, which is why we use digital signatures.
What will the new regulation, PSD2 and GDPR, change for you and for fintechs in general?
It’s not just about complying with PSD2. It’s about what is beyond. What will open banking and your banking experience look like? You do have institutions that are looking just to comply, who are saying, “I have account information that I have to open up to third parties. I just need to tick that box”. But the ones that think strategically and long term about what’s next, and what the next ten years will look like, those are the ones that will come out on top.
All kinds of institutions are vulnerable to cyberattacks. How do you ensure security for you and your clients?
I think that you have to have a security-driven approach within your company. That’s what we at Token have taken as an approach. Our team is made out of people who have built deep infrastructure for companies such as Microsoft, Square, Google, and I think it’s important to realise that. Banks have also invested a lot in KYC (know-your-customer regulation) and security as well. So making sure you work in partnership with your customers, and making sure that people understand that you can’t compromise on security because it will come back to haunt you later on.
Have banks begun to invest more in fintechs now?
I started working in fintech in 2013, and I’ve seen an appetite change regarding how fintech companies can be used as a sort of procurement. They are real, they will stay around, and you can trust them with your client projects. The ecosystem has evolved. Banks are starting to understand that they can procure and get services from these fintech companies. Also there are different types of investors in this area. For example, one of our investors is OP Financial Group, a leading financial services group in Finland. We also have Octopus Ventures and EQT Ventures, which is a Swedish investor. So I do think that banks are getting involved across the fintech cycle, whether it’s investing in them or procuring technology from them.
I would like to talk about women in tech now. Why do you think women are still such a minority in technology?
I think that there are different issues. As we’re sitting here today there are a number of large scandals that are happening across different industries. I think that culturally a number of things have impacted why women decide to leave the technology workforce. There are many different barriers, but you are able to overcome those barriers if you have the right support network and the right environment.
I am the daughter of a computer science graduate. That clearly had an impact on my technology trajectory. From a young age I was exposed to opportunities in technology. I think the tech sector changes very quickly, so you do need to keep your skills up to date, and that can be a challenge. The ways that organisations can support that investment in their personnel and their staff in doing that is really important. It’s much easier when you’re not working 14 hours a day in a start-up. However, the tenacity to get there also needs to be encouraged by senior leadership.
Do you think this moment, with greater awareness of sexual harassment and gender inequality, will bring momentum to change things?
Certain things are contextual. There’s a lot of anger out there at the moment. A lot has been going on and it’s coming across different industries. But it’s how you translate that anger into meaning for long-term action, so that real change is driven, because change is hard. People don’t necessarily like change. The more opportunities that are available to drive that change from a boardroom level the more things will change over time. Is it hard? Yes, it is, but we’re in this for the long run. We believe in the fundamental way technology can change businesses and lives. Regardless of whether that is a fintech, edtech, medtech or AI company, technology can be transformative. But not without the other half of the world’s population at the table, designing these systems, making sure that there are strong and different points of view being brought to the table… It’s always easier to listen to people who think exactly like you. But change does take time. It takes time for talent to grow, get the experience and also be hired by people in order to drive the change. It’s also expensive. Companies need to keep investing in talent and encouraging that investment of talent and R&D. And you’re at an academic institution. Academic institutions have an important role to play in this field as well.
What advice do you have for young women joining the job market in tech today?
I’d say follow up and be tenacious. A lot of people will attend things, go to events, go to different banks, and they won’t follow up at all. Sometimes it will take three or four different chases of somebody before they might reply to you. But that is no indication of them not being interested in you, that may just be an indication that they’re busy. Don’t be put off by people not replying straight away. We’re all inundated with emails at the moment, so be tenacious in your pursuit and make sure that you do follow up with people. It’s key. And also don’t forget you don’t know where you’ll meet people, so always have an amount of humility and grace in everything that you’re doing, because you can go down as fast as you go up. You should remember that everybody is in this for the long run.
- This Q&A is part of a series of interviews during the Web Summit conference in Lisbon, 6-9 November 2017. The conversation was edited for clarity.
- The post gives the views of the interviewee, not the position of LSE Business Review or of the London School of Economics and Political Science.
- Featured image credit: Courtesy of Token Inc. Not under a Creative Commons licence. All rights reserved.
- When you leave a comment, you’re agreeing to our Comment Policy.