Wednesday, 13 December 2017

Open banking, PSD2, GOV.UK Verify (RIP) and the end of civilisation as we know it

Open banking starts in the UK in four weeks time on Saturday 13 January 2018. The competition is keen. Who will be the first little old lady to be cheated out of her life savings? And can she lose the lot by close of play on Monday 15 January 2018 or will we have to wait until Tuesday?

What, we hear you ask in your millions, is DMossEsq talking about?

By way of an answer, consider this email kindly sent by Barclays Bank at 21:34 on 25 September 2017. You will have received similar communications from Barclays and other banks and ignored them:
...

Why are we making changes?
From time to time, we need to update our agreement to reflect changes in banking legislation, new technological developments, and changes to the way we use information. One example is the introduction of a number of new laws which are known as 'Open Banking'. This will enable you to share your data and make payments through third parties ...

Open Banking – new services are coming soon
Open Banking will enable you to share your bank account data with other companies if you give permission. This means you will be able to see multiple bank accounts and transactions in one place (for example on your Barclays Mobile Banking) even if they're from different banks. You will also be able to allow other companies to give payment instructions from your account. If you don't want to use these new services, you won't notice any differences in the way you bank, as you will always have to provide permission for the new services.

The safest way is to create a secure connection ...

An alternative option, is to share your bank account login details directly ...
Open Banking is a UK initiative promoted by the Competition and Markets Authority (CMA). People are paying too much for payments, the retail banks constitute a cartel, the market must be opened to competition from different organisations, innovation will drive prices down and quality up. That's the theory ...

... but.

Is it really a good idea for our little old lady to "share [her] bank account data with other companies"? Or to "share [her] bank account login details"? If she can "see multiple bank accounts and transactions in one place", who else can? What are they luring the old girl into? What have the CMA got against her?

Leaving those questions for another day, consider now the scale of what's happening. "I can’t stress enough just how big a deal the UK’s transition to Open Banking is", says the estimable Dave Birch. "Open Banking is 'a new way of dealing with the twenty-first century's most sought-after resource, personal data' ... Identity is the new money. Banks are about to be transformed from places that store Sterling into places that store Digital Identities ... [Banks could] let this slip through their fingers and hand digital identity to Apple, Facebook, Google, Amazon and Microsoft ... the internet giants who already have the customer relationships".

RIP IDA – if you've got nothing to say, say it
TUESDAY, 11 FEBRUARY 2014

When GDS's David Rennie spoke at the US Identity Ecosystem Steering Group conference in January, he said that the reason there are none of the big retail banks signed up to IDA [the old name for GOV.UK Verify (RIP)], the identity assurance programme, is that they've been too busy sorting out the aftermath of 2008's credit crunch (32'10"-32:35").

That's silly. Identity assurance is what retail banks do all day every day – they can't be "too busy" to do it.
It's not just Mr Birch and DMossEsq who think open banking is a major event. As noted the other day, so does Don Thibeau of the Open Identity Exchange.

Unlike us, Mr Thibeau believes that open banking is a great opportunity for the Government Digital Service's dead cat, GOV.UK Verify (RIP). Apple, Facebook, Google, Amazon, Microsoft and the other internet giant GOV.UK Verify (RIP)? No. Is Mr Thibeau revealed as one of the greater deadpan comedians?

And it's not just open banking. According to Payments UK: "The requirement from the CMA coincides with the EU legislation, the revised Payment Services Directive (PSD2), which requires all payment account providers across the EU to provide third party access". The EU, too, want our little old lady to use PISPs (payment initiation service providers, since you ask) and AISPs (account information service providers).

Payments UK ("We represent the payments industry in the UK") say that open banking and, by extension, PSD2 "will give customers more control over their data and will support an emerging market of new, exciting third party products and services, such as tailored price comparison websites ... It will keep customers safe and secure, enhancing the opportunities for enhancing customer propositions".

Finextra, the fintech house mag, write in even purpler prose: "After PSD2 ... open banking apps and services from third parties will flood the European market and offer users never-before-seen levels of choice and variety in payment, loyalty, behaviour-based and user-friendly data-oriented services".

The PSD2/open banking prospectus sounds like midata re-heated. PSD2 gives credence to the flaky mass consumer biometrics industry. If Don Thibeau isn't joking perhaps the UK's banks really will try to rely on GOV.UK Verify (RIP). That's all three lemons in a row. Jackpot. The pied pipers will be calling the tune.


----------

Updated 5.1.18

Just one week to go now before the start of Open Banking, please see above.

Who's in charge?

The Competition and Markets Authority (CMA). Who have set up an implementation entity called "Open Banking". Which has a trustee in charge, an Ernst & Young partner called Imran Gulamhuseinwala. OBE. Who gave a talk at the Open Identity Exchange's 17 November 2017 conference on the Economics of Identity:



It's only a short talk, 16½ minutes, and yet Mr Gulamhuseinwala manages three times – at 3'45", 5'30" and 12'45" – to tell us that Open Banking will allow people to take control of their own personal information. This we shall achieve by giving our personal information to strangers. The BBC understand how this amounts to taking control. The rest of us don't. To us, it looks like losing control.

Open banking relies on identity assurance. Identity assurance and Open Banking are converging, Mr Gulamhuseinwala says. How does this relationship between Open Banking and identity assurance work? It looks like something to do with the economics of identity but twice – at 2'55" and then again at 14'55" – Mr Gulamhuseinwala, the man in charge, tells us at length that he doesn't know, he's not sure, he hasn't got all the answers and that's not his job.

He does know that Open Banking will allow us to review our bank accounts and switch to better ones. Ditto energy accounts, mobile phone deals and insurance policies. He just doesn't know how. He also knows somehow that unnamed Open Banking apps (viruses) will securely review all our personal information and improve our well-being.

This is the hoary old midata prospectus, beloved of the LibDems who ran the Department for Business Innovation and Skills during the UK's 2010-15 coalition government. They promised that nanny-state-on-a-chip apps (viruses) would nag us to stop wasting money on take-away meals or some such. Vince Cable, Ed Davey, Norman Lamb and Jo Swinson could never convince anyone of midata's virtues.

Obviously it's not his job but good luck to Mr Gulamhuseinwala when it comes to explaining how the putative little old lady above's being cheated out of her life savings is all for her own good.


Updated 7.1.18

10 p.m. today, the Daily Telegraph newspaper warns its readers 'Open banking' revolution could lead to scams and pricing rip-offs, experts warn. Better late than never.


Updated 11.1.18 #1

Less than 48 hours to go. Soon Open Banking will be up and running in the UK. Without GOV.UK Verify (RIP).

As we were saying, please see above, "unlike us, Mr Thibeau [of the Open Identity Exchange] believes that open banking is a great opportunity for the Government Digital Service's dead cat, GOV.UK Verify (RIP)". Open Banking relies on on-line identities. GOV.UK Verify (RIP) can't provide them ...

... not in bulk, not for companies which might want to use Open Banking, not securely and not while preserving privacy.

Open Banking should have been GOV.UK Verify (RIP)'s great opportunity. As it is, all Open Banking does is to point up the failure of GOV.UK Verify (RIP).

Bryan Glick, the estimable editor of Computer Weekly magazine, writing last week in Five things in tech to watch out for in 2018, says: "Getting digital identity right is the key to unlocking so many online opportunities, from public service delivery to open banking. The government has tried to crack this with Gov.uk Verify [RIP], but has gone down a dead-end ...".

GOV.UK Verify (RIP)?

Dead.

End.


Updated 11.1.18 #2

After all the excitement on Saturday morning when Open Banking starts in the UK, the public jubilation here and the jealousy in the rest of the world, you may find yourself at dinner and in need of saying something knowledgeable about it.

Eighteen months ago the Open Data Institute published The open future of banking. There's your cribsheet.

"... an Open Banking Standard will help banks and innovators to collaborate and rise to the challenge of providing a first-class service that still keeps the regulators happy" – cue discussion of the need to keep regulators happy.

If the conversation flags, try "this is not just about open data, but other aspects of open such as open source, open culture and open innovation".

And if that doesn't do it, go for the jugular: "it’s not just the customer that will benefit: banks will also benefit from efficiencies in time and money. They will also encourage greater interactions from orthogonal areas (e.g. insurance, pensions, accountants)".

As dessert approaches, garnish with Google or Facebook or Apple or Microsoft ... or Amazon, Will Amazon Lending Disrupt, Displace, or Prop Up Banks?.

This is your chance to mention that the banks use artificial intelligence, AI, to process each accountholder's transaction data to calculate customised terms and conditions for loans and other financial products. If the banks no longer have access to that data because one of Mr Gulamhuseinwala's payment initiation service providers or account information service providers has got it instead, then the banks could fail, a warning issued by Dave Birch, who knows a thing or two, Forget banks, in 2018 you'll pay through Amazon and Facebook:
... AI in 2018 will be a kind of event horizon for financial services. No one can see what is on the other side. But when Google feeds all the data from someone's bank accounts into their advertising engines it's fairly certain that bank profits - based on information asymmetries, product friction and brand loyalties - will vanish.

... 2018 will be the start of a fundamental realignment as banks become heavily regulated pipes for tech giants to use for their profit.
You may never be invited to dinner again.


Updated 12.1.8

UK retail banks are exceptionally big and powerful. They may face some competition as a result of Open Banking. That competition is unlikely to bring them down.

You may not like the retail banks but that doesn't mean that you do like their Open Banking competitors. In fact you may find those competitors even more unpleasant.

The UK retail banks' Open Banking competitors may offer reduced costs for a while but that wouldn't last for long. Insert Facebook/WhatsApp, say, into your banking arrangements with Lloyds Bank and you may soon find that the financial benefit has evaporated and you're left worse off because Lloyds now charge more for their other services and because a lot of your personal information is now stored out of your control God knows where on the planet with an unregulated supplier operating beyond the jurisdiction of any UK ombudsman.

But suppose for the sake of argument that these titans, the UK retail banks, are hollowed out by Open Banking.

What then?

Among other implications, consider what might happen to the credit rating agencies.

At the moment the credit rating agencies enjoy several extraordinary and generally unremarked entitlements. They are allowed to collect all sorts of information about us and then sell it to interested parties, including political parties, please see Time for someone to take the personal information economy seriously.

Experian, Callcredit, Equifax et al collect a lot of their data from the retail banks. If Open Banking deprives the retail banks of that data, the credit rating agencies will be left high and dry. A political party wanting to identify floating voters with their good news message during a general election would have to approach Microsoft/LinkedIn instead of Experian. Ditto an entrepreneur looking to launch a new product who needs to know first how much demand there is and where it is.

The risks to the UK's retail banks posed by Open Banking are threats just as much to our credit rating agencies. That is a major issue. You may not like the credit rating agencies any more than you like the retail banks. That doesn't alter the fact that it would represent a major change, not necessarily for the better.

Less portentous, just think what would happen to poor old GOV.UK Verify (RIP). What is a person? According to GOV.UK Verify (RIP) a person is just a credit history. All the "identity providers" to GOV.UK Verify (RIP) need the credit rating agencies to do their identity proofing and verification (IPV). Except Experian. Which is a credit rating agency. No IPV, no GOV.UK Verify (RIP).

Open Banking could cause GOV.UK Verify (RIP)'s completion rates to plumb even more miserable depths.

No comments:

Post a Comment