Trust On The Internet – The Solution Is Ahead

There is a need for a user-centric identity, privacy and trust on the internet, to power the digital economy. It’s a major issue, and a solution that relies on crowd-sourcing is being proposed by Respect Network.

Let’s first look at how trust works in the real world “brick & mortar” economy, then understand the issues with trust on the internet, and finally the Respect Network solution.

Trust and the “brick & mortar” economy

How do you ascertain of the identity of somebody? For example, when signing a contract? Or making sure somebody has the legal age to transact?

You will probably rely on some form of government or bank issued credentials – an identity card, a passport, a driver’s licence, a debit card, or something that an institution you trust (the local public library for example) has issued.  And, for sure,  you will attach varying degrees of trust to each of these tokens of identity. A debit card, with its pin, is a good proxy  in many day-to-day financial transactions. A passport is probably the token you will trust most in travel or real estate transactions.

Furthermore, once someone’s identity is clear, how do you establish whether you can trust him to perform the agreed action – such as paying the bill, delivering the goods, etc? In the real world, this is one’s reputation – is she paying regularly her bills? Is the company you’re dealing with healthy and reputable?  There are many possible ways to establish trust, going from personal opinions to rating agencies.

Trust and the open internet

Let’s now look at the online world. One immediate and major difference is that the online world is, by design, global. The person you are dealing with may be in your neighbourhood or may be on the other side of the planet. Establishing the identity, and the associated trust, is made very difficult because there are no central and inter-operable agencies or bodies, as we have in the real world.

A good example of this is the eBay reputation.  As a regular user of eBay, I’m very conscious of my reputation there. On eBay, one’s reputation is gradually built by the people one transacts with. Buyers will hopefully recognise a good seller (goods corresponding to description, fast shipping) or sellers will recognise  a good buyer (fast payment). In my case, the reputation of a seller of something I’m interested in is a key factor on whether I will bid for the item or not.

In other words, the eBay reputation is an asset with a lot of value, even if is not expressed in monetary terms. This is fine if you only deal with eBay. However, looking at this more broadly brings the following issues -

- there is no inter-operability. The eBay reputations is not something that can be easily used on, say, Amazon.com. So, people have to build these relationships all over again in many contexts. It’s the same with Twitter and Google+. When Google+ launched, many people went through the pain of re-building their Twitter relationships on Google+. Many people didn’t bother, as it can be a lot of work and time to do that.

- there is a potential lack of privacy. Indeed your assets end up residing in many places, and the more places, the more risk there is for these assets to be compromised.

- there is a lack of control and there is a missed opportunity. What do the companies that store you assets do with them?  Some of them are actively selling your assets for various commercial purposes, and, as far as I know, you as the owner never see any of that money.

The digital economy and the Respect Network

So, how can we establish trust on the internet? This is where Respect Network comes in.  It is a little bit of a complex construction of organisations and companies. Below is an overview, and why this is interesting for Innotribe and me.

Trust on the internet is the focus of OIX  (Open Identity Exchange),  a non-profit company organization founded by Google, Paypal, AT&T and others. Their business is to establish, standardise and manage “trust frameworks” – legal, business and social rules that enables parties unknown to each other to trust their respective digital identities. The trust frameworks are designed to be public, standardised and inter-operable, so that people and companies can play various roles in the framework and still manage trusted relationships.

Among the three trust frameworks currently available, an intriguing one is the “Respect Trust Framework”. The idea of this framework is to not only establish a digital identity, but also to provide individuals control over ownership and sharing of their data on the internet. The key to the framework is the use of a crowd-sourced, peer-to-peer reputation system. It’s really very simple – people can vouch for you (for example, say “I vouch for John Smith’s innovativeness”), or complain about you (“I complain about John Smith’s stubbornness”). Similarly to eBay’s reputation system, the peer-to-peer reputation system grows over time, and the more vouches and complaints about a particular person, the more precise the information is and therefore the trust level in this person increases or decreases.

Respect Network  is a project run by Respect Network Corporation and which uses OIX’s Respect Trust Framework to implement the first trusted personal data network. Notable partners include Neustar and Swisscom, and Innotribe is involved.

Users of this network own their data (unlike centralised social networks such as Facebook and eBay). Users then establish secure channels between their personal data clouds, under very strong privacy and security rules. All the software and protocols uses are open to encourage inter-operability and to prevent any single company taking control.

Respect Network also establishes a crowd-sourced peer-to-peer reputation system, implemented through a service called Connect.me (Connect.me is in private beta now and will be launched soon. You can request access on theconnect.me website).

The architects of the Respect Network include an impressive number of people, among which Drummond Reed (who is also a co-founder of connect.me), Doc Searls, Craig Burton, Phil Windley who I have all met at Innotribe events and respect enormously.

The peer-to-peer reputation network establishes naturally a chain of trust. The chains begin with a number of known people, called Founding Trust Anchors, who provide credibility. These are people whose identity is publicly verifiable - members of the Internet identity, security, and privacy communities who believe in the power of a peer-to-peer, socially-verified reputation network. Others are early users of the Connect.Me private beta. Others still (you?) will emerge over time.

Peter Vander Auwera of the Inntoribe team and I have been extensively involved over the last couple years with many of the above companies, organisations and people. Peter and I have the honour to have been elected Distinguished Trust Anchors – nominated by other people and trust anchors as individuals that “exemplify the spirit and principles of the Respect Trust Network”.  Proud to be in such company!

Peter’s and my readers will also probably recognise that many of the above concepts and components are part of Innotribe’s Digital Asset Grid project. The information on this project is now in the public domain.

 

What Does 2013 Hold For Financial Services IT?

Several people asked me recently about how 2013 would look like for IT professionals in the financial industry. Here are my thoughts, inspired by the 2012 Innotribe events and network.

If you’re a CIO/CTO in financial services, you probably have something like the following in your objectives -

• flat budget
• long list of regulation related “must do’s”
• drive innovation to deliver tangible new value to internal and external customers
• continue delivering operational excellence

In other words, 2013 budgets reflect on one hand a continuing focus on fiscal caution, and on the other hand the necessity to invest for the future.

I’ve gathered from my talks with CIOs in various financial companies – and indeed my own (SWIFT) – the ratio of maintenance vs investment has changed. What used to be a 90/10 budget (90% for maintenance and operations, 10% for new projects) has now shifted towards 80/20 or even 70/30. That means serious money for innovation.

The first area of innovation will be related to regulation. How to cope with the inevitable and increasing requirements, while keeping the budget equation balanced? I think cloud computing will probably emerge as a best adapted tool. Regulation lends itself to be, by nature, a shared effort – everyone must comply to the same rule. Therefore, why implement this over and over in every financial institution – why not use a shared resource? A good example of this is the recently launched Sanctions Screening service from SWIFT (http://www.swift.com/products/sanctions_screening). This service checks payments against public sanctions lists for the banks who subscribe to it. I think there is a major opportunity for more services such as this one, and a large number of potential suppliers out there.

The other areas of innovation will be driven by technology change in mobile computing, social media and “big data” analytics.

Most financial institutions are playing catchup right now with respect to mobile computing – I expect frantic investment in 2013 to go into easy to use, mobile based front end to replace the more traditional web based home banking systems. It’s a “no-brainer”, and this gameplan will essentially be about choosing the right partner (outsourcing or ad-hoc) to deliver – delivering this in-house is seldom an option.

The challenge for 2013 will be about formulating the gameplan for a truly innovative customer experience. This is not only about technology, it is really about a mindset change. Going from “captured consumers” into “empowered consumers”. The clever use of social media and “big data” analytics (analyzing massive amounts of customer related data to gather new insights) will be key in differentiating the offerings and gaining traction with the “digitally native” generation (people under 30 today).  I’ve seen some pioneering examples of this at Fidor bank (www.fidor.de), who rely heavily on social media for new customer acquisition, and Movenbank (www.movenbank.com) who use big data analytics to compute financial health scores.

Finally, it is going to be important in 2013 to map the future. Where does the “empowered consumer” road ultimately lead? One interesting idea I saw in the context of Innotribe is the “Digital Asset Grid” (http://innotribe.com/digital-assets/) – a new internet where consumers own their digital assets (valuable data such as a person’s eBay reputation), and where digital assets can be shared safely and securely. The banks may have a major role to play. It will be important to incubate this – and other – ideas related to the digital banking of the future.

(also posted on ComputerWeekly.com)

 

An European In New York – A Story Of Convenience Versus Security

3 comments, 1 called-out

+ Comment now

This post is about my experience as a consumer and a client of both a US bank and European banks. It is striking how the experience is different. It is a battle of convenience versus security.

Last week I was in New York to meet a number of innovation contacts and for a debrief of Innotribe@Sibos with journalists.

I landed on the Sunday between Black Friday and Cyber Monday, two major shopping events kicking off the Xmas frenzy, and the city was in full shopping dress. The Fifth avenue’s storefronts were rivalling each other to attract onlookers. Later in the week, I was also part of the tens of thousands of people on the streets near Rockefeller centre for a cold but nice evening to watch the new Christmas tree.

So, on the Sunday afternoon I went for my own Xmas shopping, which brings me back to the subject of this post. I have an account in a US bank, and when I shop in the US, I use a debit card of that bank.

As an European using a US debit card for shopping, you immediately notice a big difference in the way things happen. It is clear that in the US everything is done to make the payment fast and convenient. You tap or swipe the card. If the amount is less than 10 dollars, off you go. If the amount is more, you will be asked to sign (on paper or on a device) and that’s it.

Occasionally, a clerk will ask you: “Debit or Credit?”. I could not figure for a while exactly what I was supposed to answer. Eventually I understood that if I answered “Debit”, I would be asked to enter the PIN code of the card.

As in Europe, where no transaction can happen without a PIN code and a smart (chip) card.

But in the US, people don’t want to be bothered to remember all these pin codes. You just say “credit” and off you go. Also, the card I have is not a smart version, it just has a magnetic strip. But it is smart in a another way: I can tap it on a POS terminal- no need to always swipe it.

See the pattern? It’s all about convenience.

The European in me got, at some point, a little worried about so much simplicity and convenience. What about security? What about if my card gets stolen and misused?

In one of my previous trips, something very interesting happened that put my mind at ease. In that past trip, after I made a couple of purchases, the next one was refused. Immediately I got a phone call – from my bank. The call was triggered by the unusual pattern of the card’s usage (I used it after a long period, and the amount was bigger than usual). The person on the phone asked me the traditional questions to verify it was indeed me using the card, and re-enabled the card immediately.

At the end of the call, he told me “Sorry for the inconvenience”.
I said: “At the contrary, I thank you for taking care”. I was indeed happy that they were on the ball.

No, the US banks are not less security conscious. They just do things differently. I must say I was quite impressed- this bank in the US must have quite some tech to be able to spot patterns of people’s spending and react in real time.

How about online banking, you ask? Same- convenience trumps. There’s no security gizmos or calculators to authenticate and sign your transactions. You login with your user id and password. But they track which devices and computers you connect from. If you try using a different device, a special procedure kicks in to authenticate you.

In Europe, there’s no way you can access online banking without some security gizmo, most often a calculator-like device in which you insert a debit or a credit card. Every time you sign a transaction, you type in sequences of digits from the computer screen into the device, and then copy other sequences of digits displayed by the device back into the computer.

My long time readers will see my usual complaint coming- indeed when I sit down to do my weekly payments in front of my computer, I have 4 different gizmos to deal with, because I’m client of 5 different banks. I want to use this occasion though to congratulate AXA and CBC in Belgium, who decided to use the same gizmo for their web sites (Yay!). If only all banks would decide to do the same…

There are other interesting things that are possible in the US system. Companies like Yodlee, Mint, Wesabe and others are empowering banking customers to mashup data from all their accounts and aggregate them in a single integrated view. A little bit like SWIFT does for CFOs of large companies connected to their network.

Something like this would be very difficult in Europe, because of the security concerns. But also, perhaps even more importantly, because banks are not ready to relinquish this immediate and close relationships they have with their consumers, thought the specific websites and gizmos.

What will prevail? Openness and convenience? Or security and closed systems?

The young hyper-connected generation coming up as our new customers and employees will “vote their feet”.

My prediction: openness and convenience. What is yours? Comment below.

 

“The Artist” movie and the parallel to the financial industry

I watched “The Artist” movie yesterday.

It’s a movie by Michel Hazanivicius with Jean Dujardin and Bérénice Bejo. I recommend it highly for its idea, visual style, the beautiful actors performance. And I do wish them luck tonight at the Oscars for the first ever non anglo-saxon movie to win the best movie award.

I was under the spell of the movie all day today (while cooking with friends on a gray belgian day – but that’s a story in itself).

The story is of a silent movie star who is facing the advent of the sound movies, all of this in the context of the 1929 crisis. The character – George Valentin – does not understand the new technology, has not seen it coming, and in fact doesn’t understand why the change is happening. His idea of the beauty and artistic value of silent movies is being stormed away.

It struck me that in fact that’s where the banking industry is today.

There is an established order, arguably since centuries, about how banks process money and loans and the products and services they provide.

But the banks are under pressure today -

• the ongoing crisis
• the advent of the new  connected generation on social media
• the advent of easy, cheap person-to-person international payment schemes (Paypal and others)
• the advent of new business models, dubbed banking 2.0 (see Movenbank, SImple, Fidorbank)
• the advent of telecom operators as payment processors (mobile payments schemes not involving banks)
• new business and artificial intelligence technologies.

Exactly as the silent movie world – of our character George Valentin – is under pressure.

But George doesn’t see it. Perhaps he doesn’t WANT to see it. And so the sound movie “happens to him”.

In the same way as the “digital banking” may happen to established banks.

I don’t want to spoil the movie for you, so a very quick summary. Eventually George, with a help of Peppy Miller (played excellently by Bérénice Bejo), realizes the predicament he is in. He can’t cope with the full change of things, but he adapts and in the end rides the wave of change, in his own and different way.

As you can imagine, this ending fits perfectly my eternal optimist take

I do think that if banks realize the massive change going on, they can ride the wave out. Propose new products and services for the connected generation, to enable them to manage their digital assets (and not only money), to help them be more accessible (through APIs), to establish them as core business intelligence processors.

All of these trends, pressures, changes and opportunities for the banking industry are summarized  here (a prezi).

Do you think I’m exaggerating by comparing the rate of change of today to the change of silent to sound movie in the 20′s? Am curious to know.

Kosta

This work by Kosta Peric is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.