Feeling Down? Try #FoxNewsFacts

Source: Bipartisan Report

By now you probably know that Fox News broadcast claims by a so-called 'terror expert' that - among other bizarre claims - the UK city of Birmingham is 'totally Muslim' and non-Muslims 'don't go there', when Muslims only represent a quarter of the population, according to the BBC. Clearly an idiot. Fox actually had several goes at this - note the 'expert' is wearing a different shirt/tie combination in the two clips below. The 'expert' has since apologised and admitted to being completely wrong, though I'm not sure the anchors have apologised for their part in it. Sky News tried to clean up the mess for the Murdoch Empire by interviewing the 'expert' afresh, but it just got worse as he likened listening to his own erroneous comments to "being waterboarded". 

Of course, this isn't the only instance of bizarrely ignorant claims, opinion or commentary on Fox News, and I can't work out who's worse - the Fox News anchors or the so-called experts they interview.  You can judge for yourself by following the #FoxNewsFacts hashtag on Twitter. It's hilarious, if you can fight the urge to panic over how many stupid people might actually believe this crap. I do wonder whether US foreign policy - amongst other things - might be rather different if Fox News viewers were given the actual facts, rather than this trash.

One day, we might even find out.

Do The EBA Security Guidelines Ensure Card Scheme Control Over Retail Transactions?

The European Banking Authority recently issued payment security guidelines, as part of its security remit under PSD2. The guidelines take effect in August 2015 and will  require subtantial work on the part of payment service providers and merchants. They will be followed by 'stronger’ guidelines under PSD2 that will take effect in 2017/18. As anticipated, the guidelines could well present a significant obstacle to the evolution of payments services and competition from new entrants. At the same time, even if they reflect best practice today, the guidelines do not really overcome inherently unsecure features of legacy payment methods - like cards.

To be fair, the authorities have a difficult balancing act here. They have a responsibility for ensuring that PSPs implement appropriate security measures - and should at least point to best practice in the area - yet the authorities cannot afford to be so prescriptive as to delay implementation of those measures and/or prevent PSPs keeping pace with wider technological developments, the development of new payment services and the efforts of hackers. Unfortunately, the EBA appears to have struck a balance in favour of banks and card schemes, rather consumers, merchants and alternative payment service providers, as discussed below.

The guidelines cite card fraud as the main driver of this initiative, rather than fraud in relation to other types of payment service that do not involve card payments. Yet payment cards and the related IT systems have not really evolved fundamentally since they were introduced in the 1960s, which means that 'legacy' systems are effectively dictating the approach to payment security. True, there are many payment methods that are exempt from the guidelines. But the prevalence of card payments means that PSPs and merchants are being forced to divert resources to shoring up security on that front, rather than investing in more advanced payment methods.

At the heart of the guidelines is the concept of 'strong customer authentication', which is quite prescriptively defined. Yet this form of authentication would seem likely to evolve, and it is conceivable that customer authentication in the payment step of a transaction process might not remain relevant over time, particularly where the payment is being made in the course of a wider customer activity within a secure environment.

Many of the guidelines also go beyond the realms of payment security. While these may reflect obligations under other regulations, such as Money Laundering Regulations, Payment Services Regulations and the Data Protection Act, they are quite prescriptive and therefore will require additional legal and compliance time to review, implement and monitor changes to those other compliance procedures, as well as extra IT and operational resources.

The need for "customer education and awareness programmes" are also likely to require the involvement of marketing teams and their support staff. The concern here must be that customers who deal with multiple PSPs (as competition authorities should hope!) will begin to ignore the educational materials as just so much clutter or junk mail. The adverse customer experience may also drive consumers to prefer less secure payment options (e.g. cash).

Requirements for merchant co-operation, through enforcement of their contracts with PSPs, are also very concerning. For example, PSPs are asked to require merchants to "clearly separate payment-related processes from the online shop" and to enable customers to sign a dedicated payment contract with the PSP rather than having those terms included in a wider service contract. Yet merchants are not directly bound by Payment Services Regulations (except in very limited respects), so the EBA is arguably exceeding its authority in requiring merchant compliance with broader security requirements. In addition, we have already seen significant data security costs imposed by card schemes on merchants who must comply with the PCIDSS requirements. These resulted in most merchants choosing not to hold payments data at all. Indeed, many chose to deal through payment aggregators who accept and process payments on their behalf. However, PSD2 will require technology service providers to contract directly with PSPs under PSD2, rather than merchants if they wish to remain exempt from regulation, which must be likely to reduce the number of independent service providers. Such requirements seem to be aimed at large retailers and e-commerce marketplace operators who may otherwise legitimately offer a seamless consumer experience under current regulations. So it may be that the EBA guidelines will help drive control of e-commerce transactions to financial institutions – particularly banks and card schemes - rather than opening up competition for transaction processing from large merchants and others who have developed competing payment functionality.

As a result, the EBA's security guidelines deserve careful consideration by the competition authorities.

Credit Where It's Due

Having spent the past seven years banging on about the changes needed to democratise the financial system, it's only fitting that my last post for 2014 should give a little credit to the authorities for making some very significant changes this year.

The FCA published its rules to specifically regulate peer-to-peer lending in February, and its rules on crowd-investment in March. At the same time, the Chancellor announced the expansion of the ISA scheme to include peer-to-peer loans. In the Autumn Statement, he announced that consumers who lend to other consumers and sole traders through P2P platforms will be able to offset any losses against interest received. And there will be a consultation on expanding the ISA scheme to encourage crowd-investing in bonds and other debt securities.

We are still at the start of a long journey. The rules could be simpler and the EU could yet muddy the waters if the UK position is not well represented. But if you'd asked me in 2007 whether so much would be achieved by 2014 - particularly on the ISA front - I'd have been optimistic (naturally) but expecting the worst. Yet in 2015 we'll have both the regulatory 'blessing' and the incentives necessary to enable people with surplus cash to get it directly to creditworthy consumers and small businesses who needed it, instead of leaving the money tied up in low yield bank deposits or having it eaten away by fees in managed investment funds. 

Perhaps this is partly why 2014 also saw the bank bosses' swagger and bravado turn to panic. The trends which are combining to democratise the financial system have not only revealed that the stuffed shirts are powerless to stem the flow of fines for corrupt practices on virtually every front, but those trends have also produced competition from the banks' very own customers. 

Hell, even their auditors are finally coming under scrutiny!

But let's not get carried away. While crowdfunding is growing at over 150% a year, the crowd will probably produce 'only' about £5bn of funding in 2015, based on Nesta figures and assuming a boost from the ISA changes. 

So, while we've come along way since Bobby "Dazzler" Diamond infamously suggested that the time for bankers' remorse was over if the UK was to recover, we will still have a small business funding gap next year - eight years after the financial meltdown. In fact, in many ways the financial system is in worse shape now than in 2007, with less competition and appalling inefficiency in banking, vast public sector debt, a larger 'shadow banking' sector than every before (depending on how you measure it), and many key economies around the world suffering low/no growth. Events such as those in Russia, Greece and the Eurozone are applying further pressure to a system that is still broken. In these circumstances we remain terribly vulnerable to financial shocks. 

Still, the UK government deserves plenty of credit for the changes announced to date. Whether they have come early enough to help us through the next storm remains to be seen, but at least the national funding solution now lies substantially in our own hands. 

If we don't take the opportunity to crowdfund the recovery, we will only have ourselves to blame.

Good News For #FinTech And #Crowdfunding in Autumn Statement

The government has announced bad debt relief for lending through P2P platforms; a consultation on whether to extend ISA eligibility to crowd-investing in debt securities and an intention to review some rules that add unnecessary costs for institutional lending through P2P platforms.

Individuals lending through P2P platforms to offset any losses from loans which go bad against other P2P income. It will be effective from April 2016 and will allow individuals to make a self-assessment claim for relief on losses incurred from April 2015.

The government will also consult on the introduction of a withholding regime for personal income tax to apply across all P2P lending platforms from April 2017. This will help many individuals to resolve their tax liability without them having to file for Self Assessment.

The government will call for evidence on how APIs could be used in banking to enable financial technology companies to develop innovative solutions to allow customers compare banks and financial products.

From January 2015, the majority of card acquirers will offer a new service for small businesses to receive the funds from debit and credit card transactions much more quickly. Two acquirers will not meet this commitment, and the government will ask the Payment Systems Regulator (PSR) to examine whether small businesses are being disadvantaged as a result.

The government will allow gains that are eligible for Entrepreneurs’ Relief (ER) and deferred into investment under the Enterprise Investment Scheme (EIS) or Social Investment Tax Relief (SITR) to benefit from ER when the gain is realised. The government will also increase the annual investment limit for SITR to £5 million per annum, up to a total of £15 million per organisation, from April 2015 and will also consult further on a new relief for indirect investment in social enterprises.

To better target the tax reliefs, the government will exclude all companies substantially benefiting from other government support for the generation of renewable energy from also benefiting from tax-advantaged venture capital schemes, with the exception of community energy generation undertaken by qualifying organisations. The government will also make it easier for qualifying investors and companies to use the tax-advantaged venture capital schemes by launching a new digital process in 2016.

Officials Alarmed By PSD2 And Barriers To Innovation In Payments

In a joint study, Ofcom and the UK's new Payment Systems Regulator have explored the reasons for limited innovation in the UK payment services market, sounding the alarm over the potential impact of PSD2. But the study does not thoroughly explore the most recent proposals, which would make the situation worse than officials seem to appreciate.

The study confirms that most of the innovation is facing retail customers and relies on the existing payments infrastructure.

Various factors act as a barrier to the scale and pace of innovation seen in other technology sectors. There is a low tolerance for system failures, naturally, but the resulting high security and resilience requirements make systems more rigid and less open to the usual market forces of present in other IT sectors. New entrants also find it hard to break through the network effects that support existing payment methods (e.g. cards). Investment is further constrained by significant uncertainty around regulation and technological standards. Finally, the interests of consumers, merchants, telcos and financial institutions are not aligned in the types of services being offered - in essence we're seeing an attempted 'land grab' by competing institutions at customers' expense.

It is critical that the European Council considers this report as it finalises the proposals for PSD2, which would make this situation worse. Equally, however, it is a pity that this study was not able to more thoroughly explore the potential impact of those proposals.

Let's hope for some more joined up thinking in the weeks to come!