FinTechs aim to bring the data, tech and UX (user experience) centric approach of technology firms into the mainstream financial services sector. Banks are no strangers to voluminous data, but technology firms have succeeded by using that data to spot patterns and predict customer behavior in a way that has given them market dominance. By using similar principles and tailoring their product offerings accordingly, FinTech firms have successfully created a sub-niche for themselves in the payments industry.
With regulations like PSD2, the European Commission is further leveling the playing field in the payment services industry. The regulation, by its very design, is aimed at providing smaller, newer and more innovative players the opportunities to access the broader market. Success in this new environment depends not on the current market share of incumbents, but rather on how innovative and better new products and services are compared to what is already there in the market.
What PSD2 is doing on the product innovation front, eIDAS and the Regulatory Technical Standards are doing on the security front. While calling for Strong Customer Authentication (SCA) for payment transactions in Europe, the regulators have ensured that smaller players are not left in the lurch. The SCA requirements can be met in a multitude of ways ensuring technological neutrality and thus ensuring innovation in terms of processes as well as costs; something that smaller FinTech players will undoubtedly appreciate.
Hardware Security Modules (HSMs) are also a force multiplier for these FinTech challengers. They can provide the same level of security and trust to transactions initiated on FinTech platforms as they do for multinational banking institutions currently. HSMs can also be used to authenticate these FinTech platforms’ apps offered on mobile stores and ensure secure communication between the various parties to a transaction.
Another great example is the development of Signature Activation Modules for remote signing solutions by Utimaco partners such as ascertia or, for banking applications more specifically, Bank-Verlag. This service will enable end customers to generate electronic signatures remotely for use in financial transactions. It will also speed up and ease the processes of signing contracts, opening accounts and purchasing products or services online. This is exactly the kind of force multiplier that FinTechs and even banks of all sizes would like to leverage.
HSMs can be used by new market participants to provide the same level of security as the well established industry leaders. Halcom, a digital banking solution provider based in Slovenia is implementing Utimaco’s CryptoServer CP5 after extensive testing. Head of Halcom-CA, Luka Ribičič, had this to say about the HSM solution: “To be able to offer our clients eIDAS-compliant solutions, cooperating with a trustworthy HSM provider was crucial. The CryptoServer CP5 simulator as well as the affordable price point were key factors in our decision for Utimaco.”
Cloud-based HSM solutions can take this even a step further by providing scalability for fast growing FinTech startups without putting a strain on their human or financial resources. These devices can provide robust security solutions in combination with the right firmware, software and processes.
eIDAS is a force multiplier as it gives service providers in one country access to the entire Digital Single Market. This means that consumers can choose the best service provider across Europe, not based on availability but based on actual service delivery, cost competitiveness, product features, and anything else that might of importance to them.
If Europe’s new and innovative payment industry paradigm is to succeed, then new players have to shake up the market and force the established market leaders to innovate as well. This requires all of the above-mentioned force multipliers to be used to provide payment services that do not compromise on security and compete on user experience, cost and ease of use.