SPEAKER_00 0:00

Welcome to this episode of Defensive Chat with Jason and Aiden. Let's jump right in to make the payment and make the end.

SPEAKER_01 0:23

Happy July 1st, Jason. It is good to finally see that the sun is taking a couple days off here in Southern California. It's been pretty warm, and I think my uh skin can take a few days out of the sun.

SPEAKER_00 0:33

Well, I'll tell you who's certainly not taking a day off. That's COVID and the governor of California, who today closed all of the bars, restaurants, beaches, and banned most fireworks displays in the state. So it looks like the only fireworks I'll be seeing this weekend are on my Instagram feed from the office.

SPEAKER_01 0:54

Although that's a bummer, Jason, as long as I can get your barbecue chicken this weekend, I think I'll do just fine. Anything for you, Hayden. Thanks, man. Alright, so we have some pretty good topics today, as well as some follow-up stories from last week's episode. So let's dive into today's topics. First, Wirecard Walloping continues, the financial pandemic equivalent.

SPEAKER_00 1:13

Next, open banking overview, why standards are so important to innovation.

SPEAKER_01 1:18

And last, Uber financial fizzes. Back to focusing on what works. Jason, Wirecard received the green light yesterday to resume its banking operations in the UK. The FCA provided its consent to resume electronic money and payment services to its customers, allowing them to go along with their everyday transactions and mobile payments.

SPEAKER_00 1:37

Hayden, this is certainly good news for the UK FinTech community, as the collapse of Wirecard caused dozens of UK-based fintechs to go into a frenzy. Pocket, a UK-based banking service, released a statement saying that their customers have all been informed that their accounts are not accessible at the moment, effectively frozen. And I think the FCA or Financial Conduct Authority did the right thing in suspending Wirecard while the situation played out. They needed to ensure that consumers' funds were protected. Unlike here in the US, where the actual banks are responsible for their downstream fintech partners, the networks issue direct licenses to fintechs in the EU, making these situations harder and riskier to unravel. Germany, based on this wirecard debacle, is making radical changes in how fintech and accounting firms are regulated, starting with terminating its contract with the financial reporting enforcement panel and transferring the regulatory powers to the federal financial supervisory authority. Germany's deputy financial minister said, and I quote, we should see the wire card story as a signal to address these problems, which have existed for quite a long time now, and find radical solutions. In my opinion, the problem is that the regulator and auditors don't really understand the flow of funds for payments companies. They have no idea how to balance the books and don't recognize something is wrong until it's very wrong. This deception by Wirecard was most likely years in the making, and the fact that it took so long for somebody to uncover is proof of this point.

SPEAKER_01 3:14

Last week we discussed how Wirecard's now ex-CEO resigned and was arrested due to a $2.1 billion accounting scandal, and a lot has happened since then. Wirecard's North American division announced Monday night that they are up for sale. Luckily for their customers, managing director Seth Brennan stated that their customers remain a top priority and that there will be no interruption with any day-to-day processes.

SPEAKER_00 3:36

That's nice to hear. Let's see how it pans out. Unlike the European Union in the US, the licenses are issued to acquiring banks instead of directly to fintechs like Wirecard. This means that Wirecard's US banking partners are ultimately on the hook for any US-based issues. I would hate to be one of the banks that sponsored Wirecard US because who knows what the situation looks like in their US accounts. I've seen these scenarios play out for acquiring banks here in the US. In fact, we've worked with banks and law firms reconciling years of financial data for third-party payment processors like Wirecard. And more often than not, the acquiring banks are not reconciling the incoming and outgoing funds across the multiple payment rails. In other words, they have no idea whose money and how much of it is sitting in the pooled clearing and settlement accounts. I hate to assume the worst, but anyone looking to purchase the US-based division of Wirecard had better make sure they reconcile those accounts and aren't just going off the balance sheets. Because as we've clearly seen in Germany, $2.1 billion can just vanish into thin air.

SPEAKER_01 4:44

The Wirecard accounting scandal has now made its way to Austria, where Braun and fired CEO Marcelick are known as natives. The Vienna prosecuting office is trying to determine whether it is in their right jurisdiction to pursue a claim against the German company. So, Jason, what advice do you have for smaller fintech companies that rely on larger companies to prevent themselves from becoming caught in the crossfire like Pocket was?

SPEAKER_00 5:06

Well, Hayden, I think one of the key things is that it's important for SaaS companies, ISVs, and smaller fintechs to have redundant banking partners. And if possible, separate the liability and technical partners so that all your eggs aren't in one basket. Working with a technology service provider that provides the connectivity to the payment rails that is separate from the underlying liability partner ensures that if there's a problem with a particular bank or upstream partner, the fintech isn't scrambling to make new technology integrations. Having partners that focus specifically on the risk of the transaction and others that focus on the pipeline and data standards will help provide insulation in these types of scenarios.

SPEAKER_01 5:55

Well, on the topic of technical partners, Jason, MasterCard struck an $825 million deal to buy FinCity in order to provide access to financial data in real time. MasterCard said it was a move designed to strengthen their push to open banking in the United States. But how can a standards-based approach to open banking help with the trust, speed of adoption, and the cost for banks to enable access to the data?

SPEAKER_00 6:18

Well, Hayden, part of what makes payments-enabled applications so cumbersome to develop is the lack of standards. As somebody who's integrated into countless payment systems from the card networks, various processors, and several core banking platforms, I can tell you it's certainly not for the faint of heart. The payments industry has inherently made things insanely complex, even when there are great standards that are drafted. A perfect example of this is the authorization specifications for credit card processing, a standard known as ISO 8583. Although all the card networks implement this specification, they all implement it differently, which means you have the same data elements located in different places for different networks. This makes it very complex to do the initial integrations and also very time consuming to keep them up to date. Adding to this complexity, every processor that consumes these card network specifications creates their own flavor that they pass to their downstream customers. The same scenarios are present in core banking software, each having their own process for opening accounts, tracking available account balances, applying for loans, and etc. I love what the EU has done with PSD2, the Second Payment Services Directive, and creating a standardized approach to these processes, which will ultimately facilitate the development of better merchant and consumer-facing applications that are transparent to the underlying banking entries. And it's exciting to see MasterCard pushing to bring this to the US.

SPEAKER_01 7:48

Jason, a lot of people misinterpret or have no clue on what open banking really is, and it's fairly simple. Open banking forces banks to release their data in a secure, standardized form in order to allow it to be shared more easily between authorized organizations online. Although sharing your data online seems scary, only startups that have been approved by the FSA will be allowed to use the system.

SPEAKER_00 8:10

Yeah, Hayden, I mean, there's obviously gonna have to be regulation around how this data is used. In Europe, the SCA, secure customer authentication standards, plays a key role in this to validate that the person accessing the data is actually the customer and owner of the data and not a rogue third party. As these types of standards evolve here in the US, oversight will need to as well. There's already great standards for data security, such as the PCI Security Council and NIST's cybersecurity framework, that will need to be requirements for fintechs that are developing software that takes advantage of open banking standards. I think it's going to be critically important, not just here in the US, but globally, that these oversight committees have the right composition of data security, consumer protection, payment network experience, and risk personnel to draft and enforce these standards. I've said it before and I'll say it again. The supply chain is only as strong as its weakest link. And if any of these components are missing from the oversight committees, it's going to be a recipe for disaster.

SPEAKER_01 9:13

Obviously, digital fraud and cybercrime are constant worries for financial institutions when open banking comes up. The numbers are shocking. FI's experienced 30 cyber attacks an hour in 2019 for an annual loss of 1.45 trillion in stolen funds. On top of that, from February to April of this year, we have seen a 238% increase in cyber attacks. So, Jason, what can you leverage as an FI in order to protect yourself from one of these attacks while maintaining the ability to conduct open banking? Hayden, it's two things the right systems and the right people.

SPEAKER_00 9:48

It's a combination of both technology and know-how. In order to stay ahead of the threats, you have to be able to think like the bad guys do and figure out what their next attack vectors are. One of the biggest mistakes that I see FIs make is they spend a bunch of time vetting their partners, both vendors and downstream partners when they initially establish the relationships. But they do a very poor job of ongoing monitoring of these partners. As time passes, information security is not a passion and a priority for the FI. It continuously erodes. It's one of the biggest problems I see in the industry. FIs and fintechs treat data security as a once-a-year audit instead of a day-to-day responsibility. And it's what ultimately creates the opportunities for compromise.

SPEAKER_01 10:34

Uber financial service leader Peter Hazelhurst has stepped down from his position at Uber since the company plans to put their digital wallet on hold. Uber CEO said the company is not going to be prioritizing finance-related projects. He also stated that they will be focusing more on ridesharing and food delivery as they have seen a whopping 70% decrease in rideshare and have laid off 25% of their employees amidst the coronavirus pandemic. Now, Jason, is halting their financial expansion projects the right move for a hurting rideshare giant?

SPEAKER_00 11:04

Hayden, I think this is actually a blessing in disguise for Uber as they emerge from the pandemic. In my opinion, the company has no business being in payments to begin with. What they need are good payments partners to handle the complexities for them, especially as a global company, where there are different payment systems, regulations, and challenges in each vertical, especially as a global company, where there are different payment systems, regulations, and challenges in each jurisdiction. It's funny how just about every SaaS-based company that I talk to wants to be a payments company. Virtually none of them have the payments experience, the right people, or the right technology to undertake the endeavor. Hopefully, Uber walking away from their financial service projects will help other companies do what I always advise. Focus on your core product. And if it's not payments, focus on finding the right payments partners.

SPEAKER_01 11:58

Jason, speaking on core products, last month Uber lost out on a bid to buy Grubhub, who was purchased by the Netherlands company Just Eat. Now, this deal created one of the largest meal delivery services in the world. And with Uber's rideshare taking a massive hit due to the global pandemic, they have decided to bid on Postmates for $2.6 billion. They believe purchasing the nine-year-old meal delivery startup will consolidate the nation's food delivery market and boost their Uber Eats food delivery service.

SPEAKER_00 12:24

Hayden, I love this idea. This is exactly what I mean. This is the type of initiative Uber should be focusing on. Tech companies need to play to their strengths, and payments is a huge undertaking. If it's not one of your strengths, focus on finding the right partners. If this deal goes through, I'll bet that Uber looks back on this decision years from now and thinks they're lucky stars that they invested billions in a business that they know instead of dumping it into an industry that they don't.

SPEAKER_01 12:54

Jason, I'd be willing to place a wager on how many times you'll end up telling the Uber story to the ISVs you talk to on a daily basis. All right, it's time to make payments make sense. Jason, give me those takeaways.

SPEAKER_00 13:06

FinTechs, build redundancy in your partners, and if possible, separate the tech from the liability. Banks, as open banking evolves in the US, make sure you have a data security wizard in house. ISVs, focus on your core business. Let the payments companies focus on theirs and become BFFs.

SPEAKER_01 13:26

Thanks for joining us today. And if you've got a topic you would like us to discuss, follow and message us on social media at SenseChat. And as always, we would love your feedback. Aiden out.