© Omlis Limited 2015
Mobile Payments Security in Western Europe
(Financial Sector)
Impact of Mobile Payments Security on Profits, Reputation and Customer Loyalty
Part 1 of Global Mobile Payments Series from Omlis March 2015
2© Omlis Limited 2015
ContentsIntroduction 2
The Mobile Use Landscape: Western Europe 3 Mobile Payments: An Overview 4
The Mobile Payments Landscape: Case Studies 5
Key Mobile Issues for Financial Institutions in Western Europe 7 Issue 1: Security 9
Issue 2: Infrastructure 11
Issue 3: Costs 13
Summary and Recommendations 15
About Omlis 17
References 19
Contributors 19
IntroductionThe world is becoming increasingly mobile-centric and
Western Europe is no exception. Modern day consumer
habits have evolved and adapted due to the flexibility
afforded by mobile devices. These recent behavioral
changes have seen a global shift in focus towards mobile
solutions as consumers call for faster, more convenient
services.
Financial institutions want to facilitate this rapid increase in
consumer demand for instant and direct digital services. In
doing so, they are challenged with meeting the consumer
need for more payment options while reducing costs,
increasing profits and retaining loyalty. Although it is widely
accepted that current mobile banking solutions offer
convenience and speed; what is the cost to the bank and
the consumer?
Despite the year-on-year increase in consumer engagement
and use of mobile banking solutions, Western Europe is
by no means a forerunner in terms of widespread, rapid
adoption. It seems counter-intuitive that a region with an
established banking infrastructure should be reticent in
embracing new transaction methods, yet in many cases
this is exactly the issue.
In this paper Omlis identifies key issues present in the
Western European financial industry’s approach to
sustaining profitability and customer loyalty through
their mobile and other digital offerings. There is a clear
consumer demand for progress and this slow uptake by
established banks has led to the emergence of disruptive
new startups within the financial sector. This is unsurprising
as these startups fill the void for customers looking at
better ways to manage their funds and transact through
secure, convenient solutions.
To understand the landscape in which the financial
industry operates in Western Europe, it is important to
firstly consider the evolving payment habits of the region.
1 © Omlis Limited 2015
4© Omlis Limited 2015
The Mobile Use Landscape: Western Europe
Section Summary: More than half of all Western Europeans have smartphone subscriptions Great Britain is currently Western Europe’s most active m-commerce market The number of mobile banking users in Western Europe will reach 214m by 2018 Banking habits have evolved due to the flexibility and convenience afforded by mobile devices Mobile payments in Western Europe are rapidly becoming
part of everyday life, driven by both necessity and
convenience. 35% of internet users shop via a tablet in the
UK1, with contactless terminals present in nearly 80% of
British stores.2 The wave of increasing consumer demand
for mobile solutions can also be felt on Spanish shores
as 23% of small and medium-sized companies (SMEs)
planned to implement mobile payment solutions by the
end of 2014.3
Mobile usage has become ubiquitous in Western Europe,
led by Germany (139.7%) where it is not uncommon
for people to own more than one phone. Pertaining to
smartphone subscriptions, Germany sits at 51%4, behind
Spain’s slightly higher 55%5 but leading the way, as of
2015, is the UK where 81% own a smartphone.6
Out in Front:
The UK currently leads Western Europe in all round m-commerce activity.7
The increased adoption of mobile technology was evident
in 2014, with over 25% of online shoppers in France
stating that they planned to make a purchase on their
mobile device.8 Greater dependence on mobile solutions
in the customer journey can be seen throughout Western
Europe, with 80% of Spanish smartphone users looking to
their phones to search for products or services.9
Mobiles Driving Online Sales:
German consumer use of mobile payments ensured that m-commerce sales made up over 10% of their total online retail sales in 2013.10
It is clear that consumers in the region are turning to their
mobiles for all forms of transactions. This also extends to
banking behaviors which, due to the addition of mobile
solutions have seen a dramatic shift in recent years.
App Use on the Up:
The use of mobile retail apps is the highest in France, with 56% of stores offering a shopping app.11
Mobile Payments: An Overview
3 © Omlis Limited 2015
6© Omlis Limited 20155 © Omlis Limited 2015
The Mobile Payments Landscape: Case Studies
The accelerated adoption of a mobile-led consumer lifestyle in Western Europe has put financial institutions under
immense pressure to provide secure and convenient mobile solutions which facilitate the growing consumer appetite
for mobile based services. Below are three case studies which display the diverse banking options becoming available
to Western Europeans:
Case Study 1: NFC(Near Field Communication)
A joint effort by several French banks, telecos and retailers; Cityzi uses NFC payments between mobile devices and point-of-sale terminals. Partially subsidized by the French government, its success was due to several factors, including the launch of NFC ticketing on public transport, as well as increased marketing of NFC-compliant phones by the telecos.
Case Study 2: P2P (Person to Person)
Sponsored by the UK Payments Council and rolled out in mid-2014, Paym enables mobile-to-mobile payments among account holders at any UK bank. Its features, include a “buy it” function that lets customers scan QR codes and purchase items in-store, as well as a number of other innovative online mobile commerce payment functions.
Case Study 3: Disruptive Newcomers
These examples show the steps taken by financial
institutions to provide consumers with options, whether it
is the ability to quickly and easily transfer funds between
mobile devices, implementing NFC solutions or prioritizing
the convenience of technology through the ‘direct banking’
model. There is undoubtedly progress within the sector,
seemingly driven by the disruptive influence of the startups
referenced in Case Study 3 as much as it is by consumer
demand.
The increasingly mobile-centric payment habits of Western
Europeans (as displayed by the initiatives above) have
forced financial institutions to reassess their product
offerings and customer interaction strategies. Consumer
demand for convenient and secure mobile solutions in what
has become a continuously evolving payments ecosystem
certainly raises key issues for banks specifically focused
on data and transaction security, IT system infrastructure
and increasing operational costs. Financial institutions
now find themselves under immense pressure to deliver
completely secure payment solutions in realization that this
focus could deliver a very profitable yet strong competitive
advantage in an ever-growing mobile market.
Relaxed legislature in the UK banking industry, backed by the government, has meant that fast banking licenses can be granted to small, innovative startups without a need for huge capital resources. Startups like Metro Bank and Atom Bank are examples of internet-only direct banks that are beginning to build a profile in the UK. They pose a challenge to more established institutions by using new, less inhibited technology to gain a competitive advantage. Elsewhere in Western Europe Fidor Bank and Number26 are making a name for themselves in Germany and beyond.
In countries where barriers into banking entry still exist, the big banks seem to be diversifying into direct banking with Spain’s BBVA recently acquiring internet-focused Simple Bank. In the Netherlands, ING Bank still maintains a leadership position in the online banking space and AEGON has also made gains through their Dutch, internet-only bank KNAB, who consistently deliver innovative online products.
It is important to note that many of these startups still require partner banks in order to get a license and tend to offer ‘front end services’, which need the backing of the big players. However, the competitive effect on traditional banking brands is undeniable.
8© Omlis Limited 2015
Key Mobile Issues for Financial Institutions in Western Europe
Western Europe is at the heart of the ongoing mobile
payments debate. Increasingly sophisticated payment
solutions to process and manage high transaction
volumes are in very high demand by most banks. The
growth in consumer adoption of smartphones as a direct
channel to accessing digital banking services has made
this clear. Mobile devices are fast becoming an obvious
channel for financial institutions as they strive to reduce
costs and improve customer engagement by streamlining
banking experiences. While the issue of convenience is
being addressed, to successfully increase brand loyalty
and trust, banks must also offer completely secure mobile
payment solutions.
$29bn of mobile commerce transactions were carried out
in Western Europe during 2013 according to Gartner.12
However, despite being an impressive tally, mobile
revenues in Europe dropped by 8.4% from 2012 to 2013
and 7.3% at the start of 2014.13
These figures can partly be
attributed to the economic downturn, but also to the lack of
practical innovation from established financial institutions.
This shows that an impasse has been reached whereby
large financial institutions are struggling to deliver the level
of improvement and innovation that consumers demand
from mobile payments. As a result, few solutions meet
these high expectations and these same consumers are
becoming complacent with existing methods.
When asked whether they would consider switching to
mobile payment methods, 40% of those surveyed across
the US and Western Europe said they saw no need to
change from tried and tested methods. The survey also
revealed a much more pressing concern: 80% stated that
the convenience of mobile solutions does not yet out-
weigh the privacy and security concerns.14
Three key issues hinder the effective implementation
of mobile payment solutions in the region’s financial
institutions: Security, Infrastructure and Cost.
“ Financial Institutions today must offer absolutely secure and trusted mobile transactions, to achieve their ambition of unlocking increased profits and building greater brand value and enduring customer loyalty from the mobile channel.”John Stuart, Chief Commercial Officer at Omlis
7 © Omlis Limited 2015
10© Omlis Limited 20159 © Omlis Limited 2015
Issue 1: Security
Section Summary: Western Europeans are highly concerned with the safety of their personal data Flaws have been discovered in many of the region’s leading banking apps A solution designed specifically for mobile devices is required to guarantee total security Security must be robust but should not detract from the user experience
The threat of data theft, highlighted in 2014 by numerous
high profile attacks, has done nothing to promote
confidence in existing security solutions. One in three
non-users of mobile payments in the UK stated they were
concerned about the privacy and control of their personal
data (33%), in line with results from Spain (31%) and
comparable to those from France (26%) and Italy (20%).15
In 2014, research into top mobile banking apps (including
the most frequently used in Western Europe) found security
vulnerabilities in 90% of those tested. An additional 50%
were found to be vulnerable to JavaScript injections,
which could give attackers control of the user’s device.
Worryingly, at least 70% of the apps didn’t have any back-
up authentication methods if the first method failed.16
The Human Element:
Technology is not the only area to blame, in fact most data breaches are the result of human error.17 Prioritizing training can prevent the most common attacks which are perpetrated through ‘social engineering’. This mostly takes the form of an innocuous email to a member of staff which contains malware which, when opened, progressively infects secure systems from which it collects confidential data.
“ 2015 will see the gap widen between institutions that harness mobile payment technologies as a secure, convenient service to consumers, and those who fall behind technologically or fail to grasp the importance of security on mobile devices and within payment transactions.”Markus Milsted, founder and CEO of Omlis
In an increasingly mobile-centric market, financial
institutions in Western Europe must be able to guarantee
the security of their solutions to ensure consumer trust.
This can become a problem when existing payment
systems are ported to mobile devices which cannot be
kept behind firewalls and will inevitably face risk from
unsecured networks such as public internet or mobile
telephony infrastructure.
Encryption measures used to protect mobile banking
solutions must be highly secure but also adaptable to reflect
the ever-changing market and retain the convenience
demanded by consumers. To successfully secure these
transactions, a solution designed specifically for mobile
devices is required. Simply shoehorning an old solution
into a new medium is not enough to deter malicious parties
and leaves Western Europe’s financial institutions in danger
of falling behind the evolving payments landscape.
How Omlis can Help:
The Omlis core solution is designed specifically for mobile devices and will completely secure all consumer data against attack in any mobile transactional scenario. Redefining encryption, Omlis’s secure solution is designed using the same high-integrity technology as security-critical systems such as air traffic control and nuclear power.
Existing encryption relies on the repeated use of keys which are extremely vulnerable and can therefore be identified and exploited by malicious parties. In reinventing security, the Omlis core
solution employs a unique random key generation technique that does not use a master key and as such prevents hackers from profiling transactions secured through Omlis.
The Omlis core solution tracks and isolates any perceived threat of fraudulent activity, ensuring that there is no escalation and that the user’s data remains completely safe.
Find out more, contact: [email protected]
12© Omlis Limited 201511 © Omlis Limited 2015
Issue 2: Infrastructure
Section Summary: Many of Western Europe’s financial institutions are relying on systems which are decades old Issues arising from a culture of ‘short-term’ fixes leaves banks reactive as opposed to
proactive Disruptive startups are finding success due to a lack of restrictive infrastructure Innovative, mobile-centric solutions are required to successfully compete in a constantly
evolving market
Many of Western Europe’s financial institutions have
developed and continue to maintain outdated, complex
infrastructures which, unsurprisingly, are currently failing
to keep up with the demands of the mobile market. An
emphasis on short-term, tactical change leaves much
of the current core banking technology sat in a holding
pattern. Due to this complacency, it has become ill-
equipped to face new sources of competition from online
challengers.
Recent high-profile systemic failures have shifted the
regulatory pressure from operational compliance to the
system architecture itself. Most key issues that emerge as a
result existing banking infrastructure are complex in nature,
and the skills required to maintain existing core banking
platforms are increasingly difficult to source. While there is
a certain level of technical skill that can be addressed, the
advancement of technology and subsequent training has
exposed a shortage of skilled engineers who can replace
the retiring generation that built and fully understood the
complexities these platforms.
Providing a quality mobile payment service with the
ability to process millions of transactions a day relies on
seamless interaction between multiple differing systems
and applications. Years of mergers and acquisitions have
resulted in banks relying on outdated IT infrastructures.
The unpalatable cost of replacing their existing systems,
even though current solutions are unable to cope in an
increasingly mobile world, leaves most financial institutions
completely reliant on their brand name.
“ Many encryption solutions used by financial institutions are decades old and it shows. Banking is becoming increasingly mobile and there is a pressing need for solutions to be developed with this in mind. Rather than forcing old methods on new technology, banks must embrace innovation to thrive in this ever-changing payments market.”Markus Milsted, founder and CEO of Omlis
The success of mobile initiatives from banks, such as Paym
and Barclay’s Pingit that are now available, goes some
way to demonstrating a potentially bright mobile future
for financial institutions willing to embrace this burgeoning
market. Lessons could certainly be learned from disruptive
start-ups like Metro Bank or KNAB (see Case Study 3)
that do not struggle with outdated IT systems and have
experienced great success as a result.18
Financial institutions in Western Europe need to urgently
reassess their current IT infrastructures or run the risk
of being marginalized and ultimately relegated to less
profitable market segments that offer little-to-no growth.
Banks in particular need to find more efficient methods to
introduce new capabilities into existing systems or, failing
that, replace them entirely in order to reduce security
liabilities and increase the versatility of their customer
offering in order to increase revenue and maximize
customer loyalty.
How Omlis can Help:
Our core solution is compatible with any existing IT infrastructure. There is no need to overhaul tried and tested systems. This is all accomplished without the need for any additional hardware or servers. The Omlis core solution solves almost all issues caused by outdated encryption and security measures present in many existing legacy systems.
With Omlis, any financial institution can guarantee high-integrity security to consumers while streamlining their own operations through the adoption of our highly interoperable and massively scalable encryption technology. Find out more, contact: [email protected]
14© Omlis Limited 201513 © Omlis Limited 2015
Issue 3: Costs
The maintenance of current core systems is proving immensely costly for financial institutions A lack of in-house technical skills confuses processes and leads to additional expense Efficiently streamlining infrastructure instead of building on outdated systems would reduce
IT spend Financial institutions need to start implementing forward thinking strategies to lower
unnecessary costs
The over-reliance on outdated infrastructure in Western
Europe’s financial institutions has proved a catalyst for the
massive increase in IT costs experienced by most, if not
all banks in 2014. 64% of banking professionals surveyed
throughout Europe agreed that the proportion of the IT
budget spent on maintaining core banking systems was
disproportionately high.19
The complex issues surrounding the allocation and
management of IT budgets are well documented. The
consistent year on year increase in the cost of running,
updating and changing the platform can largely be
attributed to the complexity of existing infrastructure and
the lack of in-house technical skills to maintain these
systems. All of this is made more challenging for financial
institutions as they need to support and maintain multiple
platforms, sometimes as a result of past renovation
initiatives.
Most financial organizations are still reliant on core
technologies which can be decades old. Ensuring these
systems are able to function in a fast-moving technological
landscape requires continuous financial investment in
compliance, flexibility, security and speed to market. The
implementation of a highly scalable and interoperable
technology solution would ensure that financial resources
are better utilized, reducing operational IT costs while
increasing revenue from an increasingly dynamic, mobile-
centric consumer base.
“ Financial institutions need a secure mobile transaction solution which seamlessly integrates into existing architectures and streamlines their operations with no additional costs.”John Stuart, Chief Commercial Officer at Omlis
To remain competitive in the mobile age, financial
institutions must focus on cost-effectively streamlining
their existing operations while executing forward thinking
strategies aimed at overcoming the challenges faced by
the banking industry in Western Europe.
The increased efficiency of existing systems will mitigate
what have now become necessary costs for most financial
institutions. Such actions better position financial service
providers to deliver products and services that consumers
need, at a reasonable price, maximizing revenue
opportunities and delivering value to shareholders.
Investment in scalable and interoperable IT infrastructures
will deliver more efficient, robust and user friendly platforms
in the long run.21
How Omlis can Help:
UK Bank Recognizes Mobile Potential:
In 2013, Barclays announced its ‘Transform’ programme, designed to help the bank reduce its net operating expenditure by £1.7 billion in two years. In its 2014 review, the bank announced that it was on track to meet this target, had reduced the number of servers by 6,000 and decommissioned its legacy applications. The bank also announced that it was investing in channel migration “towards digital”, as the demand for mobile banking grows.20
Section Summary:
Through lower data packet sizes, the Omlis core solution dramatically reduces per transaction costs. Our unique solution provides completely flexible hosting, and authentication, increasing options for real-time transaction management.
The Omlis core solution is easily integrated into financial IT systems, relegating the need for any costly additions to hardware
or operations. Our technology is also compatible with any financial IT system, regardless of age, and is functional on all mobile devices from 2G onwards broadening the institution’s reach in the mobile payment market.
Find out more, contact: [email protected]
16© Omlis Limited 2015
Summary and Recommendations
Despite initial hesitation, the mobile payments market
in Western Europe has experienced rapid year-on-year
growth. Unfortunately, as displayed, the region’s financial
institutions are lagging behind these advances. Costly,
outdated infrastructure continues to stall progress and
this will continue if financial institutions do not implement
effective, secure solutions for their increasingly mobile
consumer base.
Huge Growth For M-Payments:
M-commerce will account for 18% of total digital commerce in Europe by 201722 and Forrester project that the number of mobile banking users in Western Europe will reach 214m by 2018.23
Below are our recommendations for what can be done to
resolve the key issues we have identified:
Security X Financial institutions should consider appraising
current security protocols and ensure that the execution of their mobile transaction security strategies are facilitated with the most robust and secure technologies.
X It is necessary to implement encryption technologies that spread target risk as existing systems are vulnerable to single and side channel attacks.
X Operational options that minimize or eliminate risks for human error must be considered. Options such as the provision of extensive training to all relevant staff can eliminate risk of data breaches occurring at the source.
X There is a need for mobile payment solutions that offer absolute security while being highly scalable, interoperable and compatible with any existing technologies.
Infrastructure X Financial institutions should consider leaner
operational strategies. IT systems should be streamlined or replaced with more current effective, adaptable and interoperable solutions.
X Engagement in IT benchmarking is crucial to assess current infrastructure against more recent market entrants. This is most relevant to the banking sector where inspiration can be drawn from learner, digital-only service models.
Cost X There is a need to employ cost effective and
scalable technologies that are compatible with existing IT systems and require minimal additional software and hardware costs.
X Financial institutions should increase intensity to streamline mobile service and transactional operations. This focus on the increasingly mobile-centric market will certainly add to any existing cost saving programs while increasing consumer loyalty and encouraging increased mobile transaction opportunities.
In-Branch Banking Loses Appeal:
In the UK alone, 64% of current account holders would prefer to bank online or on a mobile app than via telephone or in-branch banking24 and the proportion of tablet owners who use their device for banking is set to almost double from 35% in 2013 to 68% by 2018.25
Omlis understands the significant impact security has to
the bottom line of any financial institution. The Omlis core
solution is not only crucial in protecting the financial data
of customers, but also retaining a trustworthy brand. Our
core solution was designed specifically for mobile using the
same high-integrity development process (Correctness by
Construction) as security-critical systems such as air traffic
control and nuclear power. The benefits offered by Omlis
also extend to costs. We will significantly reduce operating
spend with an integrated solution that easily streamlines
existing infrastructure. Implementing the Omlis core high-
integrity encryption solution positions any organization
as a provider of fully secure mobile transactions and
demonstrates a real commitment to successfully
combating the growing threat of hacking and fraud.
The Omlis core solution, unlike other encryption
technologies, does not have a single point of failure.
Traditional systems generally have a single point of failure
where sensitive information is held - the hosted services
that malicious parties can easily target. A key differentiator
is our ability to distribute the risk by displacing it to the
mobile device. The more mobile devices that join a payment
network, the smaller the risk without any compromise on
the integrity and resiliency of the Omlis encryption system
on the mobile device.
15 © Omlis Limited 2015
18© Omlis Limited 2015
About Omlis
Omlis is a global mobile payment solutions provider
bringing highly powerful and effective solutions to all mobile
commerce security. We offer a powerful and innovative
secure payments technology specifically designed to
address the major issues that impact on today’s mobile
payments market, most importantly, the massive cost of
fraud.
We strive for a future where anyone, anywhere, can use
their electronic device and safely conduct any commercial
activity with complete and absolute confidence that their
activities are fully secure and uncompromised.
Omlis brings to market the first mobile payment solution
designed, developed, and tested using high-integrity
development processes that are typically used for security-
critical applications. Large-scale breach of consumer
information is no longer a possibility thanks to our novel
method of encryption.
17 © Omlis Limited 2015
Hackers Hackers
The Omlis solution, unlike other encryption technologies, does not have a single point of failure. Traditional systems generally have a single point of failure where sensitive information is held - the hosted services that malicious parties can easily target. A key differentiator is our ability to distribute the risk by displacing it to the mobile device. The more mobile devices that join a payment network, the smaller the risk without any compromise on the integrity and resiliency of the Omlis encryption system on the mobile device.
Any potential threats to personal data are swiftly isolated and eliminated, effectively removing the risk if a consumer’s mobile device is compromised.
If you would like to learn more about what Omlis can offer, please contact:Helmut Okike [email protected]+44 (0) 845 838 1308
Omlis Solution Risk Profile vs Traditional Risk Profile:
Normal Risk Profile Omlis Risk Profile
19 © Omlis Limited 2015
1. Mintel: European M-Commerce 2013-2019
2. PYMNTS: What Payments will look like in 2015
3. Neomobile: Mobile Payment Trends in Spain
4. EKOS: German E-Commerce Overview
5. Neomobile: Mobile Market Info - Spain
6. Mobile Squared: UK Mobile Smartphone Forecasts
7. Centre for Retail Research: Brits Lead in M-Retail
8. YStats: Europe M-Commerce Snapshot 2014
9. Neomobile: Mobile Market Info - Spain
10. YStats: Europe M-Commerce Snapshot 2014
11. Himediagroup: Mobile Adoption – Online Retailers
12. Gartner: Press Release - Mobile Transactions
13. GSMA: The Mobile Economy – Europe 2014
14. Bain & Co: The Consumer View of Mobile Payments
15. YStats: Europe M-Commerce Snapshot 2014
16. IBTimes: Security Vulnerabilities in Banking Apps
17. InfoSecurity: Human Error – Data Breaches
18. Bain & Co: The next step in a bank’s digital journey
19. IBM: Core Banking Transformation in Europe
20. Barclays: Transform Programme
21. KPMG: Reinvention of UK Banking
22. GSMA: The Mobile Economy – Europe 2014
23. Forrester: Mobile Banking in Europe - 214M by 2018
24. Forrester: Mobile Banking in Europe - 214M by 2018
25. BizReport: Tablet Banking Forecast
References
ContributorsThe following individuals contributed to this report:
Helmut Okike
Senior Marketing Executive
John Patterson
Copywriter
Paul Holland
Communications Assistant
John Stuart
Chief Commercial Officer
Markus Milsted
Founder and CEO
Third Floor Tyne House
Newcastle upon TyneUnited Kingdom
NE1 3JD
+44 (0) 845 838 [email protected]
www.omlis.com
© Omlis Limited 2015Private & Confidential
V1 - 0
3.2015