This week’s tech news, filtered for financial services execs

editions

  1. M&A mayhem: Fintechs remain ripe for acquisitions
  2. Disrupt yourself: A former Credit Suisse CIO shares her process for evaluating innovation
  3. Instant payments: Why there’s going to be a “pay-by-bank" revolution in 2023
  4. Social sharing: Amex makes its first foray onto TikTok for Small Business Saturday
  5. Crime bust: Police shut down massive bank-spoofing operation
  6. URL opportunity: The case for the .bank domain to fight phishing
  7. Fighting fraud: This startup is working with the government on privacy-preserving AI
  8. People-centric security: How to train your workers to avoid attacks
  9. Partnership power: Wells Fargo exec on managing risk
  10. Unconventional rewards: Two fintechs highlight the power of finding a niche
1/10

Fintechs are hurting, making it a good time for banks to hunt for deals.  

While banks and fintechs have primarily been either rivals or behind-the-scenes partners, recent valuation slashes – which show no signs of letting up – could allow banks to beef up their own offerings at a discount through acquisitions.   

Big banks could be primed for some Black Friday deals of their own: Fintech valuations have plunged 70% in 2022, according to a new analysis from Jefferies – and incumbents would be wise to swoop in.  

Areas such as payments, wealth management, financial education, or travel are all potentially attractive technology segments. With M&A, banks stand to gain historical data and new customer and merchant relationships, as well as fresh talent with expertise in areas like machine learning and open banking.  

It’s an “opportune moment” for banks to “spread the net as wide as possible,” according to McKinsey analysts, who point out that even setting up “get-acquainted” meetings with interesting fintech firms can have an impact: “Not only are doors open much more in these times, but even if this cultivation does not end in an M&A transaction, it often can lead to partnerships that enhance the bank’s understanding of growth sectors and put stakes in the ground.” 

2/10

The former CIO of Credit Suisse’s investment bank shares the three key questions she asks when evaluating potential technology experiments.  

Leaders at big financial firms know that they need a process for continually “disrupting themselves,” but it’s hard to pick suitable experiments to focus on. The former CIO of Credit Suisse explains why her go-to criteria for choosing an experiment worth pursuing is whether it’s risky, creative, and scalable. 

During her five years at Credit Suisse, Radhika Venkatraman built a “well-oiled machine” for scaling innovation across the investment bank, she told Insights Distilled. She built out an innovation pipeline that included a “Shark Tank”-esque experience for selecting projects, and, through that, honed her process for filtering winning technology ideas. Ultimately, she recommends asking three key questions when evaluating a potential innovation experiment: 

First, what’s the probability of success versus failure? It would be best if you found an idea that has the right amount of risk. “If the idea is going to succeed, you should just be funding it,” she said. Those types of ideas should flow through the typical business process versus the innovation pipeline. “And if it has absolutely no chance of success and scaling, then why bother?” 

Next, you should ask whether an idea is focused on incremental efficiency gains or something more ambitious. “When you’re creating small amounts of efficiency through your experiments, I’m not interested in that,” she told us. “I always tell people to go for a new market opportunity or a new pool of revenue, something that indulges and engages your creativity.” 

Finally, leaders need to ask: What’s the scale of this experiment if it succeeds? “If your experiment is outlandishly successful, but your output is tantamount to giving birth to a mouse, that’s not an experiment you want to spend your precious money on,” she said.  

During her time at Credit Suisse, Venkatraman’s innovation pipeline received over 400 ideas and funded about 18 different experiments. Ultimately, 10 went to production and three became new business ideas – including a so-called “Netflix for bonds” project, a recommendation engine for bond traders.  

Read more of Venkatram’s insights here

3/10

Pay-by-bank capabilities – which let consumers seamlessly pay for things directly from their bank accounts – will be driven by merchant demand.  

Letting consumers pay-by-bank reduces risk and costs for merchants. While banks may be wary of losing card revenue, supporting the feature could help them win business customers.  

Businesses are excited by an open banking-powered experience called pay-by-bank because it nixes credit card swipe fees and reduces their risk of fraud or chargebacks.  

“This is a product that merchants are asking for,” according to Brad Goodall, the CEO of Banked, a fintech platform that just raised a $15 million Series A from Insight Partners, Citi Ventures, and others.  

Regulation has pushed the feature forward in Europe, but it’s still uncommon in the US. While the service reduces banks’ revenue from credit card swipe fees, it gives those that offer card or treasury services an edge over their competitors: “Merchants are putting it on their RFP list,” Goodall told Insights Distilled. “Even if you’re not thinking explicitly about the space, your customers are, so you should be out there.” 

Although pay-by-bank offers perks to consumers (including ease, security, and the satisfaction of instant payments), Goodall believes that merchants will be the strongest drivers of adoption. To avoid swipe fees, they may offer consumers incentives to use pay-by-bank (like discounts or free digital goods), he predicts: “2023 will be the year of pay-by-bank.” 

Banked has 90% bank coverage across the UK and Europe, and is expanding to the US, where it’s currently building out relationships with Bank of America and Citi. Meanwhile, JPMorgan and Mastercard just announced their own pay-by-bank pilot.  

Banks can go the JPMorgan route and create their own end-user experience, or they can work with a provider like Banked, Goodall said: “Either you build the whole thing, end-to-end, or you leverage a partner with a global network.” 

4/10

Amex leans into TikTok with new benefits for small businesses, as the app increasingly becomes a hub of influence for young consumers.  

TikTok is for more than just entertainment: Young people use it to shop and find money management advice, making it a key platform for financial services firms.   

American Express has partnered with TikTok to offer guidance and advertising credit to small businesses that want to reach younger audiences. The promotion marks Amex’s first foray onto TikTok and is centered on “Small Business Saturday,” a marketing initiative that encourages holiday shopping the weekend after Thanksgiving.  

Amex’s own research found that 44% of TikTok users have bought something they discovered on the platform, while a separate recent survey found that 34% of Gen Z consumers obtain financial advice from TikTok (versus 24% that seek advice from financial advisors).  

That creates a huge opportunity for traditional financial institutions to get in front of younger audiences. Experts say that banks should create the types of videos that will resonate most with their desired audiences and outcomes, which could mean spotlighting their business customers – like Amex – or providing reliable financial education and explanations, or even sharing recruiting info. Alongside Amex, other financial firms that already have active TikTok accounts include Fidelity, Blackrock, NatWest, and FNB

5/10

International police just shut down a spoofing service that allowed cybercriminals to impersonate big banks on the phone and steal tens of millions of dollars from their victims.  

Police say that bad actors used the site iSpoof to target at least 200,000 potential victims and steal more than $120 million. The scale of the losses proves that banks need to do more to warn against this kind of social engineering attack.

International authorities just shut down a vicious fraud operation that allowed bad actors to imitate bank employees by disguising their phone numbers as legitimate bank lines. Fraudsters used iSpoof to pose as reps from the likes of Barclays, Santander, HSBC, Lloyds, and Nationwide.  

“The exploitation of technology by organized criminals is one of the greatest challenges for law enforcement in the 21st century,” said Met police commissioner Sir Mark Rowley in a press release. It’s also one of the greatest challenges for banks.  

Though banks aren’t legally or financially culpable for this kind of deception, it harms their reputation and erodes trust with customers. While technology has emerged to prevent (or at least sound the alarm on) many different kinds of fraud, customer education is still the best way to mitigate social engineering tactics like iSpoof’s.  

Financial firms have tried to get the word out that customers shouldn’t trust caller ID – urging them to hang up if they get a call from their bank and then redial themselves – but the scale of this latest bust proves that more awareness is needed. 

6/10

The .bank domain could help prevent phishing. Now banks just need to normalize it.

The .bank domain requires verification, which makes it a safer alternative to .com, which bad actors can easily mimic. There’s huge potential for .bank to become a trusted signifier like .gov and .edu and it’s relatively easy for banks to switch: To reap the benefits, they simply need to prioritize it.

It’s frighteningly easy for bad actors to create realistic-looking fake bank websites to dupe customers into giving up their login credentials. Not only can scammers replicate a bank’s user experience, but they can buy URLs that render almost exactly like financial firms’ real websites.  

A rise in phishing has spurred a renewed push for banks to adopt .bank domains (and insurance firms to start using .insurance). Because the domain requires verification for access, bad actors can’t buy URLs that use it. If banks start using the domain, they can teach their customers to only trust websites that include it, which would neutralize most common phishing attacks.  

“The move to .bank is easily managed alongside other bank projects” and will “protect banks and their customers from the ever-increasing, ever-more-costly cyberattacks they face,” Drew Schiff, senior director at fTLD Registry Services, told Insights Distilled. The company oversees .bank domain name issuance, and its best practices make switching “easy, affordable, and completely seamless for customers,” according to Schiff. 

More than 2,200 banks have registered their .bank domains and over 745 are actively using them for website and email security, he added. So, what’s required to make the transition more mainstream? A coordinated effort from the largest banks would be effective, but ultimately, each institution will need to own its own customer messaging. Schiff says that fTLD has created a communication guide to help. 

Paul Benda, SVP of operational risk and cybersecurity at the American Bankers Association, says that the domain’s additional security benefits are an impetus: “Banks looking to bolster their defenses sooner rather than later may want to make the transition faster.” 

7/10

US and UK governments just awarded this startup a cash prize to prototype a privacy-preserving AI system for fighting financial crime. 

Financial institutions would be much more effective at fighting fraud if they could pool their private transaction data to train artificial intelligence models that can find patterns that reveal criminal activity. The challenge is allowing them to avoid sharing their actual raw data. 

Insight Partners’ portfolio company Featurespace just won funding from Innovate UK and the National Science Foundation in the US to develop an artificial-intelligence system to help banks and payments services providers catch money laundering and other financial crime, while protecting data privacy. It was one of only 12 organizations to win the prize and has until late January to build its prototype.  

AI has proven effective at flagging the subtle patterns that reveal bad actors – Featurespace is one of a handful of firms that deploy machine learning models to flag fraud. However, doing so effectively across banks and borders typically requires the kind of data sharing banks are wary of, due to regulation or privacy concerns. Featurespace will use an AI technique called federated learning to build its prototype (confidential computing is another approach with similar goals).  

“This type of privacy-preserving, collaborative AI is a hard problem that no one has yet solved,” Featurespace director of innovation Dr. David Sutton told Insights Distilled, adding that the firm will productionize its prototype, if successful.  “We understand the real-world problem, which puts us into a great position to bring this into the market with real-world data and constraints.” 

Featurespace’s current customers include NatWest, HSBC, Turkey’s AKbank, and Danish Danske Bank. 

8/10

The holidays make people more distracted – including your own workers. A startup has attracted funding from big banks for cybersecurity training that tests – and upskills – every employee.  

Individual employees are generally the weakest links in organizational security. Cyber training programs should impart knowledge and skills to all workers, not just technical ones.

Research suggests that cyberattacks surge over the holiday season – particularly between Christmas and New Years – but it’s not just your organization’s overall security you should focus on. Cybersecurity is all about people, according to Insight Partners’ portfolio company Immersive Labs, which offers training software to help global organizations boost their workers’ judgment, skills, and speed in dealing with security risks and attacks. 

Immersive’s “cyber workforce resilience” program for upskilling employees is crucial, because worker error is typically at the root of successful cyberattacks. Want to gauge how prepared your institution is to fight the latest threats? Immersive Labs and Insight Partners are hosting a free cyber threat simulation for financial services execs: Learn more and sign up here.  

Immersive Labs recently raised a fresh funding round that included Goldman Sachs Asset Management and Citi Ventures and counts HSBC, Citi, Moody’s, and Bain Capital among its customers. 

9/10

Wells Fargo’s head of digital discusses how to mitigate the risk of working with fintechs: Make sure they can handle your volume and understand their business continuity plan. 

Working with fintechs can be incredibly fruitful but requires rigorous vetting – especially given the current economic climate for startups. If your 2023 innovation roadmap includes potential partnerships, make sure you’re asking these questions.

Wells Fargo’s head of digital, Michelle Moore, helps manage the bank’s fintech relationships. During a recent webinar with American Banker, she ran through the questions she asks when considering working with a firm: 

“Are they stable and secure? Can they handle our volume? Do they have a business continuity plan? Do they have the right controls in place to protect the customer experience?” she asks. Running through worst-case scenarios is crucial, she adds: “My legal, risk, and compliance partners are my best friends.” 

Obviously, Wells Fargo hopes that any firm it works with will succeed in the long run, but it’s still critical to lock down, at the very beginning of the relationship, how to manage customer needs if a fintech winds down.  

“We figure out how we’ll ensure that – if something happens – it’s seamless to customers, that they can go on managing their finances,” she said.  

For more guidance from your peers, check out the advice for evaluating technology experiments that a former CIO at Credit Suisse shared with Insights Distilled. 

10/10

Two startups recently raised funding for their novel uses of credit card points, highlighting the power of affinity-based rewards. 

The recent success of two niche credit card startups shows how specialized rewards can be a draw for consumers – and why incumbents may want to explore affinity-oriented benefits.

Two recent funding rounds spotlight how fintechs are setting themselves apart through the unconventional use of credit card rewards: 

Treecard, which just raised $23 million, promises to plant a tree for every $50 users spend, while X1, which received $15 million in fresh funding, lets members use credit card points to buy stocks. Both promote their unique points schemes in their marketing and have boasted extensive waitlists. 

Affinity cards like these can “feed into a tribal sort of affiliation,” Bankrate analyst Ted Rossman told Insights Distilled, adding that other examples include cards for crypto investing, charity donations, sports benefits, or rent perks. “There are more ways than ever to demonstrate your loyalty with a credit card and earn related rewards and experiences,” he added.   

While big banks like Capital One, JPMorgan, and Citi have recently focused their credit card rewards on travel benefits, these funding rounds demonstrate other ways to stand out, build deeper connections, and win a share of consumer spend. Incumbents should take note and explore ways to appeal to users’ passions or offer outside-the-box benefits. “Credit cards aren’t one-size-fits-all, so for some people, these niche options may be their best option,” Rossman said.