Intersekt Festival 2018

This year’s Intersekt Festival, held in Melbourne last month, was put together in quite challenging circumstances, given some of the recent events within key industry body FinTech Australia, the primary event host. It was a credit to all involved.

Not surprisingly, given some of the regulatory and industry changes underway in Australia, the key themes included: Open Banking and access to data: Trust in the banking and financial services sector (thanks to the Royal Commission, and the APRA report on the CBA); Data Privacy; Payments and the NPP; Comprehensive Credit Reporting and predatory lending practices; and Equity Crowdfunding. And of course, a little bit about Blockchain, Cryptocurrencies and Security Tokens.

There was a lot of discussion on “Trust”, especially in the age of Uber and Airbnb – how have these marketplaces managed to earn so much public and consumer trust in such a relatively short time? Yet as consumers, we obsess about Open Banking vs Data Privacy,  while banks themselves appear to be more infatuated with their Net Promoter Score…. whereas “Trust” is clearly a huge issue. In the case of the banks and the fall out from the Royal Commission, there was a discussion about whether our key financial institutions have come close to losing their social license to operate.

Meanwhile, with the prospect of self-sovereign digital identity becoming a practical reality (fuelled by blockchain, decentralisation and trust-less protocols and standards), there is a demand for cross-functional  (and cross-border) solutions for KYC/AML processing and identity management. But a lack of mutual regulatory recognition or harmonization (as opposed to “mere” industry standards) plus a diversity of business models confounds regulatory harmony, often within a single jurisdiction, let alone across multiple markets.

When it comes to payments and the NPP, it’s clear that regulation lags technology. For example, despite the existence of a (complex and somewhat uncertain) licensing regime for purchased payment facilities, APRA has only licensed one such PPF – PayPal. As former ASIC Chairman, Greg Medcraft once observed, by the time the NPP is fully operational, Blockchain will have gotten there long beforehand. And given the preponderance of stored value cards, digital wallets, peer-to-peer crypto exchanges, and multiple overseas and cross-border mobile payment apps, the respective regulatory roles of RBA, APRA, AUSTRAC, ATO and ASIC need to be clearly defined and set out.

On the topic of data protection and “big data”, there was a lot of discussion about getting the balance right between privacy and innovation. One the one hand, industry incumbents should not be allowed to use their market dominance to resist open banking and stifle the emergence of neo-banks; but on the other, there is a need to shelter the forthcoming consumer data right (CDR) from potential abuse like predatory lending (e.g., not simply define the CDR standards by reference to existing banking products and services) – mainly because the CDR is designed to empower consumers (not embolden the industry), and it is designed to be sector neutral (i.e., equally applicable to utilities, ISPs, telcos, insurance firms).

Other topics included SME lending, where new, tech-driven providers are not only originating new loans, but also refinancing existing businesses as the big 4 banks are seen to withdraw from this market; home loans (where technology is driving new loan origination, funding and distribution models); social impact (“FinTech for good”); equity crowdfunding (and the role of STOs); insurance (creating a decentralised market place) and Superannuation (which prompted perhaps the most contentious panel discussion – more on that to come!).

If there were any criticisms of the conference, based on local and overseas delegates I spoke to, they related to the length (was there enough content to sustain nearly 3 days?); the need for clearer roles and participation by the major and regional banks; the absence of investors (despite a speed-dating matching event….); and a desire to see a broader range of speakers and panelists (too many of the “usual suspects”?).

Next week: The Future of Super

 

 

 

Token ring – a digital ID solution

The latest event organized by DIG ID (the Melbourne Digital Identity Meetup) featured a Q&A with Steve Shapiro, CTO of Token, moderated by Alan Tsen, General Manager of Stone & Chalk Melbourne. Given the current level of interest in solutions to address online fraud, ID theft, data protection, privacy and personal security, the discussion covered a lot of conceptual and technical topics in a short space of time, so here are some of the key points.

First off, Steve spoke about his start-up and tech journey, that took him from IM (Digsby, Tagged, Bloomberg IB), to cryptocurrency and digital wallets (Case), to digital ID with the Token ring. The pivot towards an ID solution came about after working on Case, where he realized that most consumers don’t understand private key management and the issue of permanence (as compared to the internet, where password re-sets are relatively easy, and often regularly enforced upon users).

If the goal is to provide fool-proof but highly secure end-user authentication, the solution has to focus on the “signing device”, by making it much easier than the status quo. Hence the combination of two-factor authentication (2FA) and bio-metrics to enable Token ring users to live key-less, card-less and cashless, and without having to constantly remember and update passwords. In short, the Token ring works with anything contactless, as long as the relevant permission/authentication protocol layer (challenge and response process) is compatible with the ring’s circuitry.

In assessing the downside risk, gaining consumer adoption is critical, to ensure that users see the benefits of the convenience combined with the credentialing power. Equally, success will depend on the ability to scale as a hardware manufacturer, and the potential to drive traction through virality.

There is still a lot of design work to do on the hardware itself (to enable assembly, customization and distribution as locally as possible). And the platform needs to bring on more partner protocols, especially in key verticals. At the end of the day, this is still a Blockchain solution, with a UX layer for the cryptographic component.

When asked about the future of ID, Steve felt that in the medium term, consumers will no longer have to carry around multiple cards or have to remember multiple passwords. Longer term, governments will no longer be the central authority on managing ID: unlike today, a driver’s license will no longer be the gold standard – instead, solutions will be based on decentralized, contextualized and user-defined ID.

This led to a discussion about Sovereign IDe-government and digital citizenship (e.g., Dubai and Estonia) – and the break up of big government in favour of more city-states. (Which could result either in a “small is beautiful” approach to self-governing and sustainable communities, or a dystopian nightmare of human geo-blocking, as in a film like “Code 46”).

For the tech buffs, the Token ring’s IC hosts a total of 84 components, including the main secure element (as with mobile phones and other devices), finger print reader, optical scan, Bluetooth, NFC, accelerometer, MCU, Custom inductive charging etc.

Finally, there was a discussion about the risk of cloning, mimicking or breaching the unique and secure ID attributes embedded in each Token ring. While it is possible for users to encrypt other knowledge components as part of their individual access verification and authentication (e.g., hand gestures), there is still a need to rely upon trusted manufacturers not to corrupt or compromise the secure layer. And while the public keys to core protocols (such as credit cards and swipe cards) are maintained by the protocol owners themselves and not stored on the device or on Token’s servers, it will be possible for other third parties to on-board their own protocols via a SDK.

Next week: Startup Vic’s EdTech Pitch Night