Token ring – a digital ID solution

The latest event organized by DIG ID (the Melbourne Digital Identity Meetup) featured a Q&A with Steve Shapiro, CTO of Token, moderated by Alan Tsen, General Manager of Stone & Chalk Melbourne. Given the current level of interest in solutions to address online fraud, ID theft, data protection, privacy and personal security, the discussion covered a lot of conceptual and technical topics in a short space of time, so here are some of the key points.

First off, Steve spoke about his start-up and tech journey, that took him from IM (Digsby, Tagged, Bloomberg IB), to cryptocurrency and digital wallets (Case), to digital ID with the Token ring. The pivot towards an ID solution came about after working on Case, where he realized that most consumers don’t understand private key management and the issue of permanence (as compared to the internet, where password re-sets are relatively easy, and often regularly enforced upon users).

If the goal is to provide fool-proof but highly secure end-user authentication, the solution has to focus on the “signing device”, by making it much easier than the status quo. Hence the combination of two-factor authentication (2FA) and bio-metrics to enable Token ring users to live key-less, card-less and cashless, and without having to constantly remember and update passwords. In short, the Token ring works with anything contactless, as long as the relevant permission/authentication protocol layer (challenge and response process) is compatible with the ring’s circuitry.

In assessing the downside risk, gaining consumer adoption is critical, to ensure that users see the benefits of the convenience combined with the credentialing power. Equally, success will depend on the ability to scale as a hardware manufacturer, and the potential to drive traction through virality.

There is still a lot of design work to do on the hardware itself (to enable assembly, customization and distribution as locally as possible). And the platform needs to bring on more partner protocols, especially in key verticals. At the end of the day, this is still a Blockchain solution, with a UX layer for the cryptographic component.

When asked about the future of ID, Steve felt that in the medium term, consumers will no longer have to carry around multiple cards or have to remember multiple passwords. Longer term, governments will no longer be the central authority on managing ID: unlike today, a driver’s license will no longer be the gold standard – instead, solutions will be based on decentralized, contextualized and user-defined ID.

This led to a discussion about Sovereign IDe-government and digital citizenship (e.g., Dubai and Estonia) – and the break up of big government in favour of more city-states. (Which could result either in a “small is beautiful” approach to self-governing and sustainable communities, or a dystopian nightmare of human geo-blocking, as in a film like “Code 46”).

For the tech buffs, the Token ring’s IC hosts a total of 84 components, including the main secure element (as with mobile phones and other devices), finger print reader, optical scan, Bluetooth, NFC, accelerometer, MCU, Custom inductive charging etc.

Finally, there was a discussion about the risk of cloning, mimicking or breaching the unique and secure ID attributes embedded in each Token ring. While it is possible for users to encrypt other knowledge components as part of their individual access verification and authentication (e.g., hand gestures), there is still a need to rely upon trusted manufacturers not to corrupt or compromise the secure layer. And while the public keys to core protocols (such as credit cards and swipe cards) are maintained by the protocol owners themselves and not stored on the device or on Token’s servers, it will be possible for other third parties to on-board their own protocols via a SDK.

Next week: EdTech Pitch Night

 

 

Tech, Travel and Tourism (revisited)

Just over two years ago, I posted a blog on how the tourism and travel industries needed to embrace the opportunities brought about by digital disruption. Having been on half a dozen overseas trips in the past 12 months, I can see that there have been some improvements in the traveler experience, but there is still a lot of room for improvement…

One of the biggest benefits has been the expanded integration of public transportation information into Google Maps. Navigation and route planning, right down to which platform to board from or which subway exit to take, has been a huge boost to the traveler UX. Many cities are now using integrated stored value cards for public transport, but limitations still exist: for example, some systems don’t make it that easy for overseas visitors to obtain the card itself, others make it hard to re-load other than by cash; while only a few systems, like Hong Kong and Japan, support multiple point-of-sale transactions for shops, restaurants and other services.

Another plus for frequent travelers has been the increased adoption of chip-enabled, e-passports which streamline the immigration entry/exit process (but only for participating countries, of course). Laborious paperwork still exists in many cases with arrival/departure cards and customs declaration forms – but over time, these processes should become more streamlined with the adoption of digital IDs and biometrics.

Using local mobile phone networks may have gotten easier with compatible operating systems, but even with pre-paid travel SIM cards and data packages, access costs are still disproportionately expensive for overseas visitors. Sure, there are more and more public WiFi services and hotspots available, but most still require users to provide personal data and/or reveal security weaknesses. Even though I recently purchased a mobile pass to access “free” WiFi services abroad, it’s hard to see what value it offers, because it only works after I have already logged onto the WiFi network.

Getting flight information, notifications and alerts via SMS and e-mail has improved considerably, along with easier online booking tools and mobile check-in solutions – and of course, QR codes now support paperless boarding cards. But I’ve noticed that some airline apps don’t support full integration with mobile phone wallets, and consolidating ticketing and invoicing information (e.g., for consolidated expense reporting) from multiple airlines and booking platforms still feels a long way off.

Finally, a constant irritation for travelers are the card transaction fees that most hotels still pass on at checkout – as if many guests are likely to pay in cash! – compounded by the FX fees that the credit card companies also like to charge. All up, this can mean an average of between 3% and 5% in additional fees, in a situation where hotel guests are something of a captive audience. Transaction fees remain a target for further disruption….

Next week: Token ring – a digital ID solution

 

 

 

FinTech and the Regulators

What’s the collective noun for a group of financial services regulators? Given the current focus on FinTech sand box regulation and the cultivation of innovation, but also the somewhat ambiguous (and sometimes overlapping) roles between policy implementation, industry enforcement and startup monitoring, may I suggest it should be an “arbitrarium”?

Whatever, a panel of regulators (ASIC, RBA, APRA and AUSTRAC) came together at the recent FinTech Melbourne meetup to showcase what they have been working on.

First up, ASIC talked about their Innovation Hub and Sandbox, designed to accelerate the licensing process. Most of the FinTech startups engaging with the Innovation Hub are operating in marketplace lending, digital/robo advice, payment solutions and consumer credit services. Meanwhile, ASIC is seeing a growing number of enquiries from RegTech startups, and as a result, the regulator will be running a showcase event in Melbourne in the near future.

Next, the RBA gave an update on the new payments system (NPP), which will operate under the auspices of the Payments System Platform Mandate. A key aspect of this “pay anyone, anywhere, anytime” model is ISO 20022, the data standard that covers “simple addressing” as part of the payment interchange, clearing and settlement protocols. The system is due to go live later in 2017.

The biggest news came from APRA, in their role of licensing Authorised Depository Institutions (ADIs). According to APRA statistics, 26 new ADIs have been approved in the last 10 years. Most licenses come with significant conditions attached, so APRA is looking to simplify the process and encourage more competition. Similar to ASIC’s sandbox model, new entrants will be able to apply for “restricted ADI” status, under a 2-year license, with certain limitations on the size and volume of their book of business. Essentially, there will be a less onerous startup capital requirement, and the new regime is expected to be operational in the second half of 2018.

Finally, AUSTRAC gave an update on their responsibilities under the AML/CTF Act 2006. While AUSTRAC has selective oversight of FinTech startups, it has responsibility for 14,000 reporting entities, including businesses holding gambling permits. Acknowledging there is something of regulatory lag when compared to new business models and new technology, AUSTRAC pointed to the Fintel Alliance, launched earlier this year, and which may run its own pilot sandbox. Currently undertaking a legislative review and reform exercise, a key aspect of AUSTRAC’s work is undertaking product and sector risk assessment.

During the audience Q&A (including some interesting contributions from ASIC Chairman, Greg Medcraft) there was discussion of cryptocurrencies and blockchain solutions vis-a-vis the NPP, and how to address the potential conflict of laws, for example between KYC and privacy and data protection.

Next week: YBF FinTech pitch night

 

The FF17 Semi Finals in Melbourne

As part of the recent Melbourne Startup Week, Next Money hosted the Melbourne heat of the FF17 pitch contest, to decide which local FinTech startup will compete at the FF17 finals in Hong Kong later this week.

screen-shot-2017-01-15-at-8-15-03-pmAt the outset, I should declare an interest, as I myself was one of the pitch contestants, but hopefully that doesn’t preclude me from commenting on the event. The competing startups were as follows (as listed on the event Meetup page):

AirWallex

This payments solutions provider has featured in my blog before. Since the last time I saw AirWallex pitch, the market for cross-border remittance and payment solutions has drawn a lot of attention. First, the growing opportunity for exporters to market products and services to Chinese consumers and tourists means that payment platforms like AirWallex (and others like Novatti, LatiPay and Flo2Cash) are partnering with Chinese payment gateways such as WeChat Pay, AliPay, JDPay and Union Pay). Second, cross-border remittance services has become a key use case for Bitcoin and other digital currencies (as evidenced by the recent partnership between Novatti and Flexepin).

Analyst Web

Still in private beta, Analyst Web is aiming to disrupt the market structure (and payment model) for equity research. By enlisting qualified CFAs to write bespoke investment reports on listed companies, then distribute them via subscription services, Analyst Web claims to be bringing quality, objectivity and value for money to this investor service. Currently, investors have to rely on either brokers (who may offer “free” reports to their clients under soft dollar arrangements) to provide research on individual stocks; or subscribe to independent research houses (such as Morningstar). Typically, neither brokers nor the research houses cover the full market – tending to focus on the bigger stocks and those included in benchmark indices. Of course, companies themselves use investor relations services to issue commentary on their market performance and prospects, but these communications perhaps lack objectivity. There are also other models, such as the ASX Equity Research Service, whereby research providers are “sponsored” by the stock exchange to provide reports on qualifying companies to boost market coverage. Some of the challenges Analyst Web will need to overcome are: investor willingness to pay for research; market credibility and acceptance of their reports; and sustainable financial models that appropriately compensate the analysts without compromising independence and objectivity.

Proviso

Proviso has also been mentioned in my blog before, and they continue to impress with their solution to take friction out of the documentation processes for loan origination, and their ability to secure more financial institutions as clients. In my previous commentary, I noted that Proviso risked being disintermediated by an industry-owned utility. While I still think that is a possibility, I also see that the combination of Blockchain solutions (for distributed ledgers and bank data feeds) and more open APIs for financial data and account information may mean that customers themselves may be empowered to drive the process, since it will be easier for them to demonstrate their creditworthiness and establish their cashflow status, but also have better control over the disclosure of their data.

DragonBill

DragonBill, an invoicing solution for SMEs, is yet another of the FF17 contestants to appear in my blog, most recently when they presented at Startup Victoria’s regular pitch night. In addition to offering both direct payment and escrow options for micro-businesses and sole traders, DragonBill continues to mine an interesting niche market among sports clubs and associations – the reason being that many club members are themselves sole traders. As part of its future developments, the business is scoping a solution to help clients manage their superannuation obligations, and to provide informed advice on cashflow management.

BreezeDocs

Similar to Proviso, BreezeDocs is a document automation solution for lenders, although currently focusing on mortgage origination. And like Proviso, at the heart of the solution is the ability to streamline the extraction and processing of data from customer documents. On top of a core OCR capability, BreezeDocs also claims to be using machine learning to train their systems on different document types, formats, structure and content. Despite the use of ETL processes within financial institutions, the disparate nature of financial products and documentation; the way customer, product and transaction data is often maintained in different systems; and the fact that customers will often have accounts and products with different providers can undermine the need for standardised processes.

Vestabyte

As I commented in my previous blog, equity crowding may be about to come into its own as a way to connect investors with entrepreneurs and startups. Vestabyte are certainly enthusiastic exponents of this method for raising capital, but legal constraints mean that their platform still has to operate under a unit trust model, rather than offering access to investments in the form of direct shares in specific assets, companies or ventures. This may change if the proposed legislation can get through Parliament, although it’s far from being a done deal. But in the absence of formal legislation, it sounds like a great opportunity for a FinTech startup seeking funding to test ASIC’s first licensing exemption under its sandbox regime….

coHome

By their own admission, coHome is very much a nascent business – one that is still defining its customer offering. At its heart, this shared ownership service provides a matching service for aspiring property owners, along with some standard documentation for a co-ownership agreement, known legally as a tenancy in common. With multiple parties to the property transaction and mortgage application, coHome aims to streamline the process, make it easier for buyers to connect with other interested parties, and provide customers with appropriate legal safeguards. It’s clearly an admirable objective, and one that deserves to gain attention. But monetizing the service may prove challenging, unless coHome takes a commission from the mortgage providers, lawyers and conveyancers?

BugWolf

Not strictly speaking confined to the FinTech sector, nevertheless BugWolf, a tool for managing user-acceptance testing, has managed to gain traction with at least one of Australia’s Big 4 banks. Using gamification, competitions and other techniques to recruit, engage and manage teams of testers, BugWolf claims to support all aspects of functionality testing across software, websites and mobile apps. Combined with robust reporting and analytics, BugWolf can also help clients achieve shorter product development cycles.

Brave New Coin

I joined the team at Brave New Coin (BNC), a provider of market data for digital assets, in early 2016. So, it was the first time I have pitched, outside of hackathons, client presentations and sales conferences. And the fact that BNC was a last-minute confirmation for this event made it an even more interesting experience. Established about 3 years ago by a team of founders with an interesting mix of publishing, Bitcoin and full stack development experience, BNC has built a suite of data APIs (market prices, indices, exchange rates and analytics) for Bitcoin and most other crypto-currencies and Blockchain assets. While the APIs are typically used by developers, the growing interest in digital assets among brokers, investors and asset managers means that market data on these new asset classes is in demand, and BNC is busily building distribution partnerships and subscription deals with traditional brokers, market data vendors and exchanges. Recent price fluctuations for Bitcoin may suggest continued speculation in this currency, but the launch of investable and tradeable products such as CFDs, futures, ETFs and other derivatives also suggest that digital assets are starting to achieve broader market acceptance.

BankVault

Unlike other solutions to defeat hackers and hoaxers (e.g., anti-virus software, spam-filters, VPNs and proxy servers), BankVault uses virtual machine technology to protect customers’ bank details when they transact online. This means a “new and instant” machine is created for one-time use only, each time a customer launches the BankVault service. Offering both individual subscriptions and enterprise solutions, the business is in the process of launching in the USA.

Conclusion

The winner, based on the judges’ votes, was BugWolf, which came as something of a surprise to a number of the other contestants, myself included. Without wishing to sound churlish, this event was supposed to be about the future of finance (hence FF17…), so it would seem reasonable that the winner would be based in FinTech (as opposed to TechTech?). The result (although highly deserved and based on an impressive pitch), also reinforced my sense that this event did not draw the “usual” FinTech or startup audience in Melbourne, based on the many pitch nights and meetups I have attended over the past few years. From my perspective, neither was it an investor audience, nor a capital markets audience, meaning I wasn’t really sure who I was pitching to. I’m hoping that the organisers will reflect on this event, and look to make some changes for next year.

Next week: A few rules on pitching