Who do you Trust?

Google and Apple are working to secure their platforms, and assume the central trust role in authenticating the consumer. I’m much more interested in the Apple’s new developer APIs than I am in the fingerprint app. How will they begin to “lock down” applications, what new authentication features will they expose to developers? How will they allow consumers to provision sensitive data to other apps?

9 Sept 2013

(sorry for typos.. on the road and will proof later)iPhone-6-Fingerprint-Detection-And-Apple-Release-Date-Rumors

WSJ article today on Apple’s biometric led me to believe the mainstream press is “missing” it. As I outlined in Payments as Part of the OS, generically for all handsets in Stage 4 Value Shift, and specific projections for Apple in Apple and NFC – Part 2:

  • Handsets are becoming a commodity, cameras screen resolution, battery life are no longer differentiators
  • New differentiator is “Value Orchestration” across physical and virtual worlds
  • Apple and Google are best placed to perform this service, and do so today from “cloud access” to music, pictures, calendars, documents, to storage of personal information like cards, social,
  • The “KEY” to value orchestration is owning the customer relationship. Identifying and Authenticating the customer is the first, primary, service that must be owned by a platform.  What was a separate “Trusted Services Manager” in the NFC world has been co-opted by platforms which will take a proprietary route.
  • Authentication is of little value if the platform is not “secure” and offers no unique services to Authenticate. IOS and Android started life as relatively unsecure operating systems, where “control” over individual app access to phone data was “regulated” by testing vs. enforced in platform security.NFCActors

Platform Future

Google and Apple are working to secure their platforms, and assume the central trust role in authenticating the consumer. I’m much more interested in the Apple’s new developer APIs than I am in the fingerprint app. How will they begin to “lock down” applications, what new authentication features will they expose to developers? How will they allow consumers to provision sensitive data to other apps?NFC Change

Hardware is evolving to software. From NFC to the SIM. Once security is in place, there is no reason Apple could not release a version of their phone with SIM virtualization/emulation. Could you imagine having 2-5 options at any given instant, using whatever carrier has best coverage and least cost given your current location… Perhaps even competing w/ Wi-Fi ? Of course this would destroy carrier subsidies.. but perhaps it may be worth buying an unlocked phone.. and carriers become dumb pipes competing to deliver the best service. There are a few regulatory roadblocks in the way.. but I am painting a future view that is already occurring in some markets (See dual SIM phones in India).

The implications for Android are much more significant than for IOS, given the number of Telecos that have leveraged Google’s baseline Android to create customized versions. If Google locks down Android with a new secure OS, they will be in a position to provision Google applications (Maps, mail, search, …), identities, and cloud based services (drive, Google Now, Commerce, …).  The “freeware” model could still exist, but without the cutting edge Google services it becomes a COMMODITY HARDWARE game.

Trust – Everyone wants to play

What we will see at Money 2020, is that there is an all-out war going on for the Trust role: Banks (see Tokenization), MA/V, MNOs, Samsung, retailers… everyone realizes this is the “key” to unlocking future value in the convergence of the virtual and physical world.where value lives

Bank strategy seems to center on control of existing networks. What they don’t realize is that the harder they work to build barriers to entry, the greater the value of finding ways around them. A public example is Google’s acquisition of Zave Networks in 2011.  Prior to taking your credit card at the POS, there is another settlement process in place.. one around coupons (which are a legal form of tender). In this coupon environment, P&G or General Mills’ accounts are debited and the consumers account is credited. In this financial settlement system, there is no limit on what accounts can participate… This example perfectly represents the “innovator’s dilemma” where a “good enough” network supplants an incumbent as the nature of competition changes.

I was with a top 3 bank CEO this year, who was confident that they would win the MCX business. I asked why. Response was “we have these Retailer’s investment banking business and handle most of their processing today”.. My response “when did you bring them customers or help with them compete”? He just did not understand the nature of his competition, it was not about cost of processing… the NATURE of competition in payments is changing.  (See Retailer as Publisher)

Who do I trust?

I’m an ex banker and can tell you that Banks take the trust role very seriously. They are regulated and monitored.. I had to take 40 online tests a year to ensure I understood compliance, regs, …etc. What a nightmare! Is it any wonder why this environment is not ripe for innovation. Can you imagine what the CFPB would do to a big bank when it had customer data not related to an account? It would have to explain why they had the data, how they obtained it, the customer agreement terms, what they would do with it, the safegaurds around use, storage, retrieval, how they planned to make money from it..  Its like your mother in law sitting next to you everyday asking you what you are doing.  I certainly Trust a bank.. but they will never ever get anything done here.  They need partners, but they want to dominate the relationship.. The country w/ most advance model of Bank led “trust” authority is Korea (see link).

I love Google and think everyone of their employees is working to “do no evil”. They are the most well meaning and least “nafarious” fortune 50 I have ever worked with.. but they are use to getting data for free and selling it back in services. Consumer safeguards seem rather absolute.. and their data stores are so massive and intertwined its hard to pull it apart, particularly when a “consumer” relates to an account(s) and device(s)… Google knows things about me that I have not specifically permissioned them for, They have the capability to be secure, but few current services where that is an imperative (payments, Google Drive).

Apple is from another planet, there is just no one else like them in keeping secrets. How do they do it? Yes I trust Apple.. they only know what I tell them…. I like this model.. If I added healthcare info to my iCloud account.. I have confidence it would be secure.

MNOs. This is a breakout business for them (See KYC $5B opportunity). GREAT authentication means physical verification of customer/credentials. I believe US MNOs are in a position to deliver this service through Payfone… but it must be integrated to local physical distribution channels for a “new” account type. This is where digital signatures could really take off… from signing mortgage documents to account applications..  I believe MNOs are best placed for the Trust role because of their physical distribution channels and knowledge of consumer.  Forget about ISIS.. if you own authentication everything else is dependent on you.

Side Note: Paypal is getting far too much attention

They had a slew of new product releases last week. All focused on “convenience” not on COST or customer acquisition. As I outlined.. Paypal is nowhere in off-ebay mobile payments ($1B – see my 10k Breakdown), they are under attack as processors like FirstData refuse to route their physical payment. The only prospective customers of Paypal are services, or Branded retailers that restrict distribution, as the eBay marketplace encourages price competition for distributed CPG products. Jamba Juice, Dunkin Donuts, and Under Armor are example prospects.. Consumer adoption is driven by frequency of use.. If Paypal can’t make traction in Grocery, Gas or Transit their prospects are very bleak.

From a network perspective Physical POS was NEVER PayPal’s focus.. it is not what they do, or why their current consumers and merchants use them.