bank strategy | Guillaume's blog

Good banks and meaningful money today in France

While I’m very interested in the future of money, I’m even more interested in the future of money now: the very practical things that we can do with the banking and monetary system as it is today.

I have come to realize that the ideas I believe about the future of money, in particular making money more meaningful, are very well understood by small community banks and credit unions. They have incredible assets, one of which is the human-sized organization, which allows you to quickly talk directly to the decision-maker. What they lack are simply the resources of the large banks and the sense of urgency of startups, but I know they are open to partnerships to workaround these issues.

Below is my corrected Google translation of a recent post by JCPhilippe, who is Managing Director of the Credit Agricole in the region of Pyrénées Gascogne in France on how the bank he manages is becoming a good bank.

As part of a week on “socially responsible savings”, we organized a symposium on 3 November. Distinguished guests, Father Bernard Devert,President and founder of Habitat Humanism , François De Witt,founder of Finansol , and Pierre Scherek, Director General of Ideam convinced us of the usefulness of their actions and this form of savings, still limited in use in France. Socially responsible savings consists in selecting financial investments by adding meaning and socially responsible as a requirement in addition to performance.

We fully support this approach. When I say this, I understand it is difficult to believe a banker is telling the truth. If he speaks of social responsibility, ethics, faithfulness to pledges, and sustainable development, how can we not think that he is only doing so to better profit? The mega-banks have left such a strong mark in people’s mind for their subprime profits, losses, their traders and their bonuses, that it is easy to forget the local bank dedicated to a particular geographical area, which serves, people of modest means, small businesses , artisans, shopkeepers, farmers. The headlines make us forget that finance and banking are first and foremost here to help with daily life. So when a banker says: “I want to be useful!”, Who can believe him? Who can believe that a bank, a banker can have be well-intentioned?

A Pyrenees Gascogne, we believe in the good and useful bank, local solidarity, local cooperations. This idea of a good bank can be seen in everything we do. When we say that advisers are not paid on the products they sell, it’s true, or that we advise our customers products that suit them, it’s true. And because we want a good bank that we have developed a consulting business in how to save energy. And when we provide help to non-profit in our area, it’s because we believe their action is vital to the social fabric.

So if we offer our customers financial products around solidarity and socially responsible investing ( here on the site talking about heritage ), it’s because Pyrenees Gascogne invests itself in these products, it’s because these products are purchased by our employees employee for their own savings, it’s because we believe in the value of these investments for ourselves. We do not follow fashion, we are not trying to conquer a market, we try instead to share a belief with our customers.

I am increasingly convinced that of of the key levers to make companies more virtuous, more accountable to the future is to channel savings into those companies that subscribe to the principles of sustainable development, and integrate this philosophy in their decision and accounting. It is more useful to invest in such investments than to give a little to non-profits, (although each donation is helpful) because that way, they have means to improve their ambitions. We can put more solidarity in the economy and the formula of Phocion “private virtues become public morals” is truer than ever. Of course, we must still dare to believe and decide to build!

Good Banking

I’m reading the live blogging of the Bernanke hearing today, and I’m pretty shocked by the following conversation:

Bad lingo | 3:59 p.m. Emanuel Cleaver, a Democrat from Missouri, condemns the term “bad bank.” He says the term does not exactly inspire support for the program. Maybe it should be called the “Damascus Road” bank, he says, or maybe the Fed should have a linguist look into something else more appealing.

Mr. Bernanke replies that it’s officially called an “aggregator bank,” not a “bad bank.”

Mr. Cleaver says that term is unlikely to catch on, and that perhaps a three-year-old should come up with something that rolls a bit more trippingly off the tongue.

Well, what about “Good Bank”, and what about making it more than just a sweet name?

I’m convinced Americans want good, ethical banking, the kind of banking that focuses on developing healthy communities where they can live and raise their kids. Just like anyone else on this planet. More importantly, they want HOPE, and good banking IS hope.

Bruce Cahan says it very well:

What We Had

The earliest banks were built by business, civic and religious leaders to grow hometowns, in regions they knew best. Community banks and bankers exist as a minority, often still independently-owned.

What We Lost

Today, most deposits (upwards of 80%) in America’s large cities are held by banks headquartered elsewhere, accountable to no one locally, except regulators in Washington or the state capitols who are easily outmaneuvered through lobbyists, industry political donations and complex financial instrument structures that camouflage the transparency needed to see simple causes and effects.

America’s banking system has lost its roots, has lost its way. “Safety and soundness” used to mean bankers living in and knowing their home regions and the people, businesses, governments and nonprofits there. Now Wall Street financial services mega-banks and investment professionals have fractionalized underwriting, ownership and obligation to the point where hedged bets on leveraged obligations (e.g., home mortgages or corporate bonds) create a rapidly cascading morass of multiplexed risk, drying credit up for other purposes in places where the risks are less or could be underwritten more safely and simply. As rogue traders have shown, the whole house of cards can easily unravel, with the use market capitalization and Federal Reserve costs unwinding such positions entails.

What We Need: An Ethical Bank

We need more ethical banks, where decisions are made transparently, its allegiances trace back to community concern and its pricing of credit and investments is directly tied to the contribution each transaction makes to growing regional health.

A bank’s payment strategy in 3 words: Convenience, Convenience, Convenience

The Bankwatch had an interesting post titled Payments – the impossible dream for Banks? this week outlining the importance of payments for banks and the challenges they face in bringing about innovative and user-friendly payment solutions. Colin’s line of thought is that:

Banking has moved to self service
Self-service allows two types of financial activity … view balances, or move money.
Moving money is payments.
Payments, as currently offered by banks, are mostly hell and they cry out for innovation
Payments innovation is not about technology or standards (SEPA), but about customer experience

I cannot but connect this “hell” experience with one of the most interesting questions raised during the Mobile Web Wars conference last week:

Why people are willing to pay for apps on the iPhone, but not on Facebook?
Why people are willing to pay $3 for ringtones, but not $1 for music files?

A participant was arguing that the reason was the “mobile effect” i.e. the fact the mobile is a relatively new communications channel that is so personal that people value it more than the PC channel. But at the same time, Bart Decrem, CEO of Tapulous, a social app company for the iPhone, was saying in the background: “Ease-of-use, Ease-of-use, Ease-of-use”, in other words: convenience drives customer value and their willingness to pay.

Something pretty obvious some would say, but this idea was made to me much clearer in the last few days while trying out two new services: expensure.com, a London-based bill sharing online application, and TipJoy, an online tipping (“micropayment”) service. Both services address different user problems, but they both address it very well with an extreme focus on convenience.

TipJoy for instance, does not require what you would normally call “payees” to register: you can simply donate to any URL on the Web you want. As Web site owners register and add the TipJoy button on their Web site, they essentially claim by the same token URLs and collect tips. From the payer / tipper perspective, a single click on the TipJob button is required, nothing more: the button is already configured by the payee with a pre-defined amount (in the order of 5 to 50 cents). This is convenience at its best.

Expensure solves the problem traditionally solved by complex spreadsheet. I used it to share bills between an upcoming WE trip with my friends and I was extremely satisfied with the application. It’s all in the details. For instance, I was able to set a ledger and experiment adding expenses to it without having to invite my friends to the service, something that would have refrained me from starting to use it, b/c my friends are too busy to receive unwanted invites from applications I found not worth using after a trial. In this case, I did, and ultimately send the invite to 5 friends.

Both applications touch on the problem of payments, but with an extreme focus on a relatively highly context-specific problem and a very well designed solution to the problem. Yes, I could have used my bank’s transfer service, or checks, plus a shared Google Spreadsheet, as I did in the past, but I will certainly not do so now that my social network is almost set up with Expensure. Same thing with TipJoy: while I could have used a PayPal button on my blog, I can see the value of simply providing a pre-defined amount to users willing to tip me, and will most likely go with them in the end if I ever want to be tipped for writing these articles (I’m not really and I’m doing this on the side of my day job).

What was the most interesting to me, what the following FAQ excerpt from Expensure:

Can I pay somebody back using Expensure? Soon. Right now we are focusing on making Expensure the best shared expense tracking app out there.

and from TipJoy:

Why can’t I withdraw cash from my Tipjoy account? There are legal implications to allowing this transaction which we are currently working through. We expect that you will be able to withdraw cash very soon. In the meantime, if you have a minimum of $5 in your account after removal of applicable fees, then you can do the following with your earnings: 1. Donate to any official charity you’d like 2. Purchase an Amazon gift

Both of these companies are clearly focused on providing the best customer experience first, then only will they figure a way to monetize it. They probably have listened very well to this presentation from Paul Graham on how being benevolent and focusing on solving problems is more important than thinking about making money when starting a business.

The only thing that these companies are missing is that they are not a bank or Credit Union, but as good entrepreneurs, starting a new CU or bank is probably not an option they will choose. Just like PayPal partnered with Wells Fargo, I would not be surprised to see an innovative bank or CU partnering with them to handle the back-end aspect of their solution, in particular legal compliance in each legal framework/geography they do business in.

So, when real-estate agents are asked about RE investments strategy, it’s: “Location, Location, Location”. When asked about early-stage investments, VCs talk about “People, People, People”. Perhaps, when banks are asked about their payment strategy, or their general banking strategy for that matter, bank should say: “Convenience, Convenience, Convenience”.

BarCampBankDallas, Whuffie and open Banking Web APIs

I wasn’t able to attend BankCampBankDallas, but Charlie over at Open Source CU wrote a nice report highlighting some of the concepts that were discussed during the camp:

Incorporating online reputation into financial reputation: “why can’t [FIs] hook into LinkedIn and view a person’s Recommendations and process that into their credit score”
Opening a FI’s APIs to the creativity of their customers and 3rd party developers: “could there ever be a day where an existing financial institution could let people hook into it and meaningfully tailor the infrastructure and product to their own needs?”

I think exploring the links between online reputation and financial reputation is very interesting indeed. I think leveraging public social data is a great way for banks to reduce the risk of payment default on people with less than perfect credit. I’ve talked about this before, particularly in the context of peer-to-peer lending: in the problem with banking innovation…, I explained how a loan where some of the people lending money are family members offers a different and more attractive risk profile than someone’s lending money from people they don’t know (and don’t care) about (especially when you have a huge securitization food chain). I had never thought that such data could eventually actually be part of the FICO score, and that I think that will take A LOT of time. Here is my guess at how things will evolve: I think that Experian-like services computing someone’s overall reputation (see how to compute someone’s whuffie) will develop, and as they become established brands, may end up as an input to FICO scores. Anyway, I do think FIs are fundamentally social intermediaries and can’t afford to ignore the publicly available social data. I think there is a great opportunity, especially at credit intermediaries whose goal is the benefit of the community (credit unions), to re-socialize credit relationships.

Regarding the opening of Banking Web APIs, I think also that this is a great way for FIs to smartsource innovation while ensuring the highest level of security standards. In the problem with banking innovation…, I suggested at the very end that one way to smartsource innovation could be to “do what Apple or Facebook do: expose some of this information via easy-to-use APIs in a way that is more secure than their startup competitors. Then, allocate a VC fund to fund startups using this API (which is equivalent to buy an option to invest more/buy out the most promising ventures later).”

So, I’m glad to see that these highlighted concepts are inline with some of my own ideas and probably with many other people. I really hope I can make it to the next BarCampBank near San Francisco.

Business method patents: good or bad for the U.S. financial services?

PaymentNews pointed to a research paper title “Business Method Patents and U.S. Financial Services” authored by Robert M. Hunt of the Philadelphia Fed.

As any researcher in knowledge economics would know, maximizing the value of knowledge for society is a difficult problem: on one hand, you need to provide the proper incentives for innovators to invent (typically a patent system that provides a time-limited monopole), and on the other hand you want this knowledge to be used as fast as possible by as many people. Finding the right balance is not easy. This is a subject I’m really interested in, and business method patentability is a very interesting on its own, so I went through the paper. Here are my notes.

Here is the most important part IMO from the conclusion:

There is at present very little evidence to argue that business method patents have had a significant effect on the R&D investments of financial institutions. It is possible that the availability of business method patents has encouraged more entry and R&D by start-up firms or more efficient trading of technologies. At present, however, these represent intriguing possibilities and not outcomes that have actually been measured. In short, we still cannot determine whether financial patents are creating value for the U.S. economy.
[…]
The combination of significant technological overlap among firms, elastic patent boundaries, inadequate enforcement of disclosure requirements, and weak patentability standards raises at least the theoretical possibility of perverse outcomes (Hunt 2006). In such environments, firms may obtain more patents but perform less R&D, since the fruits of such efforts would be subject to an innovation tax imposed by rival firms.

My thoughts:
I think this area of patents is still evolving and regulators are still learning how to best optimize the value of the U.S. economy of patent issuance. There is a risk that startups be issued business method patents that other FIs license only to see themselves fought to death by large FIs in court. I don’t think it will be a big problem for niche markets, but it would be interesting to see what a court would decide if consulted on the non-obviousness of a business method patent issued to a small firm and which possibly has a huge impact/potential to many large FI players.

More excerpts:

A decade after the State Street decision, more than 1,000 business method patents are granted each year. Yet only one in ten are obtained by a financial institution. Most business method patents are also software patents.

That’s 10 business methods per year coming from a FI. Wow! The remainder of the article is basically trying to explain why these numbers are so low. Probably most of banking related business method patents come from startups (ex. SmartyPig has a patent on their business method).

Financial exchanges and the central bank are more research intensive than credit intermediaries (banks and thrifts).

I don’t think that will come as a surprise to anyone. I wrote earlier about the innovation problem at banks (I should have precised credit intermediaries as I’m well-aware that innovation is thriving in the investment side of banks).

Number of financial industries rely heavily on standard setting arrangements esp. payments networks and financial exchanges.

The article seems to imply here, if my understanding is correct, that business method innovation requires multiple parties to implement it, which means it’s hard for any one party to patent it at the same time that it seeks others to use (license if it’s a patent). That’s as if you had to pay to use a standard…

Lerner (2006) finds that business method patents are litigated at a rate 27 times
higher than for patents as a whole.

The reason for this is that the legal aspects of business methods patentability is still evolving. This might be another reason why business patents are few. It’s easier to keep them as good old trade secrets when possible, than try to patent them only to have to pay an army of lawyers to litigate them.

The article also talks about the legitimacy of licensing a patent and fighting in court in validity at the same time.

Les banques devrait-elles devenir des fournisseurs d’OpenID?

This is a translation in French of an earlier post.

Il y a presque dix ans, au sommet du boom Internet, je me rappelle avoir avoir discuté avec un banquier qui me suggérait que dans le future, le rôle des banques ne se limiterait pas a garder l’argent de leur dépositaires, mais aussi à garder leur identité en ligne secrète. D’une certaine manière, cette prediction s’est concrétisée par le biais des programmes de protection contre le vol d’identité. Cela dit, si l’on définit l’identité comme la somme des informations personnelles qui distingue une personne d’une autre et qu’il est difficile voire impossible de se procurer, on voit bien qu’une grand partie de ces informations (et en particulier les secrets tels les mots de passe) sont disséminés dans un grand nombre de services en ligne (60 en moyenne, bientôt 200, d’après une étude du Yankee Group sur OpenID).

Comme chacun sait, OpenID constitue la solution non-propriétaire à ce problème, et pour les raisons présentées ci-après, il semblerait que les banques soient des candidats parfaits pour devenir fournisseurs d’OpenID:

“Qui peut le plus peut le moins”. Le niveau de sécurité imposées par les services en ligne aux mots de passe de leurs utilisateurs ainsi que l’intérêt des utilisateurs à avoir des mots de passe difficiles, varient d’un service en ligne à un autre, mais la banque en ligne est probablement un des services ou le niveau de sécurité des mots de passe est le plus élevé. La raison est simple: il s’agit du service où les utilisateurs ont le plus à perdre si leur mot de passe se retrouve dans de mauvaises mains. Ainsi, on peut difficilement imaginer un utilisateur s’authentifier auprès de son service de banque en ligne avec son le nom d’utilisateur et mot de passe de son compte Google, mais l’inverse est beaucoup plus plausible
Les banques ont plusieurs actifs existants relatifs à la sécurité:
- Elles ont déjà en place une infrastructure technique assurant la sécurité de l’accès en ligne aux comptes bancaires,
- Elles ont pour la plupart une image de marque forte en terms de sécurité, et
- Elles ont déjà en place des programmes de protection contre le vol d’identité qui fourniraient un complément d’assurance à OpenID, et ferait de cette technologie une vraie solution/vrai produit
- Les banques sont tenues légalement de connaître leurs clients, et ont pour cette raison probablement beaucoup plus d’information sur leurs clients (par example, documents officiels comme carte d’identité) que n’importe quel autre service en ligne (mais pour combien de temps encore?). Cela veut dire qu’elle possèdent le plus large éventail d’options d’authentification, leur permettant de supporter plusieurs niveaux d’authentification. Elles ne sont pas limitées au model d’OpenID classique de l’URL et du mot de passe: elles peuvent non seulement décider d’émettre des URLs OpenID qui soient distinctes du nom d’utilisateur, mais elles peuvent aussi et surtout utiliser une authentification multifacteurs, par exemple envoyer un numéro personnel secret par SMS à un téléphone mobile, ou demander à un utilisateur de cliquer sur un bouton pour être appelé par un centre d’appel, comme spécifié par les OpenID policy extensions.
Enfin, il existe de très bonnes raisons économiques. Un service OpenID offert par une banque consituerait:
- Un service à très forte valeur perçue (mot de passe unique pour potentiellement tous les services en ligne utilisés par un utilisateur) que les banques pourraient faire payer
- Une nouvelle façon de promouvoir leur image de marque: compte tenu du fonctionnement d’OpenID (redirection vers le fournisseur OpenID pour chaque authentification) les utilisateurs verraient le logo de la banque à chaque authentification.
- Un formidable outil marketing: les banques auraient connaissance de quand quel utilisateur utilise quel service et pourraient présenter en fonction des offres et publicités liées ou non à leurs produits lors de chaque authentification,
- Une très bonne manière de garder leurs client: le coût de changement de fournisseur OpenID s’ajoutant aux autres coûts de transfer de comptes bancaires à une autre banque.

Consequence of Peak Oil for Banks

I watched A Crude Awakening yesterday and here are my notes and thoughts.

This movie essentially makes the case for Peak Oil theory: that in recent years we have reached a plateau of worldwide production of oil and that oil production will go downhill from here. The movie presents the economic, political and sociological consequences in a truly apocalyptic vision, but even if like me, you believe in human technological creativity to get us out of this mess, I think it is worth watching to bring awareness of the issues and crisis that the end of cheap oil might bring about in the next 10 years, keeping in mind that noone has the ability to predict whether this transition to other technologies will be abrupt at times or smooth and will happen in an orderly manner.

The most striking comparison presented was that oil is a very dense energy, which offers extreme productivity levels, with which other energy sources have a very hard to compete with, which in turn makes the challenge of oil transition humongous, and will be particularly difficult for our financial system.

Here is a good comparison mentioned in the movie: 1 barrel of oil (42 gallons) = 25,000 man hours of work = 12 people working full-time for one year. Another interesting comparison is that at $4 a gallon of gasoline and with a 20 miles per gallon 4-person car, you can take with a 4-person family for 1 mile for 20 cents at 60 miles per hour, definitely not a wage the driver of human-powered vehicle like a pedicab /rickshaw would or could physically work for. If we want to pay the driver $10 per hour (minimum wage in California is $8/hr), and assume he will ride 2 people at 10mph, 1 mile for 4 people will come at a minimum cost of $2, which is 10 times the current cost in 1/6th of the time.

What does Peak Oil theory means for banks?

The following text I borrowed from LifeAfterTheOilCrash.net is the clearest answer I’ve read to this question:

It is becoming evident that the financial and investment community begins to accept the reality of Peak Oil, which ends the First Half of the Age of Oil. They accept that banks created capital during this epoch by lending more than they had on deposit, being confident that Tomorrow’s Expansion, fueled by cheap oil-based energy, was adequate collateral for Today’s Debt. The decline of oil, the principal driver of economic growth, undermines the validity of that collateral which in turn erodes the valuation of most entities quoted on Stock Exchanges.

Update 6/1/08: WSJ Article on the value of second-hand SUVs. Excerpt:

About 36% of the people who tried to trade in a large SUV in May owed more on the truck than it was worth, according to data from the Power Information Network. That’s up from just under 33% a year ago. (It’s worse for large pickups. Recent PIN data suggests 40% of large pickups traded during May fetched less than the loan balance.)

A three-year-old large SUV today is worth about $2,000 to $3,000 less at trade-in than a three-year-old large SUV would have been in 2007, before gas prices began to soar, according to Marc Cannon of AutoNation Inc., the largest U.S. auto retailer. A three-year-old Chevy Tahoe that might have fetched $19,700 in September 2007, he says. Today, a three-year-old Tahoe might be worth $16,400 at trade-in.

What the IT at Google Bank would look like

As I was watching the Google I/O keynote presentation, I thought about how all the development tools provided by Google (Google Gears, GData, OpenSocial, etc.) could be put to work to create a Google-powered Bank, and what the IT architecture of this Google Bank would look like.

Here is how I think it could look like:

All user interaction devices, whether it is a teller workstation, mobile phone, ATM machine, kiosk would provide access to the bank via any of the standard Web browsers (Opera, IE, Firefox, Safari).

If access to device-specific functionality is required, it would be done by Google Gears (say for instance, that I want to access the ATM’s cash dispensing functionality, or I want to access the mobile phone’s built-in GPS or accelerometer). Ideally, these devices would be running a single application that would adapt according to the services discovered on the device on on the service cloud. But realistically, they would be running variant of a single GWT Java code base that GWT would compile in JavaScript for browser-based deployment.

Contacting customer support would be done via Google Talk click-to-call buttons. Interactive Voice Response systems would be powered by 1-800-GOOG-411 voice technology.

All these user facing app would leverage a cloud of shared GData services based on Atom Publishing Protocol. These services would be used to retrieve and update any data and transaction: update accounts, customer profiles, schedule payments, withdraw money, consult account balances, etc.

These services would be available to any developer who registered for an API key to create new 3rd party applications, with online documents, code examples, tutorials, videos, etc. There would be a related developer challenge that would award prizes ranging from $25K to $100K to motivate developers to create 3rd party applications. Google Bank would monitor usage and success via the API key, and acquire the apps that can contribute the most to their bottom line or user growth. OAuth would be used to allow 3rd party apps to accesss customer data without the user having to give away their Google login/password.

OpenSocial would be leveraged by Google Bank to provide an easy framework for friends to share bills, family member to send money to one another via any device, and to loan money to friends/families or friends of friends. Google Bank would use this data to provide preferential loan rates or optimize transaction fees.

Google Bank analytics would analyze my transaction patterns, build nice spending usage pie charts for me, and suggest relevant ways to save or make more money via competitive offers aggregated in Google Shopping. Bank marketing managers would use Google Bank analytics to analyze usage patterns, create marketing campaigns and target specific demographics and customer types in Google Adsense.

And last but not least, users would be able to search all their personal data using a simple one input field user interface.

Did I miss anything?

Can financial services providers do good and make good money at it?

Brad Garland’s latest post raises an interesting question:

If a company’s employees passion for their company’s product or service is ultimately what transpires in their brand and what drives customer to buy their products/services – think Google (“Don’t be evil”), REI or Apple, is it possible to have financial services providers’ employees being passionate about their products/services, and if so how?

As I was reading this post, I could not but think about Paul Graham comments in this presentation about the necessity for startups to be benevolent. His theory goes like this: if a startup focuses first on making the life of its users truly better, it will help employees stay motivated in the most difficult times, and will help in attracting the best geeks, who are usually idealists; once you have enough happy users, they will be happy to contribute financial support.

There many startup examples that have followed this pattern. eBay is a good example. According to Wikipedia’s entry on Pierre Omidyar:

The service was free at first, but started charging in order to cover Internet service provider costs.

REI, Brad’s example, is not a startup, but actually follows this benevolence pattern. They are actually a particular kind of business since they are a cooperative and as an REI member you get a yearly dividend (about 9% of the money you spend there), which you can redeem for REI products.

To go back to Brad’s question, and adapt it based on Paul’s suggestion: Can financial services providers do good and make money at it?

Of course they can.

Here are a few examples:

The disruptive contenders such as p2p lenders are effectively freeing loan seekers from bank loans and re-creating a more human and direct relation between lenders and debtors.
Large incumbent banks can leverage their operational infrastructure to create independent brands dedicated to specific communities or values (ex. using local deposits to finance local, sustainable developments, “green banks”). After all, different people have different ideas about what “don’t be evil” involves. In general, it is my opinion that banks can do good and be perceived as such by leveraging Web technologies to reveal the social links loans represent, rather than abstract/hide them. For instance, they could provide visibility into where the money in my CD account goes and provide me with the option to express my preferences. Ideally, I should be able to say that I want my money to be only used to help finance sustainable farming in a 50 miles radius around where I live.

Just my quick thoughts!

Should banks bank on OpenID?

Almost a decade ago, at the height of the Internet boom, I remember talking to a banker telling me that in the future, banks would not just keep your money safe, but also your identity. To some extent, this has materialized with identity protection programs offering insurance against the risk of identity theft. That said, if you view the identity as the collection of hard- or impossible-to-obtain information about a person that uniquely distinguishes her from others, you would certainly admit that a big part of this information (in particular secrets such as passwords) are spread around in a variety of online services (60 on average, growing to 200 according to a Yankee report on OpenID).

OpenID, as everyone knows, is the open solution to this problem, and banks seem to be excellent potential OpenID providers for the following reasons:

“He who can do more can do less”. Password strength requirements and password strength user incentives are not equal among online services, but online banking is probably one of the services where password strength is highest, simply because this is where for most people the loss would be the highest if their password was to fall in the wrong hands. So, users won’t use an easy-to-remember Gmail username/password or blog commenting account to login at their bank, even if the bank trusts Google’s security, but they would probably not mind the reverse.
Existing security-related assets:
- Banks already have the security infrastructure in place to secure financial accounts,
- Most banks are already trusted brands in terms of security, and
- Banks already have identity theft protection program in place that would complement OpenID, which is just a technology
- Banks are required by anti-money laundering laws to know their customer, and have probably more identity-related information about their customers (ex. government-issued documents) than any other online service. This means they have the widest range of authentication options, allowing them to support multiple levels of authentications. They are not constrained to a public URL/private password model: they can not only decide to issue a OpenID URL that is distinct from the existing username, but also use multi-factor authentication for instance by sending a PIN by SMS to a phone or requesting the user to click and get a call from a call center agent, as requested by OpenID policy extensions.
Last but not least, compelling business reasons. A highly secure OpenID would be:
- A value-add service that the bank could charge a premium fee for
- A great way for banks to promote their brands (you’d see their logo everytime you authenticate), get to know their customers’ online usage patterns (which service you are using and when) and present new offers/ads (banking-related or not),
- A great way to retain customers.