Current challenges for banks and fintechs
Back when we started the design of the Okay solution we made the following assumptions:
- The user-base is moving towards single-device users, and that device will at least in the short-term be a smartphone, with no physical token or dongle
- A large percentage of the user-base will run their apps on devices that don’t receive security updates. It is a safe assumption that many of these devices can be infected with malware, and might already be infected.
- There will be a lot more competition on the product side in the bank and fintech markets
These assumptions were made before the PSD2 was finalized, but we had read earlier guidelines from the EBA on payments and electronic money. And, by looking at how the official requirements appeared to get more and more strict, it was assumed that the regulatory frameworks wouldn’t get more lenient.
Did we make the correct guesses? Let’s look at each assumption:
The first assumption is correct, in that the web is now “mobile-first”, with the major percentage of traffic now clearly from mobile devices. While there are fewer statistics on the use of physical dongles there are hardly any new banks that use physical devices, and all new banks and fintech initiatives apparently have an “app first” strategy.
Security Updates Problem
When it comes to security updates the situation has clearly not gotten much better. There are more than 2.5 billion active Android devices today, from 180 different manufacturers. Only about 2/3rd of these run a version released after Oreo in August 2017. Combine that with the fact that only devices released after January 31st, 2018 are guaranteed two years of security updates it would be a conservative estimate that 2/3rds of all Android phones no longer receive security updates. The situation on the iPhone side is a bit better, with 900 million devices, with phones going back to 2015 still receiving the latest main release.
Investment in fintechs
The last assumption is actually more uncertain, in that the investment in fintechs have varied somewhat over the last few years. But, at least for 2018, and most likely 2019, there is a massive growth in new companies, bringing with them new concepts and new innovations.
A lot of this innovation takes place in Europe and in Asia. In countries such as China, a lot of payments now go through payment apps such as WeChat, while in Europe there are new innovative banking and finance apps launched nearly daily.
This creates an interesting problem for both new and existing companies: They experience market pressure from innovation and regulation, but at the same time a lot of the potential users are running their apps on platforms that might not have gotten a security update in years. One option is to say “we don’t care about users with older smartphones”, but that can be hard to justify to investors. Another option is to take a look at Okay, and we hope that you’ll take a look at our offering, where we assume that innovative malware is already targeting your app.