What role for banks under ‘everything as a service’?

Banks now need a long term vision on a 10 year horizon. Focusing down on the payments industry allows us to see why more concretely, and could provide an inkling of what the rest of the banking landscape faces.

Superficially, the major challenge faced by traditional payments players is that they must deal with new regulation and security technologies while simultaneously seeing off threats to their core business from new entrants. Expressed this way, it is easy to shrug off the challenge simply as one of too many things to worry about with not enough resources – essentially a question of getting the prioritisation right, which banks have plenty of experience in doing. A payments executive at a US bank recently expressed it thus: “we don’t have the resources or budget to do EMV rollout and Apple Pay; therefore we can’t do Apple Pay”.

This is too short-termist. While correctly prioritising investment decisions is important, someone needs to be thinking longer term than that. The question is, when it comes to payments, what exactly is the value add of the bank in the future?

One of the biggest long term challenges in payments is that almost everything a traditional payments provider used to derive competitive advantage from is being commoditised, and offered as a service accessible via APIs to anyone with a half-decent development team. This is ‘everything as a service’ (otherwise known as XaaS).

For example, right now in the market businesses are offering:

  • Identity as a service; identity authentication APIs with instant identity and address verification.
  • Data analytics as a service, for example using phone data for fraud detection and credit scoring. One provider claims to use 20,000 data points and says it can deal with the estimated 4bn people worldwide who have no conventional credit history, so long as they have a phone.
  • Issuer processing as a service.
  • Lending as a service, with suppliers providing credit scoring, loan servicing and access to capital 
to fund loans – no own balance sheet capital required.

On the retail side, transaction banking itself is becoming a service. In contrast to some negative views in the EU about the XS2A provisions of PSD2, at least some US banks are actively embracing the notion of allowing 3rd party access to their systems and customer accounts via APIs, for example, BBVA Compass and its partnership with Dwolla. Further, new entrants such as Plaid – supported by Bank of America, Chase, Wells Fargo and Citi, amongst others – are providing 3rd party developers with the standardised tools they need to integrate with bank infrastructure.

All this is rapidly pushing the integration of payments into much broader services that provide far more substantial benefits than simply the ability to make payments, as can be seen with the likes of Uber, Shell, Starbucks, and many, many others.

A similar development is occurring on the merchant side, where new entrants risk driving a widening gap between merchant and payments provider, weakening the customer relationship and in the worst case leading to almost complete disintermediation.

The merchant proposition is moving from ‘just accepting payments’ via a simple POS terminal, to ‘helping run the business… and by the way we also do payments’. These new solutions handle invoicing, billing, inventory management and more. One new entrant offers to “run your entire business from one iPad-based POS system for £39 a month + VAT”. The promise is for major time savings and thus very substantial cost benefits beyond the core payment transaction. Another provider claims it can save 40 hours a month of administration work; that’s roughly 50 basis points off one million euros of annual sales: if true, a merchant might not care that the per transaction charge for payments probably isn’t the lowest in the market.

So a pure-play acquirer runs the risk of being relegated to having an N-1 or even N-2 relationship with merchants, below the value-adding service providers and the gateways they support.

The shift to XaaS also means larger banks with more resources to invest will lose some of their scale advantage.

Smaller banks will be able to integrate quite sophisticated services such as advanced data analytics without needing to invest in building the capability themselves. In turn, that means it will be harder for everyone to differentiate their offers, particularly if most banks end up utilising the same few providers. This is equivalent to using a website builder rather than coding a site yourself: you’re always constrained by the tools to some extent.

It may be that the biggest banks are able to develop ‘better’ technology than is being offered to the market by XaaS providers, but legacy issues and varying standards and systems across different markets may stand in the way of achieving sufficient scale to be competitive. New entrants are global by default, and aim big. Trulioo, an identity as a service provider, already claims to be able to “verify billions of people from your web browser”.

It’s important to remember that payments isn’t actually broken. The current model still works perfectly well. But banks need to figure out where they will sit in a future landscape that is a lot more fragmented and complex, where much of what they do today is available to buy in the market by anyone who wants it.

Putting aside whether there is the slightest business rationale for doing so, the API-based XaaS services largely exist right now to allow – for example – your local coffee shop to issue a pre-pay debit card its customers could pay their monthly salary into, completely independently of any bank involvement in the normal sense.

Surely that should be just a little bit worrying?

Simon Vessey
Simon VesseyPartner and Head of CVA London