In banks we trust

G+D’s Jukka Yliuntinen believes banks could become the gatekeepers to our most valuable data, giving consumers ease of use and peace of mind when it comes to payments security. Its TokenCockpit is one solution that takes them closer to it

Its focus recently has been on returning power to the people through its Token Cockpit solution, which is aimed at giving them 360-degree visibility and control over the disparate payment methods they have stored with providers of online retail goods, entertainment and services, in today’s increasingly e-commerce and subscription-based economy.

The company’s head of digital payment solutions, Jukka Yliuntinen, believes banks have an opportunity to steal a march on their competitors by using solutions like Token Cockpit, thanks to the trust these major institutions have built with consumers over centuries. G+D has, in fact, grown up with many of those institutions. Since 1852, it’s been protecting their and their customers’ physical and digital security with technologies that millions of people worldwide use daily to pay by cash, card or smartphone, and interact with smart systems as well when accessing their identity documents for travelling.

We asked him to expand on his ideas...

JY: People shouldn’t need to worry about whether there is a tokenisation technology, because all they want to do is buy something, and the payment is the necessary evil in between. How this technically happens is really important to us, but hidden from the consumer.

The 16-digit PAN number on every credit or debit card is the origin of everything, and tokenisation is basically making digital surrogates of that. Consumers can have as many as they want and keep them in different digital wallets, like Apple Pay and Google Pay, or with merchant A and B, and then manage them dynamically. If they lose their phone, they can disable that token, but all the other tokens, and their original card, still work. So there are a lot of benefits.

In terms of consumer experience, one good example is e-commerce. If someone wants to buy something from a web shop, they store their card details there and, with tokenisation, that information is automatically updated. If their real card expires, and they get a new one, the old information remains on the online merchant site but is automatically updated in the back-end system, which means, when they want to buy next time, their payments continue automatically, without re-entering their details.

JUKKA YLIUNTINEN: We’re all very familiar now with having digital means to do whatever we want to do, including payments, largely driven by our mobile phones, which you could say provide a certain standard for everything in terms of convenience of accessing services and immediacy. That sets the bar and it’s still accelerating now – it’s almost unbelievable, if you look back five years, to see how things have developed.

Of course, in this we’re talking about the digital natives, but then there are a lot of people who are not actually that savvy… I guess we would call them digital migrants, who need to learn a lot and try to keep up with the pace.

The key point, for everybody, is perceiving that their digital payments are secure, which is where technology providers like us, the issuing banks and the whole financial network, come in, making online payments easy amidst phishing attacks and consumers’ need for reassurance that sites they want to purchase from are credible.

But there are changes happening, which is something we need to address from both a technology and user experience point of view.

A small thing like this is actually a big thing for the consumer, because they often stop a transaction at the point when they need to start doing extra work; and that’s an even bigger problem for the merchant, because then they have lost a customer.

JY: Consumers are very demanding, thanks to the big techs, raising their expectations. The challenge, in my opinion, is that whenever there is a monetary value, as there always is with a payment, it needs to be bulletproof. But banks need to build a level of security around a payment that is high enough, but still means the process is convenient and attractive.

Banks can differentiate themselves from other service providers because they have the means, using tokenisation, to manage payment credentials, and can offer customers visibility around where those credentials are stored. So, with one look – and this could be a great feature of a banking app, or wallet – they could see and manage all the cards they have stored with merchants, the likes of Apple Pay, subscription services, even their car rental provider.

Banks can create trust relationships and stickiness with consumers this way, because many don’t even recall where they have stored their cards: “Maybe they’re with a couple of airlines, a few hotel chains, some music and other entertainment, like Disney+ and Netflix... I don’t know.”

I honestly think this is a potential advantage that banks have, that they should give special attention to.

JY: I guess it could. The most important thing is spending time on end-to-end service design. It’s not just a technology piece, but about the whole process of how they do this. One way is to ask customers to present their fingerprints to authenticate payments. Or, for high-value transactions, maybe their fingerprint and face ID, or another form of biometric test like iris recognition.

As I’ve said before, banks need to ensure a good experience that’s not too complicated, and if they use three different authenticators they need to do so in a sensitive way. So, for example, using additional biometrics only when the value of a payment transaction goes higher, which reassures the customer that the bank understands this is an important transaction and want to guarantee it’s the customer authorising it. It’s also about choosing easy and simple biometrics, such as presenting a fingerprint or showing their face, and then the payment is done; not asking them to enter another code. especially. Just knowing where they are gives them some power back. Then, they can also manage these cards from their banking app containing all the details, and decide, for example, ‘I don’t want to use this service for the next six months so I’ll disable that one, but resume another one’.

Our Token Cockpit provides consumers with that capability to view and manage all their cards. They can also send those cards to different places, for example to enable a payment with a new provider like Amazon, at the click of a button. Or they can disable or even terminate that card if they have any issues with the merchant.

The key to security that banks can use to build on customer trust

JY: Partially. For example, network tokenisation, provided by the payment schemes like Visa and Mastercard, has seen them start with the wallets like Apple Pay and Google Pay. However, there is strong momentum now for merchants to tokenise the cards they or their payment providers have stored in their back ends. We’ve all seen those Banks can small boxes payment have the services have, which say ‘do you want to save means, using your card credentials for tokenisation, to the next use?’. When a TFM: With people becoming increasingly manage payment customer ticks that box, their card details are savvy about how their credentials, and can tokenised and stored, data is used – thank offer customers which means providers you, Facebook – how can consumers take visibility around can start offering so-called delegated back control of their where those authentication. This payment data? credentials means the issuing bank JY: That’s a tricky question, because are stored deems a payment good to go, but the authority we’re individuals with is given to the merchant. individual preferences for how we want to Then, when the customer does their manage our data, but most people are online payment, the merchant can check, probably quite sensitive about data related using SCA, that the consumer is the one to their personal needs like payments and making the payment, and authenticate on health. They don’t behalf of the issuer. want to share payment data freely, but Again, biometrics could be used for SCA, they recognise that, if they want to get and there are other technologies that we something, they have to share it. provide, where customers can use their

One way of protecting it is, once again, physical, dual interface, such as their tokenisation. People each have 20-plus contactless payment card or phone, for services where they have stored their really secure authentication, because these payment credentials, their payment cards second-form factors are tamper-proof.