Skip to content

ACT Canada Driving Insights – January 2020

Welcome to the January 2020 edition of ACT News – Driving Insights. This complimentary service is provided by ACT Canada.  Please feel free to forward this to your colleagues.

In This Issue

Features ACT Canada Members ATMIA and Moneris
Features ACT Canada Member Global Payments
Features ACT Canada Member Moneris
Features ACT Canada Member Gemalto: A Thales Company
Features ACT Canada Member Ingenico Group
Features ACT Canada Member Gemalto: A Thales Company
Features ACT Canada Member Moneris
Features ACT Canada Member TD Bank
Features ACT Canada Member G+D Mobile Security

ACT Canada Partners

Payment Network Partner

Interac Corp. operates an economical, world-class debit payments system with broad-based acceptance, reliability, security, and efficiency. The organization is one of Canada’s leading payments brands and is chosen an average of 16 million times daily to pay and exchange money. For more than 30 years, Interac Corp. and its predecessors, Interac Association and Acxsys Corporation, have facilitated secure financial transactions through the development of innovative and convenient debit and money transfer solutions. A leader in the prevention and detection of fraud, the organization has one of the lowest rates of fraud globally.

Mar19 II (1)
Principal Member
Canadian Western Bank
members since 2010

G+D Mobile Security
member since 1990

Payments Canada
members since 1998

General Member
members since 2016

AB Corp
members since 2017

members since 2011

Global Payments
members since 2011



Looking For good people?

There is a lot of movement in the market, so if you are looking for new employees, we are always aware of some great people. Please contact ACT Canada for more details -

looking to hire

Calendar of Events

Money20/20 Asia
Mar 24-26, 2020
ACT Canada Members receive a
$250 discount

KNOW Identity
Las Vegas, NV, USA
Apr 5-6, 2020
ACT Canada Members receive a 10% discount

Payments Canada SUMMIT
Montreal, QC, Canada
May 25-27, 2020
ACT Canada Members receive a 30% discount



Source: ATMIA (1/24)


Moneris Solutions Corporation is the first acquirer in Canada to develop its own end-to-end Payment Card Industry (PCI) Point-to-Point Encryption (P2PE) solution for merchants. Created without any third-party applications, Moneris’ P2PE solution helps ensure that all devices are securely set-up, installed, and payment data encrypted and protected at every point of interaction.


Managing and owning all the applications, hardware and security infrastructure that make up the P2PE solution allows Moneris to provide a single point of contact and support. Merchants that implement the solution can benefit from payment device security using a chain of custody process that ensures PCI compliance and stricter controls at the provider level. This solution will help merchants reduce the costs associated with PCI compliance and offer increased security of their POS solution.


“For large merchants, ensuring PCI compliance can be a time-consuming, costly process that can’t be avoided. With our P2PE solution, merchants can realize significant cost and time savings during PCI compliance audits,” said Patrick Diab, Chief Product Officer, Moneris. “Our ability to develop this solution entirely in-house and be the first acquirer in Canada to do so is a testament to Moneris’ commitment to provide secure, innovative solutions that help our merchants not only process payments but do so in the most secure way possible.”


P2PE is an encryption standard established by the PCI Security Standards Council, which outlines detailed security requirements that a solution has to meet to be considered a PCI validated P2PE solution. As defined by PCI, a PCI P2PE solution must include all of the following:


  • Secure encryption of payment card data at the point-of-interaction
  • P2PE-validated application(s) at the point-of-interaction
  • Secure management of encryption and decryption devices
  • Management of the decryption environment and all decrypted account data
  • Use of secure encryption methodologies and cryptographic key operations
  • Currently, Moneris’ P2PE solution is compatible with the VeriFone P400 integrated PIN pad, and will be available on more payment devices in the future. These integrated payment terminals utilize Moneris Core Integrated (“Core”), which is powered by Moneris’ proprietary POSPAD API. The Core User Interface provides a unified customer experience across all Core devices. In addition, Core offers merchants a feature-rich application with the added security of the P2PE capabilities.


More information about Moneris’ validated P2PE solution can be found on the PCI Security Standard’s official website.



Source: Global Payments (1/6)


Big-picture trends in the payment industry are coming into focus and will characterize the market for 2020. We spoke with five of our industry leaders and experts to get their take on the top payment trends in 2020 to watch.


The Trend: Digital Wallets Will Continue to Explode Globally


The Expert: Konrad Chan, president, Asia Pacific at Global Payments


The digital wallet momentum will continue in 2020. We have seen this trend in China with Alipay, which grew out of Alibaba's online marketplace, and WeChat Pay, a way to purchase while using the popular social media platform. Each has around 1 billion users.


In Indonesia, Gojek, started in 2010 as a courier delivery and two-wheeled ride-hailing service. Now its app has broad appeal in five Asian countries, offering more than 20 services. There's WhatsApp Pay, which is in the pilot phase in India and has already reached impressive levels of penetration. And HSBC's PayMe digital wallet is gaining significant traction in Hong Kong.


"This trend gain increased momentum with the announcement of Facebook Pay in November, 2019," says Chan. Facebook Pay takes a page from what's already happening in Asia, where the payment infrastructure is essentially a smartphone with a QR code.


"Payment providers will stay relevant in this new world by offering customers various options to accept the exploding number of digital wallets globally," says Chan. “They'll also be able to use artificial intelligence (AI) to look at fraud and transaction patterns to protect merchants."


The Trend:  Bundled Financial Services in the Wake of Regulation


The Expert: Chris Davies, president, Europe at Global Payments


In addition to the overall explosion of new form factors and methods of payments, Davies predicts that we'll see more services bundled together in 2020. As banks and payment providers comply with the European-mandated second Payment Services Directive (PSD2), account information service providers (AISPs) will have more opportunity to curate financial services in a Netflix or Spotify-like interface. Curve, for example, is a London-based startup that has rolled out an app in the United Kingdom that consolidates multiple bank cards into one place. With these apps, users can switch from one card to another very easily and see aggregated information through the exchange of banking data via APIs.


"In the wake of PSD2, we're going to start seeing different wallet and payment solutions coming out, often blended in a streamlined way that adds additional value for the customer. We're not going to see a sea change, but it will be an ongoing evolution." Davies says.


The Trend:  Embedded Payments Will Accelerate


The Expert: Frank T. Young, president, vertical market software solutions at Global Payments


Merchants and consumers no longer think of payments as a stand-alone service but one that is deeply embedded into the buying process whether they are paying online or in-store. This trend toward “embedded payments" is the logical extension of “integrated payments" and will continue to make inroads in 2020, says Young.


Embedded payments represent the next wave of technology, blending payments functionality with the software that a business uses to facilitate a user journey from purchase intent to after-sales service. The ability to deliver these seamless interactions was once the domain of large enterprises in developed markets with significant IT budgets but are now ubiquitous enough to be available to small and midsize businesses across the globe.


In today's highly competitive market, most merchants will no longer look for point solutions that simply facilitate a transaction, Young says. They will look for solutions that help them establish loyal, on-going relationships with their target customer that covers the full life cycle of pre-purchase, purchase and post-purchase interactions. To tie this all together for merchants and consumers requires solutions that embed payments into the software that merchants use to run their businesses. In the coming year, businesses will increasingly seek out and utilize solutions that are relevant to their verticals and extend well beyond a cash register ring and into all aspects of running a business including marketing, operations, supply chain and service and support functions.


The core payment transaction needs to be seamless, convenient, secure and reliable. But in 2020 these characteristics will be table stakes. Young says, “True value for merchants and their customers will come from more than facilitating a payment — how did the customer find you, how did they discover what to buy, and post-purchase, how do you service that customer?" In 2020, businesses will accelerate their efforts to work with partners who can deliver the core payment transaction but beyond that, help them answer these questions to help them compete more effectively and ultimately grow their businesses.


The Trend:  Industry Will Raise the Bar on Vendor Security Compliance


The Expert: Stacy Hughes, senior vice president, IT, risk, governance, and compliance at Global Payments


Hughes predicts that as payments technology becomes even more embedded with broader software applications and solutions for businesses, these businesses will need to be more vigilant about the security posture of software vendors.


“The Software Security Framework, a new set of standards that have been issued by the Payment Card Industry (PCI) Security Standards Council in 2019, will offer merchants another way to measure the level of sophistication of a software vendor's security measures," says Hughes. “We, collectively in the industry, will focus on protecting our customers and validating those layers of security as technology evolves." The Software Security Framework listings roll out in early 2020.


The Trend:  More Compartmentalized Money and Value-Based Ecosystems


The Expert: Kelley Knutson, SEVP and president of Netspend


According to Knutson, individuals will continue to move their money away from their core banking relationships into compartmentalized branded ecosystems to get greater access to new products, better services and value-based solutions, as well as loyalty, discounts and a more complete user experience.


We first saw this trend emerge with low-value transactions in services such as Starbucks and iTunes. Now, it's Amazon enticing people into its broader ecosystem with free delivery, streaming video and even discounts at Whole Foods for its Prime members. Apple has also recently created its own money ecosystem with the Apple Card, offering 1% cash back for purchases and a 3% discount on its limited set of core products.


Knutson says that a wide variety of similar, compartmentalized branded ecosystems will follow, centered primarily around a virtual account embedded within that ecosystem — this will arguably become the central hub, driver and repository for detailed transaction information, payment behavior trends and rich sources of overall customer insight.


"When it comes to enabling these money and value-based ecosystems, lack of friction and the end-to-end customer experience will be key. Payments providers need to have the ability to help branded ecosystems authenticate and approve individuals quickly and easily," said Knutson. “The data that some of these partners already have can serve as a means to help pre-authorize and pre-approve individuals and get them through the customer identification process in a more streamlined fashion."


Looking Toward the Next Decade


In 2020, these trends will impact payments across the world. We can expect more payment types and devices, integrated solutions, a need for a frictionless experience with greater regulation all calling for increased security. It is important for merchants and enterprises to keep up-to-date, and work with a forward-thinking partner they can trust.



Source: Forbes (1/3)


The bitcoin price got a shot in the arm as news came out last night that the U.S. assassinated Qassem Soleimani, head of the feared and formidable Iranian Revolutionary Guard Corps (IRGC). As of this writing, the bitcoin price is up 4.74%, approaching $7,400. It is tempting to take this observation and assume that bitcoin will continue to climb as tensions between the two countries continue to ratchet upwards.


All of this feeds the narrative that bitcoin is a safe haven asset. This may be true, and the price of bitcoin may continue to rise. However, the expected fallout will serve as a defining test of Bitcoin’s presumptive role as “currency of last resort” or the “final port in the storm”.


Soleimani was the Tip of the Iranian Spear


It is hard to overstate the impact of Soleimani’s assassination. While few outside of Iran will mourn his passing, there is no denying the level of power and influence that he held in Iran and around the region as a whole.  A veteran of the devastating decade-long Iran-Iraq War in the 1980’s, one which most people outside of the region have likely never heard of, Soleimani grew to become a glorified and almost mythical figure within Iran.


By leading the IRGC, he was a central player in virtually every major Iranian action in the region, including defense of the Assad Regime in Syria, securing Iranian influence in Iraq (lest the two countries ever go to war again), or supplying and supporting Hamas and Hezbollah against Israel. Some of his lesser-known activities included backing the Houthi rebels in Yemen and other groups across Afghanistan and Pakistan. Taking out Soleimani was analogous to the U.S. losing a Secretary of Defense or National Security Advisor.


‘A Stick of Dynamite into a Tinderbox’


With this context, it is unsurprising that Joe Biden likened the Soleimani assassination to “tossing a stick of dynamite into a tinderbox”. After all, while the world is surely better without Soleimani, nobody really knows what will happen next. All we do know is that the Iranian Supreme Leader Ayatollah Khamenei vowed to take “tough revenge” against the U.S.


The anticipated response in and of itself should be enough to rattle markets and drive investors toward safe havens. Iranian-backed forces reach as far west as Turkey, south as Yemen, and east as Pakistan. If we take into account cyber or terrorist attacks, the entire world comes into play. Further complicating the issue is the fact that this drama is playing out during a period of already heightened tensions in the region. U.S-Iranian relations were already poor following President Trump’s withdrawal from the 2015 Iranian Nuclear Deal and application of his “maximum pressure” campaign against the country.


Arab Spring-esque protests have also broken out across the region in countries such as Lebanon, Iraq, Algeria, and even Iran against causes such as income inequality or political freedom. In fact, Iraqi Prime Minister Adel Abdul Mahdi and Lebanese Prime Minister Saad Hariri both resigned in recent months in response to their inability to calm the protests. Plus, there is currently a proxy war playing out in Libya pitting Turkey and the United Nations against Egypt, the United Arab Emirates, and Russia, among others.


It is hard to think of a worse time in the region for someone to light a match.


What Comes Next


Iran is unlikely to provoke all-out war against the U.S., as Khamenei and the rest of the leadership in Tehran are well aware that the fighting will largely take place in their home country (Iran does not have conventional military means of reaching the U.S.). More likely, they are going to leverage their proxies across the region to attack U.S. allies and soft targets as they seek to exact revenge. For instance, they could try a repeat of their attack on Saudi oil infrastructure in September 2019 or disrupt the transit of oil through the Strait of Hormuz (which accounts for 20%) of the global supply.


The U.S. is on heightened alert, is deploying thousands of troops back into the region, and the State Department asked all Americans to leave Iraq immediately.


Trial By Fire


If there ever was a time for bitcoin and crypto to prove itself, this is it. Safe havens like bitcoin, gold, and U.S. treasuries are up, while emerging market currencies have seen their biggest fall since September 2019.


These broad trends will likely continue if tensions escalate and people will seek alternatives to preserve their wealth. However, the story is not this simple.


For the bitcoin price to continue to climb in the face of this instability, it needs to prove its resiliency and relevancy in local market conditions. Put another way, it must demonstrate utility. This means that there need to be on-ramps to the network, consistent Internet access or dense mesh networks, and users must have ways to simultaneously maintain privacy (perhaps from governments), but still find counterparties for commerce. Leigh Cuen from CoinDesk wrote an excellent piece detailing some of these challenges in emerging markets around the world.


Now, this may be too much to ask of bitcoin right now, as it remains in its infancy, but at the same time it is hard to imagine a better proving ground for crypto.


Source: Forbes (12/31/19)


Fintechs may be the apple of venture capitalists eyes but they won’t be transforming the financial services market alone in 2020. They will have some of the nation’s biggest tech companies to contend with. This year has been all about the financial technology startups that raised hundreds of millions of dollars in venture capital, some now sporting valuations of more than $1 billion. These fintechs have been busy disrupting everything from banking to investing, landing millions of customers along the way. Some have out grown the traditional players, forcing entire industries to waive fees and slash commissions. That hasn’t been lost on technology companies, which began testing the waters in 2019.


Take Apple. It entered the financial services market earlier in 2019, teaming up with Goldman Sachs in August to launch the Apple Credit Card. Apple has been tight lipped about its performance since then but David Solomon, Goldman Sach’s CEO was quick to tout the success of the Apple Card’s launch this summer. Then there’s Google. In November the Wall Street Journal reported its gearing up to roll out checking accounts in 2020. Code-named Cache, Google is reportedly working with Citigroup and Stanford Federal Credit Union to make that a reality.


Facebook and Uber are also eyeing the market. Facebook is in the throes of trying to drum up support for Libra its cryptocurrency and Uber has a credit card and recently created a new unit Uber Money to go after digital payments and other financial services.


An American Story Of Service, Civic Engagement, And Citizenship


“Many tech companies are embedding financial services into their products, and this trend will not be slowing down any time soon,” said Ramneek Gupta, Managing Director & Co-Head of Venture Investing at Citi Ventures. “Fintech will soon become a native component of how companies operate, and we’re already starting to see that shift with products like Uber Money.” That means the new year should bring further announcements on the part of big tech centered around financial services. It may come in the form of product launches, partnerships and/or acquisitions.


The fintechs may be enjoying red hot growth but the interest on the part of tech companies should give them pause. These tech companies have huge amounts of cash in the coffers ready to direct toward fintech services. They also realize the stakes are high. The tech companies see financial services as a way to help customers spend more whether it’s buying gadgets through Google Shopping or more rides with Uber. It also gives the tech companies deeper insight into the financial behaviors of their customers and their purchasing choices. That can be powerful when courting advertisers.


With so much to gain and with tech companies sitting on mounds of cash it won’t be too surprising to see them offer banking, wealth management and insurance putting pure play fintechs at risk. If consumers can get everything from a Google or an Apple they won’t need a separate mobile only bank or digital insurance provider.


That’s not to say it will be completely smooth sailing for these tech companies as they navigate the highly regulated financial services industry. As some of the leading fintechs have learned it’s not always so easy to offer financial products and stay within the confines of regulations. Tech companies have an added layer to that. They are under intense scrutiny by regulators and lawmakers over how they handle data. That could hurt their ability to offer financial services. Facebook’s woes with Libra are a cautionary tale of what could go wrong. With lawmakers and privacy groups already worried about how Facebook handles data there has been immense push-back to Libra. That’s resulted in Visa, MasterCard, Stripe, eBay and PayPal quitting the Libra initiative.


“In 2020 I think we’ll see fewer companies and entrepreneurs using the ‘move fast and break things’ model. While this ideology has never worked in financial services, we’re seeing that it is having continued negative repercussions for big tech,” said Citi Ventures Gupta. “With privacy and regulation becoming a top concern for consumers, more companies will be pumping the breaks before launching into new business plans.”


Source: Moneris (1/13)


In 2020, MasterCard® and some other card brands will introduce interchange updates to support the Government of Canada in lowering the average effective interchange rate to 1.40% (from 1.50%) on domestic consumer credit transactions.


How MasterCard Assigns Interchange Rates


An interchange rate or interchange is an amount that every card processor, like Moneris, is required to pay credit card issuers and/or financial institutions for each credit or debit card transaction processed by their merchants. It is set and regulated by the card brands. MasterCard, for example, currently assigns their interchange rates based on card type, transaction type, business type/Merchant Category Code (MCC), and/or transaction volume.


To reach the 1.40% average, MasterCard will make a significant change to how they assign interchange rates. Effective May 1, 2020, they will assign interchange rates based on the degree of risk associated with each transaction and will eliminate most of their domestic interchange programs that are based on business type/MCC.


What do the MasterCard changes mean for me?


As a result of the major transition in how MasterCard assigns interchange rates, you will see a change in your cost of processing MasterCard transactions. Generally, transactions that leverage secure technology to lower the risk of processing will likely receive lower interchange rates. Higher-risk transactions, such as manually keyed ones, will likely receive higher interchange rates.


For example, card present transactions that require both the card and the cardholder present typically involve contact or contactless technology that is highly secure. Card not present transactions such as ecommerce, telephone, mail, and recurring payments where the card, cardholder, and/or the merchant may not be present do not necessarily have secure technology in place to reduce the risk of fraud. With the new MasterCard interchange rate changes, it is in your best interest to use the most secure ways to process payments.


Overall, the specific rate changes will depend on your business type/MCC, transaction volume, method of acceptance and card mix (types of card).



Source: Forbes (1/7)


The blockchain and crypto community is ringing in the new year to a level of legislative and regulatory attention that would have been hard to predict a year ago. On one level, this is unsurprising when many predicted that crypto was dead a year ago following an 85% decline in the price of bitcoin from its 2017 peak. With Christmas 2018 headlines such as “Rhymes with Bitcoin: Has Crypto Hit the Fan?”, the revealed wisdom was that crypto was either dead, or destined to be a minor financial footnote. What a difference a year makes.


House Holds Hearing On Facebook's Proposed Cryptocurrency ″Libra″


Since this time last year, Facebook launched the Libra project, which attracted the attention of politicians and central bankers the world over. Fidelity Investments announced a series of new crypto initiatives. The US Federal Reserve Board revealed that it is working on a crypto-like project known as “central bank digital currency.” More than 200 new crypto projects were launched by technologists both in the US and abroad. And the price of bitcoin rose 300% off its floor before settling in at an average price that is still more than double the late-2018 low. The lesson? We may be in the early innings of crypto, but there is a major league game ahead and this game needs rules.


But in a scramble to devise rules quickly, legislators and regulators tend to fall back on assumptions, heuristics, and biases that overstate risks, understate benefits, or in some cases simply miss both current and historical facts.  Here are three crypto policy themes we can expect to see in 2020, and a discussion of the flawed premises behind them.


Cryptocurrencies are a threat to monetary policy


The idea that crypto might complicate the ability of central banks to control the money supply got wide circulation after the announcement of Facebook’s Libra project, but it is not unique to Libra. When President Trump tweeted about cryptocurrencies last July, he explicitly named “Bitcoin and other cryptocurrencies,” which he believes to be “highly volatile and based on thin air.” The U.S. dollar, he stated, is “the only … real currency in the USA.” Even stablecoins like Libra, which are in fact backed by fiat currencies issued by central banks, drew ample criticism in 2019 because the weighting of fiat in the underlying currency basket could advantage or disadvantage individual currencies in ways national central bankers cannot control. In 2020, look for stablecoin legislation designed to respond to these kinds of criticisms.


But the assumptions behind this type of legislation deserve further investigation. One premise seems to be that politically appointed central bankers are the most appropriate stewards of the money supply. But are they? The recent death of former Fed chair Paul Volcker reminds us of a time when interest rates had to be raised to 20% to combat the inflation that had taken hold as a result of easy money policies in the mid-1970s.


More recently, easy money policies leading up to 2008 may have played a role in promoting unsustainable credit policies that led to the financial crisis and, in its effort to respond to the crisis, the Presidentially-appointed Fed governors engaged in—you guessed it—even easier money policies.


The Fed’s second round of quantitative easing in June 2010 led to a dramatic fall in the dollar’s value over the ensuing 12 months—and all this in one of the world’s largest and most stable economies. In other parts of the world, whether looking at the Eurozone, or more dire financial situations like Venezuela or Zimbabwe, it is far from clear that central bankers are always trustworthy guardians of monetary stability.


Another critical question is whether a monopoly on printing money is one of the defining hallmarks of a sovereign government. Clearly not, as the “free banking” era of the mid-nineteenth century shows, where individual privately owned banks issued debt instruments called “bank notes” that were the currency of the era. Indeed, a recent Philadelphia Fed study concluded that the free-banking era “does not support the contention that freer entry [into the business of issuing private bank notes] necessarily leads to instability.” Why would the result be different for privately issued cryptocurrencies?


For that matter, from a monetary-policy perspective, how are cryptocurrencies any different from other privately created units of exchange that are bought, sold, traded or transferred?  In 2018, American Express issued more than $8.4 billion in Membership Rewards points (about the same amount of circulating supply as the third largest cryptocurrency), which are a form of privately created money generated each time an Amex cardholder makes a qualifying transaction. Like cryptocurrencies, these points fluctuate in value depending on how and when they are used.


The value of United Airlines’s privately issued frequent flyer miles, which are fully cash-equivalent when used to purchase airline tickets and other benefits, exceeds $5 billion and would be the fourth largest cryptocurrency—if it were a cryptocurrency. Privately issued stores of value and units of exchange are widespread and well-accepted, and appear to pose no threat to the global monetary system.


Finally, there is the idea that “basket-based” stablecoins such as Libra represent a unique challenge to the monetary policy regime because the weighting of multiple currencies can advantage some fiat currencies and disadvantage others. Full disclosure: my employer, Coinbase, is a member of the Libra Association and we hope and expect it to be a valuable contribution to the world. But even so, “basket” stablecoins represent a small fraction of the stablecoin market, most of which are backed by a single fiat currency, and yet various bills making their way through Congressional offices would rein in all stablecoins, not just those with “basket” features.


Cryptocurrencies pose unique risks for illicit activity


Money laundering, terrorism financing, and human trafficking are fundamental threats to the rule of law and our way of life—but the primary vector for such activities is the current banking system, not crypto. In its 2018 National Money Laundering Risk Assessment, the U.S. Treasury Department catalogued a litany of multimillion dollar money-laundering fines levied against banks both large and small, ranging from a $425 million fine against Deutsche Bank and a $70 million fine against Citigroup to smaller fines against community banks like Merchants Bank of California and Lone Star National Bank of Texas.


Yet no one seriously believes that the main purpose of the banking system is to launder money or finance other criminal conduct; we all understand that criminals will take advantage of nearly any system to achieve their aims, and that combating crime requires sound risk management and sophisticated management systems—not elimination of a valuable service that is primarily used for lawful purposes.


In the case of crypto, the most recent studies (separately conducted by blockchain analytics firms Chainalysis and Elliptic) show that fewer than 1% of exchange-based bitcoin transactions involve illegal activity. Nonetheless, it is clear that crypto exchanges and custodians are relatively less mature than banks for the simple reason that the technology and asset class is newer. And yet the major crypto exchanges have registered with the Treasury Department’s Financial Crimes Enforcement Network as money services businesses, and have obtained state licenses such as New York’s BitLicense, which subjects them to annual examinations much like a bank would have to endure.


Nonetheless, expect some policymakers in 2020 to continue to single out crypto industry participants for special scrutiny on money laundering issues.


“Privacy Token” cryptocurrencies represent a threat to national security and law enforcement


At the end of 2018, the Department of Homeland Security announced an investigation into “privacy tokens”—cryptocurrencies that shield sender/recipient information. At first glance, such privacy features might seem concerning; after all, why try to hide something if you have nothing to hide? But it’s not difficult to recall the early controversy over the migration of Internet sites from the old “http” protocol to the encrypted “https” protocol. At the time, law enforcement agencies warned against the addition of a secure sockets layer to internet architecture on the grounds that such a change would impede law enforcement investigations of illicit activity. Without the change, however, e-commerce (which depends on consumer confidence about the security of credit card and other financial information) would likely never have experienced the exponential growth that followed https adoption. And, ironically, following several high-profile hacks, the federal government itself eventually mandated that numerous categories of information stored by government agencies be protected behind https-enabled government websites.


2020 is sure to see increased policy activity and regulation in the crypto arena.  The policy ideas themselves may or may not be sound, so we must be sure to check the premises behind them. These three themes, and others that will undoubtedly arise, insist on closer scrutiny.


Source: NetImperative (1/25)


Top cashless society countries: Finland, Sweden and China lead way


The decade ahead is one anticipated to be swept with technological disruption, as we are digitising every aspect of our day-to-day lives. The way we pay for things makes no exception. GlobalData, a leading data and analytics company has forecast which countries will most likely be the leaders in moving towards a truly cashless society.


Vlad Totia, Payments Analyst at GlobalData, explains: “E-commerce accounted for $3.5 trillion of worldwide sales in 2019, while smartphones are becoming ubiquitous even in the most underdeveloped countries. Banks are slowly closing down their brick-and-mortar branches in favor of going fully digital, and people in general are tired of waiting for days on end for international transactions to execute.


“All of these developments point towards one question: what is the point of cash anymore? While it can still have its uses, especially between banks, physical money costs a lot to store, transfer and produce. Most coins produced are less valuable than the material used to make them.”


As the world is moving towards this exciting future, GlobalData predicts which countries have the potential to be the cashless leaders of the decade ahead:




“Finland is, as of right now, the country most ready for the impending transition to a cashless society. It ranks second to Ireland in terms of frequency of use of cards, fifth in e-commerce spending as a percentage of gross domestic product (GDP), third in internet banking penetration and second in smartphone penetration for the 2022 forecast.


“As a country with a population of only 5.5 million, cash in Finland is increasingly irrelevant in both rural and urban areas. Although it is not taking as aggressive measures as Sweden in moving towards a fully digital economy, Finland does seem to be more cashless-ready at the moment.”




“Poised to be the first truly cashless society by 2023, Sweden sits fifth in GlobalData’s ranking. The only reason why the country is not ranking first is that despite the government’s very aggressive policies to rid the nation of cash, Finland, Norway and South Korea have slightly higher internet banking penetration or frequency of use of credit/debit cards.


“If there is any country with the potential to jump to first place within a couple of years and become a truly cashless society, it is Sweden.”




“China has gone through immense change in the past 30 years and the last decade has really cemented the Asian country as a serious contender to be the next dominant superpower.


“One area where it has seen extreme developments is the rapid adoption of mobile payments. One of the most popular ways to pay by phone is QR code scanning. This method has been successfully adopted by mainstream society, from Beijing to more rural areas such as Sichuan. One proof that China is rapidly moving towards a cashless society is its undisputed leading position in e-commerce, with spending accounting for 11.6% of the country’s GDP by 2022.


“The only reason why China is not higher in the ranking is due to its immense population, meaning that penetration and mainstream adoption of cashless methods take longer than in smaller countries. As of 2019, China recorded an estimated 80 billion cash transactions.”


South Korea


“Even more so than China, South Korea is arguably the cashless champion of Asia. Although the Chinese adoption of cashless alternatives is much faster, South Korea already has most of the infrastructure in place nationwide. With roughly 6% of the country’s GDP being e-commerce spending and more than 100 transactions on average per card every year, South Korea is well on its way to remaining a top-three cashless country by 2022.


“More than half of the country’s 1,600 bank branches no longer accept cash deposits or withdrawals and a significant number of government institutions have gone fully cashless.”


United Kingdom


“The UK, and specifically London, has really geared up its tech scene, and the digitization of money has not been left behind. Arguably the global capital for online banking, the UK is leading the charge in many fintech innovation areas. Mobile payments are not something new in the country, with more and more small merchants accepting card and mobile payments.


“The UK ranks number two globally for e-commerce as a percentage of GDP, being second only to China. The British have become very comfortable with taking out their phone or card to pay for even the most mundane daily purchases. At this rate, the UK should transition at the very least to a predominantly cashless society by the mid-2020s.”




“Australia sits in seventh place in terms of cashless readiness and it is seriously gearing up to digitize most of its economy. By 2022, the vast majority of the population should have at least one smartphone, while internet banking penetration is forecast to reach almost 70% of Australians. Open banking legislation has been slightly delayed by the government due to security reasons, but once the legislation comes into effect (expected around 2021), there should be many more alternative and digital payment methods available to the average consumer.


Source: CBC News (1/15)


Innovation minister's mandate letter also hints at ability to 'erase basic personal data from a platform'. Liberal MP Navdeep Bains is one of two Trudeau cabinet ministers tasked with reforming the law on online privacy. Canadians who fall victim to privacy breaches could soon be eligible for some sort of compensation as the Liberal government works on introducing a new set of online rights.


Mandate letters for Innovation, Science and Industry Minister Navdeep Bains and Heritage Minister Steven Guilbeault say they've been asked by Prime Minister Justin Trudeau to work on a "digital charter" that would include legislation to give Canadians "appropriate compensation" when their personal data is breached. It's not clear when the legislation will be introduced, or what a compensation package would even look like, but Bains said it will include punitive fines for those found guilty of breaching personal data.


"It will be significant and meaningful to make it very clear that privacy is important. Compensation, of course, is one aspect of it," said Bains, adding that the government also wants "to demonstrate to businesses very clearly that there are going to be significant penalties for non-compliance with the law. That's really my primary goal."


Statistics Canada says that about 57 per cent of Canadians online reported experiencing a cyber security incident in 2018. Ryan Berger, a privacy lawyer with Lawson Lundell in Vancouver, said legislating compensation could get private companies to start taking privacy more seriously.


"It will incentivize organizations ... to take steps to protect that information and ensure that, for instance, health information is encrypted," he said.


"So right now, there aren't the sorts of financial implications for them if they fail to do that." Just last month, the medical services company Lifelabs reported that information related to about 15 million customers, mainly in B.C. and Ontario, may have been accessed during a massive data breach. A few months earlier, the Desjardins Group, a Quebec-based financial institution, confirmed an employee with "ill intention" collected information on 4.2 million clients and shared it with others.


Both breaches have triggered class action lawsuits. Two federal departments have been asked to work on a new set of online rights and a plan to compensate Canadians when their personal data is breached. (Shutterstock)

"This is becoming a real challenge for courts and businesses to manage," said Teresa Scassa, Canada Research Chair in Information Law and Policy.


"So one of the questions when I see 'with appropriate compensation' — I wonder, are they thinking of something other than class-action lawsuits? Are big companies going to be asked to have reserve funds to pay out compensation? Is there going to be a fixed chart of compensation?"


Scassa said government lawmakers also could be looking at establishing a "private right of action" which would allow Canadians to seek compensation in small claims court instead of in federal court.


Right-to-be-forgotten law coming


The NDP's ethics critic, Charlie Angus, said the government should give the power to levy fines to the privacy commissioner.


"He needs the tools," he said. The mandate letters' instructions — nearly identical in both letters — also hint at the introduction of a so-called "right to be forgotten" or "right to erasure" law by calling for the "ability to withdraw, remove and erase basic personal data from a platform."


The European Union passed a law back in 2014 allowing citizens to ask Google to remove problematic web hits that pop up when their name is searched, after a Spanish lawyer fought to remove old material about his past debt problems. Under the EU's law, "inadequate, irrelevant or excessive" web hits aren't deleted, but in most cases the internet giant hides them from their search results — a process known as de-listing or de-indexing. Bains said his department is studying privacy laws in Europe and California to find a model for a possible Canadian law.


Angus said it's something the parliamentary ethics committee needs to dive into, weighing personal requests against the public's right to know.


"Just because you did something bad, doesn't mean you should get the right," he said. However, Scassa said she's troubled by the language used in the Canadian mandate letters — especially where they limit the right to be forgotten to "basic personal data" on "platforms."


"I find it a little bit odd that they've framed the right of erasure in what I think are pretty narrow terms compared to what the emerging standard seems to be internationally," she said.


"There's a certain lack of clarity here that I think is, well, maybe deliberate, but in some ways I think maybe it's a bit of a muddled message too." Privacy Commissioner Daniel Therrien has argued an existing law, the Personal Information Protection and Electronic Documents Act, allows for a right to de-indexing on request on web pages that contain inaccurate, incomplete or outdated information.


Legislation soon?


In October of 2018, his office filed a notice of application with the Federal Court to clarify whether Google's search engine is subject to federal privacy law. That court proceeding is ongoing.


"Given this uncertainty, we view any legislative measures which would bestow online rights equated with a right to be forgotten as a positive measure that could be taken by government," said Office of the Privacy Commissioner spokesperson Vito Pilieci.


"We are aware that the prime minister has issued mandate letters to his minister's outlining the priorities for this government. We look forward to consulting on any plans that government may have for modernizing federal privacy law." An Angus Reid Institute survey last year found 51 per cent of Canadian adults were in favour of a right to be forgotten online, and a right to have search results changed. Only 23 per cent said erasing negative information "means erasing history and facts."


Privacy Commissioner Daniel Therrien has argued the Personal Information Protection and Electronic Documents Act already allows Canadians to ask for de-indexing on web pages that contain inaccurate, incomplete or outdated information. While there's no timeline for new legislation, Bains said he hopes to start working with members across the aisle soon.


"I want to hit the ground running. This is a priority for me and our government. We want to move forward to start to see aspects of the digital charter reflected in legislation and new policies and programs as well," he said. "The goal is to work with opposition members sooner rather than later in presenting this legislation in a timely manner." Those are conversations Angus said he's willing to have.


"We need to have real, clear rules on data," he said. "I bought a phone, not an electronic prisoners' device."


Source: CIBC (12/30/19)


Economic concerns weighing on the minds of many heading into the new year. A new CIBC poll finds debt repayment is the number one financial priority for Canadians in 2020, the tenth consecutive year it has topped this annual survey. With getting out of the red top-of-mind, over two-thirds (71 per cent) of respondents say they held back from borrowing more money in 2019.


The survey also found that 71 per cent are concerned about the rising costs of household goods next year. Half (55 per cent) of respondents agree they are worried about a potential recession in 2020.


"Whether it's daily household items or unexpected events, expenses can fluctuate for reasons that are often outside of our control. The best way to buffer against uncertainties is to have a financial plan," said Jamie Golombek, Managing Director, CIBC Financial Planning and Advice. "A financial expert can help prioritize your needs and prepare for potential economic changes to keep you on track to make your ambitions a reality." While 78 per cent of those surveyed feel it is better to pay down debt than build savings, 33 per cent worry they are forsaking building a nest egg by focusing too much on paying back money owed. Canadians are aware there is room for improvement, with 60 per cent agreeing there are likely better ways to manage their money to meet financial goals.


"Debt repayment doesn't need to be worrisome; it needs to be managed. But, it shouldn't come at the expense of savings. A strong financial plan incorporates debt management strategies, savings for financial goals, and a balanced portfolio with investments designed to make money in all market conditions," added Mr. Golombek.


Mr. Golombek shares tips to better manage your finances in 2020:


  • Take a deep-dive into your income and expenses to gain a clear picture of your financial situation, where you can cut back, and where you can find extra cash. This will help in understanding how to adjust any monthly household costs, where your highest interest payments are, and make decisions about financial priorities.
  • Take control of your debt — meet with a financial advisor to understand what your options are when it comes to paying off your debt. This includes where you can save on interest costs, whether you can consolidate any payments, and if there are options to lower payments or ways to repay debt faster.
  • Plan for the expected and unexpected — treat savings for unexpected financial emergencies as an expense and consider setting up automatic savings withdrawals that come directly out of your account.


Key poll findings:

  • Paying down debt (21 per cent) is Canadians' top financial priority in 2020, followed by keeping up with bills and getting by (18 per cent), growing investments or wealth (13 per cent), saving for a vacation (8 per cent), and saving for retirement (8 percent)
  • Top financial concerns for Canadians in 2020 are: the rising cost of goods/inflation (at 71 per cent, a 7 per cent increase from last year), the low Canadian dollar (30 per cent), low wages/lack of growth (29 per cent) and household debt (26 per cent)
  • Compared to last year, fewer respondents are feeling optimistic about their financial situation in 2020 (32 per cent in 2019 versus 41 per cent in 2018)
  • Of the 28 per cent of Canadians who say they did borrow more in the past 12 months, top reasons were: to cover day-to-day items (36 per cent), purchase a new vehicle (22 per cent), and for an unexpected financial emergency (15 per cent)


Source: LinkedIn (1/23)


At Deloitte we spend a lot of time thinking about the forces shaping financial services, including our 2020 Banking & Capital Markets Outlook, our annual Tech Trends report and our ongoing collaboration with the World Economic Forum.


As a credit union, you are just as impacted by industry trends such as Open Banking, Artificial Intelligence, Process Automation and rate compression. However, your strategies must also consider a number of unique challenges faced by Canada's cooperative financial institutions. As we look forward to a decade of profound change, what must credit unions achieve in order to be successful?


  1. Purpose: Why are we here?


Financial Services is a crowded marketplace, and getting busier. Where consumers have traditionally chosen between the Big Banks and Tier 2 providers such as credit unions, they are increasingly turning to neo-bank challengers, non-bank lenders and fintechs. Most significantly, Big Tech is poised to expand beyond their foothold in e-commerce to offer more banking and bank-like services.


As a credit union, your member ownership model is not enough to stand out in the crowd. What is your purpose? How are you different? Why should new Canadians choose you over a bank? What can you do that other competitors can’t? A clear and precise story, effectively told, is the foundation for your overall strategy. It has to start with “Why”.


  1. Profit: Where will we make our money?


Credit unions cannot deliver their purpose unless they generate a profit. Profits are the vehicle by which credit unions grow and generate the resources needed to invest in their members, staff and communities. But where financial institutions make their money is changing.


Big Banks and Big Tech are currently preparing for a battle over platforms. The Googles and Apples of the world are expanding their e-commerce foothold into areas such as consumer lending, small business financing and day-to-day banking. The Big Banks are responding by building their own vertically-integrated platforms, diversifying via global expansion, focusing on capital markets and securing lucrative retail partnerships. In all cases there is recognition that revenue growth must come from new products and services.


Meanwhile, neo-banks/challenger banks and non-bank lenders are flooding the market with price-differentiated products. Backed by cheap capital and ultra-efficient operations, these non-traditional providers offer superior lending and deposit rates. While they are unlikely to capture a significant share of the market, these players will exacerbate the problem of slowing sales and margin compression. This already being felt by credit unions offering high-interest savings via on-line offerings, as increased competition is requiring tighter margins to stay competitive. Credit unions have traditionally relied heavily on conventional mortgages, prime lending and retail deposits to drive revenue and profitability. However, these products are rapidly becoming undifferentiated commodities. Big Tech may be happy to leave this utility business to regulated financial institutions in favour of more profitable products. For credit unions this means a future of lower margins, constrained growth and higher consumer portability. How will credit unions escape the commodity trap? Can non-margin revenue replace margin earnings? How will credit unions build or join consumer and small-business ecosystems that drive growth? Can credit unions keep up?


  1. Members: How will we regenerate?


Many credit unions face the dual challenge of an aging membership and membership growth below their regional population growth rates. In rural areas with declining populations this challenge is even more acute. At a time when cooperative ownership models should resonate with values-based consumers, credit unions are not seeing enough new members walk in the door or sign up online. This creates challenges not only for revenue growth but also with balancing lending and deposit portfolios.


The 2020s will be a critical decade for the credit union movement. Credit unions must dramatically improve their efforts to strengthen their pipeline of new members, and to deepen their relationships with existing members. To do so, they must offer innovative products and services at competitive prices, wrapped in a differentiated value proposition. And they must be able to tell this story to Canadians who are ready to listen. Do you know where your next generation of members is hiding? Do you understand the products, services and channels they need? Do you have the right partners to be attractive? Will Open Banking make it easier for your members to join or to leave?


  1. Innovate: Who’s going to help us?


As profitability shifts from conventional lending and deposits to new products and services, a pipeline of innovation is critical. This pipeline extends from finding new ideas (“Imagine”) to execution (“Build”) and implementation (“Run”). A potential differentiator for credit unions is the ability to be “more nimble” and out-innovate banks, but this has rarely played out in practice. The challenge is scale. Credit unions cannot outspend the Big Banks and cannot out-platform Big Tech. Resources of time, staff and funding will continue to be constrained. This is not something credit unions can solve on their own. Product and service innovation cannot reside solely in 230-odd head offices distributed across the country.


Credit unions of all sizes will need to rely on partners to support their innovation journeys. Recent efforts at collaborative innovation across the System have shown promise, but joint execution continues to present challenges. How will you build your innovative organization? Will you support collaborative innovation models or look to external partners? How can existing 2nd tier organizations help? Can you plug into a trusted vendor’s innovation pipeline? Who will help bring your team's ideas into reality?


  1. Transform: Are we ready for full-time change?


In the 20th Century, financial institutions relied on large, monolithic proprietary technologies to run their businesses. Core banking systems were unwieldy and expensive, creating huge barriers to entry for upstart competitors. Fixed costs created significant economies of scale for larger organizations. Today, the shift to distributed cloud delivery, Software as a Service and variable pricing has significantly lowered the bar for new entrants and increased the strategic flexibility of those institutions who move past their legacy infrastructure.


However, very few credit unions have taken the necessary steps to replace their legacy systems with modern, flexible infrastructure. Core banking, online banking, business intelligence, cyber-security and financial management systems are just some of the back-end services that are in need of overhaul. On the positive side, there is an opportunity for credit unions to leapfrog ahead of their competitors. On the operational side, process automation and related tools will reshape how both back-office and member-facing staff carry out day-to-day tasks. Meanwhile, credit unions who attempted initiatives such as agile development and Lead Six Sigma have faced mixed results. The workforce of the future needs to be flexible and change-ready.  The reality is that your core system, digital banking platform and related services are very likely to be replaced at least once in the coming decade. And, as these systems and operations shift to external providers, the tempo of system updates will increase. Your organizations must be able to match the increased pace of operational change. Is your organization ready to take on massive and ongoing technology renewal? Are your staff flexible and ready to grow? Are your governance models sufficient to oversee an outsourced environment?


  1. Scale: Where will we find it?


As a margin-driven business with high fixed costs, financial institutions will continue to rely on scale as a strategic differentiator. This is especially true for the Big Banks, where a $300M+ annual spend on technology innovation is not uncommon. The banks’ focus on headcount reductions and improved operating efficiency will continue to drive efficiency goals.


Meanwhile, challenger banks and non-bank competitors are finding scale by using off-the-shelf solutions from global technology providers and by partnering with large non-bank entities as part of a platform play. Their success will be driven by how many customers they can bring to the table, along with their data and insights. Credit unions risk being caught in the middle with other second tier financial institutions, combining legacy in-house technology and operations with small membership numbers and limited data insights. Fixing technology is not enough – credit unions must also consider mergers, expanded roles for 2nd Tier System entities and deeper partnerships with other credit unions to share costs and be more attractive to vendors and potential partners.


  1. System: How will we solve bifurcation?


As we identified in 21st Century Cooperative, Canada’s credit unions have a decades-long tradition of working together to face common challenges. From shared risk models to the introduction of computerized processing to a national wealth management platform, there are numerous successes to celebrate.


However, the current System of Centrals and shared services organizations, designed in the 1960s and 1970s to serve 3,200 relatively homogenous credit unions, is not what’s needed today. The narrow range of shared services needed by a $20B (let alone a $100B) credit union are not the same as the full-stack support an $80M single-branch organization requires. Federal credit unions add an additional layer of complexity, as does increased regulatory scrutiny. What is clear is the traditional Central model that combines mandatory shared liquidity with a menu of optional shared services fails to deliver the right level of support for both large and small credit unions. Recent efforts to create national and regional single-purpose shared services organizations have seen some success, but still fall far short of the efficiency, scale and revenue-generating opportunities that credit unions need. As the secular trends of consolidation and System bifurcation into large and small credit unions continues over the next decade, existing shared service models will be placed under increasing strain. Central mergers are not the answer, nor is the increasingly fragmented delivery of utility services.


Recognizing that large credit unions need the flexibility to follow their own path while smaller credit unions must hand over significant control to robust shared entities are the first steps to evolving shared assets into a more fluid and responsive network. The risk of not thinking big is that large credit unions will be forced to compete in the hyper-competitive banking marketplace without the support of their peers, while smaller credit unions are unable to keep up with the rapid pace of technology and consumer change. What shared services does your credit union need? How can you be stronger together? What role will you play in shaping the future of the System?


The way forward


These are not the only questions credit unions need to answer, nor can credit unions ignore universal challenges such as Open Banking and the rise of artificial intelligence. However, if a credit union wants to flourish in an evolving marketplace they do need to ensure that they are ready to address these challenges.


Canada needs a safe, credible and innovative alternative to traditional banks. Credit unions who are ready to change have the opportunity to take on this role and succeed. And it all starts by asking the right questions.


Source: SkyNews (1/9)


RBS, Lloyds, Barclays and HSBC are among those whose services have been affected by the cyber attack on the currency giant. While customers are still being offered services in branches for buying euros, dollars, and other foreign cash, banks are saying that orders cannot be processed online.


Travelex was forced to take all its global websites offline after an attack by the Sodinobiki gang, who are reportedly demanding a £4.6m ransom and threatening to release customer data including social security numbers, dates of birth and payment card information unless Travelex pays up. London-headquartered Travelex is the world's largest retail currency dealer and provides travel money services for a host of partners, also including the likes of Sainsbury's Bank and Tesco Bank.


Its owner Finablr, which is based in the United Arab Emirates, said late on Tuesday it is not expecting a "material financial impact" from the online attack. Travelex has opened an investigation and confirmed in the update that while there has been some data encryption, and the extent is not yet known, there is no evidence that structured personal customer data has been breached.


In a statement on Tuesday night, chief executive Tony D'Souza apologised for the inconvenience to partners and customers. He insisted the group was "working tirelessly to bring our systems back online".


A joint investigation between the National Crime Agency and the Metropolitan Police is ongoing.


Source: Forbes (1/6)


Even if you’re not in health care, you may have heard of the industry’s interoperability initiatives around patient data. The intent is to give providers a more complete view of their patients’ health, regardless of the various technologies used by other practices, hospitals or pharmacies. With greater visibility of a patient’s medical history, providers can deliver effective and seamless clinical care for patients.


But, why stop there? Health systems should aim to provide seamless patient financial care, too. I was discussing this with the CEO of a top 10 revenue cycle management company, and this idea seems to be catching fire.


Today, the average U.S. family spends about 11% of its income on health care costs, according to data from the Kaiser Family Foundation. Meanwhile, a TransUnion Healthcare analysis revealed that from 2012 to 2017, hospital revenue stemming from patient financial responsibility after insurance increased 88%. With health care organizations more reliant on payments from patients, providing a financial experience that’s centered around the patient is crucial.


It’s More Than Just SaaS


Effective clinical care means providers must collaborate and coordinate treatment using a patient’s health data. Likewise, effective financial care requires coordination across departments, from scheduling and pre-service, to check-in and the back office.


Health systems shouldn’t just look at their financial technology as simply Software as a Service (SaaS) products. Instead, they should consider these technologies as Patient Financial Experience as a Service (PFXaaS) tools that keep the system in sync with patients’ needs. By integrating their financial tools, health systems can provide better financial care across the entire patient journey, even before treatment.


Aligning Financial Care


All touchpoints, whether from technology like an online portal or from an interaction with the business office team, should be aligned with the needs and expectations of patients. This means a health system’s partners should be aligned with that vision, too. Answering the following questions can help determine whether a system’s partners and internal teams are aligned:

  • If a patient receives treatment at a hospital and then later goes for a checkup at their primary care physician, who is in the same network, is the billing and payment experience consistent?
  • When a patient makes a payment using a billing service that the hospital has outsourced with a third party, is that experience consistent with the service the hospital’s internal back-office team delivers?
  • Is financial care consistent throughout the patient journey? What happens if a patient makes a payment online and then later calls the business office with a question about their balance? Do staff have a complete view of the patient’s activity across the system to offer the right support?


If financial care is different across a health system or across the patient’s care journey, that might be creating disempowered, frustrated patients. However, just as clinical teams are aligned using electronic health records, business teams can align their care by aligning their financial technology. The key is to integrate that technology across each touchpoint in the revenue cycle. This ensures patients receive the same financial care, whether they prefer online self-service options, assistance from staff, or a combination of both. That’s what defines PFXaaS.


Every patient interaction, even one as simple as sending a bill, can positively or negatively impact a health system’s brand. After all, how a patient perceives their financial care influences their perception of that health system. Health systems use lots of technologies to provide excellent clinical care. However, when patients experience their care journey, they don’t notice all the technologies working behind the scenes. They just associate quality of care with one brand: their health system’s brand.


Meanwhile, with financial care, oftentimes patients have a disjointed experience from different billing and payment systems, along with multiple statements and login credentials. Who do they associate that less-than-ideal experience with? Their health system’s brand.


Building Brand Reputation


Health care leaders should make sure their teams and partners are providing consistent patient financial care, from the first interaction to the last. By focusing on the patient experience, health systems can influence patients and their decisions for where they choose to receive care. There’s much more to a hospital visit than simply seeing the doctor. Patients should be focused on their health, but instead they’re often muddling through all the financial details associated with their treatment. Make it easier for patients to navigate their financial care journey, so they can focus on what matters: their health.


Health systems that care both clinically and financially make a positive lasting impression on the patients they treat. You can bet those health systems will be the first call a patient makes next time care is needed.


Source: Gemalto: A Thales Company (1/28)


  • Thales has achieved a major breakthrough in software security technology by reaching the highest level of Common Criteria certification in mobile software history.
  • Following the acquisition of Gemalto by Thales, this achievement further strengthens Thales as the undisputed world leader in digital security.
  • Governments selecting Thales for their mobile ID initiatives will be able to provide their citizens with best-in-class mobile identity security protecting them against ID theft and guaranteeing data protection and privacy.


Thales, world leader in digital security, is the first company to achieve the highest level of the international security standard ‘Common Criteria’ for their mobile ID software solution. The Gemalto Mobile ID software has demonstrated a level of resistance to the most advanced security penetration tests against mobile applications. This security breakthrough confirms that Thales uses the most innovative and disruptive technologies to protect its mobile ID solutions.


Thales portfolio of digital identities, including “Mobile ID Smart App” and “Digital ID Wallet”, will benefit from the same security by design approach. This means that governments selecting Thales’ digital identity solutions for their mobile and digital ID schemes, will offer their citizens and residents the highest level of software security and protection against ID thief. The Common Criteria certifications enable an objective evaluation to validate that a particular product or system satisfies a defined level of robustness. It not only provides assurance that the Thales process of specification and implementation of a secure solution has been rigorously conducted, but also that the solution has reached the expected level of trust for final use.


Security tests on the Gemalto mobile ID software were performed by the internationally renowned testing laboratory “Brightsight” under the supervision of the NSCIB (2) (Netherlands Scheme for Certification in the Area of IT Security), in cooperation with of The Netherlands Ministry of Interior and Kingdom Relations.


“By achieving this independent and government-recognized security certification, Thales has set a new landmark for government mobile ID software security. Our mobile-based digital ID solutions are already entrusted and deployed in more than 20 countries around the world. They enable citizens to securely log on to public and private eServices and to smoothly prove who they are online while guaranteeing data protection and privacy.” Youzec Kurp – SVP Identity & Biometric Solutions at Thales



Source: CNBC (12/23/19)


The 2010s were the decade when cybersecurity incidents became commonplace. Almost daily, we hear about another privacy "incident," or an "exposure" of information. Among the billions of these incidents that took place over the decade — the vast majority of which were either undetected or unreported — only a handful can legitimately be called security "breaches": that is, non-theoretical events that actually harmed people or equipment, or sowed real chaos.


These incidents do not include the well-known violations of privacy, like Facebook allowing Cambridge Analytica to collect information from unwitting consumers. Nor does it include theoretical nation-state risks of a high level, like those alleged by U.S. intelligence agencies against China's Huawei.


Of the trillions of threats this decade, and the billions of breaches, and the thousands of those breaches that actually made it to the news, here are the six incidents that really mattered.


2010: Iranian nuclear facilities


What happened: A cyberweapon known as Stuxnet was first uncovered in 2010 but had probably been used for many years prior. The extremely sophisticated malicious software was used most famously to modify the workflow of centrifuges in an Iranian nuclear power plant, causing them to spin uncontrollably and explode or catch fire.


It was the first time a malicious computer program had been used to cause so much physical damage.


Why it was disruptive: Stuxnet catapulted cybersecurity to the forefront of global national security conversations. The incident has raised numerous policy questions — particularly how countries can determine when a cyberattack constitutes an act of war — and illuminated the way in which a country might use the digital realm to cause severe damage to an enemy. Governments also began to invest more heavily in security efforts touching the electrical grid.


Stuxnet had another unexpected effect: the military-grade malicious code, rumored heavily to have been developed jointly by Israeli and American intelligence, was re-engineered by the Iranians and used to attack other targets, notably in Saudi Arabia. The code also leaked onto the internet, putting one of the most powerful cyberweapons that had ever been developed into the hands of just about anyone who could figure out how to use it.


2013: Target


What happened: At the peak of the holiday season in 2013, Target's CEO announced a massive breach of 110 million customer credit cards and other personal details, including names, addresses, phone numbers and emails. The timing of the breach announcement created a perfect storm of bad press for the company.


The breach was caused by malware-infected technology belonging to an HVAC provider to the company, and infected point-of-sale terminals and other retail equipment. There were hundreds of similar incidents during the decade. But unlike many of those others, Target suffered real repercussions.


CEO Gregg Steinhafel came out immediately after announcing the breach with heavily apologetic messaging. Rather than calm stormy waters, the approach seemed to exacerbate Target's problems and annoy anxious holiday shoppers. Target's year-over-year revenue fell 46% in the fourth quarter of 2013 as a result. Steinhafel would resign by May 2014 because of the incident; he was preceded by the company's CIO, Beth Jacob, who left in March 2014.


By contrast, Home Depot suffered a nearly identical breach but did not disclose it until early in 2014, which appeared to temper consumer outrage over the incident. Target introduced numerous reforms to its cybersecurity program following the incident, built a global cybersecurity fusion center and invested heavily in information-sharing initiatives with other retailers, financial services firms and the hospitality industry.


Why it was disruptive: Target's breach had numerous long-term consequences for cybersecurity.


Crisis teams have closely studied the timing of the breach and the messaging Target used. Target's in-your-face, highly apologetic strategy backfired; that's why so many breaches today are announced in staid press releases, and executives seldom spend much time talking about them. Second, the fact that a mundane third-party service provider opened Target to criminal hackers sparked far greater focus on third-party vendors. Programs vetting the cybersecurity practices of outsourced service providers are much more prominent than they were.


The resignations of the company's CEO and other top executives because of the breach also marked a first. CEOs, board members and other leaders started paying a lot closer attention to cybersecurity after the Target breach.


2014: Sony


What happened: In November 2014, private information and emails of employees of Sony Motion Pictures were stolen and leaked by hackers associated with the North Korean government. The incident was, the attackers said, retaliation for a comedy film produced by Sony that depicted the assassination of North Korean leader Kim Jong-Un. The leaked emails included highly embarrassing conversations between studio executives about famous actors and actresses, and led to the resignation of powerful studio executive Amy Pascal.


Why it was disruptive: The Sony breach reverberated through board rooms as much as it did through tabloid media. Execs started grilling cybersecurity staffers about topics they'd shown little interest in before, like whether their companies were angering any hostile nation-states and how their companies treat email retention. The incident thrust "reputational risk" front and center to the considerations of how cybersecurity could harm the corporation.


North Korea also emerged from the incident as a significant and surprising power player on the cyberthreat stage. The country has raised significant money from its cyberattacks after Sony, which have included major ransomware incidents and bank heists.


2017: NotPetya


What happened: On June 27, 2017, several things happened at once: labs in the U.S. that made vaccines for Merck stopped running, ships that brought goods through Scandinavia and across the oceans for Maersk stopped shipping, factories that churned out chocolates for Cadbury stopped churning, and shipments bound for shops across Europe managed by Reckitt Benckiser and FedEx ground to a halt. All because of NotPetya.


NotPetya was a ransomware virus that acted like a worm, jumping from company to company across networks. It mirrored a predecessor bug known as WannaCry, but was far more damaging, causing lasting outages and significant damage not just to desktop computers, but to the systems that run large industrial equipment or logistics operations. The incident was attributed to Russia, and 80% of the affected systems hit by the ransomware were in Ukraine.


Why it was disruptive: NotPetya displayed plainly for the first time how interconnected different industries are.


It also sparked a reckoning for the nascent industry of cyber insurance. Companies such as FedEx that had no cyber insurance incurred massive costs. Several companies that did have cyber insurance have sued their insurers because those insurers have denied the claims for various reasons, including by invoking "act of War" clauses.


Warren Buffet even cited NotPetya as a reason why he has remained mostly uninvolved in the cyber insurance business, despite Berkshire Hathaway's considerable holdings in other types of insurance offerings. "We can figure the probability of a quake or a hurricane but don't know as much in cyber," Buffett said in 2018. "It's uncharted territory on the insurance side and will get worse, not better." NotPetya and WannaCry also introduced the world to the unsavory world of ransomware, which has reverberated around the world and since hit U.S. cities, educational institutions and health-care providers.


2017: Equifax


What happened: In March 2017, something barely noticeable happened on the cybersecurity landscape — a vulnerability in an open source software platform known as Apache Struts was discovered. The U.S. Computer Emergency Response Team released an urgent memo to companies to patch the problem. Credit ratings agency Equifax got the memo. The directive to patch the Struts problem was passed down throughout different parts of the organization responsible for these fixes. But one of those departments didn't fulfill the patching as requested. The rest is history.


By around May, criminals had found the unpatched system, a database housing information on credit bureau complaints. From there, these hackers — who are still unknown — made off with the Social Security numbers and other credit details of nearly half of all Americans, along with some residents of Canada and the U.K.


Why it was disruptive: The Equifax breach, announced Sept. 7, 2017, may not be the biggest or the most expensive, but it absolutely will go down in history as one of the messiest and most likely to spark vitriolic outrage in consumers. Like the Target breach, executives at other companies looked on in fear as the fallout reached deep within the Equifax organization. CEO Richard Smith left Sept. 26 following a disastrous response. The company's CIO was later indicted on charges he used information about the breach before it was made public to trade the company's stock.


Equifax has spent hundreds of millions on this incident, including the most recent $575 million settlement with consumers whose data was stolen in the incident.


The company's stock has recovered, but its reputation remains battered as it continues to make missteps — most recently, in July 2019, the Federal Trade Commission said Equifax could run out of settlement money before paying all the claims made by consumers whose information was stolen. The company has, however, invested significantly in building a stronger cybersecurity program, including emphasizing communication between leaders and cybersecurity executives, and integrating security projects throughout disparate lines of business.


2018: Marriott


What happened: By 2018, breaches of massive amounts of consumer data had become so commonplace that Marriott was not even particularly memorable. Its numbers were eye-popping — an original estimate of up to 500 million people affected, but no Social Security numbers. The theft of 5 million passport numbers stirred consumers a bit more than the average. But the incident sparked only a few weeks of commentary before mostly fading away. So why is it on this list? Because under the surface, the Marriott breach was highly disruptive to one cyberthreat area that had mostly gone ignored throughout the decade: merger due diligence. The breach originated with a database managed by Starwood Resorts, which was purchased by Marriott in 2016 for $13.3 billion. The data leak may have been ongoing for several years, the company has said.


Why it was disruptive: Just as Target sparked a whole generation of robust third-party oversight programs in the corporate world in the early half of the decade, the Marriott breach is already causing companies to improve how they conduct investigations of companies they plan to purchase.


Shareholder lawsuits calling into question Marriott's merger due-diligence practices make some of the most compelling data-breach suits in years. In many ways, Marriott is a sleeper breach — one that we might not think about much but will cause ripple effects in some major areas of business well into the next decade.


Source: Forbes (1/6)


When news emerged that Iranian general Qassem Soleimani had been killed in a U.S. airstrike on January 3, speculation about an imminent cyberattack was rife. It quickly led to warnings that Iran would retaliate by hitting the U.S. and its allies with a combination of physical and cyber warfare.


And for a short moment in the early hours of Sunday, it seemed like the first Iranian-led cyberattack might have arrived. The Federal Depository Library Program website had been defaced by hackers claiming to be working for the Iranian government. But there was no proof to link the hackers to Iran, and website defacement is a very basic compromise–hardly the work of a nation state government looking to do maximum damage.


Yet both Iran and the U.S. continue to flex their muscles. On January 4, President Trump threatened via Twitter to hit Iran “very fast and very hard.” And concerningly, Iran has now declared it will no longer abide by the nuclear restrictions outlined by the 2015 deal.


If a cyberattack was to hit the U.S. or its allies, it would be accompanied by physical warfare–the latter of which experts say will probably come first. But the U.S. remains concerned that Iran could try to attack via the cyber realm.


Over the weekend, the U.S. government issued a security alert, warning that Iran could strike so-called critical national infrastructure such as electricity grids with cyberattacks to potentially devastating effect. So, what does the situation look like from a cyber warfare perspective and what are Iran’s capabilities?


Stuxnet and the birth of Iran’s cyber warfare capabilities


Discovered in 2010 but believed to be in the making for years before, one of the most sophisticated state enabled cyber-assaults in recent history was the Stuxnet attack on Iran’s uranium enriching centrifuging capabilities.


“Stuxnet was blamed on the Americans and some commentators suggested Israeli involvement, which both countries deny,” Philip Ingram, a former colonel in British military intelligence, says.


However, the attack was so sophisticated that it could only have been carried out by a nation state. “Unlike other viruses that preceded it, Stuxnet was able to cause physical damage to the equipment the target computers controlled, marking a new style of cyberattack,” says Dr Max Eiza, lecturer in computer and network security at the University of Central Lancashire in the U.K.,And it had a big impact: it put the Iranian uranium enrichment programme back several years. However, says Ingram, it also launched Iran into the world of cyber effects. “They invested heavily in building cyber defences and a cyberattack capability.”


Since then Iran has been accused of perpetrating a number of cyber-assaults. One of the most well known is the attack on the Saudi Aramco oil company in 2017 utilizing the Shamoon virus–which was so devastating that the network had to be rebuilt almost from scratch.


Then in December 2018, Italian oil company Saipem was targeted by hackers utilizing a modified version of Shamoon, taking down hundreds of the company’s servers and personal computers in the UAE, Saudi Arabia, Scotland, and India. And in November 2019, it emerged that Iranian hackers were going after a disturbing new physical target: employees at major manufacturers and operators of industrial control systems used by power grids, manufacturing and oil refineries.


“Iran has a very sophisticated broad spectrum of capabilities able to target critical national infrastructure, financial institutions, education establishments, manufacturers and more,” says Ingram. He warns that Iran has “a first world cyberattack capability.”


However, Iran is also very vulnerable. In June 2019, in response to the shooting down of an US RQ-4A Global Hawk unmanned spy plane in international airspace over the Gulf, the U.S. launched a successful cyberattack against Iranian air defence sites and command and control.


The Soleimani killing fallout: What’s the Iran threat?


Following Qassem Soleimani’s killing, cyber will “almost certainly” play a part in the wider response that Iran will unleash on the U.S. and its allies, says Ingram.


However, he thinks it is unlikely the main revenge effort will be in the cyber domain because it “is not a strong enough revenge message for the Iranian people.” Even so, Ingram thinks Iran will increase its cyber activities significantly. This could include the country using proxies such as North Korea in exchange for missile technologies. “It will range from the types of attacks we have seen already to possibly GPS spoofing to try and get shipping to stray into Iranian waters. Saudi Arabia and other U.S. leaning gulf states will probably bear the brunt of Iranian Cyber activity.”


Javvad Malik, security awareness advocate at KnowBe4 predicts that other players across the world could also take advantage of the scenario to launch their own attacks “and try to attribute them to Iran in order to muddy the waters.” At the same time, Mike Beck, global head of threat analysis at Darktrace says the threat to critical national infrastructure is significant. “Sophisticated groups are using advanced software capable of going under the radar of traditional security controls and planting itself at the heart of critical systems.


“Iran will be prepared to burn accesses that they have developed over the years in a dramatic show of force, potentially impacting U.S. governments, healthcare agencies and banks.”


Vince Warrington, CEO, Protective Intelligence predicts that Iran could target U.S. and British interests in the Middle East, “especially those companies with links to Saudi Arabia.” But there are two important components needed if Iran is to perform a significant cyberattack, points out CompTIA global faculty member Ian Thornton-Trump: “How much compromised infrastructure does Iran already own, and have they made any moves to buy access to attractive targets on the dark markets? Do they have zero-day vulnerabilities stockpiled to unleash, or have they made any moves to buy zero days?”


Even if this has been done, a cyber-assault won’t come any time soon, according to Thornton-Trump. “I think any significant cyberattack by Iran will take weeks if not months to prepare and execute–this is not a time to be cyber trigger happy.”


Iran’s cyber warfare capabilities v the rest of the world


Iran certainly likes to boast about its cyber capabilities, but how do they compare to the rest of the world? It is very difficult to compare the cyber capabilities of one country against those of another as most of the programmes are so highly classified only a few people will know about them, Ingram says.


However: “Russia and China are Tier 1 cyber aggressors and very close behind them comes Iran, then North Korea. It is often difficult to distinguish between different countries in cyber terms as they probably use proxies in each other’s countries to mask the true originator.  The U.S., U.K. and Israel are probably the West’s Tier 1 countries with sophisticated capabilities from both a defensive and offensive perspective.” Iran is likely to work with other nations to launch its cyber-offensive. Ingram thinks it is “distinctly possible if not probable” that Iran and Russia would work together and “Russia use Iran as a proxy to continue to test cyber weapons, or to give Iran those weapons.”


“It would suit the Russians to use Iran as a proxy against the U.S. in a period where retaliation is expected,” agrees Beck. “The Russians could help by providing access to U.S. systems or by supercharging the Iranian cyber capability with their own cyber weaponry, helping to co-ordinate attacks with increased potency and damage.


“This alliance could escalate nation-state proxy conflicts; the prospect of an all-out cyber war involving the world’s major players is no longer a distant fiction.”


Cyber warfare and Iran: Who wins?


The threat is real, but even so, there is no scenario where Iran wins, says Thornton-Trump. “The U.S. and its partners have access to the transatlantic cables and ‘relationships’ with most of the global providers, which in the event of a national or international cyberattack could remove Iran from the Internet. The Americans built the internet–and they can take it away.” A bold cyberattack may occur, but right now with inflamed sensitivities, Thornton-Trump thinks: “Why bother? Terrorists and proxies are a short term solution to ‘revenge’ an attack on critical infrastructure, which can be attributed to a wayward squirrel or human mistake. As it turns out critical infrastructure breaks all the time and to rise above the general unreliability attribution, this type of attack would take a lot of effort, preparation and  patience.”


Indeed, Thornton-Trump thinks a cyberattack on Saudi Arabia or UAE “seems more likely then confronting America or Israel head on.” Malik agrees: “Any direct cyberattack could result in physical armed response, which is not something the government would be keen on. Rather, we'll probably see more subtle attacks that are difficult to attribute directly to Iran.”


The cyber warfare threat from Iran shouldn’t be dismissed. The country’s state sponsored hackers are capable of launching significant attacks on critical infrastructure–and they may target specific individuals and networks. But could the country’s capabilities match the U.S.? Unlikely, even if Iran was backed by another nation state with significant capabilities.


Source: Forbes (7/1)


The U.S. government has launched fresh attempts to try to stop Apple and other tech companies locking up user data with encryption.


On Monday, NBC reported that the FBI had written a letter to Apple, asking it to help unlock two iPhones belonging to the Saudi aviation student Mohammed Saeed Alshamrani, who is alleged to have killed three people at a Naval Air Station in Pensacola, Florida, before being shot and killed by police in December. It risks reviving a battle with Apple that started with the case of a terrorist shooting in San Bernardino in 2015. Apple declined to help the government unlock the iPhone of the shooter in that case, leading to a protracted legal battle that ended when an unknown third party managed to retrieve information from the device.


Yesterday also saw Texas-based U.S. attorney Joseph Brown issue a statement saying the government should “enact legislation to ensure lawful access for law enforcement, consistent with the traditional protections of privacy, to digital evidence of crime.” He cited a case in which it took more than a year from the arrest of a suspect in a child exploitation case to obtaining data from his device. It was only when  “new forensic techniques” were used that investigators were able to get into the iPhone, where they found child abuse imagery, according to Brown.


“Evidence stored in a phone or on a laptop should not be protected more than evidence in a person’s home, which has always been considered the most private of places,” Brown wrote. “By allowing dangerous criminals to cloak their communication behind an impenetrable digital shield, the deployment of warrant-proof technologies is already imposing a great cost on society.”


On the other side of the debate, digital rights bodies have long argued that convincing or forcing tech companies to alter their tech to allow government access would leave loopholes open to criminals, who could exploit the same weaknesses to invade users’ privacy. For instance, if Apple were told to create a backdoor in its iOS operating system, a criminal could find the same backdoor and use it to pilfer information for as long as it remained open.


The U.S. government also has access to many tools that can help acquire data from iPhones, Androids and myriad other mobile devices. For instance, Cellebrite tools and Grayshift's GrayKey have long been able to grab data from iPhones, and the FBI is one of many agencies that own hacking tech from both. Forbes recently obtained a search warrant from Ohio, signed off on in October 2019, showing an FBI-owned GrayKey was able to extract data from an iPhone 12.5, though no device exists (neither does iOS 12.5). In the search warrant application, the government doesn’t specify what model of iPhone it was, but an image shows it has three camera lenses on the back of the device. Only Apple’s top of the range iPhone 11 Pro and iPhone 11 Pro Max models have three cameras. Though it’s not clear the iPhone was locked prior to being search by the FBI, a photo of the front of the device shows it on a locked screen with a handful of missed calls.


In the Pensacola case, it appears the government has tried such third-party tools, which can take many months to crack a passcode. Investigators are continuing to try to “guess” passcodes, according to the letter reported by NBC. And there are some problems with the integrity of the device: a round was fired into the device, according to the FBI.


Neither the FBI nor Apple had responded to requests for comment on the NBC report. Apple told the news outlet that it had already handed over relevant data on the case last month.


Source: The Conversation (1/6)


2020 could well be the year that the cryptocurrency dream dies. This is not to say that cryptocurrencies will die altogether – far from it. But to all the financial romantics who have cheered the rise of bitcoin and other digital currencies over the past decade, there is a reckoning coming. Like it or not, the vision of a world in which these currencies liberate money from the clutches of central banks and other corporate giants is fading rapidly. It is not that these currencies have no place in the future of money. The encrypted blockchain technology that underpins them is extremely difficult for governments to control, so it is unlikely that they will ever be eliminated. In any case, they have a valid role to play as a geopolitical hedge – witness the surge in bitcoin and cryptocurrencies after the latest escalation in tensions between the US and Iran, for instance.


But 11 years on from bitcoin’s remarkable beginnings, cryptocurrencies are a long way from supplanting the financial system. At the time of writing, the total value of all the bitcoin in circulation is US$133 billion (£102 billion); in comparison, the market value of all the world’s gold is around US$8 trillion, while the total worth of mainstream currencies worldwide is roughly the same again.


No new hope


The so-called bitcoin maximalists foresee a day when their currency of choice rises into the top league. They point to the bitcoin “halvening” expected in May – the moment every four years when the number of new coins being added to the network is halved – as the next event that will drive prices up. Yet the long-term prospect for bitcoin and other cryptocurrencies is stasis on the peripheries of the financial system. The chances of a new bitcoin look increasingly slim: it’s several years since ethereum rose to become the prime challenger, before falling back to a fraction of the bitcoin price (click on the chart below to make it bigger).


Bitcoin vs altcoins


More importantly, a much bigger threat to the current system is afoot – as evidenced by Facebook’s attempts to get its libra digital currency off the ground. JP Morgan has already launched a JPM coin for major institutional clients, while numerous other major banks are set to follow suit. Other tech giants like Amazon, Google and Apple are rumoured to be looking at launching rival currencies as well. Their model is what are known as stablecoins – a sort of crypto hybrid that lives on blockchains but is pegged to mainstream currencies. But aside from this connection to the status quo, these multinationals would be challenging sovereign money. They want to opt out of the clunky system that they have been forced to operate in, with its transaction fees and international payment delays, to present customers with an alluring alternative instead.


The reason these companies are not throwing their weight behind bitcoin et al is because today’s cryptocurrencies have at least as many drawbacks as the mainstream system. Their prices are too volatile to act as a serious store of value, for instance, while their ability to process financial transactions is not yet particularly impressive. It has dawned on the corporate giants that as per their products or services, they can make money part of their brand – part of the customer experience. Sell people goods and services, yes, but also offer them a new monetary system to take care of the purchases. It begins to look like almost total control.


The empire strikes back


The state has been late to wake up to this challenge, but has now done so in a powerful and surprising way. The traditional global infrastructure has proved strong enough to derail the corporates at least temporarily with red tape. Yet make no mistake – the goalposts have completely changed, and it will be difficult to present a united regulatory front around the world. Ironically, it is the same lack of global uniform regulatory approval for the existing cryptocurrencies that has hindered their meaningful adoption. The other response under examination is to launch state cryptocurrencies. The likes of China and Russia are in pole position to launch the first within a couple of years. Deutsche Bank recently published a report suggesting that cryptocurrencies could overtake national fiat currencies within ten years, envisaging that these state-backed versions will lead the charge.


In short, the future of cryptocurrency lies in either corporate or sovereign digital coins – or more likely, an uneasy cohabitation of the two. The system supposedly under threat from bitcoin and the other so-called bank killers is instead assimilating them. The coins that emerge maybe won’t even use blockchains, acting more akin to Paypal or WeChat Pay than as cryptocurrencies as we know them. Where the previous half century saw the rise of corporates to a size and influence comparable to nation states, the next half century could produce a new paradigm in which they increasingly behave like nation states. When we reflect on the way these companies already manage our data, the way they exert lobbying influence on our governments, the trend is clearly well underway. Call it the next phase of globalisation. Money in 2030 will probably therefore be almost unrecognisable compared to what we use today. The dream of universal people-powered monetary substitutes is being crushed by this unanticipated but in hindsight inevitable institutionalisation. It is from within the multinational world that the “next bitcoin” will emerge – wrapped in the liveries of a corporate brand, if not a sovereign flag. As for the great dream of bitcoin liberation, may it rest in peace.


Source: Ingenico Group (1/14)


Integration enables retailers and other merchants to build relationships with customers through more accessible loyalty, rewards and other programs in their mobile wallets


Ingenico Group, the global leader in seamless payment, has integrated Apple Pay support for loyalty programs into its payment solutions to offer merchants and consumers more value in-store. Through the integration, merchants of all sizes using Ingenico solutions will now be able to leverage the fast and convenient experience of loyalty, rewards, gift cards and other value-added services in Apple Wallet on iPhone to unlock new points of engagement, improve in-store experiences and drive loyalty with their customers.


Consumers are using Apple Pay more and more as contactless payment technology becomes the norm in-store. With Apple Pay and Ingenico’s integration of Apple Pay support for loyalty programs, shoppers can make purchases at the point of sale with just a glance or touch with Face ID or Touch ID on iPhone and automatically present a merchant’s loyalty card, gift card, coupon or tickets — all stored conveniently in one place: Apple Wallet. This enables merchants to find new ways to personalize, enhance and streamline the customer experience.


“The most traditional example of a loyalty program is the paper punch card, but that type of program is limited in its value because it doesn’t enable merchants to understand anything about their customer and doesn’t reward consumers based on their specific needs and interests,” said Mark Bunney, director of go-to-market strategy for Ingenico Group North America.


“Our integration of Apple Pay support for loyalty programs allows us to modernize and digitize the traditional punch card and facilitate a wide range of next-generation experiences on iPhone across loyalty, gift card, rewards, ticketing and more. This enables merchants to really get sophisticated in driving loyalty, reduce in-store friction and gain a firm understanding of who their customer is and how to best engage with them.”


Participating merchants are able to customize solutions to create a number of new benefits for both their business and their customers through Apple Pay support for loyalty programs:


  • Drive active use: Customers can now store loyalty, gift and credit cards all in one place in Apple Wallet, secured with Touch ID or Face ID, to easily accrue and redeem rewards. What’s more, the loyalty or gift card is automatically selected when customers make a payment at checkout, so customers are more inclined to use it on a regular basis.
  • Maximize consumer engagement: Customers can receive real-time updates and custom notifications that can be triggered either by time, location or beacons, allowing merchants to offer the highly-personalized experience that customers crave.
  • Make enrollment fast and simple: Consumers can receive a notification to enroll in a merchant’s loyalty program immediately after they pay with Apple Pay and enjoy a quick and easy enrollment flow, without an app or data entry required.


Apple Pay support for loyalty programs will be available widely on the Ingenico platform. It is available today on software platforms including the Telium TETRA UPP and Telium 2 RBA software applications. For development partners, Apple Pay support for loyalty programs is available now with Ingenico’s Telium TETRA UPP and Telium 2 RBA software development kits (SDKs). These capabilities will be available with the Canada Standalone software applications and for Moby customers in H1 2020.



Source: WorldRemit (1/23)


WorldRemit has announced a partnership with Alipay, the world's leading payment and lifestyle platform, enabling consumers to use the WorldRemit app or website for cross-border remittances to the Alipay app, bringing more convenient and inclusive transfer services to users around the world.


“Our vision is to build a mobile-first, international payments service and we’re excited to work with Alipay as a partner,” said Tamer El-Emary, Chief Commercial Officer, WorldRemit. “The partnership will focus on innovation, customer experience and speed to market.”


In many markets around the world, the vast majority of remittances are still being sent ‘offline’. Money is taken to, and collected from a physical agent, and usually subject to high transfer fees.


With WorldRemit’s mobile first approach to digitising remittances, the collaboration between Alipay and WorldRemit will help make remittance services more convenient and affordable, especially for migrant workers globally.


The digital service will provide senders and recipients a fast, secure, and convenient way to transfer money whilst reducing the high associated costs.


The partnership with WorldRemit marks a further step in Alipay’s efforts to harness the power of digital and mobile technology, to make financial services more inclusive and affordable, especially for underserved and underbanked individuals worldwide.


“We look forward to working with WorldRemit to build a remittance service that is fast, secure, and cost effective,” said Ma Zhiguo, Alipay’s head of global remittances. “The unique mobile to mobile payment experience that this partnership delivers allows us to provide a convenient money transfer service to Alipay customers.”


Source: Finextra (1/23)


MasterCard has opened an intelligence and cyber centre in Vancouver, housing 380 new employees working on areas such as security, AI and the Internet of Things.


MasterCard is pumping $510 million into the project, with the Government of Canada also contributing through its Strategic Innovation Fund.


The centre will be located at the current office of NuData Security, the Vancouver-based fraud prevention specialist acquired by MasterCard in 2017.


Existing staffers will be joined by new software engineers, data scientists, project managers, analysts, product designers and information security experts.


Ajay Banga, CEO, MasterCard, says: “The Vancouver centre will help us meet the growing demand for technology solutions to reduce the cost of cyber-attacks, enable today’s connected devices to become tomorrow’s secure payment devices, and address the growing vulnerabilities associated with the Internet of Things.”


Source: Gemalto: A Thales Company (1/20)


Thales applies innovative Field-Programmable Gate Array (FPGA) technology, designed for massive parallel data processing, to power its Biometric Matching System. With Gemalto’s commercial off-the-shelf FPGA solution, Thales allows the number of servers to be cut in half and dramatically limits the overall carbon footprint. Border Agencies introducing Entry/Exit systems and other government agencies requiring real-time response can now benefit from low latency biometric data processing and greater scalability, while saving costs.


Thales, world leader in digital security, is using innovative assets from the aerospace industry to boost its Biometric Matching System (BMS) performance while reducing the environmental impact. The BMS is the heart of government digital identification systems. Introducing interoperability with its border management system requires multiple processing of hundreds of millions of biometric database records within 1 to 2 seconds. To perform data comparison at this scale Gemalto, a Thales company, is applying commercial off-the-shelf Field-Programmable Gate Array (FPGA) technology, originally designed for ultra-low latency applications in high performance computing (HPC) environments in financial and scientific industry, which is compatible with any server and cloud.


Specifically, Gemalto uses these FPGA boards for matching hundreds of millions of biometric fingerprint templates which are digital signatures, created from fingerprint images. This proven solution also allows for much faster data processing and greater matching accuracy, while at the same time limiting infrastructure costs and cutting carbon emissions. Depending on server and system specification, it can require up to 75% less servers and energy overall.


Gemalto’s Automated Fingerprint Identification System (AFIS) and Automated Biometric Identification System (ABIS) are scalable and customizable solutions, providing a range of functionalities for processing, editing, searching, retrieving, and storing fingerprint, palm print, face and iris images and biographic subject records. With FPGA, ABIS makes it easier for government agencies to run very large and complex multi-biometric solutions with remarkable matching accuracy and speed, enabling States to better protect and serve their citizens.


“Our FPGA based solution can cut data centre investment and space overall by more than a half, whilst reducing CO2 emissions by around 50%. Gemalto technology brings new options for governments wishing to prioritise environmental sustainability, without in any way impacting national security.” says Youzec Kurp – SVP Identity & Biometric Solutions at Thales. “The alternative of a pure Central Processing Unit based approach for biometric data matching requires massive computing capacity – even, in some cases, up to four times more servers than Gemalto’s approach - to perform the same transaction.”



Source: Moneris (1/20)


As Part of Investment Bookmark will Exclusively Offer Moneris Payment Gateway Integration for eCommerce Solutions. Moneris Solutions Corporation has entered into a strategic partnership and agreed to make an investment in Bookmark Your Life, Inc. a Toronto-based company. Through this partnership, Moneris and Bookmark will offer a complete online business solution from website creation to payment acceptance for small businesses seeking a robust, easy-to-manage online presence.


With this partnership, Moneris is now the exclusive payment processing solution for Bookmark customers in Canada. Billed as one-stop for all things web design and web entrepreneurship, Bookmark is a website building platform that removes the complexity of web design by using artificial design intelligence to create polished, full-featured, business websites. Affordable pricing and simple management features make Bookmark an ideal choice for Canadian small businesses seeking to expand online.


“Nearly 60 per cent of small businesses in Canada** don’t have an online presence and with 80 per cent of Canadians having shopped online***, it’s an area they can’t afford to ignore. Our collaboration with Bookmark will help small businesses get online, sell online and get paid online quickly and easily,” said Angela Brown, Chief Executive Officer, Moneris. “We know how passionate Canadian entrepreneurs are about their businesses, and Moneris is committed to helping them achieve their dreams.” A Toronto-based start-up, Bookmark is an ideal web site builder for small business. With the assistance of an Artificial Intelligence Design Assistant (AIDA), Bookmark is able to deliver a fully functional website for any small business in a matter of minutes.


“We’re excited to be working with Moneris to expand our reach in the Canadian market and provide market leading web building tools for small business,” said David Kosmayer, Founder and CEO of Bookmark. “Moneris has a robust payment platform for ecommerce that’s easy to integrate with and offers key features small business customers need. Combined with our simplified approach to website building, we are now able to deliver a complete ecommerce solution for businesses across the country.” Through this partnership, Moneris will work with Bookmark to promote the relationship and integration in market with the goal of educating small businesses on the importance of having an online presence that allows them to expand their business, increase sales and follow their passion.


Known as a payment technology innovator in Canada, Moneris is equally committed to innovation through investment and partnership. Supporting the Canadian FinTech community through these type of agreements is a key part of Moneris’ strategy as it moves into 2020.


The terms of the investment in Bookmark have not been disclosed.



Source: PYMNTS (12/23/19)


Visa is teaming up with TD Bank to introduce a new solution to ease money transfers between Canadian and U.S. accounts, Visa announced Monday (Dec. 23).


Powered by Visa Direct, the latest solution — TD Bank (US) to TD (Canada) Transfer — enables real-time transfers for Canadian users to move money from their U.S. TD Bank accounts to Canada quickly and easily.


Visa’s real-time push payments capability has handled 2 billion transactions in the past year.


Brian Weiner, vice president & head of product at Visa Canada, said that the company strives to make it hassle-free for Canadians “to send, receive and access their money where they want, when they want, and how they want.”


“Visa Direct is providing Canadians more convenient ways to move their money, and we are pleased to be working with TD to expand this capability to Visa cardholders,” he added.


The partnership is a demonstration of Visa’s resolve to streamline global payments and TD’s commitment to its customers’ always-evolving preferences.


The timing will help the financial preparedness of the 1.5 million Canadians flocking to warmer climates during the winter. A Visa survey indicates that 36 percent of Canadian snowbirds are exasperated when it comes to cross-border financial issues like transferring money between Canadian and U.S. accounts.


Almost $80 trillion is sent globally with wire transfers or bank accounts, which is a slow, outdated process that is also pricey. Digital money transfers are central to Visa’s payment innovation blueprint.


“At TD, we’re focused on providing our customers with products and services that are easy to use and deliver value,” said Frank Psoras, senior vice president of Everyday Banking at TD. “Today, we’re pleased to be offering an even easier way for our customers to move funds from their TD U.S. to Canadian bank accounts, demonstrating our commitment to omnichannel experiences that allow Canadians to bank in the ways that work best for them.”


Visa partnered with TransferWise earlier this month and launched in Spain to start, with plans to follow on in Romania, Hungary, Czech Republic and Bulgaria. The broader goal will be to take the Visa Direct-enhanced offering and work with the card network to scale its offering throughout Europe and worldwide in 2020.



Source: New York Post (1/23)


That’s the new policy at Goldman Sachs, whose chief executive David Solomon said the Wall Street giant won’t take any company public unless it has at least one “diverse” board member. In a Thursday interview with CNBC, Solomon said the new initiative will particularly focus on getting more women on corporate boards. The requirement will ratchet up to two diverse board members in 2021, he added.


“I look back at IPOs over the last four years and the performance of IPOs, whether it’s been a woman on the board, in the US is significantly better than the performance of IPOs where there hasn’t been a woman on the board,” Solomon said at the World Economic Forum in Davos, Switzerland.


“So starting on July 1st in the US and Europe, we’re not going to take a company public unless there’s at least one diverse board candidate with a focus on women.” In a statement to The Post, Goldman announced that it will extend the policy to all private companies in which Goldman has a majority investment stake. The bank said it will provide any private company that’s interested with access to its network of potential board candidates.


In the US and Western Europe, the new policy will focus on “traditionally under-represented groups across various criteria, including gender, race, ethnicity, sexual orientation, or gender identity,” according to a source close to the bank. While Goldman is the biggest financial player to make a bold move on diversity at the board level, it’s not the first. In 2017, Boston-based investment giant State Street launched its “Fearless Girl” campaign to pressure public companies to put more women on their boards. That program became famous for the eponymous sculpture that State Street commissioned to symbolize it, which until December 2018 stood opposite the “Charging Bull” statue near Wall Street and now stands in front of the New York Stock Exchange.


State Street has claimed that more than 300 companies have acted on their advice to add women to their boards. Goldman’s move, however, could pack extra punch, as it’s one of the preeminent underwriters of IPOs globally. Last year, Goldman was among the banks caught up in the botched effort to take WeWork public. Goldman had valued WeWork at $47 billion before abandoning the process when the company’s anticipated valuation dropped to $8 billion.


WeWork’s board was entirely made up of men.


Source: Central 1 Credit Union (1/27)


Central 1 Credit Union (Central 1) has completed a significant milestone in preparing for and delivering on Payments Canada’s Payments Modernization Program by becoming the first and only institution in the credit union system to secure a Lynx settlement account from the Bank of Canada.


Payments Canada is leading Canada’s Modernization journey, which will ultimately lead to a fast, efficient, flexible and secure payment system that will strengthen Canada’s competitive position. The next major project in Payments Modernization will be the replacement of the Large Value Transfer System (LVTS), an electronic funds transfer system operated by Payments Canada that allows financial institutions and their customers to send large payments, securely in real time, with certainty that the payments will settle. Its successor, in 2021, will be Lynx: a real-time gross settlement system, including an enhanced risk model that complies with Canadian and international risk standards and will be enabled with the global ISO 20022 messaging standard.


A Bank of Canada Lynx settlement account is a requirement for the Payments Canada Lynx application process. Central 1 has been a long-standing participant in Payments Canada’s current LVTS. To qualify as a participant in Lynx, all existing LVTS participants were required to apply for a new Lynx-specific settlement account at the Bank of Canada, under a new set of rules.


The Bank of Canada approval means that Central 1 can continue the provision of essential wires, clearing and settlement services for our credit union clients and other financial institutions when Payments Canada launches Lynx.


Central 1 President and CEO Mark Blucher commented: “Central 1 values its position as a trusted partner to credit unions; helping them serve their customers and standing behind them as they move payments across the country, outside Canada or around the corner. We facilitate the final leg of the payments journey: interfacing directly with the Central Bank to move funds and complete payments. It gives us great pride to deliver this essential aspect of payments to credit unions across the country, and that we have been approved to continue doing so.”


Central 1 is making strong progress towards delivering Lynx and this latest achievement ensures we are staying on course to delivering a modernized payments system that meets the needs of the credit union system and their members and customers.


Source: G+D Mobile Security (1/27)


Embedded Secure elements (eSE) from G+D Mobile Security are part of Miele’s connected professional appliances. They increase the security of certain intelligent devices through encrypted communication.


On the security chips from G+D Mobile Security a special application has been implemented, which Miele uses in its connected professional appliances. It supports the authentication between Miele devices and Miele Online Services and protects the transmission of data using TLS encryption. Communication is bundled via the routers of the home networks. The security elements implement end-to-end cryptographic security by communicating directly with the Miele systems.


The company can easily integrate the chips into its existing environment and enhance the security of its smart home devices. Since communication takes place via WLAN and LAN and not the mobile network, connectivity is guaranteed even if a appliance – such as a washing machine – is in the basement.


Thanks to its innovative system, Miele enables the connection of larger professional appliances such as washing machines, tumble dryers and dishwashers. With the Miele apps, customers can control these appliances quickly and conveniently via smartphone or tablet. Moreover, they can also be integrated into other smart systems.


"We chose G+D Mobile Security as our security chipset supplier because of the company’s expertise in the protection of mobile and IoT devices," says Nils Langhammer, Head of Appliance Connectivity and Architecture at Miele. “With its innovative embedded secure elements, it integrates security directly into the devices to secure them from manipulation due to hardware-based protection.”



Source: CIBC (1/27)


CIBC today announced that it received a score of B from the CDP (formerly known as the Carbon Disclosure Project), recognizing continued improvements to transparency and reporting on environmental impact, and the bank's continued focus on enhancing environmental sustainability. This score ranks CIBC above the global financial services average in CDP's most recent rankings.


"Our focus on creating a more sustainable future is reflected in our continued improvements in the areas of transparency and reporting, and our commitment as an organization to taking action on climate change," said Josh Picov, Senior Vice-President, Enterprise and Conduct Risk, CIBC. "We believe banks have a clear role to play in reducing their own environmental impact as well as helping to shape a more sustainable economy working with clients, and we have made clear progress in each of these areas as part of our long term focus on environmental sustainability."


CIBC recently announced a target of $150 billion in environmental and sustainable financing by 2027, to mobilize the necessary capital and develop market-based solutions to support investments that address critical environmental challenges and sustainability.


CIBC also recently released a report entitled "Building a Sustainable Future", our first climate-related disclosure report aligned with the Task Force on Climate-Related Financial Disclosures. The report highlights the bank's governance, strategy, and risk management approach to climate related issues. The report also provides specific metrics and targets for the bank to reduce our overall environmental impact and support clients in doing the same.


"Together with our team, our clients, and all of our stakeholders, CIBC is committed to creating a more sustainable future," added Mr. Picov.

ACT Canada helps members understand complex issues and filter truth from market noise for current and emerging commerce trends.  Through a consultative approach with all stakeholder groups, the association provides knowledge and expertise to help members leverage opportunities, confront challenges and advance their businesses. Please visit or contact our office at 1 905 426-6360.

Please forward any comments, suggestions, questions or articles to Please note that articles contained in this newsletter have been edited for length, and are for information purposes only. If you would like to be removed from our newsletter distribution list please follow the unsubscribe instructions at the bottom of the email.

Andrea McMullen

President | ACT Canada
905 426-6360 ext. 124 | | |

ACT Canada helps members to:

Engage - Grow the commerce community via stakeholder contributions, collaboration and networking

Enable - Provide access to the expertise of the member community to gain insights that will help strategic decision-making

Evolve - Drive positive change in the increasingly complex commerce environment

Scroll To Top