In the age of Internet, in which leading global corporations, and research institutions, have resorted to the input of the citizenry at large to innovate and evolve their business model, banks have remained symptomatically absent from intervening in this new business-to-consumer relation environment. If the automotive industry, the pharma sector, and the design world—heck even local municipalities—are leveraging the creative power of e-crowds to improve their products, and to mine the wealth of data produced by digital users worldwide, financial institutions remain incomprehensibly insular and opaque to most of their costumers, thus missing not only the opportunity to improve their image in the public eye, but also the opportunity to find novel and more productive ways to increase revenues and improve customer service.
Leading corporation the likes of Google, Intuit, and PayPal—to name just few—have found in hackathones a convenient tool to address security bugs in their software, and other API’s shortcomings, which to be fixed in house would have otherwise cost much more money, and requested a much larger investment of human resources and time.
In the USA a recent National Public Radio report found that banks are resisting to the idea of using ‘white hat’ hackers to uncover potential security flaws in their internet portals, and of their electronic networks. But while not even a couple of years ago the notion of involving outside experts to attack one’s own network may have seemed revolutionary, this practice has now become routine among Silicon Valley’s hi-tech giants trying to stop cyber-attacks on their infrastructure and their customers.
“There’s thousands or tens of thousands of people out there with the skill set that could help us find these bugs and get them fixed faster,” affirmed recently Alex Stamos, Chief Security Officer at juggernaut web portal and search engine Yahoo. “There’s nothing lost by bringing them kind of into the fold and giving them an opportunity to participate.”
But although chief security officers at companies such as PayPal, Facebook, and Twitter are adamant in extolling the virtues of their ‘bug-bounty programs’—initiatives by which a company hires a hacker to find holes and bugs in its own software—American banks and financial institutions do not seem to share the same enthusiasm. Of the dozens of financial institutions contacted by reporters just one—GE—revealed to have developed methods for customers, API and App designers, and researchers to provide feedback or even simply to report the security flaws they may have found. And even when provided with rational options to use outside experts to assess their security risk by Silicon Valley's startups such as HackerOne–which produces software platforms to connect corporations to white hat hackers and pre-screens hackers to be hired to attack and improve a specific financial products–banks are reluctant to open their online vaults to members of the public or to consultants.
According to Katie Moussouris, Policy Director of HackerOne, many financial institutions tend to confound authorizing people to report flaws in their system with encouraging hackers to break into their network to steal information.
“But those are two very different things,” notes Moussouris. "Traditional banks often invest a lot of money and attention in security but they do it privately with traditional penetration testing or through their internal team, but they are not necessarily open to general public , and not certainly to the general public of white hackers to take a look at their software, and the issue with that is if a friendly hacker form the outside wants to do the right thing and report a bug there isn't an easy way to do it, and this is a problem in which they're running a lot right now. But a criminal will never knock on your front door to tell you that there's a problem. If somebody knocks on your door is by definition a friendly hacker trying to tell you something before a criminal can take advantage of it," concludes Moussouris.
But notwithstanding banks’ tardiness to leverage the power of crowds and big data to innovate their business model, open source baking and hack-finance, thanks to the inventiveness of consumers and the dedication of financial activists worldwide, are becoming realities. And even though the US were among the first countries to experience with micro credit—Kiva, one of the web’s first peer-to-peer lending website was in fact launched in San Francisco in 2005—the open banking sector is expanding at a faster rate in Europe, where experiences like Cyclos, Charity Bank, Triodos Bank, Drupal’s Hamlets, Open Corporate, and the Open Bank Project to name just a few, are introducing countless open source financial solutions designed to help people to set up their own financial institutions, and to connect banks to third party apps to allow account holders to tailor their banking experience to their personal needs. And while these experiences address banking in traditional environments, connecting the consumer desktop to the bank server, new providers such as Kenya and Tanzania's M-Pesa are bringing the open source banking experience into the mobile territory.
Launched by Vodafone for Safaricom and Vodacom, the two largest mobile network operators of Africa, M-Pesa (pesa is Swahili for money) allows user to deposit and withdraw money using a mobile-phone as access gate to banking network. Since its launch in 2007 M-Pesa has expanded to South-Africa, India and Eastern Europe.
"Even though not as fast as they should, Banks are starting to cap to the value of FinTech (financial technology sector) solutions to leverage the huge amount of information they can harness via big data to improve their performance and increase their revenues," affirms Jean Baptiste Su, a Silicon Valley based Forbes' analyst, "They're in fact opening their infrastructure so that startups can connect to their APIs. Visa for instance is producing new APIs, like for example Visa Checkout, to facilitate mobile payments, and to compete with PayPal and Square in the online payments environment".
Valued at about $930 million just in 2008, last year private financing FinTech companies raised more than 3 billion dollars. In 2010 the collaboration between FinTech entrepreneurs and banks experienced a steep acceleration with the launch of the FinTech Innovation Lab of New York. Entrusted by Accenture and The Partnership Fund for New York with helping early and growth companies with cutting edge technology to connect to the fiinancial service industry, the lab has since expanded to include laboratories in London and Hong Kong. Even financial service firms the likes of Russia's Sberbank, and Spain's BBVA Bank have entered the FinTech market creating their own VC funds. Sberbank last year created SBT Venture Capital while BBVA launched BBVA Ventures in Silicon Valley, each committed 100 million to the funds. In addition this year Barclays has launched an accelerator program in London for FinTech startups while USB has funded a number of internal groups to work on specific technology projects with the help of external app designers.
However expanding it maybe, of all banks that have become active in the FinTech sector, Spain’s BBVA is the one which may have came up with the most comprehensive strategy. In October of this year BBVA launched InnovaChallenge MX, an international competition for developers that comes with a 60 thousand euros prize money for the application that will add the most value to BBVA's data. Providing developers access–via an API at bbvaopen4u.com–to data collected on transactions made at BBVA's stores in Mexico City, Guadalajara, and Monterey from Nov. 1, to April 30, 2013, the InnovaChallenge represents one of the few instances in which a bank has opened its data to third parties through an hackathon.
"InnovaChallenge MX is designed to help us envision ways to use our data, integrating and mixing it with external sources of information", affirmed Gustavo Vinacua, director of BBVA's Innovation Centers and Open Innovation
"For banks turning to open source and FinTech isn't just a matter increasing revenues, it is a matter of survival," adds Forbes' Su.
According to The Millennial Disruption Index–a three year study of industry disruption at the hands of teens and thirtysomethings–among all industries banking is currently running the highest risk of disruption. The study has in fact found that among Millennials–which with 84 million people is the largest generation in US history–71% believes than in 5 years we will pay for things in a radically different manner than we do today; that 73% are more excited about financial offerings form hi-tech firms like Google, Apple, Amazon, PayPal and Square than they are of their banks; and that 71% would rather go to the dentist than to visit their bank.