Financial Update (July-September 1996)
Are we ready for the
electronic finance revolution?
Retail banks are increasingly venturing into the world of electronic financial services: offering new products like smart-cards and Internet banking. However, issues of security, regulation, and control remain unresolved. David Sutton reports.
he revolutionary new types of financial products increasingly on the market, such as smart-cards, electronic money (e-money), and Internet banking, are giving the concept of "personal banking" a whole new meaning. In addition, these new types of products would, if generally accepted, reconstruct how the financial industry functions. However, issues of security, technological capability, and regulation remain unresolved.
One of the problems is that these new products and services pose potential regulatory challenges. For instance, do smart-cards fall under coverage of Regulation E (Electronic Funds Transfers)? If a bank fails, and a customer holds a smart-card issued by that bank, is the $100 on the card still a liquid asset? Who is liable when an electronic payment vendor fails to actually pay the debt? Where does the Uniform Commercial Code (UCC) apply? As Rich Oliver, Senior Vice President of Financial Services Support Activities for the Federal Reserve System, notes, "These types of liabilities and responsibilities have not yet been defined."
And it is the ambiguity of regulation regarding electronic payments that is one of the issues causing so much anxiety in the financial industry. The recent Federal Deposit Insurance Corporation (FDIC) ruling that (at least for now) smart-cards are treated as cash (not insured deposits) in terms of ownership is a prime example. What if the FDIC reverses this position and decides that smart-cards should actually be insured deposits? How would this change in position affect which institutions/organizations could issue smart-cards? Is regulation of smart-cards, if issued by financial institutions, even necessary?
There is also the question of interpreting legislation like the Electronic Funds Transfer Act (EFTA), the UCC, and Regulation E with regard to these new products. This, and other, legislation spells out the basic framework of rights, liabilities, and responsibilities for the various forms of payments but is not inclusive of all new electronic types. As Oliver notes, "We [the financial industry] need to move the UCC in the direction of electronic payments." So how do these regulatory and legal issues affect a financial industry grappling with the array of new products and the speed with which they are appearing?
Cyberspace: the great unknown
For banks, the rise of the Internet is a paradox. On the one hand Internet banking offers huge savings for financial institutions: an average of $1.20 per transaction when compared with using a traditional bank branch, according to some industry surveys. On the other hand, there is distinct lag in developing adequate security. And it is the issue of securityand how to effectively provide itthat has banks reeling. According to Booz-Allen & Hamilton, a management and technology consultancy, around 600 banking institutions worldwide have sites on the World Wide Web, but only 2 percent of European and 1 percent of U.S. banks use these sites to offer full Internet banking services.
So given the savings potential and the 200 million people forecast to have access to the Internet by 1998, why is the banking industry showing such caution? There appear to be several security issues stimulating the banks' concern: the pace of technological change, the rise of nonbank Internet service providers and software companies, and the lack of Internet security standards that satisfy a majority of banks.
For customers the practical impact of these regulatory/security issues is already at hand. For example, if a customer instructs (electronically) a third-party Internet service to pay bills, and the bills are not actually paidwho has liability for the failure to paythe customer or the Internet service? As regulations now stand, the responsibility seems, at best, unclear.
However, some in the banking industry are not stressing regulation, preferring instead to let the market develop these types of products/services and customers to decide which ones to use. If customers use a financial service, like a computer bill payment provider, and the company doesn't adequately deliver the service promised, customers could exercise the right to choose a different service instead. As Frank King, Vice President and Associate Director of Research notes, "If an Internet bill payment service didn't actually pay customers' bills, how long do you think the company would remain in business?"
The banks begin their offensive
For the past several years retail banks have largely watched as software companies and nonbank providers rushed into the online "home banking" business. Intuit, a software firm based in California, has literally swept the field with its Quicken program, now holding some 80 percent of the home banking market.
CheckFree, a company that handles electronic bill payments for banks, has recently acquired a payments and processing system from Intuit. This payments and processing system competes directly with what many banks see as their core business.
Microsoft is developing a system for bill payments and transactions in association with Visa International, the credit card company. This Microsoft system could capture the electronic transaction system infrastructure at the expense of banks.
Microsoft's threat appears to have helped spur the banks into collective action. In September NationsBank, IBM, and a consortium of major U.S. bankswhich control around 50 percent of the retail accounts in the United States and Canadateamed up to launch a new online personal banking service called Integrion.
Integrion will address security fears by developing a private access network, which will run parallel to public Internet access. The consortium will allow a variety of personal finance software to be used, including Quicken.
The growing battle for control of the electronic payments and security infrastructure raises several issues relating to both customers and regulation. If, for example, the Integrion consortium or Microsoft-Visa International succeeds in establishing the electronic infrastructure, how will these firms be regulated if they are nonbank institutions? How would this type of monopoly affect the financial services marketplace for customers in the future? What sort of liability issues are involved when banks offer electronic financial products created by nonbanks?
Security is paramount
A new electronic system called public-key cryptology may help solve the security problems. Public-key cryptology is a mathematical number that can be hundreds of digits in length and works because the key is divided into a public key (available to anyone) and a private key (known only to the user). When a message is sent electronically it is encrypted with the public key. The owner then decrypts it using the private key. The problem is that there are many encryption (scrambling) systems available or being developedwith no industry standard or platform.
One of the big-name Internet security solutions being developed is a joint effort by Visa International, MasterCard International, GTE, IBM, Microsoft, and Netscape. It is called Secure Electronic Transactions (SET) and will allow users to make secure credit card payments via the Internet. It is expected to be operational in late 1997.
IBM, Apple, and Hewlett-Packard, Digital Equipment, Sun Microsystems, United Parcel Service of America, NCR Corporation, Groupe Bull, RSA Data Security, and Trusted Information Systems have announced an alliance to develop encryption systems for information transfer over the Internet and other international computer networks.
Other security-based alliances are already up and running. U.K.-based TSB bank offers customers electronic banking through a service called PC Banking, which runs via the online service CompuServe. Barclays Bank, in liaison with Visa Interactive, launched a service in February that runs Barclays' own software on Windows-compatible PCs via modems in customers' homes or offices.
In terms of security-based online banking, Security First Network Bank (SNFB) of Atlantapurported to be the first Internet bankoffers what may be an effective approach. SNFB's security measures include issuing each customer a personal identification number (PIN) and encrypting any data sent over the Internet.
On the rapidly growing smart-card front (see chart), Visa International launched its "Visa Cash" cards during the Atlanta Olympics. These e-money smart-cards can be used at Visa retailers to pay for goods and services. During the 18 days of the Games over 200,000 transactions, with a value of around $1.1 billion, were conducted using Visa Cash cards, according to the Financial Times.
Nippon Telegraph and Telephone (NTT), the telecommunications mammoth, has also recently announced what it calls "a secure yet confidential electronic purse." It is another type of smart-card (with a digital signature security feature) that will allow users to buy goods and services in shops, vending machines, or via the Internet. NTT also claims that the purse can be used by any bank accountholder.
For banks, the rise of the Internet is a paradox. On the one hand Internet banking offers huge savings for financial institutions: an average of $1.20 per transaction when compared with using a traditional bank branch ... On the other hand, there is a distinct lag in developing security.
A cautious regulatory approach
The Fed's position in terms of regulation is under ongoing review, and policies are being formulated as necessary. According to Oliver, the Fed sees its underlying role as providing leadership in the electronic environment, bringing industry players together, addressing issues, and helping to set standards.
The Federal Deposit Insurance Corporation (FDIC) is also getting involved in the electronic market. The FDIC is currently considering whether stored-value cards should be insured. The FDIC is seeking comment on what sort of disclosures should be required for stored-value cards, how banks and regulators should address card fraud, Internet banking issues, and electronic payments.
Robert Rubin, Treasury Secretary, recently announced that the Federal Reserve Board, the FDIC, and the Treasury would be setting up a task force to jointly examine regulations and how emerging electronic and Internet transactions will affect payment system rules. He said electronic money posed "difficult issues in consumer protection," but he wanted to avoid "inappropriate regulation." Jack Guynn, Atlanta Fed president and chief executive officer, was recently named to the task force.
In light of this "policy of consideration" and Fed, FDIC, and Treasury actions to date, it seems probable that the regulatory system for new electronic financial products will evolve slowly and cautiously. It also appears that the regulators will continue to follow a "laissez-faire" approach, allowing the financial services industry to lead the way. For customers, this cautious approach could pose potential short-term risks, but the long-term benefits in terms of future products and services could be substantial.