Has Web3 got its priorities wrong?


Co-founder and CIO of enterprise software development house, Global Kinetic, Sergio directly heads its open banking platform, FutureBank. A skilled software engineer, innovative product developer, and keen business strategist, he has participated in several notable fintech milestones, including building the southern hemisphere’s first digital-only bank all the way back in 2002.

Surveying the sorry state of consumer privacy a couple of years ago, Alan Rusbridger hypothesized a privacy “techlash” in the Guardian. In it, he nodded to a Washington Post tech journalist’s description of us “gleefully carrying surveillance machines in our pockets”, but he wasn’t calling on us to throw our phones into the Thames just yet. He felt encouraged by developments like edge computing, encryption, and blockchain:

“One estimate is that there may be 200 or 300 startups, SMEs and entrepreneurs rethinking the ownership and value of data. Finland’s MyData project is just one high-profile attempt to let individuals regain control of their own data. Other players are exploring how blockchain can strengthen privacy as a basic consumer right. The jury is out – and doubtless will be for a while yet.”

Yes and no. It’s two years later – we’ve seen an explosion in use of Signal, DuckDuckGo, DeFi, and NFTs – but the jury’s still hotly debating that exact question: the role of blockchain in protecting PII.

Enter witness for the prosecution Moxy Marlinspike.

For those who don’t know, Moxy Marlinspike is a highly respected cryptographer and digital security specialist, a former head of security at Twitter and the founder of Signal, the privacy-optimized answer to WhatsApp. In January, Marlinspike wrote a blog post on his impressions of Web3 in its current state and his thoughts about where it would go.

Given his high profile, technical expertise, and articulate, deliberative style of communication, the post was always going to draw readers from the techie scene. His negative assessment, relying in part on his own eye-raising, real-world experiences, meant it got a lot more attention than that. It seems anyone and everyone has said something on the piece – now, me included.

Read Sergio’s earlier blog post on Web3 here.

Web3 and the problem with servers

Web3’s idealists hope that by jumping the shiny tracks laid by the Big Tech companies, we will snatch back our privacy and reestablish personal autonomy and control within decentralized networks of computers owned by, well, just about anyone. But, in his post, Marlinspike points to a flaw in the plan:

“When people talk about blockchains, they talk about distributed trust, leaderless consensus, and all the mechanics of how that works, but often gloss over the reality that clients ultimately can’t participate in those mechanics. All the network diagrams are of servers, the trust model is between servers, everything is about servers. Blockchains are designed to be a network of peers, but not designed such that it’s really possible for your mobile device or your browser to be one of those peers.”

Servers are everywhere but in consumers’ hands. Since the average Joe or Jane only has clients (browsers and mobile devices) at their fingertips, their access to the system must be mediated by third-party–owned services provided through servers called nodes. “They’re like the gateway to the blockchain realm” says QuikNode, a provider.

Gateway or gatekeeper? Jack Dorsey and the Bitcoiners believe that already powerful crypto ventures have made accommodations for the sake of speed and functionality, which has weakened security and consolidated power in only a few hands – by making setting up and running independent nodes difficult, for instance. The benefits of the blockchain are being wasted in attempts to kickstart new network effects and maximize profits for VCs and early adopters, they say.

Marlinspike may or may not agree – he’s playing philosopher king or elder statesman to Dorsey’s freedom fighter here. It’s just that he doesn’t see control of nodes as the problem per se. He’s adamant that no-one – not even “nerds” – wants to run their own servers and it’s by ignoring that fact that we risk repeating history: “To make these technologies usable, the space is consolidating around… platforms. Again. People who will run servers for you, and iterate on the new functionality that emerges. Infura, OpenSea, Coinbase, Etherscan.”

He makes the case for a re-do:

“We should accept the premise that people will not run their own servers by designing systems that can distribute trust without having to distribute infrastructure. This means architecture that anticipates and accepts the inevitable outcome of relatively centralized client/server relationships, but uses cryptography (rather than infrastructure) to distribute trust.”

He believes this will help prevent Web3’s platformication, something that is already well underway. At present, OpenSea has around 95% of the global NFT trading market cornered, with volumes 12 times its closest rival. Ethereum had a similar stranglehold on decentralized finance at the start of 2021 but has lost share as it struggles to scale. Infura and Alchemy control almost all of the market for node services. Coinbase has over half of bitcoin trading wrapped up. It’s no surprise that Coinbase didn’t make a splash at Bitcoin 2022 this year, the biggest crypto event in the world. There’s no need.

OpenSea has around 95% of the global NFT trading market cornered, with volumes 12 times its closest rival. Ethereum had a similar stranglehold on decentralized finance at the start of 2021 but has lost share as it struggles to scale. Infura and Alchemy control almost all of the market for node services. Coinbase has over half of bitcoin trading wrapped up.

Defenders of the evolving crypto ecosystem say that there are more and better alternatives to these providers popping up all the time, but that’s missing the point. As CoinDesk reporter Will Gottsegen wrote in October last year in relation to NFTs: “Decentralized computing doesn’t necessitate a decentralized market structure.”

It’s Wild West stuff, this

Published a month ago and with 5.5 million views and counting, Dan Olson’s YouTube demolition job “Line Goes Up – The Problem With NFTs” might put him up there with Marlinspike in the rankings of influential cryptocynics. It’s “viral”, if something over 2 and a quarter hours long can be called that. Discussing the video, Casey Newton at Platformer wrote :

“[I]t’s undeniable that today web3 is a mess — and not just in a ‘we haven’t finished building it’ sort of way. Web3 is a mess of a kind that it could take five or more years to fix, and that assumes the work gets started soon. And the thing is … I’m just not sure people are working on these things.”

Like, what things? Well, privacy and security. “It’s hard to imagine a bigger hurdle to the mass adoption of blockchain technologies than the absence of basic trust and safety features, and yet to date, we’ve seen very little,” says Newton, suggesting that few crypto insiders really care enough to prioritize solutions.

When Time asked economist, crypto investor, and Twitter influencer Tascha Che to answer Olson’s charge that aspects of blockchain technology encouraged fraud, she replied that blockchain was no more secure than centralized databases: “The point of the system is a revolution in how we distribute value. The point is not inventing a system that is more secure than the centralized system.”

Security – and particularly fraud prevention – ought to be hard-baked into a system like Web3 where transactions are irrevocable. It needs mechanisms to ensure only legitimate transactions take place.

I’m not sure that’s something you want to put in the brochure. Security – and particularly fraud prevention – ought to be hard-baked into the Web3 world where transactions are irrevocable. It needs mechanisms to ensure only legitimate transactions take place. There isn’t anything like this currently (apart from Bitcoin itself, of course).

Remember the businesses running nodes to which consumer-side clients must connect in order to access the blockchain and use Web3 applications? On a “zero-trust” system, their word is taken for gospel, for no other reason than that Web3 apps almost never authenticate the information they pass to and from the blockchain. Marlinspike blogged:

“These client APIs are not using anything to verify blockchain state or the authenticity of responses. The results aren’t even signed. [...] So much work, energy, and time has gone into creating a trustless distributed consensus mechanism, but virtually all clients that wish to access it do so by simply trusting the outputs from these two companies [Infura and Alchemy] without any further verification.”

These apps aren’t using even the most basic security best practices, and it’s the same for wallets, the actual stores of value, because they’re clients too. Information may have been tampered with; it may not even be coming from where it should. You wouldn’t know.

Web3 is still small and dominated by relatively few companies. It does seem odd that they haven’t yet taken the opportunity to address a matter so central to its future success: security.

Finding alignment on large-scale security issues among many stakeholders is a challenge at the best of times; in a decentralized system, it can seem impossible. But Web3 is still small and dominated by relatively few companies. It does seem odd that they haven’t yet taken the opportunity to address a matter so central to its future success. In the minds of consumers, FOMO doesn’t apply to being hacked. An app isn’t going to replace the need for collaboration.

Safety first

Despite a decade of work and the enormous amounts of money being thrown at it, Web3 remains an insecure if not dangerous place for the initiated and uninitiated alike. Marlinspike is one of many who have made the point, and it is arguable whether its vulnerability to recentralization is a bigger threat to adoption than that.

A look into the Web3 job jar

For financial institutions exploring Web3, it certainly does look like the next version of the Internet – soon to enter its tweens – has a lot of growing up to do.

Most banks and credit unions will act towards Web3 as prudently as they always have; I probably don’t need to advise them to make any investments in technology very carefully. Similarly, I don’t have to remind them that it isn’t necessary to risk it and build it themselves. Platforms like FutureBank can provide them a highly-secure native integration to the freewheeling new world of opportunity and set them up fast to take advantage of fast maturing use cases like embedded finance.

Wondering about doing business on Web3?

Contact Global Kinetic for our assessment of the risks and rewards.

Web3: Tell me if you’ve heard this one before?


Co-founder and CIO of enterprise software development house, Global Kinetic, Sergio directly heads its open banking platform, FutureBank. A skilled software engineer, innovative product developer, and keen business strategist, he has participated in several notable fintech milestones, including building the southern hemisphere’s first digital-only bank all the way back in 2002.

“On the Internet, nobody knows you’re a dog.” The New Yorker is famous for its clever cartoons – and none has summed up a pivotal moment in society so perfectly as that one, long ago in July 1993. It was an Internet meme before the Internet had memes.

What the drawing captured was a sense of the utopian potential of the then WIP WWW, particularly the way it might liberate users from the straight jackets of their real-world identities. The promise of reinvention, free from control, was backed by the technology itself, which seemed to guarantee a degree of anonymity over a highly decentralized and chaotic network of computers.

Sadly, things started looking less rosy for our canine friends soon after. The HTML cookie made its appearance little over a year after the cartoon was published. Developments snowballed, for better and worse. What the Internet came to lose in anonymity, trust and civility, it gained in utility, efficiency and convenience.

Money changes everything

The transition from the decentralized Web 1.0 to the centralized Web 2.0 was inevitable. What military comms operators, scientists and researchers had put up with in ARPANET and Gopher was never going to appeal to the mass market, as exciting as the Internet sounded. Going online didn’t take a university degree exactly, but it wasn’t a walk in the park either.

Slowly, new tech players competed to ease consumers’ access to email and the WWW, bundling the software and hardware they needed in ever more user-friendly and affordable packages. The market consolidated, conferring on winners like Microsoft, Apple, Amazon, and, yes, AOL and Yahoo, a kind of omnipresence.

On the other side of the modem, as more people came online, the incentive for every kind of business to set up shop grew, raising the commercial stakes and setting off a new gold rush, this time for consumer data (not the red herring that was the dotcom bomb), the profit from which has powered the rise and eventual omnipotence of Google, Facebook, and their Chinese equivalents.

Let’s try this again, shall we

Different dog now. A few months ago, someone paid $450,000 for a plot adjoining land owned by Snoop Dogg in the Snoopverse, a virtual world built on The Sandbox platform. Katt Benedict, director of open finance at MX, commented on the news reported by Ron Shevlin on LinkedIn: “Conceptually, a metaverse could have been an opportunity to explore a post-Hunger Games new world. A world that has no concept of financial exclusion and class distinctions.”

It's sad to see how fast this thing called the metaverse has come to resemble our own money warped reality. In the same way that “rich digital experiences” today invariably involve making payments, the vision of the future metaverse you read about most is a kind of 3-D virtual shopping.

Scooting around the Internet, you’ll find enough idealism and hopeful exuberance attached to Web3 to power a Segway to Mars.

What’s this have to do with Web3, the much hyped new incarnation of the digital world we increasingly call home? 1 New technologies have frequently been hyped as game changers only to disappoint early adopters. Scooting around the Internet (the 2.0 version), you’ll find enough idealism and hope attached to Web3 to power a Segway to Mars: Web3 and/or crypto will end censorship, state surveillance and repression; reduce fraud and corruption; counter inflation, smooth access to capital, alleviate poverty and financial exclusion and solve the problem of developing world landlessness – if they don’t actually usher in a post-scarcity economy2.  The Mozilla Foundation predicts a dystopian future without web decentralization. Gavin Wood, co-founder of Ethereum and the man who coined the word Web3, believes it’s the only means of saving liberal democracy. Jack Dorsey has said he hopes Bitcoin will bring us world peace.


It really does sound wonderful, doesn’t it? Kind of like Sweden.

A luta continua!

As it stands now, Web2 is dominated by a few very large and extremely well resourced companies that exert disproportionate control over users – aka consumers and citizens. They are sustained by enormous profits derived from the same users’ personal data and content.

Harvard Business School professor Shoshona Zuboff explains in her 2019 book The Age of Surveillance Capitalism:

“Surveillance capitalism unilaterally claims human experience as free raw material for translation into behavioral data. Although some of these data are applied to service improvement, the rest are declared as a proprietary behavioral surplus, fed into advanced manufacturing processes known as ‘machine intelligence’, and fabricated into prediction products that anticipate what you will do now, soon, and later. Finally, these prediction products are traded in a new kind of marketplace that I call behavioral futures markets. Surveillance capitalists have grown immensely wealthy from these trading operations, for many companies are willing to lay bets on our future behavior.”

Tim O’Reilly, whose definition of Web 2.0 is still the most widely used, has always been careful not to demonize Facebook and Google.3  But even he is ringing the alarm:

“When companies are using the data they collect for our benefit, it's a great deal. When companies are using it to manipulate us, or to direct us in a way that hurts us, or that enhances their market power at the expense of competitors who might provide us better value, then they're harming us with our data.”

A Web3 utopia beckons. Or does it?

Web3’s backers, some of whom made billions investing in Facebook, say it will fix the personal data problem for good. Chris Dixon, a partner at Andreesen Horowitz, describes it as a combination of Web2’s rich functionality and the “decentralized, community-governed ethos of Web1”. He says that “this means people can become participants and shareholders, not just customers or products. Web3 is the internet owned by the builders and users, orchestrated with tokens.”

Just as with the first decentralized Internet, the technology underlying Web3 can’t be co-opted by reactionary forces, or so the line goes. No-one owns the blockchain; it’s shared. You maintain control over not only your personal data but any aspect of your digital life. Content creators – i.e. everyone – can monetize their every mundane  unique thought, action, and virtual creation. “It means that all the value that’s created can be shared amongst more people, rather than just the owners, investors and employees,” says Esther Crawford at Twitter.

Sounding less like Sweden now, more like a 1960s kibbutz.

Oddly enough, I’ve managed not to mention Moxy Marlinspike in this post. Next week, I’ll wade into the debate over weaknesses in the crypto system that he fears will result in rapid recentralization of Web3, or, as he darkly suggests it may end up: Web2x2 – “web2 but with even less privacy”.

Notes

  1. As used here, Web3 is distinct from Web 3.0. The former – the subject of this post – is a vision of a blockchain-powered decentralized web. The latter is associated, closely or not, with the Semantic Web, an on-going effort led by Tim Berners-Lee and the W3C to make the data on the web more directly meaningful to machines, so that they can use it to make decisions independently of people.

  2. In this context, crypto does not refer to digital assets like Bitcoin or NFTs but to the global blockchain-powered infrastructure enabling them, as well as innovations like decentralized finance, decentralized autonomous organizations, and self-sovereign identity. Crypto’s close integration with standard web technologies is a precondition for a fully realized Web3.

  3. Web 2.0 has been cast primarily as “participatory” by its boosters, differentiating it from the static, passively consumed formats of Web 1.0. Cynics, among them many older techies, tend to follow Tim O’Reilly’s definition of Web 2.0 as “the network as platform”, in contrast to Web 1.0’s decentralized architecture. Some of the latter camp regard the active collaboration and content generation so characteristic of Web 2.0 as a natural development of Web 1.0 technologies, questioning the need for a new version number.

The 5 Pillars of Good Solution Architecture: Security

The 5 Pillars of Good Solution Architecture: Security

By Sergio Barbosa (CIO - Global Kinetic)


A lot of fanfare has been made about the Twelve-Factor App methodology and how it is becoming the best way to approach building a SaaS-based application that makes use of microservices.  I am one of those fans.  When designing a new solution, or upgrading an existing one, having a simple set of guiding principles can be invaluable.  And of course, non-functional requirements.  But if I look at the Twelve-Factor App methodology, it speaks a lot to the “how”, but not to the “what”.  I may very well build a solution that adheres to all Twelve Factors but fail in meeting the non-functional requirements of the desired solution.  By definition, I would have delivered a bad Solution Architecture.

Every good Solution Architecture should have a plan for the following 5 things, within which non-functional requirements can be grouped and addressed:

  1. Security
  2. Performance and Scalability
  3. Availability and Recoverability
  4. Efficiency of Operations
  5. Cost

Let's take a look at each of these areas one by one:

 

Security

Designing for Security requires a “Defence in Depth” approach.  This means that every solution should be continually validating trust as it is executing code and accessing system resources.  Commonly referred to as a Zero Trust model, the solution should not make any assumptions about the privileges that the user or system account executing code and accessing system resources has.  Trust should be validated at each layer in the solution stack, from the physical layer, through the perimeter and network, all the way down to the compute, application, and data layers.

Be explicit about the requirements at each layer, i.e. what are the Authentication rules (which user accounts and how do they authenticate themselves) and Authorization rules (what do the user accounts have access to) at each layer. There are many tools that can be leveraged to implement and manage these rules so that you do not have to write code to do this from scratch.  Most of these tools implement widely accepted standards and best practices, so make use of those.  Identity Management systems like KeyCloak implement OpenID Connect standards, provide single sign-on capabilities, and can be extended to support multi-factor authentication very easily.

 
Defense in Depth
Figure 1: Defense in Depth
 

Security is ultimately about data, and it needs to be clear at each layer what aspect of your data you are securing.  There are three options here, Confidentiality, Integrity and Availability, commonly referred to as the CIA principles.  At the data layer for example, you would have a requirement to encrypt the data at rest to preserve the Integrity of the data.  At the perimeter layer for example, you would have a requirement to prevent DDoS attacks to preserve the Availability of the data.  And at the physical layer for example, you would have a requirement to implement biometrics as an additional authentication factor to preserve the Confidentiality of the data.

At any point in time, the data generated and managed by your solution is either at rest, or in transit on some piece of hardware infrastructure.  That means that you need to protect the infrastructure your solution is deployed to, apply the best network security you can, and implement the most robust encryption algorithms and techniques.  In terms of infrastructure, make sure you have adequate Identity Access Management and role-based security that can access the underlying infrastructure, and that you have adequate failover (more on this later) in place.  For Network Security, implement DDoS protection, Firewalls, Gateways and Load Balancers and constantly monitor traffic, limiting resource exposure/access via IP address, port, and protocol restrictions.  Be especially careful when deploying microservices to orchestration systems like Kubernetes, and ensure you are not making assumptions about the execution privileges inside a cluster.  Encrypt data in transit and at rest, and be explicit about the encryption algorithms that you are using, and how you are using them.  Encryption is a massive topic so to do it justice in a small paragraph is impossible, but pay particular attention to Symmetric vs Asymmetric techniques, one-way vs. two-way encryption, and the difference between encryption and hashing of data.  Classify data as Public, Private or Restricted, and take action to make sure that Private and Restricted data is always encrypted at rest and in transit and that Restricted data can only be accessed by the owner of the data (like in the case of regulatory requirements like POPIA, PCI, GDPR)

 

Figure 2:CIA of Data

.

As the last point on Security, none of the above can be effective if you do not have a security mindset when developing the solution.  Some refer to this as a 'culture of security' within dev teams and organizations.  This means that at every stage in the development of your solution, you are validating the solution against your security requirement.  Initially with core security training when onboarding developers into your teams, then while developing each feature of your solution evaluating the impact of the security requirements of the solution against that feature.  Design for these security requirements by using thread modelling and attack surface analysis, implement the code according to them, verify that the implementation meets the success criteria, release the feature after final security review with an incident and response plan and then implement feedback loops from your monitoring data in your production environment.  This the Security Development Lifecyle, and the most important plan you need in place to meet the non-functional requirements grouped in the Security pillar.


Figure 3: Security Development Life Cycle

In summary, it is useful with each of these pillars to have a baseline or standard that you work from and then evolve and improve. In the next post we take a look at the second pillar, Performance and Scalability, so stay tuned...

 

The convergence of tech and COVID-19, and the future of Wallets. Are you ready?

The convergence of Customer Experience, Open Banking, AI, and COVID-19; and how it is disrupting the future of digital wallets

Author: Martin Dippenaar

Global Kinetic is a Fintech software development company, and over the last 2 decades we have worked with many local and international banks, financial institutions and Fintechs. Towards the end of last year, some of our clients, and many companies around the world, were talking about Digital Transformation.

Digital Transformation is essentially three things:

    1. enabling the company to deliver innovation faster,
    2. new technology, and
    3. placing the correct functionality in the hands of users.

It is about technology, but it is also about culture.  Companies had realized that to be relevant in the future, they had to create digital processes and keep up with the rapid pace of technology changes. Some took it more seriously than others, as they had already started to see disruption in their own verticals due to new technologies being exploited by up-and-coming startups, and new markets being created through innovation. There was a lot of talk of “All companies are tech companies”, but this talk was mostly seen as something that is only important strategically over a medium to long term; maybe the next 5 to 10 years.  Up to that point, a staggering 70% of companies were failing in their transformation efforts. These failures happened for many reasons, but mostly because of lack of drive by top management, as well as companies not accepting what Digital Transformation entails. Most companies felt that their digital offerings, in other words, the products in the hands of their consumers combined with their other services, were adequate to stave off competition. Many big companies, banks specifically, had started to notice some disruption in their traditional marketplace, and had created massive funds to look for new and innovative technology to either invest, or to purchase outright. These banks have noticed the emergence of many new challenger banks as well as non-bank companies moving into the banking space. Companies such as Amazon, Apple, and closer to home, various new challenger banks such as Thyme bank, Discovery Bank, and many South African retailers challenging the banking space.

Companies have started piloting many of the relevant technologies. Figure 1 shows some of the technologies that I thought was relevant, plus the stage that they were in. I have included some processes and concepts into this slide as well. The circles show, from the outer layer to the inner layer, the adoption level of these technologies and concepts. The items in red are the ones who would most likely result in transformational business impact.

Figure 1:

figure1

The center is “Mainstream”, or those technologies and processes that are used daily by many organizations. They may not be mature, but they are in common use. Some technologies, like hybrid cloud and API platforms have become mainstream; although I should point out that Open Banking (a super important API Platform implementation), is itself mainstream in many parts of the world, but is not yet so in South Africa. In the Fintech space, the adoption of some of these technologies is either promoted or inhibited by regulation, or the lack of regulation.

I include Digital Transformation here in the Early Adoption ring. In a normal world, I could have asked for a show of hands of who had embarked on Digital Transformation at the end of 2019, but take it from me, not many companies had. Also in the Early Aoption ring I have included Immersive Media (i.e. Virtual and Augmented reality), Internet of Things (i.e. devices connected to the internet that makes our lives easier or more informed), Blockchain, Instant Payments (not really a thing in South Africa but very important in other parts of the world), Natural Language Processing, and Artificial Intelligence. Remote Process Automation, even though it is a type of AI, has not had the early adoption that AI has had. These are chatbots and other types of automation that hopefully provide your customer with a better experience.

Closer than “Emerging” is “Adolescent”, or the technologies that are coming of age. For me 5G, a super important technology for the future, and Remote Processing Automation, are still in this circle but touching “Early Adoption”.  5G, which is the next iteration of mobile bandwidth, will transform the way we communicate with our customers, and enable applications that are not possible without it. The outer ring is “Emerging”; those technologies on the fringe which have the power to eventually transform the world. I only include Quantum Computing in there, because of all the technologies presented here, Quantum Computing and AI will change the world as we know it – but that is still some years off.

So, to me, this was the world at the end of 2019: with some companies taking advantage of the emergence of new technologies and processes. Many companies, however, either ignored these up-and-coming technologies, didn’t see the relevance to them, or decided to look at it later.

Eight months later, the global pandemic had changed the face of the business and the consumer world entirely. We are used to expecting disruption in verticals, yet we have never had a disruption that touched every person, and every business, in the world at the same time.  Suddenly, people can’t go to the office, people can’t go to branches and shops, and people do not want to touch anything or be in close proximity to others.  All of a sudden, companies realized that they have to get their full feature set of products into the hands of their consumers or die. Not only that, but their employees were mostly not at work; slowing business pace dramatically as companies tried to figure out how to work with their staff being mostly remote. Companies that had embarked on Digital Transformation in 2019 or before, were now at a distinct advantage compared to those who hadn’t. As were those companies that played directly into the new behavior of clients. Wallets and touchless transactions, previously a convenience product, suddenly became essential, as people started showing a reluctance to handle cash. In South Africa, companies like SnapScan and Zapper were at an advantage, providing levels of touchless functionality that cards and cash cannot.

The global pandemic caused a push of technologies that were in the Emerging stage, into, or a lot closer to become Mainstream. This slide shows how many of the technologies that were in the early adoption space, have suddenly being squeezed by COVID into the Mainstream. All of a sudden you need your full product suites, including onboarding, to not only be fully digital, but also a fantastic experience for your customers.

Figure 2:

Nearly all the companies we speak to since the COVID-19 pandemic, have accelerated their Digital Transformation and the adoption of what was previously seen as early adoption technologies. Companies are suddenly investing in RPA, Artificial Intelligence, Touchless, and relooking at the customer’s User Experience. This is the crux of the matter: your customer’s digital experience, and for the Financial Sector, your wallet or mobile banking app.

The Wallet

For today’s customer, transacting is about convenience, and customers expect a full digital service with as few impediments as possible. Customers expect easy onboarding without having to go into a branch or office. Customers expect to get hold of you easily and talk to you when they want to; and when it suits them. Customers want to transact without touching anything, and they want to do it everywhere, not only in shops, but also online. Customers also expect that you are trustworthy and that their information and transactions are secure. Your competitors will be offering this to your customers.

You will also notice traditional banking apps are now starting to get the functionality you previously expected in wallet apps, but not necessarily in your banking app. Nedbank’s latest update allows you to scan QR codes directly from their banking app using Zapper, Snapscan, Pay@ and Masterpass, and allows you to pay at restaurants and even at malls to pay for your parking ticket. Expect touchless technology to roll out in most big South African banks’ mobile apps this year. Shoprite’s new app and product requires no FICA, only your ID number, and has no transaction fees, or onboarding or monthly fees at all. No transaction fees.

So wallets and mobile apps are becoming your near-exclusive touchpoint or channel with your customer. It is how you put your product in the hands of your customer. It is how you communicate with your customer, how you advise them with added services, and how you build your brand. The question is: how do you compete with new agile Fintech’s, challenger banks, and non-traditional companies coming for your customer? And how do you stay relevant, not only with technology, but innovate as well?

The Future

I am envisaging a world where a couple of things happen in the wallet space beyond the current expectations of touchless, easy onboarding, free transactions, convenience of instant payments to friends, and for bill payments alike. Some additional features may include:

    1. customers will be offered new ways of interacting with their banks,
    2. Artificial Intelligence and your knowledge of your customer will be mined to provide exactly the service your customer needs at the right time,
    3. Banks will not be the only ones competing for your customer. Your will be competing with free services.

In terms of customers being offered new ways of interacting with your banks, don’t expect the wallet to remain on your phone. Many of us already use voice assistants, and expect services like Amazon’s Alexa, Googles Home and Apple’s Home Pod to provide your full set of services by voice. These applications will be able to do everything from onboarding, opening and changing accounts, communicating with you, all the way to transacting. Expect people to talk to you in the language they want. {and have their voice translated in real-time?}

This year, most phone providers will start releasing 5G enabled phones. Besides the security and fraud prevention that this will allow, new AR products like Apple’s Glasses will require 5G to enable all functionality from within a private augmented reality world. This is not sci-fi; these glasses are expected to be released next year. No more phone required; and definitely no physical wallet required.

Artificial Intelligence is used more and more to interact with customers, as well as to predict what customers want; and offer that to them. We are not unfamiliar with this idea, however there is a shift in customer’s using AI to figure out what is best for them. Artificial Intelligence will allow applications to pay bills for the customer, or track expenses and spending behaviour without explicit instructions from the customer. Artificial Intelligence applications will also suggest that customers switch products or accounts from one service provider to another, or do it seamlessly based on what it already knows about that customer. Expect AI to do a lot of work on behalf of the customer. Expect new Fintech products that leverage this capability on behalf of the customer.

Banks are not the only ones vying for your customer’s attention. New Fintech products emboldened by Open banking and its successor, Banking as a Service, will allow the wallet behavior I just spoke about. Wallets, or mobile banking apps, will be able to access services instantly at banking institutions; enable a customer experience where the customer doesn’t necessarily see your brand as the overriding factor when allowing their AI apps to switch products from your bank to another. Banks have long depended on the trust built over the years with their customers, as well as the trust that customers put in banks due to regulation and compliance. Yet research shows that younger people are totally comfortable using new peer payment products.

In addition, new entrants like Facebook with its desire to be a global bank providing free banking services to its 2.6 billion active daily users, will be vying for your customer.

What to do

In considering all of this, what should businesses do?

  1. Take your Digital transformation seriously. Speed of delivery and getting innovative products in the hands of your customers is imperative.
    a.   Be ready to reinvent and look for opportunities with partners or up-and-coming startups,
  2. Understand what is coming from a technology perspective and ensure your rolling strategy is on point.
    a.    If you are a bank, consider how you can use Open banking and Banking as a Service to expand your offering and expand your channels.
    b.    In order for banks to survive into the future they need to own the technologies that are enabling consumer usage.
    c.    Fintechs have been encroaching on incumbent banks for a while now, and by moving to Banking as a Service, banks can turn these threats into opportunities,
  3. If you are a bank, consider that your competitors are moving to feeless banking and no-fee transactions.
    a.    How will that affect you, and how can you change your business model to compete?
  4. Use data and analytics to drive decision making,
  5. Lastly, own your customer. Your customer base is everything.

I want to refer back to Figure 2. I have not mentioned the triangle in this graphic as yet, but you will notice that it is the three pillars of Digital transformation: Business, Customers and technology. Without these three being in balance you will not have true Digital Transformation, and it will be more difficult for you to grab opportunities and innovate.

Food for Thought

Finally, have a look at this meme. Most of you would have seen this over the last year or so. It attempts to frighten but it also intends to convey how disruption has touched many industries. The biggest taxi company in the world owns no cars. The largest accommodation provider has no real estate and so on.

I would like to present this in a slightly different way. This is my interpretation of the previous graphic.

It is clear from these disruptive technologies and companies that the customer is the asset and the differentiator.

Lastly, I want to add another meme for you to consider: “The world’s biggest bank has no gold but has 3 billion customers”. This is a future scenario, and the signs are already there.

[VIDEO] Global Kinetic: Where the magic happens

We love new technology, innovation and change.

One of the (maybe not so) new technologies that we have been using on a few of our projects, is Unity.

A new trend though is to make Unity movies, and Victor Geere in our engineering team took it upon himself to create a short video just for us...

At Global Kinetic, we can help bring your ideas to life!

Animation credits: Victor Geere  (Unity Technologies)
A big thank you to Victor for making this awesome video possible! Stay tuned for more animated Global Kinetic themed videos in the future.

5 Reasons Why You Should Invest in DevOps

The primary purpose of implementing a DevOps strategy for any software delivery team is to improve both velocity and quality. Improvements in quality and velocity directly translate into the following benefits for you the business:

Speed of delivery

Teams with continuous delivery pipelines can release to production more reliably and more frequently.
Releasing value to your customers faster and more often allows you to gain a competitive advantage by accelerating your time to market for innovative ideas. It also enables you to be more responsive to changing market conditions.

The faster you get features out into the market the faster you can capture the ROI on those features.

Early detection and correction of defects

Through continuous monitoring and test automation in a DevOps environment, code defects can be picked up sooner in the software development cycle and resolved with a faster turnaround time.

Early detection and resolution of defects results in improved production quality. This translates into both cost savings on expensive hotfixes as well as increased revenue from improved customer satisfaction and retention

Customer Experience

More frequent releases with automated monitoring and analytics enable businesses to obtain customer feedback in terms of needs and preferences more regularly. It also empowers businesses to respond far quicker to these customer needs and preferences.

Better quality in production, through early detection of defects as well as fast resolution to customer pain points, further drive customer satisfaction.

The ability to react fast and deploy engaging customer experiences, as well as to ensure consistent quality in service will generate customer loyalty. This in turn translates into long-term business sustainability.

Innovation

DevOps reduces the time to market for innovative ideas. It supports the ability to quickly release new ideas to the market, test their success, and then further facilitate the timeous release of small improvements to maximise the value delivered to the customer.

DevOps encourages innovation not only through the principle of continuous improvement but also by freeing up creative and skilled talent. Increased efficiency and the reduction of waste obtained through the automation of repetitive tasks, allows creative and skilled talent to focus on higher value activities.

Cost Reduction

An effective DevOps strategy will save cost through automation. Automation will also provide predictability which further reduces costs.

Increased production quality through early detection of defects reduces the overall investment that needs to be made in customer support infrastructure and costly hotfix releases. It also creates long term value through customer retention.

Continuous monitoring and inspection allow you proactively prevent costly issues and allows you to scale on demand.

Faster time to market improves ROI.

Conclusion

A proven DevOps strategy and implementation has immense benefit to you as a business.

All Delivery Engagements here at Global Kinetic come with our built in DevOps strategy so that all of our customers can capture the benefits listed above. To find out more message us at hello@globalkinetic.com.