7 minute read
Mission critical moves
When Tier 1 banks take the decision to move a core process such as payments to the Cloud, they want to know it’s secure. We asked Ciaran Chu of ACI Worldwide and Darren Busby of MYHSM how they go about convincing them
Cloud technology is helping banks to modernise and change their business models. At the same time, innovation must be matched by tighter security and rigorous standards.
Technology partnerships can overcome the challenges of digital progress while maximising the benefits, and ACI Worldwide and MYHSM are two companies that are working together to smooth the way.
ACI Worldwide provides real-time payment solutions to most of the world’s leading banks, and MYHSM is a global provider of Cloud-based payment hardware security modules (HSMs) as a service. It was recently acquired by Utimaco, which manufactures HSMs, underlining how collaboration is also becoming consolidation.
Here, Darren Busby, who is responsible for global sales at MYHSM, and Ciaran Chu, head of ACI Worldwide’s public Cloud business, discuss how technology, partnerships and changes in the payments infrastructure are enabling Tier 1 banks to innovate like fintechs. Cloud and form partnerships to develop different revenue streams. Startup banks and challengers have led the way by focussing on customer experience, rather than doing all the things that add time and cost without benefitting customers.
DARREN BUSBY: Time and cost are certainly problems. For decades, banks have had no option but to run their own IT infrastructures and technology – and that was simply to maintain the status quo, with no scope to innovate and differentiate. Only a few years ago, it was unthinkable that a bank would take its mission-critical payment systems and put them in the Cloud. Now, however, we’re comfortable with the public Cloud, it’s trusted and tested, and banks can outsource with confidence. I think the whole infrastructure will eventually move into the Cloud.
THE PAYTECH MAGAZINE: Banks are revising their view of the Cloud and technology partnerships. What’s driving this change?
CIARAN CHU: If you think about how banks make money, it’s mainly been by charging transaction fees and using interest rates to boost income. Interest rates are now at an all-time low, with little sign of changing, so banks realise they must change their business models to achieve a better cost-to-income ratio.
The message is now clear that it pays to harness the Cloud and form partnerships to develop different revenue streams
Ciaran Chu, ACI Worldwide
Public Cloud providers such as Amazon, Microsoft and Google, have shown that the Cloud is a viable way to lower costs and increase customer focus. The message is now clear that it pays to harness the
TPM: What’s the rate of change? Are banks following a phased approach?
CC: About 15 months ago, we asked customers if they are ‘Cloud-first’. The answer was a resounding ‘yes’.
Then we asked if that meant for customer relationship management and front-end solutions, or core payment infrastructures. The vast majority intended to move their core payment infrastructure into the public Cloud in the next 18 months, reflecting what Darren said about everything eventually moving to the Cloud.
COVID-19 has obviously impacted that journey. The pandemic has lifted home working to an unprecedented level, and banks have had to focus on their operating processes because many now have distributed workforces. That’s helped to generate use cases, with banks taking mission-critical systems and saying, for example, ‘we have to have standing authorisation today, it has to be high availability, so why don’t we test that as a backup in the public Cloud?’. By doing that, banks are developing new capability, realising new business value, and making savings. It’s a phased and well-considered approach, and the speed of change depends on aligning the transformation agenda with the business and the culture.
DB: There is no way Tier 1 banks and big financial institutions will do a big bang and risk taking mission-critical elements such as the payment HSMs and move these into the Cloud overnight. What we do is provide different approaches to help with migration. For example, moving the test service to our service. Then, once they’re ready, customers can move elements of their production environment, segregated by local master keys (LMKs), in a phased way, under their own control, from an on-premises model to a fully outsourced and managed service.
TPM: Beyond phasing, how do you overcome the challenges of digital transformation? What are the priorities?
CC: ACI has customers with different agendas and transformation needs, so the first thing is to understand the priorities for change. Real-time payments and fraud prevention are very logical use cases.
Often, time and resources are the biggest transformation challenges facing our customers. They are too busy to innovate, to run use cases and proof of concepts, so we help them outsource things like testing in the Cloud, working with Cloud providers to improve operations.
One of the biggest challenges for incumbents and neobanks is in-house skills. Key knowledge often sits with just a few people, which isn’t ideal for operating mission-critical systems. Our job goes beyond providing mission-critical software. We help customers transform through training, which is vital for transformation, and forging technology partnerships.
DB: Removing complexity is fundamental to our service. The front end might be the bit that excites people but someone has to take care of all the
Trust is king:
Banks know how vital it is to their customers
TPM: What impact does MYHSM’s subscription model have on costs and flexibility?
DB: We offer a monthly subscription model, as opposed to doing it on- premise which is a big capex purchase, locking banks in for the lifetime of that hardware model, typically around seven years. Rolling 12-month terms and subscription-based fees allow them to evaluate their needs before committing to long-term contracts. They turn capex cost into opex, and it’s a fraction of doing it on-premise. It’s about unlocking revenue and enabling banks to focus investment elsewhere, to their timescale.
TPM: Can banks maintain their trusted reputation when moving to the Cloud?
CC: With the banks I’m talking to now, there are two big areas of debate. One is how to create a compelling subscription-based business model. The other is how to generate incremental value around their trust franchise. By that I mean how to inspire confidence in electronic payments and data innovation, and gain more data insights to The Cloud help customers and absolutely thus strengthen the back-end stuff, the payment HSMs, the improves the security banking relationship. As we shift towards the glorified PCs that sit in of banks. But to win Cloud and outsource the back office. This their trust, we must more time-consuming makes huge demands in terms of regulatory demonstrate activities, banks can move beyond just compliance, particularly that what we transaction processing payment card industry do is rock solid and add value while compliance – PCI PIN Darren Busby, MYHSM reinforcing trust. (personal identification number) and PCI DSS (data security DB: For me, the Cloud absolutely standard) – and requires a skilled team improves the security of banks. and a secure infrastructure. These are But to win the trust of banks, we must complex and costly parts of any payment demonstrate that what we do is rock solid. business – and are the parts we handle. There are plenty of new banks and providers of other financial services, but If
CC: I’d add that, with the upcoming you analyse them, they’re just used for PCI changes, if you’re a big bank, transactions. That’s because people prefer you’re not running one or two HSMs, to have their salaries paid into a traditional you’re running maybe 40 or 50, so it’s a real bank. Trust is the jewel in a legacy bank’s capex cost that’s going to tie you down for crown and they don’t want to lose that, the next few years. Having a partnership which is why they work with suppliers like with MYHSM has been really powerful MYHSM, which provide the highest levels from ACI’s perspective, because it boosts of security. Equally, they want to offer thought leadership. With MYHSM and the customers more, which is why we and likes of Microsoft and Amazon, you have ACI combine security with the ability to the tangible proof that there is a better way develop modular payment offerings of doing things. that compete with the newcomers.
