Heads of technology, operations, payments and security experts from leading institutions across Asia discussed and shared their perspectives on the evolving payments landscape and its shift towards contactless transactions.
They also exchanged views on how consumers are adapting to new types of payment and how banks are preparing for the sustained growth in digital payments. Payment providers are looking to introduce faster, more efficient, ubiquitous and flexible payment solutions. They are also seeking to make payments more secure than it is currently so that consumers and businesses can safely undertake financial transactions in a new post-COVID-19 digital world.
Parimal Pandya and Aparna Rayasam of Akamai Technologies assessed empowering and securing payments. Rayasam said financial institutions need to come up with digitalisation given that traditional payments are growing less. Pandya observed that a massive transformation in payments has become more transparent and convenient.
Henry Rhoel Aguda of Union Bank, Manohar Chadalavada of Standard Chartered Bank, Rottapron Ekabutr of Bank of Ayudhya (Krungsri) and Shekhar Bhandari of Kotak Mahindra Bank Ltd. discussed with Akamai’s James Richmond how they are leveraging data and API connectivity to create open banking platforms and ecosystems to better understand and meet customer needs through seamless embedded services and offerings.
Chadalavada considered the need of having a robust external API strategy to drive value maximisation and enable participants to navigate the open banking landscape. Aguda mentioned that early adoption of digitalisation gives one a competitive advantage in leveraging open banking. Bhandari added that a strong digital backbone and greater customer centricity will make space for an infinite number of possibilities for the digital delivery of solutions. Ekabutr believes that data will transform the nature of financial services but first it needs to be successfully implemented.
Mobasher Zein Kazmi, head of research, at TABInsights, the research arm of The Asian Banker gave an update on the latest cross-border real-time payments developments and trends around the world.
Phoram Mehta of PayPal, Sorin Toma of Emerging Payments Association Asia and Jef Hu of Akamai Technologies shared their perspectives on exploring strategies for payment fraud prevention. Mehta underscored the abundance of opportunities provided by technology but emphasised the need to have awareness of risks and prioritisation of investment in appropriate risk mitigation technologies as well as capacity building through talent development to ensure a secure transaction environment. Hu added that APIs will be the most frequently attacked and vulnerable point of entry across the entire payment journey likely resulting in data breaches in 2022.
Chris Yeo of Grab Financial Group and Jon Prideaux of Boku evaluated the future of digital payments with the rise of e-wallets and embedded finance. Prideaux asserted that payments are an example of absolute innovation and the new wallets emerging in the region need to be standardised. Yeo opined that the payments ecosystem is unique to each country due to the different types of instruments available to users.
The following key points were discussed:
The following is the edited transcript of the dialogue:
Foo Boon Ping (FBP): Good afternoon from Singapore, welcome to the inaugural Akamai Payments Summit Asia Pacific 2021 where we will be discussing how the financial services in the region is “Powering and Securing the future of payments”. We are excited to be joined virtually by a distinguished and select group of technology, operations, payments practitioners as well as technology, operations and security experts from leading institutions across Asia to debate the future of payments. It is an interesting time to be involved in payments now. There are so many exciting and innovative developments that are fundamentally transforming the industry. Many countries in the regions have rolled out new real-time payment systems, coupled with national digital identity systems that have made basic payment services through digital wallets and other non-bank-based account accessible to almost everyone, making financial inclusion a reality. The possibility of making person to person transfer to anyone, any business or company no matter of size has made payments thoroughly ubiquitous.
Furthermore, governments and central banks are leading initiatives to drive payment standardisation and interoperability. The implementation of ISO 20022 XML messaging format and standardisation of mobile QR codes are helping digital payments to thrive. The introduction of fifth generation telecommunication infrastructures combined with a high penetration of smartphones have also increased the adoption and usage of electronic and mobile commerce platforms and ecosystems that rely on digital payments. The widespread adoption of open APIs and the cloud have also created a highly scalable level of connectivity that was not possible before, enabling the creation of ecosystems that are able to bring product and service providers together to serve the different needs of consumers. They also create supply chains and value networks into which financial services providers are able to embed and deliver basic payments and other financial services through the agile and intelligent use of data. In addition, new and innovation banking-as-a-service and embedded finance solutions such as “buy now, pay later” offer traditional institutions the opportunities to tap into alternative revenue streams while delivering a more seamless customer experience. And the same innovation is being applied to cross-border payments.
Banks and fintechs are developing cross-border platforms to facilitate the transfer of funds across the region by offering faster payment services and lower transaction fees. We have seen cross-border e-commerce take off in a big way during the pandemic. Now, you are able to sit in the comfort of your homes, choose and pay for practically anything from anyway with an unprecedented level of ease and comfort. And adoption and usage simply exploded amid the social distancing during the pandemic. Amid these developments, fraudsters are targeting peer-to-peer payments at an alarming rate through social engineering, scams and account takeovers. Digital payment providers are strengthening and securing their digital payment capabilities to mitigate the risks of potential of cyberattacks. They are investing in solutions to effectively detect, prevent fraud and reduce losses while minimising customer friction. Would the future be based on zero-trust and blockchain? CBDC? Multi-CBDCs? Probably still some distance off into the future.
But for now, the Payments Summit APAC 2021 in association with Akamai Technologies will discuss and debate how the future of the payment landscape is shifting towards contactless payments, how consumers are adapting to the change in payment methods and how banks are preparing for the future of digital payments. Our event theme, “Powering and Securing the Future of Payments” suggests two imperatives that payment providers must fulfil. First the promise of empowering faster, more efficient, ubiquitous and flexible payments. The second is to make payments even more transparent, secure and safer than it is now so that consumers and businesses can trust and leverage off it in the new post-COVID-19 digital world. Helping us to inaugurate this virtual Payments Summit, I am excited and pleased to be joined by two Akamai leaders in a dialogue to discuss the two industry imperatives that I have just outlined. Please welcome Parimal Pandya, the Managing Director for Asia Pacific and Vice President of Sales at Akamai Technologies. He is responsible for driving Akamai’s growth and expansion across 14 countries in the region. And next, Aparna Rayasam, Senior Vice President and General Manager, Application Security for Akamai Technologies, she is responsible for Akamai's Application Security business within the Security Technology Group.
The emergence of fintech payments players has accelerated the integration of digital and mobile payment options with third-party ecosystems, enabled through open APIs, to provide consumers more personalised services and streamlined experiences. This points to the growing importance of digital payments in APAC and the blurring of lines between banks and retailers. Retailers can now turn to alternative non-bank providers for payment and even consumer credit. What challenges and opportunities do you see for banks and traditional financial institution in this very competitive space, Aparna?
Aparna Rayasam (AR): So I think you're pointing to a very nascent or very actively evolving trend in a where, where the traditional payments are being, you know, almost disrupted by these new and different kinds of payments. And so we will need to end with the attack surface changing from what was the traditional payment ecosystem to the newer payment ecosystems. I think the security aspect of it also tends to become much more interesting, you know, it is now more important for us to be aware of the APIs as an attack surface, the attackers are quickly going to move from historical web interfaces to APIs. The other dimension that I see is given that the traditional payment systems are going to be sort of, you know, less, let's say growing, you know, the institutions, financial institutions will need to come up with different mechanisms to make their platform stickier to attract more customers, because customers are probably not coming to them in a way that they're expecting. What do you think, Parimal?
Parimal Pandya (PP): Yeah, first of all, thanks for having both of us being it's a pleasure to be here. I completely agree with you, I think, the points made at the beginning, I've observed in the last four or five years, a massive transformation in how, you know, I've seen people pay for anything that we consume on a daily basis, what I've seen is, payments have become far the consumer has far more choices, which is fantastic, number one. Number two, it's far more transparent. And number three, it is very convenient, you know, the choices bring convenience with them. And so all of a sudden, as a consumer, I feel far more empowered. And no doubt, you know, consumers are always the king and it's definitely something this case, but like you said, it doesn't come without its challenges, it raises questions about what is my relationship, as a consumer with my bank, I don't actually interact with the bank, I interact with my phone, which I then use to make the payment. So my phone is my first interaction and where I have the relationship, or perhaps I use an app, that is using some backend payment processing system, or I'll be taking money out of my bank, but really the app is where, you know, I'm interacting and where my relationship is getting built. So I think it presents a fundamental question for the banking industry as to what and how will their relationship with me as a consumer will evolve?
Number one, number two, it raises questions about, you know, who then has the data about what my consumption patterns are? And how that data is going to be used? Right? And what do I benefit from that as a consumer, I get free payment services, which is great. But you know, what benefits do I get because of the information that now is available to my provider about me and my consumption patterns? So I think that's another opportunity, you know, depends on who benefits from it. But then it also raises some tough questions, it raises some questions around trust, which I think will get further exacerbated as we move into this new virtual meta world, if you will. It raises some questions about risk management, from the providers point of view, right, who's taking the risk on a transaction? And, you know, we know fraud is a pretty big part of at least the online commerce business. And you know, that and then obviously, like I said, In the beginning, you know, what is the bank, and what relationship bank then have with its consumer. So I think those are the questions that the industry needs to tackle. And I'm very excited about what comes next. I think if the last few years are any indicator of where we're headed, the future is even more exciting.
AR: The other thing that I think we can also start to expect is no longer are consumers, again, back to your point about their interacting with these institutions on their own personal devices. No longer are these consumers going to be siloed to the single experience. So I think we are going to have to or in financial institutions will need to support sort of an ecosystem where a consumer may be interacting with different institutions at the same time, and they need to support that through a single UI, sort of like an open banking, that kind of a concept.
PP: I do that every day. Yeah, you're exactly describing my life. Yeah.
FBP: Okay, great. Parimal and Aparna. Great point about the challenges that banks face and as you said, customers increasingly are not benefiting the seems to be getting no payments, convenient choices. Payment is already highly commoditised with very thin margin, how have some of the more progressive and innovative banks responded to the challenge? What other business, technology, security trends you see in this space? In terms of what I have outline previously in open banking, e-commerce, cross border payment, fraud prevention, and future of payment in general, Aparna?
AR: So in terms of data, and really the the other trend that we're seeing is, the number of requests that are being served from via APIs has absolutely exploded. So no longer are we seeing in a previously, the majority of traffic was web traffic, especially to the financial institutions. But now we have seen that that trend has completely changed in favour of APIs. Now, we are not the only ones who are observing this Gartner predicts that most of you know, the API abuses that are probably, you know, sort of infrequent now will probably be the dominant attack vector in 2022. And beyond. And so this, this offers both in terms of an opportunity, both in terms of what can be garnered from the data itself that we are seeing, you know, as as these trends are evolving, forming and evolving, and how can we stay ahead of that. So, you know, more than ever, it is going to be very important for us to create that kind of a centralised intelligence where, you know, as you're seeing attacks, or as you're seeing traffic patterns, you know, evolve, how can you protect the entire segment based on what you're seeing in, let's say, the early adopters, so so there's the, this is a very exciting, we are at the cusp of some major evolution here.
PP: You know, what I like to, if anything I'd like to add is, you know, I think the, the range of services that are now going to be available to the consumer is going to be extensive, unlike anything that we've ever seen before. But at the same time, as a consumer, I'm interacting with multiple service providers, you know, on, on the same day, or perhaps over the course of a week or a month, for different different needs of mine, you know, and I think there's got to be an opportunity to figure out, you know, if there is eventually any kind of consolidation, if if there is perhaps coming together of services, that makes sense for a certain customer, because today, I find myself in interacting with multiple service providers. And I think, as a consumer, if I think about it, that there may be an opportunity for some sort of consolidation, or a, a sort of a, or a mall or service provider portfolio, if you will. The second part is, you know, who's going to who's going to take the lead in building trust with the consumer, you know, we're seeing some of the big tech companies leverage their brand reputations into not providing payment services as a, as a platform or as a service, if you will, their trust, their brand extends themselves into this.
But, you know, as new companies come in, especially startups coming, it's gonna be interesting to see, what does it take to establish trust? And then, you know, the next thing is gonna be how do the regulator's react, you know, to to protect the consumer to protect the data to protect privacy, to protect against fraud, protect against theft, especially, you know, as we move towards crypto and what have you, I think, you know, not a week or a day goes by when I don't hear about somebody getting scammed about something. And I think that's going to be an interesting problem or kind of conundrum to solve. So I think there's a, there's a wide range of challenges, but also opportunities. Like I said, providing sort of one stop shop to the consumer building trust, protecting against theft, protecting against fraud, to me, are probably going to be the big opportunities, both from a value proposition that you can provide to the consumer, but also challenges you're going to have to solve for which again, into it, I think will become an opportunity for the service provider if they can find a bit of software.
FBP: Okay, great. And finally, how is Akamai positioned to support, enable and secure the future of payments?
Importance of data quality and leveraging insights
AR: So let me take a shot at that first. You know, we literally make life better for billions of people billions of times a day. So, you know, it's probably you know, the average consumer out there is probably not aware of how many times how much they're using Akamai, and how much of their usage goes through our platform. Billions of people around the world connect with their favourite brands or to shop online, play the latest video games log into mobile banking apps, learn remotely etc. They may not know but optimise, they're ubiquitous. So, so really, when we, you know, to tie the previous point as well, in an era where you know, you have to make real time decisions and and those decisions have to be automated, the data quality is very, very important. So unlike other organisations where they probably will need to create that richness of data for their, their algorithms or their intelligence, Akamai because of our, our presence everywhere and the anonymous usage pattern on our platform, we have data and and first class visibility bar none. So there is again, you know, we, we tend to you, I think it is it's, it's easier to, to not, you know, and not emphasise that as much because, you know, you, you expect that the intelligence would be would would be native. But, again, going back to the, the data quality, as you see this enormous richness of data, you're able to pick up trends, you're able to pick up trends sooner than they become trends. So maybe there is a small attack, maybe there is something that is specific that is happening in one sector, it's easy to imagine that that can easily be extrapolated across, maybe there are attacks happening in one sector, but that could be applied to the other sectors as well. So again, I think what is going to become even more important is centralised intelligence, centralised data collection, but then distributed actioning. So actioning on the edge closest to the interaction, that is what is going to become critical. And that's really where Akamai’s biggest strengths are.
PP: Yeah, and let me just add that, you know, we have been working with the biggest banks, financial institutions. So, you know, financial service providers, and more recently, the fintech companies across the world, and especially here in Asia Pacific, in Japan, for the longest time. If you're a consumer, we make sure that that transaction that you're conducting online, is safe, is secure, and is fast. Right, number one, and number two, if you're a service provider, who does any of the things we just talked about, obviously, we make sure that we can provide a fast, secure and reliable experience to your consumer. But we provide a wide range of capabilities that go above and beyond that, to protect your infrastructure against the threats that we just talked about. You know, and, and one of the things, you know, whether it be identity theft, whether it be theft of a DDoS attack, so that, you know, perhaps a bad actor wants to completely take down your service, perhaps fraud, we provide a wide range of capabilities that protect you against fraud. So really, when you think about your entire online presence, can I provide you with the arms, if you will, and the tools that you need to shore up your presence and provide an experience that your customer is going to love? And is going to come back to? And I think it's going to be a very critical role in solving that trust issue that I just talked about. Right? I think we think we play a if I may say so humbly, we play a very, very critical role in enhancing that trust that I have, as a consumer have with my provider. And I think Akamai has a lot to do with it, along with, of course, many other things. And so, you know, that's kind of what we do. And we've been doing it for a long time. And I think the opportunity for the industry is incredible.
FBP: Thank you Parimal and Aparna for those very interesting and thought-provoking comments and I trust that our audience have benefited from your insights and the examples that you shared. Thank you for getting the Summit to an excellent start. I would like to invite our audience to stay tuned as we have an exciting series of panel sessions coming up.
Our next session is on “Open banking and platform as a service in APAC: Leveraging data and API connectivity – where Manohar Chadalavada, the Global Head AI, Ecosystems and Open Banking, Standard Chartered Bank and Henry Aguda, Chief Technology and Operations Officer and Chief Transformation Officer, UnionBank and Rottapron Ekabutr head of consumer Digital Solutions Division at Bank of Ayudhya will be speaking with James Richmond, Regional Manager, Akamai Technologies.
This will be followed by a briefing on: Cross-border payments in a real-time world by Mobasher Zein Kazmi, Head of Research, at TABInsights, the research arm of The Asian Banker. And in the afternoon at 1.10pm Singapore time, Phoram Mehta, the Chief Information Security Officer for APAC, at PayPal and Jef Hu, head of security solutions, South Asia, Akamai Technologies will be “Exploring strategies for payment fraud prevention” with Sorin Toma, Cyber Security Advisor, at Emerging Payments Association Asia.
And the final panel session of the Summit will feature Chris Yeo, Managing Director and Head of GrabPay at Grab Financial Group and and Jon Prideaux, chief executive officer at Boku, who will be discussing the Future of digital payments: Rise of e-wallets and embedded finance with Deepa Parikh, Head of Solutions Engineering, Akamai Technologies. And I will be back right at the end to conclude the Summit. It is going to be an exciting agenda and I wish everyone a highly rewarding Payment Summit and a great day ahead.
Host: Thank you to all our speakers for the insightful opening session. Ladies and gentlemen, let's move on to the next session. APAC open banking and platform as a service, leveraging data and API connectivity. Allow me to introduce James Richmond, regional manager at Akamai Technologies.
James Richmond (JR): Good afternoon, everyone. Hopefully, I'm coming through okay on a very sunny afternoon down here in Melbourne. It's lovely to be talking to you all. As as introduced. Our next discussion invites a range of highly distinguished business and technology executives from leading institutions across Asia, to discuss the evolving opportunity that open banking and platform as a service proposition is present. And, you know, for us all to share our observations and learnings when leveraging API connectivity in the payments industry as an extension of an opening comments from Parimal and Aparna. Certainly an evolving and an innovative space. We really appreciate you joining us as part of your day to day.
My name is James Richmond, my team and I take responsibility for alchemise financial services relationships here in Australia and in New Zealand. And it's a pleasure to be hosting you guys for the next 35 minutes. Over the last three years, my colleagues and I right across Akamai, again, as an extension of some of the opening commentary. We've taken great pride in supporting a range of banks, a range of fintech and adjacent industry enterprises, as they better understand open banking and platform as a service opportunities in the context of their particular industry ecosystem. Our Edge platform is parallel touched on before has been highly effective, empowering and protecting our customers API infrastructure as it is progressively opened up to all new business use cases. We take great pride in ensuring resilience, scale visibility, and leading security controls for our customers and their customers as they continue to explore this innovation in this you know, exciting space.
Beyond Europe, Singapore and Australia, I think we're all here and interested in the conversation because open banking and platform as a service propositions are now accelerating rapidly in respect to traction throughout Asia's financial sector. I guess it gives us as industry providers the opportunity to extend financial inclusivity to underserved markets, but also drive innovation through open access to authorise customer data. But wherever we go, the watchful eye of industry regulators is never far away and evolving challenge for us all. So in this session, we'll discuss how a number of my colleagues here on on today's call, I guess the leveraging these opportunities and what they're seeing in the respective markets in which they operate, you know, to create more sustainable, customer centric and profitable businesses moving forward. So as introduced, you know, our agenda for discussion today, banking as a service versus banking as a platform and some of our respective observations across this group. You know, leveraging the opportunities, the leveraging API for enhancing customer engagement and building new revenue streams is presented for us so far, what we're seeing happening out there, and I guess some of the thought process that the gentleman here and I are seeing as you know, open API architectures are opened up, and the challenges that delivering and protecting those present we'd certainly love as a group to see the audience participate in today's discussion.
There's opportunities to do that in the chat box here if you're using zoom or for those listening in via Facebook and LinkedIn to drop your questions or comments in the comments section. In the interest of time, you know, we don't have too long together, you know, some quick and rapid responses from us, we can certainly feel free to bounce off each other. But to quickly introduce everyone again, you know, with some raises of hands, Manohar Chadalavada, managing director global head AI ecosystems and open banking and our friends at Standard Chartered Bank based in Singapore. Thank you very much, sir, for joining us today. Henry Rhoel Aguda is EVP chief technology and operations officer, chief transformation officer at Union Bank based in the Philippines. We really appreciate you joining us here today to my friend Rottapron Ekabtr, head of consumer digital solutions division at the Bank of Ayudhya based in Bangkok, and Shekhar Bhandari, president of global transaction banking Kotak Mahindra Bank based in Mumbai, thank you guys for joining us. And our sincere thanks for your time with us today. So let's get into some some questions. I might direct the first to Manohar, from your perspective. You know, I guess based on everything you've seen so far, in your travels today, how does the API economy empower digital transformation, the financial services industry? A very wide question but a good one to set the scene, I think for all of us.
Open banking initiatives lead innovation in payment solutions
Manohar Chadalavada (MC): Thanks, James. And we're not travelling anymore. We're all virtually travelling. But having said that, thanks for the introduction. And I'm actually privileged to be part of this session. Very interesting session, going with the times where a lot of digital transformation is happening across, across. I think a lot of banks now considering their digital banks happening across Asia, a lot of people are looking at how do we drive APIs? How do we collaborate with regulators and open banking? And how do we get into micro services get out of legacy? So a lot of that is happening across banks today, and including financial institutions. But for me, I think there are a few pieces which needs to come out in the financial institution, specifically in the banking space. Some of this, I think we're trying to do, but I would want you all to know that a lot of this needs to happen. Now, in banks, we need to have a robust external API strategy, including value maximisation, we need to get that moving. We need to navigate the open banking landscape today. And what is happening is in Asia itself, where it's the entire open banking, it started in EU in the European Union has now expanded into Asia.
And a lot of regulators now are looking at how are countries and banks collaborating and launching it and it's happening across Asia, right? If you look at Korea, if you look at Taiwan, if you look at Hong Kong, if you look at India, if you look at Singapore, a lot of these countries are really getting into open banking, and it's also going into Middle East and Africa. Now, you see Bahrain, you see Nigeria, you see Kenya, a lot of those countries are really opening up the space. It's also driven by a lot of, you know, aspirational goals of governments and making financial inclusion as one of the key goals for them, for them to roll out in many of these countries. So that's one area, then we are looking at a lot of these banks going into digital driven partnerships. For that you require a clear API strategy. So that's actually creating that transformation in banks, right. So that's one area which we are going a lot of banks are now exposing the capabilities through open banking APIs, and also externally focused custom APIs. All this is to drive digital transformation, right? We require more clients, we require to serve them more easily. So we require APIs to actually revolutionise that. So that's very important for us. And what's also happening is there are four key trends which are happening in open banking APIs. And I talked through some of them. But one is regulatory driven, market driven across markets, as I said, expanding new use cases. And how do we monetise some of these opportunities? I think a lot of banks now looking at monetising opportunities from APIs, and a lot of banks.
Outside I'm not only talking about Standard Chartered and talk about DBs, talking about BB, we're talking about CAP one, they're all looking at how do you monetise APIs? How do you get them to talk to 100 different partners in a short time of space? So that's one area. Then they talk about API aggregators, a lot of API aggregators, because open banking is becoming more and more open. We have API aggregators coming in, you have large players that played, you have in Europe, you have paying personalities, etc. Looking at these, how do you access to fintechs and potentially push non regulatory driven standardisation into this, right? Because you have these aggregators coming in, and that's going to change. And we have seen that change, right. And I, I'll use some example in India, we have rolled out account aggregators, and these account aggregators will actually revolutionise financial inclusion. That's one of the key aspects of why it was rolled out in India, right. And that's, you will not see it now. But in two years or three years time, you will see that hugely popular in the same way as UPI is becoming popular in India. So some of this is really taking on. And now banks are looking at how do you develop open banking applications, we are looking at two strategic pillars. One is integrating third parties, and then expanding to non proprietary channels now. So that's how people are looking at how do you bring APIs? How do you drive API economy? How do you work with governments on open banking, and then revolutionise your infrastructure? So I'll hand it back to you, James, I thought I bring out some aspects of how open banking API economy is driving some of the thoughts in banks. If you require more information, you can always reach out to me. Thank you.
JR: That's a wonderful introduction. And Henry, I guess, picking up on some of the themes there or maybe, maybe exploring further, I guess, on the back of your experience and operating as Union Bank does, you know, in the Philippines, what are some of your observations around, you know, some of the more exciting use cases and best practice that are sort of opening up now, as it relates to open banking?
Henry Aguda (HA): Thanks, James. And apologies for being late. Actually, I was in another seminar with the deputy governor of the central bank, in charge of digital initiatives and platforms, and exactly what we discussed earlier. You know, in the Philippines, we've already the regulators have already promulgated the open banking framework. And in that convention, he was asked, same question, what are the use cases? What does this mean to us? So to him, he gave a very, very good and grounded example, to him, imagine, if you're a depository in a bank, and you suddenly realise that there are credit instruments available in another bank that you want to avail of, you could just authorise your existing bank to forward your KYC information. So that bank offering the credit without you opening an account, because right now, the only way for you do it is you have to open an account, you have to go through all the KYC process again. So I think that will be the killer use case here in the Philippines, where you don't have to accumulate bank accounts in so many other banks, you can be an account holder, one bank, and you can avail of loans from so many other banks.
So that's a clear and practical use case that a lot of people here in my country are looking forward because access to credit is a big issue right now. So it's being able to avail of credit instruments without the necessary step that is required right now for you to open an account. So that's one of the steps in terms of availing of that and second, in our experience, also in the bank. So you know, we started into this open banking initiative five years ago, by putting together a very robust API platform and it has actually helped us coordinate the space in digital payments. So most banks right now, are now moving into the digital payment space. But I guess the thing here is early adoption, early appreciation gives you a competitive advantage and puts you ahead of the game. So we've experienced that already. And digital banking is now pervasive in our country. I guess the next step is when the full effect of the open banking framework gets implemented and customers or banking customers can now just choose services from all the other banks without necessarily going through the strainous KYC process all over again.
JR: It's a fascinating space. And Rottapron, shifting gears slightly, but picking up on short, many of the many of these things, I guess, focusing now on platform as a service, which is certainly opening up quickly here in Australia, what are you seeing in out of Bangkok?
Rottapron Ekabtr (RE): So I'm in Thailand for platform as a service, from my observation, I see a lot of best practice for it. And I believe that like three key elements, that therefore we are focusing on, versus on the strategies and blueprint, it's just starting with the understanding the inside and the pain point of the customers or partner before, you know, crafting our joint vision combining, you know, partners, business and technologies, market objective, you know, an agenda that, you know, like a north star that unite everyone around a chair, a strategic vision, before developing the strategies, and, you know, roadmap, but if you just on the other end, I think, in Thailand, we're starting to see the most critical one is on the organisation and the governance for the platform as a service. You know, I like the concept that we're trying to implement it to in a box model, meaning that business and leaders need to work together, hand in hand and on joint performance metrics that track both business and technologies outcome, you know, and also manage the project priorities, as you know, like, in Thailand, you know, like, in our bank, a couple years ago, what we were facing was that business, they have their own priorities, and it we have our own priorities, how do we balance that?
And how do we, you know, move forward with that, you know, the other areas, the challenges that we're facing on the funding, you know, we have to get funding from individual projects that need approval from, you know, many committees, and it usually take time, and efforts to get, you know, get it moving. So if we, we have to in above, and we can actually empower this people, our people to tie, operate and manage the business capability platform, then we be hold everyone accountable for our p&l, so it kind of like a startup. So that's what we are trying to implement. The last one would be on the technologies and data like many Henry and Manohar have mentioned earlier, I think time needs to establish enterprise grade micro service platform, and API that easy to integrate with legacy, and easy to scale. Because most of the time, you know, we're blocked by complex legacy integration, and usually slow speed legacy as well. So the other area is on that the data, I think that that part will be going to important, how we can capture that data from that providing platform as a service, and, you know, other data than what we currently provide. So those are the key elements that we have observed in providing platform as a service. And these are the areas that Krungsri is working on. Thank you.
JR: Fantastic, Rottapron. Thanks. It's really insightful, and we're seeing a lot of that down here too. Shekhar bringing you into the conversation. Now, if you were to get the crystal ball out, and I know you know, India is in a different kind of phase of open banking to where do you see all this going? I guess we can all say what's sort of happening now but where do you feel this is going longer term?
Shekhar Bhandari (SB): James, wish I could tell but I can only say that we are in never normal world. Yes, the world which has been forced to embrace a pace of change affecting a seamless, instantaneous generational shift. What we saw last 18 odd months was unprecedented. And when I want to predict the future, the world is going to be a never normal one and a never normal world will look where you will require newer products, it can be open banking, it can be platform, it can be something more, very strong digital backbone, and a greater customer centricity. And that will make space for infinite possibilities to take root. In the never normal world, I've been a strong proponent that the future of finance would be data and whether it is the big data or Internet of things IoT, which re-enable us to interconnect all the information, it will happen to devices, it will happen through minds, it will happen through predictive analytics, it will happen through artificial intelligence, it will happen through machine learning. And it will improve I think, the efficiency as well as work on building trust, creating privacy, ensuring security, which will become increasingly important, I think, we do realise it now, but it will become increasingly important when you are in an interconnected world with data.
Yes, having said that, as a context, you will find that open banking initiatives which are now they are currently leading to innovative and customised solutions, they will be in another era may be called something more and it can be a world where we may not probably know the word banking, it will be finance, we may not know the world platform, it can be a solution. And the service will be given where garnering the attention of all the major adding access points, ease of access personalised services will automatically to the customer API suit, which we see right now. And I think we do operate very, very effectively. At the bank as well, we do realise that it's an easy to universal access to our products, by collaborating with fintech players and etc. But I think fast forward and etc, as you will be having it around. All the services, which are finance offers, and data will combine the pieces Manohar did cover on account aggregator, it is something like that India has set the three rails I think rail one of creating a digital identity rail two have having a digital payment system in place. The other being one, UPI being two and then trying to have an access to data and then I think lending onwards to account aggregator, so to tell it briefly, never normal world, and it will require never normal thoughts and practices to, to adjust to that, and an entirely.
JR: Indeed, Shekhar. And it's a perfect segue to I guess the next topic of conversation if you're thinking about, you know, where the future can take us here and, and using, you know, platform as a service and open banking as sort of building blocks, you know, suddenly hyper personalised customer experience becomes, you know, all the more important, right, right, the way through, I guess, you know, thinking about, you know, data, as you said, is, is the future of finance and and, you know, API connectivity, the options, the opportunities that presents, I guess, how are you seeing industry players, you know, not only Kotak but but other industry players, you know, preparing themselves, I guess, to to, you know, personalise the experience for customers, to start opening up some of these, you know, use cases and opportunities that they present?
SB: The data generated by banks now is in terabytes. So, you can have terabytes. First, it was terabytes in a month. And then terabytes in a fortnight, terabytes in a day, now terabytes in a few minutes, and which is the millions of daily transactions with get process across range of services and locations. I'll tell you, I think a couple of banks whether it is JPMorgan, Citi, Wells Fargo, you've seen I think good amount of work and initiatives which has been done on on connecting the entire bank data, which was previously in silos to build an analytical target operating model, or a coin thing which is to analyse and processing documents. But the result is in digitisation of processes, including digital onboarding, and transaction processing. We can call ourselves having monolithic systems, but I do know that I think and I do that everyone is shifting shifting towards ensuring digital onboarding, transaction processing, operational efficiencies, procedural efficiencies, enhanced customer value, and, and multitude of services by utilising internet.
And I call internet of banking, rather than IoT and internet banking of things, because, and banks are creating centre of excellence, and they have to create compulsively and organise and connect the multiple data sources to accelerate the delivery of data driven businesses insights, which come from, I think, the big data into financial intelligence. Do we see a good shift? Answer is yes. Does it require significant investment over there in across my answer, again, will be yes, because the data can be used in profiling customers financial barriers, and being part of the entire ecosystem, then only limiting themselves to finance or understand. So, this can frauds are also an important part, which banks are investing in. And they are ensuring that the customer which earlier used to be only part finance, hopefully is with you, for the entire lifecycle, be it food, be it travel, be it gifting something, or besides doing deposits, and taking loans.
JR: Yes. And look, I've also got one eye on not only the time, but some of the questions that are starting to roll through and, you know, unsurprisingly, lots of questions around around this, you know, securing this infrastructure. And so maybe it's switch switching gears a little bit, and Henry might come back to yourself, you know, to get us going is, you know, what, what would you guys advise other financial services organisations, and there's so many here listening to our conversation now to consider when when continuing to open up their, their, their API architecture. Shekhar mentioned, you know, risking and compliances. And obviously, and I guess, maybe maybe thoughts around around security and other considerations for everyone to learn from?
Right mindset and robust platform
HA: Well, it's it's a very critical question to answer for anybody who's going through an API platform implementation. So first things first, the mindset. The whole organisation should not have the attitude that API security is someone else's problem. It's all our problem. So that mindset has to be there. And second, you'd be surprised there are still those that are claiming they have an API platform. But when you unbox and look under the hood, it's screen scraping. I'm a bit. I guess you guys have seen that also where it's shaded as API. But actually it's been speaking to me that's very dangerous. That's one of the very reasons why in the UK, they've established API standards, because screen scraping introduces a lot of security risks. Now, assuming you have the mindset, and you have the right actual real API, then you need to have a robust platform that allows you to authenticate account for and secure the APIs. And from a security practice standpoint, I mean, this is very fundamental to everybody, you practice the principle of least privilege, because you know, there's a third party risk. Whenever you connect your APIs or exposure APIs in Union Bank, we expose close about 600 APIs. So our governance around third party risk is very high. From more technical execution in transport layer security has to be there. Luckily, luckily, in the Philippines, that's a requirement. Don't over share, and I totally agree.
Our future is in data. Everything that will connect us will be connected through data, but it becomes toxic when you over share. So I guess, use that advantage to your business objectives of mining the data, connecting others through your data. But be careful not to over share, I share only what is necessary. I guess that's something that everybody in this call would understand. And in our case, for all our APIs, we abuse rate limiting. So we set a threshold for subsequent requests, because you'd be surprised some some enterprising hackers out there might represent themselves as legitimate users, but they will test the limits of your system. So we actually apply use rate limiting to all our APIs. Other than that, I guess it's just a community play for for like minded organisation like everybody on this call, we just have to share information among ourselves, adapt to standards, and call out organisations that are not securing their APIs because it's a community play, you know what they say you're as strong as your weakest link. So, so I guess that's, that's how I see it. And I hope that helps the people listening on this topic.
JR: Now, that's wonderful, Henry. I know, we're racing to running out of time here. Rottapron, what are your thoughts on this topic? Do you have any other any other pearls of wisdom for everyone to learn from here in terms of thinking about preparing your open API architecture?
RE: We're talking about open API, I believe, you know, I strongly believe in I think everyone has talked about, you know, data, it's, you know, fundamentally was gonna transfer fundamentally transformed the major financial services. And I think the the few key imperative that drive this successful implementations. Now, banks and partners, you know, like what Henry just mentioned, you have the willing to share the data. So if you know, we're doing open bankings, and we're doing banking as a service, platform as a service, and we're not willing to share data, so many other use case may might not be there. Like, we're implementing what we call eKYC. We're doing created underwriting, as well, as well as other, there are many use cases that we need to share the data, we do information based lending. So those kinds of data are quite important.
And API also, were important, and how do we drive that capability to actually do data prep and business decision as well, that, you know, to me, I think API, it's also part of like, a blood of the entire end to end flow where API is actually retrieve the data and then put in AI, ml, and then from then on, we have intelligent decisions. And then from that, how do we deal with deliver to channel to deliver that type of personalised, you know, offers or service that is truly automated and happen at the real time at the right moment at the right place? So those are the key things that I think we could learn from, you know, banking as a service or platform as a service.
JR: Wonderful, and Manohar, circling back to your good self made to help close out the session today. Any any other final, final thoughts or things to share for the audience today to wrap us up?
MC: Thanks, James. See, I think I've heard people speaking about how APIs need to be secured. How it drives, the problem is here is a lot of these financial institutions. And I'll keep it very short and sharp, have legacy have technical debt, and that we can't run away from right, that's because we've been here for 10, 100 years now, more than 100 years, and many of the large banks are many, many years old. And they have created the backlog or the technical debt, which needs to take out. So what banks should focus, at least the traditional banks, because fintechs don't have this problem. They don't have a legacy. They can create a modular cloud native API driven platform, which can be used for whatever purpose, right key or technical debt, I think banks need to make sure that some of the key items need to be more modular, we need to put our legacy systems into cloud. That's very, very important so that a lot of this technical debt is going out. And we need to look at how do we create those API strategies and API platforms, which are, which are secured because some of the security, I think, Henry, or someone spoke about, I think, talked about all those.
How do you prioritise security? How do you have strong authentication and authorisation? How do you make sure that you share the right amount of data? I think banks need to really evolve that thinking. And that's I think, culturally needs to be embedded right? Because today, API economy API strategy is not a technical issue. It is a business issue. You have the right API platform, you have the right API connectivity, you will get partners, you will get more customers. So I think banks are now thinking through this. I think a lot of banks have gone ahead. I think over the next couple of years and not even give a five year horizon, I think a couple of years, a combination of open banking, combination of how data needs to be shared, how partners are trying to, you know, get into this space of, you know, financial inclusion and all that all that will come along. And I think you will see a much much better evolved financial institution, which is API driven cloud native and hopefully, decisions which can be taken faster.
JR: Some fantastic advice here for the audience. Gentlemen, we really appreciate your time today that we've arrived at the top of the hour. Very grateful for you spending your afternoon with us. Hopefully, every lots here for for you as the audience, lots of questions that have come through here, that will circle back on under many of the things that we touched on today. But a quick sort of note to wrap from me in thanks for your time, there's some artefacts that will be shared with the audience around to promote some thinking around how you can address some of these platforms. And some of these, I guess, challenges at Akamai’s edge, but also share some of the learnings that came out today and some of the insights that have gone with it. But for now, gentlemen, thanks so much for joining us today. We've really valued your time and insight. As I said, there's something here for all of us to learn from, Akamai included. We're grateful. Thank you.
Host: Thank you to all our speakers and to our moderator. Ladies and gentlemen, I would now like to invite Mobasher Zein Kazmi, Head of Research at The Asian Banker to give us a briefing on key trends in cross border payments in a real time world. Thank you.
Mobasher Kazmi (MK): Greetings, and welcome to The Asian Banker briefing on cross border payments in a real time world. I’m Mobasher Zein Kazmi, head of research at The Asian Banker and I'm really excited to be joining you all at the Akamai Payments Summit APAC 2021 for this fascinating session exploring the world of cross border payments. With global economies becoming increasingly connected, there's a growing demand for a fast secure and efficient cross border payment system. Currently, the processing of cross border remittances takes place through a number of legacy channels such as the Swift correspondent banking, post and money transfer service schemes. Despite the availability of conventional modes, it is the transaction fees and excessive regulatory and documentation requirements that continues to make cross border transactions challenging. Today, the global cross border payments landscape is at the centre of a number of trends that could fundamentally change competitive dynamics, increasing pressure from emerging technologies, shifting regulatory frameworks, accelerating international commerce and changing customer demands all shaping the cross border payments landscape.
Next. Exactly examining this from an APAC perspective, we do see the critical role cross border payments are making especially in the SME and e-commerce space. By some estimates 20% to 25% of e-commerce transaction values in absolute terms is already International. Cross border payments growth is particularly compelling in marketplace payments and the gig economy. New innovations within the payment space like e-wallets and blockchain and initiatives driven by the government in fostering the increased use of digital payments will likely improve access and lower the costs of cross border payment transactions, especially for MSMEs. However, most of this innovation has taken place in the domestic space where payments are experiencing improvements in terms of speed and convenience. Conversely, cross border e-payments remain slow, costly, opaque and difficult to manage. A lack of access as well as regulatory and payment network interoperability means the payments remains one of the most challenging issues for MSMEs, hoping to engage in cross border e-commerce in the region. Likewise, SMEs have long comprised a lower share of cross border payments than their share of GDP would indicate. Although scale will continue to pose challenges for the international presence of SMEs.
Breakthroughs may be on the horizon as their access to affordable international payments improves. The SME segment stands to benefit the most from cross border payments, conversion, convergence and simplification. Given that larger corporates have long had access to most of these capabilities, solutions such as swift GPI and Mastercard lead to the hub, providing more flexible in SME appropriate payment options. Asia Pacific continues to lead the way in real time payments India registered 25.6 billion transactions in 2020, followed by China and South Korea. The introduction of applications capitalising on instant payments infrastructure in recent years has given added emphasis to growth. Regional solutions also staking out ground between global networks such as Visa and Mastercard, and incumbent this domestic schemes. Digital currencies that are emerging are also inherently global and uniquely positioned to reduce cost and complexity for cross border money movement of any kind. Innovations are set to continue with challenges of scale and cost of settlement may stymie the use of cryptocurrencies in regular use in the payment space. The underlying DLT technology can be seen in a growing number of pilot projects for managing cross border payments such as Project Ubin from the Monetary Authority of Singapore, or the use of APAC stable coins, which have been used for cross border payments such as the project eye to eye in the Philippines. With the new ISO 20022 global payments standard, which is not only going to change the way banks send cross border payment instructions, but it's also revolutionising the way banks and vendors are integrating in terms of payments. Some banks are already quite advanced in their preparations, while others remain behind the curve. But once implemented, banks can start making use of the rich data embedded in ISO 20022 payment message formatting and can share this additional information with their customers to provide added insight on each transaction.
This data can also be used to more easily automate KYC and AML activities helping to reduce the risk of fraud. On the backend, banks and NGOs are finding aggregators as a cheaper and more reliable option compared with managing their own direct connections, especially for low value transactions. This is particularly true for exotic countries with challenging business environments. Cross border backend networks are also highly scalable in the market generally shows winner takes all characteristics. In Asia, governments across the region are leveraging domestic bilateral and regional policy frameworks to increase the efficiency and interoperability of cross border e-payment systems. Initiatives to increase network interoperability have been aimed at enabling cross border payments for PSPs and their customers, often between countries within a region. In most cases, these initiatives integrate different national payment systems under a set of defined rules and business practices to enable faster and more efficient cross border payments. In Asia such initiatives include the ASEAN cross border payments interoperability network initiative, which aims to promote bilateral payment linkages between ASEAN member states. Next, carrying the discussion forward, let's now turn our attention to examining the factors that are influencing cross border payments in Asia Pacific.
Today, the global cross border payment flows are expected to reach $156 trillion by 2022, growing at a rate of 5% a year, and this trillion dollar cross border payments market is being shaken up by a rush of new entrants that are promising to solve long standing pain points. Certainly the size of the market ensures its appeal to new entrants, but it is perhaps the increased pace of change in the cross border payments market which is connected to rapidly changing consumer demands. Consumers are less willing to pay for banking services while expecting them to be fast and intuitive. The increasing penetration of smartphones and the popularity of digital access points like alternative payment methods for remittances have created new demands that incumbents are struggling to meet. Similarly, as mobile phone ownership increases, more people around the world have access to banking service and e-payment solutions. One major trend within cross border payments that is also taking shape is the growing focus on emerging markets and APAC as their share of international transaction increases. Overall, global cross border trade is expected to grow by around 5% with much of this coming from emerging markets, where growth is estimated at 11% between 2018 to 2022, stimulated by initiatives such as China's Belt and Road Initiative. Most cross border bank transfers are currently processed through a correspondent banking arrangement that involves multiple banks and payment infrastructures across two or more jurisdictions to complete a transaction.
Given the complexity of backend processes involved in the management of cross border bank transfers, the method remains limited in its ability to address the payment needs of smaller merchants. Historically, banks have been at the centre of the cross border payments market, which has been led by a few dominant global correspondent banks with little competition. This has resulted in various pain points for both private consumers and businesses, including a lack of transparency, long settlement periods, high transaction costs, and limited accessibility. While these factors are less likely to be an issue for transaction within liquid currencies, they're particularly prevalent in cross border transactions with exotic currencies. Such conditions are ripe for disruption. And we're seeing in recent years, a variety of new players entering the market to do just that. Next the landscape has become increasingly fragmented and competitive with companies focusing on different geographies, transaction sizes and payment segments. But recently, fintechs have leveraged technology and captured the whitespace in cross border payments left unaddressed by legacy models. In addition, firms new to the cross border markets such as Weiss, Alibaba and Amazon are increasing competitive pressure on incumbents. In this landscape cross border digital payments are particularly instrumental with the development of the regional economy and the growth and resilience of micro small and medium sized enterprises. We're looking to thrive in a post COVID pandemic environment.
While these traditional players such as Western Union and Ria and others who monetise their large physical branch network, and charge high fees for senders and receivers, they're slowly but surely being displaced through the growth of digitalisation and mobile wallet penetration in emerging markets. Challenges are winning market share and the front centre front end while mobile wallets are gaining traction as a payout medium for remittance payments. We expect these trends to continue with incumbent players lagging the innovation of new entrants. But many new entrants are aiming to change the nature and inherent dynamics of the entire cross border payments market. Most are focused on the low value transactions, which are currently being underserved by banks and traditional payment providers. These low value transactions from to and between emerging markets offer the highest disruption potential driven by consumer behaviour, increased trade with emerging markets and higher financial inclusion.
Next, the development of new real time payment systems across APAC is also facilitating cross border payments. For instance, Australia's new payments platform launched in February 2018 is open access infrastructure for fast payments in Australia. This was developed via industry collaboration to enable households businesses and government agencies to make simple payments with near real time funds availability to the recipient on a 24/7 basis in Hong Kong to address the increasing market needs for more efficient retail payment services, the HKMA also launched the faster payment system where all banks any wallet operators in Hong Kong participating institution it can provide customers to make cross bank and e-wallet payments. In India, UPI or unified payments interface system empowers multiple bank accounts into a single mobile application of any participating bank, merging several banking features in a seamless fund routing and merchant payments into one platform. Likewise, Bank Indonesia is also preparing its own initiatives based on its 2025 payment system roadmap, specifically the BI fast which will act as an infrastructure for faster interbank transfers as well as card based payments. In Singapore, the fast and secure transparent is also an electronic funds transfer service that is enabling customers of participating entities to transfer funds from one entity to another almost instantly. Likewise, Singapore's pay now which allows you to send money through fast just using a mobile number or and local ID or corporate identity. Finally, in Thailand, the property project which is the development of a payment system infrastructure, that has enabled the public and business sectors to transfer funds using mobile phone numbers or national identity identification numbers. It is also a convenient, fast and low service fee based model.
Next APAC is on track certainly to represent more than half of global non cash transactions by 2025, with a noteworthy 28% of CAGR from growth from 2020 to 2025. The fact that 46% of APAC’s online population regularly uses digital wallets is likely to drive digital payments growth. The APAC region is a front runner in this race to a cashless world. And the region accounted for 45% of total globally registered mobile money accounts which is the highest among all markets. This trend is set to grow as more initiatives encourage mobile payments across the region, we just discussed PayNowSingapore, the faster payment system in Hong Kong, PromptPay in Thailand, and the new payments platform in Australia, having made instantaneous bank transfers between individuals and merchants possible. With that said, looking at the total number of real time transactions globally in 2020. We're seeing the real time share global electronic transactions up to 9.8% from the erstwhile 7.6%. But looking at it overall from real time trends real time transactions in 2020. India retains the top spot as mentioned with 25 and a half billion in transactions real time level, followed by China with 15 point 7 billion transactions, South Korea with 6 billion, Thailand with 5.2 billion and Japan at number 7.
With most RTPs being launched before 2019. And before the pandemic being struck. Countries in the region were already reaping benefits of higher volumes, transfers will be completed within a matter of minutes, which represented improvement from the erstwhile one to two working days that was needed by most cross border remittance solutions. Across the globe, we're seeing real time payments having led to clear benefits, a better customer experience and cost savings for financial institutions. While faster domestic payments has been in focus. There's also an increased priority on real time or near real time cross border payment solutions. One such initiative is the ASEAN Economic Community one the X deepin drive, which was established in 2015 to strengthen the region's economy by connecting ASEAN countries. It was detailed in the AEC 2025 blueprint, which lists out the impact of payment and settlement interoperability on increasing financial inclusion and stability in the region. This report also highlighted the difference in the current stages and financial evolution and corresponding national infrastructures across ASEAN’s 10 member countries. The current ASEAN cross border payments landscape is fragmented with numerous competitors who are having their own distinct standards and systems trying to capture transaction volume. A regional interoperability framework will standardise the processing of such payments by using a consumer driven payment offering which is now in reach. Both bank and non bank payment providers will also achieve process efficiencies and operating cost savings. With that, we conclude our briefing on the cross border payments in a real time world. I'm really excited and to be joining you all at this Akamai Payments Summit and we hope that you continue to enjoy the rest of the sessions that have been very engaging and insightful. Thank you for your time.
Host: Thank you, Mobasher for the informative presentation. Ladies and gentlemen, our next session is on exploring strategies for payment fraud prevention. Please welcome Sorin Toma, who is the cybersecurity advisor at Emerging Payments Association Asia.
Sorin Toma (ST): Hello, everyone. Welcome to the Akamai exploring strategies for payment fraud prevention session. My name is Sorin Toma, and I'd like to extend the good afternoon and welcome to the session. Today we have a distinguished panel of senior executives from leading financial technology companies to discuss strategies around fraud prevention in the payments industry. As advisor at Emerging Payments Association, I will be your co host for the next 35 minutes. And I'm very happy to be here and very excited to lead this discussion. So if we look at what's happening in a world, the move to digital and digital transformation has now accelerated partly as a result of the pandemic, but also because technological advancement and digital transformation has now fundamentally changed the way that industry players share their data between themselves and with consumers. And we've seen the rise of internet and mobile banking. So data is now distributed or dispersed across networks and devices, and it's no longer centralised. And that provides an opportunity for greater cyber fraud. And consequently, cyber fraud has also been evolving with attacks growing in sophistication. So securing payments and preventing fraud have become top priorities for us. And I probably don't need to talk very much about the benefits. But everyone understands the benefits of real time payments to institutions and consumers and to merchants, better cash management, visibility into payments, better liquidity.
So we're all committed and indicated to try and make the consumer experience as safe and secure and and as fast and welcoming as possible. But payment fraud continues to be a challenge. And there are regulatory challenges brought around by the pandemic. And there's also as commerce shifts from physical stores to online and away from cash and from physical cards. So fraud prevention requires new strategies. And it requires urgent attention from every business. Because fraud can have a major impact on consumers and on the merchants bottom line. So fraud detection and prevention methods today have been proven insufficient to match the advanced technical prowess of today's cyber criminals. And most industry players are leveraging their digital capital capabilities and techniques such as multi factor authentication and artificial intelligence to do better fraud detection. So I'd like to introduce our speakers on the panel today. First, we have Phoram Mehta, senior director and chief information security officer for Asia Pacific at PayPal. Welcome Phoram. And then we have Jef Hu who is the head of security solutions, Southeast Asia at Akamai Technologies. Welcome, Jef. So if I could start with my first question, perhaps to you Phoram, as CIO for Asia Pacific, you have visibility across multiple countries and regions. And then PayPal has also commissioned research reports on fintech cybersecurity. Can you tell us in terms of fraud and payment fraud, and in terms of fintech, cyber security, how is the threat landscape evolving? And what are you seeing?
Phoram Mehta (PM): Sure, good afternoon, everybody. And thanks, everyone. Nice to see you. Good to see you again, Jef, as well. I think you laid out a pretty nice kind of introduction to what's happening. I just saw the presentation before us that talks about how quickly Asian consumers are adopting technology advancements. And within that, how financial services is amongst the best consumer applications in terms of, you know, serving the underserved or the unbanked helping financial inclusion type of solutions and helping make borders, smaller for trade, for commerce, for payments for all kinds of other applications that people need from a day to day basis. When we were, you know, last year or so, looking at these trends accelerated obviously from COVID perspective, both in terms of the incredible rise in transaction, incredible rise in new users coming online for the first time new users adopting these types of solutions. We also saw, you know, similar increase in the kind of fraud I mean, in the first three months of the pandemic, I think, there were about I think 16,000 websites related to COVID kind of registered on a daily basis, right with COVID. For phishing attacks. There was incredible types of fraud perpetrated through either fake cures or money laundering type of setups to create ways in which are to play on the panic. Under the hysteria that COVID was creating in minds of all these consumers and leaving them no resource, but technology to try and find solutions or internet to find solutions.
So we commissioned a study to look at two aspects one, over the last 24 to 36 months, various governments, around the region, specifically in ASEAN, had come out with different types of regulations to try and balance the innovation with safety proposition that financial services solutions were providing. And we wanted to see whether they were having the desired impact the whole, you know, debate between compliance and security. And where is that balance? Do you start at does compliance act as a good motivation for companies to start investing in security? Or was it kind of trying, you know, having a completely, you know, undesired unintended consequences on businesses themselves. And on the other hand, how were the business is kind of dealing with this sudden rise in both opportunity as well as abuse in terms of cybersecurity attacks, specifically, which is where was the origination of attacks, but then they would take different shapes around fraud and other things. And so we did three things, right. We did a survey of sample set of fintech startups across ASEAN. We asked them different things about from an incident response perspective, from resilience, capability perspective, from a talent and workforce development perspective, as well as understanding of the legal landscape, the compliance requirements, how were their business priorities been changing, and I'll post the link to the report, which is now available for free.
We found that, you know, more than 50% admitted to having some kind of a cyber incident, more than 30% do not have a dedicated cybersecurity personnel looking after, specifically security things. And, you know, while technology continues to get more and more advanced, it is also hard to see how they would find prioritisation on compliance and security while also doing the business expansion that they want to do. I mean, more than 50% again, said that compliance was a key consideration in them, deciding which market to expand to and you don't want, you know, the compliance burden to come in and help decide or impede a startup fintech startup, especially whether, you know, a product that they have in Singapore should be introduced in Thailand, or Indonesia or Philippines and so on and so forth. So then, what we, as part of this research have done is introduced a, you know, a fintech cybersecurity matrix, which is not a comparison but a snapshot in time. That takes these six pillars legal landscape investments, collaborations research, cyber hygiene foundations, literacy campaigns around awareness on how to deal with security, best practices, and rated each of the initiatives across all the 10 nations in ASEAN. And, given them a, like I said, a point in time snapshot of what type of response adoption and impact these countries are having across, you know, their fintech ecosystems. So what I've learned is, again, you know, the opportunity is incredible. There's still amazing amount of solutions being coming lot of new first time users coming online adopting these things. Cross border trade, as we just heard, once again, payments, commerce continuously increasing moving online. However, the awareness, the investments, the prioritisation that needs to be there in security doesn't exist, the talent workforce to support the kind of security foundation doesn't exist or is not as mature as it needs to be to continue to make the growth that we expect technology to bring to be sustainable for the fourth.
ST: Thank you. Phoram. That was a very, very carefully detailed analysis. And it's wonderful to have that. Jef, you're also in a very senior role in Asia Pacific and Akamai and you have visibility of, of lots of things that are happening across the region. We have a very complex environment in play now, we have working from home, we have the cloud, we have a fuzzy sort of perimeter where the network boundaries are no longer as they were in the past. We also have mobility. Innovation is exploding. We have lots of different disruptive apps, and buy now pay later in digital banks. And at the same time, we also have better tools for fraud detection in artificial intelligence, machine language, multi factor authentication analytics, and yet the number of attacks still goes up and the amount of fraud and seems to be increasing. What's your view? What are you seeing? And how do you think we can change some of that? So big question. It is, yeah, it.
Traditional fraud as an ongoing concern
Jef Hu (JH): A big question. And look, even the traditional, the traditional fraud is continues to be persistent, while we're dealing with these new, you know, new vectors and methods, attacks will continually evolve, even the traditional fraud, you know, people used to collect little carbon copies of credit cards, use that data somehow, you know, we're moving to EMV tokenisation, for example, to deal with how that party says to future credit card information. Right. So while we're doing all these things, the bad guys, they're, they're going ahead and taking advantage of change. Right. So what does it mean? I mean, for I'm going to talk about it right? There's an influx of new users adopting new services and to meet a new way of life, then, this is definitely putting a lot of pressure on those less savvy to maintain proper security, hygiene or even understand accuser social engineering. That act is taking advantage of this change. Right? We saw account takeovers increasing, phishing toolkits have been commoditised and deployed to scam the general population. Right. And it's not just, it's in droves, as in numbers, right. Bots are being used to enrich meat data, to enable a whole slew of different other tactics, such as synthetic identity for as an example. So it, the landscape is exploding with innovation that's coming in this space.
To be honest, I think what I see is, there's a lot of uncertainty. Institutions are dealing with it right now the best they can. But, you know, we are all struggling to keep up with it. There's definitely, again, to protect existing things such as, you know, keeping services available and away from DDoS. for ransom, for example. There's also a need to protect the users from credential abuse, without damaging the user experience. Right. And actually, in the recent Akamai state of internet report, we saw something interesting. We saw that application attack seen in the past, is rearing its head back again, in the era of open APIs. So it looks like we're making the same mistakes with API security that remained with web security 20 years ago. Now, Aparna mentioned in the opening that by next year, API abuses will be the most frequently attacked factor, resulting in data breaches and enterprise data breaches for enterprise web applications. And your final question is, what can we do about it? I think we need to look at things and attack them differently. I think some of the other speakers had mentioned about, you know, data centric, security, having context. To have better context of data, not just as intense but during transport, having this data enabled or aware, or even better user aware controls like understanding the biometrics of the actors in the process, and leveraging AI and ML to help automate that, because as we know, products and services coming up so speed is important, right? How do you maintain that speed to enable economies and not be impeded by manual processes of humans being able to discern whether something's should, you know, a fraud or not?
ST: So I look at the landscape across Asia Pacific and regulators across many different countries are attempting to take action in to improve the situation. For example, in Singapore, the Monetary Authority of Singapore is providing clear guidelines on how to deal with scams and payments transactions. In Australia, federal treasury this year on the Toka, payments system review. And the idea is that they want to protect from a regulatory perspective, both consumers and business. They came up with 15 recommendations. Malaysia, in Malaysia, the Federation of Malaysian consumers, they're also taking action to improve education and create better guard technology controls.
When I look at the landscape from a sort of a regulatory perspective, the current architecture seems to be fragmented, sometimes outdated and probably unprepared to deal with future challenges. But the regulators do know that and they're attempting to work together and to collaborate rather than operating independently in silos as they have in the past. And you can see that we now have proposals for grant agreements between Singapore, Malaysia, Australia and the Philippines and others. So that is encouraging to see. But at the same time I come up to a look at it the pandemic and I think the pandemic is impacted us and distracted attention away onto other issues. What do you think, future possible regulatory coordination might be between the different countries? Should we have agreements? Should we have standards? Should we agree controls? Would you agree on platforms or technology platforms? What do you think?
JH: Join me, I'll take this. Look, I think I'm optimistic, right? I think the industry as a whole collaborating in a positive direction, I think we all know, we all know what, what it looks, what it looks like, in the future, what are what we want it to look like in the future? So look, technologies and standardisation, like, ISO 20022, it's a great step forward. Right? Fast payments everywhere across borders. That's all. Right. But in the short future, though, you know, to maintain the short future is very uncertain. Right, even with, say, for example, instant payments, right? At the moment we're doing for p2p, for example, corporate adoption of real time payments will come. And this will raise a whole question about how corporate manages access to APIs, right? Adoption of modern cash management techniques, that's another variant of third party provider and also to secure access within the enterprise, right? Because in the end of the day, you're going to have payroll, managing access using instantly. Right, so how do you stop? How do you put all the funds? And I think there's a concept of separation of duties, right. So I think the regulation is going to come in there. Now it's going to have a tighter working group with the industry right? For that bilateral kind of feedback, they will have much more pragmatic approach to providing guidance, I suppose. And basically, into the medium future, okay. What will make value in this?
In this banking, finance is actually not the dollars at the end of the day. Okay, data economy will be far more mature. I mean, look at crypto, for example. That's all data, right? There'll be far more mature in the core driver of value in the industry, and will be the core value of core value in the industry. Right? Privacy, compliance will be critical, it's going to kind of rub it around. Because in one way, you're trying to collect data as much data as possible to prevent fraud. But on the other hand, you also have to be compliant in terms of how much data you store cheap or how it's being used. And so because of this, I think fraud will come in many different ways. Incentives, not always direct abuses, but the niceness quantity like we'll probably never seen before. I am optimistic that we will always work towards some sort of standardisation. And I think I'm also very optimistic to see traditional banking is now collaborating with fintechs instead of competing, right, because standing alone, that's where the danger is. You'll be easy pickings for the bad actors.
ST: I agree with you. I like to think in an optimistic sort of way. I think as we move into the future and we get rid of legacy technologies, we will eliminate some of vulnerabilities that are associated with legacy platforms. I think you're absolutely right in terms of controls, like segregation of duties, but it's not just a question of technology. It's also a question of controls, and education. Alright, let's shift a little bit to resilience and operational resilience in the digital payment landscape. Phoram, if I can come back to you? How do you think the pandemic impacted on resilience? And do you think that's actually on covered a bigger or a smaller problem than we expected?
PM: Well, I think it's much bigger and getting, you know, again, exacerbated by the fact that ransomware is are just, you know, becoming a credibly prevalent. So it started with clearly, you know, home offices and people having to us for exemptions from 50 offices, suddenly, we had 30,000, with everybody working from home, and the kind of data, the access and all of that having to rethink the architecture of how do you make sure your perimeter controls your data level controls, your application controls, stay effective in this new paradigm of remote working. And it's not that it was temporary, where you could create some kind of a VPN tunnel or, you know, install some kind of a proxy and some other solutions on a temporary basis and be done with it. I mean, increasingly, we'll see that a lot of offices, a lot of businesses, the just the language of how do you separate an insider from accessing data from and how a customer does it or how an attacker does it, there's very, very little change, or there is a lot of factors that you have to consider to discern whether it is a legitimate activity are not a combination of behaviour, different types of data, different types of vulnerabilities that you have, and either coming up with patterns of what does good look like what does bad look like, and then everything in middle and coming up with it? You know, to try and I think increasingly, I feel the organisation's have to, clearly so far, the debate has always been between prevention and detection.
And clearly resilience has come and said, it's not if but it's well, right? It's not how bad it is. How do you prevent? Or how do you come back? From a smaller type of specific targeted attack, but to how do you bring back your entire business? How do you become resilient from a, you know, attack like ransomware, where all your data is gone? So I'll see I see increasing emphasis on resilience from that aspect as in practising your drb vcp other capabilities, but even more so that flow overflowing over into detection and prevention, where people will rely on more and more partners that bring that type of expertise. There is no reason for a small startup on SMB, or even large companies to try and reinvent the wheel to try and think about how do I prevent all the universe of attacks that are coming in on different things, and to come in and rely on people that do know how to do that better, so that they can focus on building the solutions for the next generation that is coming online, for the underserved for whoever it is that they are catering for. So you know, my, I guess, if you will, personally, I think you will see consolidation on one hand of security solution, but also a greater reliance and greater synergy between how supply chain works, and having a good strong baseline of understanding of expectation of security controls, but having more and more solutions come out that rely on proven track record companies with proven track records of providing good solid solutions.
ST: Thank you, Phoram. Look, I find it really interesting for me, reducing the attack surface is a simple concept that reduces your risk exposure. So when I look with a pandemic, with people working from home, in some instances, we have increased the attack surface. So simply just having a policy for people who are going to work from home that they should do updates on a regular basis or that they shouldn't have access to systems administration because that creates a vulnerability or that they should be connecting to the company's networks and systems through a safe and secure manner but perhaps using a VPN or certainly not directly through their own wifi network. And, many companies do not have these policies in place, they were not prepared for it. And it's really difficult to catch up because the pandemic is hit. By the time you've created the policy. And by the time you try and operationalise it, you're halfway through the pandemic, and people are already doing what they're doing.
And the most interesting thing for me was, the weakness that was exposed for me is how badly identity management is done in some organisations, they couldn't tell me who to use as well. So then if you don't know who your legitimate users are, how do you know who the attackers might be, or whether they're in your system and have been doing things? So increasingly, for me is trying to explain the vulnerabilities and trying to explain how we reduce the attack surface. So there's an element of education as well in an element of catch up. To some extent, Jeff, is that your experience? Have you found that as well?
JH: Yeah, yeah, definitely. I had similar experiences, as you had. Yeah, look, something interesting happened to me over the weekend, right? What why my wife agreed. So the neighbours took off the cat. Anticipating trouble, I did what I thought was in my interest to protect the sanctity of my home. Because I really don't know if it was a good cat or bad cat. Right. So that thought in mind, I crafted a good enough enclosure to contain I was quite proud. You know, I thought it was clever. I was complacent. I thought I was smarter, vastly more resources. But the solution didn't work until it didn't. The solution worked until it didn't. Right, I had a false sense of security. I quickly realise how determined this cat was right for the sake of effort minimisation, because a lot of other things. I did just enough and ended up spending more time fixing broken pieces. I should have just spend the right amount of time to go out in the beginning. All right. And the other hand is when the cat fails, it just keeps trying. She had more time than I did. Now. But this is the end of it, right?
The end of the day, all bets were off because my kids fell for the cat's social engineering scheme, voluntarily letting the cat out and playing with it on a rug. I can deal with the I can deal with the piles, because I have assessed the risk. But the rug is a no go. Location. No cat will hum over the weekend, obviously. But what I've learned is right. Identifying managing your risk areas definitely important. Okay, I can, you know, taking security seriously and going out to manage risk is better in the long run than just doing enough. Humans fail. Meeting rules, compliance, and adherence for the people isn't enough. We need to automate, we need to educate. I think we kind of talked about it's not about like Phoram kind of said it's not about if the cat soils, my home is when right. So do have plans in place to deal with it. To keep things amicable with stakeholders when that happens. Finally, I should have gotten as much input as I could from the experience from other experienced pet sitters. So I know what to expect. I know what's going to be affected. And I know what's potentially. So that's in a way answering your question.
ST: That's very good. I do like the analogy. Alright, gentlemen, look, we seem to be getting close to closing time, closing comments, Phoram.
PM: I mean, I'm optimistic as well. There's incredible opportunity in Asia, around payments and technology. And we haven't even touched on web 2.0 and incredible new avenues of solutions. Another thing that decentralisation is bringing, and we are poised based on the young population that we have the education level that's increasing to continue to work together. And I just would like that when we say together it includes all the stakeholders from regulatory landscape are the regulators, the service providers, and consumers and continue to invest in education and coming up with solid practices.
ST: Jef, closing comments? Any thought leadership?
JH: Oh, look always a pleasure to be working with, you know, to have you again. You know, we've shared quite a lot and definitely like Phoram mentioned, you know, even before we get to metaverse, which is all exciting open banking system to work, you know, we got to get the web 3.0. And APIs, you know, the fragmentation technologies and data context is going to be super critical. Right? So, you know, all the things we discussed, they're relevant, and I'm excited to see what's in the future.
ST: Well, thank you both gentlemen, your contribution as always had been very valuable and thought provoking. I'll share one simple fact I nearly fell out of my chair, when I saw it, I saw one of the digital banks in Australia, they now offer an account verification service, whereby you register the accounts that you make payments to and they will guarantee the payments, so it becomes a lot more difficult to actually change and I think it will stop some forms of fraud. And they were able to do that because they're using new platforms, new technologies, they don't have the legacy. So as you are optimistic about the future, but I think there is a lot of hard work ahead of us and I'm looking forward to working with you and making a difference as much as possible. So thank you, Akamai for sponsoring this session.
Host: Thank you to all our speakers and our moderator. Ladies and gentlemen, to lead us in the next exciting session on future of digital payments rise of e-wallets and embedded finance, please welcome Deepa Parikh, head of solutions engineering at Akamai Technologies.
Deepa Parikh (DP): Hi, everyone. This is Deepa Parikh from Bangalore. In this session, we'll be discussing digital payments, and the rise of e-wallets and embedded finance. We're very excited to have some esteemed speakers here from leading Asian institutions, both Chris and Jon. And it's really exciting to have you here. We would like to discuss the evolving role of the future of payments in our region. I'm Deepa Parikh, the head of solutions engineering. I'm from Akamai Technologies and I'll be your host for the next half hour. Our guests will share with us their perspectives on what we've seen with the whole growth of digital payments, how financial institutions are now having to think about fintech, the future of digitised payments. And what does it mean for the business value, the peer to peer digital payments, and what does it mean for merchant models, and how the entire industry is growing from a transaction based database approach.
As we slowly get back post the COVID lockdown, we've definitely seen a tremendous growth in digital payments. And what this means is that a lot more people who are able to transact, it also means there is a lot more need for safer transactions for more security, for a better experience to be able to reach in remote areas, or in tier two tier three cities across the globe. The digital payments Industries has definitely searched. And even in India, we witnessed a huge transformation, a lot of it was boosted by the entire national initiative called unified payments interface, the UPI, which was launched by the government, and it gave a boost to the entire situation during COVID. And when we moved away even more from cashless, to being able to provide people access to doing digital payments safely. And we've seen a growth of five fold over the last couple of years on that. From the technology point of view, we know any solution that is in the financial technology requires a very robust technical platform with APIs and security embedded deep in it, and ensuring that the customer experience is not hampered by any of these technologies.
The agenda for today will revolve around talking about what are the new payment business models in embedded finance? Talking about buy now pay later? How can you have a more data driven approach? And how is a unified payment platform being leveraged to get together all the consumers and all the merchants on one platform. I would like the audience to participate by putting their questions in the chat box or raising their hand on Zoom. And everybody on Facebook and LinkedIn who's joined from there could just put it in the comments and we'll try to address your questions right now are offline. We would also like this to be an engaging discussion, too. So Jon and Chris, it would be great to hear your ideas. And would it be great to limit your responses if possible to around two minutes. With that I'm very excited to again introduce Jon from Boku. I'm very excited to hear more about your mobile first platform that has been launched globally. And it would be great for you to say a few words about yourself. And Chris from GrabPay. Chris, it's been really great to hear about all the initiatives you all have taken on security and how you want to design every solution that you do is designed for security. So over to you both to introduce yourselves.
Jon Prideaux (JP): Okay, so just very quickly. My background in payments was with Visa. So I started with Visa back in 1989, when there were only about sort of 30 people working for Visa in Europe. And I was part of the team that was lucky enough over the next 15 or 16 years to build these are into how shall I put it something a bit more substantial when I ended them when I started so it was a major part of the European payments scene. Suddenly, I've come to Boku and I'm now the CEO of Boku, which has, as Deepa has kindly said, recently launched our mobile first network of wallets predominantly in Asia. And I'll be happy to say a bit more about that later on.
DP: Thanks, Jon. Welcome here.
Chris Yeo (CY): Hi, everyone. My name is Chris. First of all, thanks a lot for The Asian Banker and of course Akamai to host this. Glad to be here. I head up Grab and Grab Rewards across Southeast Asia. We operate under GrabPay. And we operate as Moca in Vietnam and as OVO Indonesia. So, really glad to be here. And just to share some experiences along the way. Thanks.
DP: Welcome, Chris. Thank you. So with that, I'd like to start about something around embedded finance, right that how about payment providers using providing retailers and e-commerce platforms and easy to implement way, which is developer friendly and using APIs for payment solutions? So we've seen a lot of our customers move to the whole open banking and APIs solutions, and then we provide the performance and security to the end customers. I would love to hear from both of you. What do you think about, how can you have a better platform for your customers?
JP: So predominantly, both whose customers are global companies, so we work with organisations like Apple, Sony, Spotify, Netflix, Facebook, and so on. And you know, what are the imperatives for them? It's really about trying to have a single standard interface that enables them to connect to as many people as they possibly can. And the reality of payment recently has been there an absolute explosion of innovation, but you know, predominantly at a domestic level. So you would have a new wallets emerging, in some cases, like Topsy in various different countries, but they are unstandardised. And so, you know, for us, the task is very much about trying to create a single interface that allows multiple different very successful payment mechanisms to be able to be reached through a single interface. And in some respects, this is retracing the steps that were taken by the card systems 40 or 50 years ago, as I mentioned, you know, when I was in shorter trousers as a payments person back in the late 1980s. At that time, there were a lot of domestic card schemes that were in place in various parts around you. And if an international merchant wanted to reach them, they needed to go through a global scheme like a Visa or Mastercard who did that standardisation layer. I think wallets and embedded finance have become successful domestically, were in Indonesia products is supporting Indonesian customers and Indonesian merchants. The next phase of growth is really being driven by the imperative you need to standardise so that global companies can start reaching those sell save consumers.
CY: I think that's a good question. So for Grab and GrabPay when we think about embedded finance, it's all about how do we be part of the consumers’ user journey in a frictionless and seamless manner. So Grab here, of course, you know, Sardo is a payment option embedded within the Grab ecosystem for food transport, use cases. And we're now growing outside the Grab platform by providing payment solutions to immersion base across Southeast Asia, right. And that's a very important part of our business and strategy right now. And it's really our attempt to do so then right on the tailwinds of this current e-commerce wave. In fact, about 40% of our TPV right now is really outside of Grab platform. And we do see that growing much further. And just like what Jon was saying, you know, the way the way we work, and distribute our products and APIs is really through partnership with leading global providers, right? When audience stripe, regional payment platforms, local payment platforms, TPAs, or channel partners to see the pH or pay, and so on, and so forth. We also, of course, work with Boku Indonesia, to our brand, and we look to partner more Boku as well.
So working with these partners is very important, because what we want to do is we want to distribute our APIs and implement products or buy now pay later products to as many merchants as possible in Southeast Asia, because we want to be a ubiquitous payment method. And to do that, we just need to work with many players in the ecosystem. The other part that we think about, of course, is the heart we think about adding more value to a merchant partners, right? Being a payments player is a starting point. But we're gonna roll out more solutions to help serve our merchant base better. So we think about products that Grab merchant commerce, which is basically a very simple web store builder product for all the smaller longtail micro merchants, we have our ads analytics products. And we also have a shopping directory product within our app right now. And this is great for merchants, because a lot of them, all they want to do is increase sales and acquire consumers. So we're always thinking about how do we help our small consumer or small merchants really connect with our consumer base so that we can help them increase their sales. So that's how we think about distributing our APIs and sort of growing embedded finance.
DP: Thanks, Chris. That's great to hear from both of you, because that's what we've seen when we look at our state of the internet report. And we look at the stats on our platform, where we serve 30% of the enterprise traffic on the internet, that there is a tremendous growth in APIs. Everybody's going to that model. And it enables this way right for you to reach out to these small merchants, which may be in smaller cities, and they can even transact for very small dollar or INR amount. Right. So that's great to see. On the next part with the digital payments, right? So I would love to know, there is a lot of emphasis on real time payments, right? You need to have these payments to be very quick, very fast, very seamless, as we've spoken about the user experience. So how are your companies using some of the digital identities right, like phone numbers, mobile apps, modern technologies to be able to transmit funds in real time and make it easy across the board with different regulations that you might have to deal with in different geographies? So would be great to hear your thoughts on how are you enabling this so that more people go to digital cash payments and move away from cash technology?
CY: I think this is important, right. And you know, governments really play a critical enabling role here. And of course, the global benchmark many ways is India with UPI. I think many countries in Southeast Asian governments are trying to learn a lot from UPI. So government’s readiness and support are really key in terms of fintech adoption in Southeast Asia, right. And it's good because it helps develop the country and improves financial inclusion. So of course, we try to work closely with all the governments to drive the national cashless agenda, by really leveraging the real time payment rails to move money from bank accounts, of course, to our GrabPay wallets, right. So you know, each country in Southeast Asia has already or is rolling out RTP real time payments, we've got PayNow in Singapore, we've got RPP in Malaysia, and so on, and so forth. So that's very important because it helps lower the costs, transaction costs for us and our consumers.
And when that happens, it just makes payments more affordable, and more frictionless. And that enables everyone to win industry. A related point, of course, is interoperability of these reels of interoperability are in terms of QR code. And we think that's also very important, for the same reasons, right? You know, because it really helps us expand our merchant acceptance network, it lowers the costs for us, or new entrants in the industry to really also expand their merchant acceptance. And that's great, because it helps us serve our merchant customers and our consumers better, enables us to build a much wider network of consumers. So I think that's the importance of RTP and important roles that governments play. So as one of the players here, which work was the vision, what we try to do is really to actively engage these regulators and have really constant productive dialogue, to share our views on how we really try to help drive financial inclusion, and policy development each of these countries. So that's what we're doing in Southeast Asia.
JP: So, obviously, I'd agree with a lot of that, I mean, but it's worth sort of standing back a bit, and just sort of reflecting on just how successful in a real time payments have been. And if you really want to compare their payments, traditionally, people coming from the west have been looking at payments has been almost an inevitable convergence on a card based paradigm. And what we've seen really emerging out of Asia, are a couple of alternatives to that are driven by the mobile device, I mean, this device here has changed the way in which payments have occurred first, through wallets of various types of new wallets emerged, sometimes associated with commerce platform, or sometimes associated with the messaging platforms. But it was just a better way to be able to pay them to historics on a 16 digit, and, and so on. But the extraordinary thing that's happened, I think, with real time payments, as government initiatives, which are not always seen as being the ways that will sort of drive consumer behaviour, sort of by sort of mandates roadmap is just how extraordinarily popular real time payments have been. And as has been said, there India, and UPI is probably the poster child here.
But if anything, that the country that I'm looking at as much as anywhere else is not even in the Southeast Asia region. But in Brazil, where you see the the immense growth of the central bank system, they're called pix. I mean, I even saw somewhere where, because you can send a short message associated with the payment, that people are using pix payments as an alternative to dating apps where they're sending small amounts of money to people as a way of sending them a message. I mean, when a real time banking system can be used to help flirt with members of the opposite sex and then you know, but something real is happening as far as payments are concerned. So I would just reflect on the extraordinary popularity. And what's the convergence, it's the same convergence we've always seen, it's the convenience of payment together with the index about your identity being the mobile phone and it is that certain a combination of being able to take a device that knows where it is that is always online has a single sort of identifiable number which can be used for communication, as well as you know, transmitting an identity which is really driving a lot of this whole process.
Clearly the, you know as initiative, you know, real time payments have proved exceptionally useful for person to person payments, and increasingly now of course for sort of person to business type payments. And what we now see emerging I think in the real time payments area is an adaptation. If you're like a second generation, if you start looking at UPI to Dotto, you know many of the payments we make are not spontaneous that don't need to individual authorisation that what merchants or consumers want, as Chris has been saying is a frictionless way to be able to pay their meet their regular payment needs. And that means having better support for subscriptions, I think, in some of the real time payment systems, because the idea for real time payment has tended to be one in which you've had to explicitly authorise each and every transaction. And I think certainly UPI once again is showing the way of introducing new ways of being able to support your subscription payments in a way that protects consumers, it also gives you the merchants consumers the convenience of just not having to go away. And just to pick an example of manually, you know, make your Spotify subscription every month, you just want the convenience of having it taken out of your bank account if you've authorised it to go through. So yeah, I think the future is bright. And it's really extraordinary how this new payment rail has emerged so incredibly quickly, and displaced or is in the process, essentially, of displacing the old sort of international payment rails, which were card based.
DP: Thanks, both of you. And we have some interesting questions coming in from the audience, which I will cover at the end. Please do keep them coming. So it's great to hear, you know, this whole transformation we talked about from mobile, and then how the QR codes have changed the whole technology and made it so much easier for merchants and users. I think the new than latest or it's not even latest anymore, is the whole buy now pay later, right? The whole model around how do you make it easy? Which session essentially moving the credit card model to a debit scenario? And how do you ensure people can transact in a very easy way? So I would love for you that what have you seen in terms of this whole ecosystem of buy now pay later, where you're doing the point of sale essentially, is becoming both acquiring a new customer and maintaining the relationship? And how do you ensure that whole journey from pre sale, pre purchase to post purchase is maintained for them, and the experience for the whole buy now pay later?
Real-time payments and BNPL
JP: I think you've got more sort of directory relevant, but I've made a few observations. First, I would leave this question to the previous one. If real time payments are disrupting debit cards, in effect, you know buy now pay later is disrupting the credit card infrastructure. It flips a few assumptions on its head in the sense that previously, a lot of the funding of assets come from consumers as opposed to merchants. But it also expands the value chain exactly, as you said, really to make it about helping the merchant to sell more stuff and to acquire new customers removing friction from the checkout process. And once again, you just as in real time payments, where we're seeing the explosion of adoption, and new products coming through, we're seeing exactly the same thing in buy now pay later. And we have many of the same challenges. I mean, the challenges are about standardisation, the challenges are about supporting different modes of payment, not just spontaneous transactions.
But potentially the things that are going to recur more frequently. To some extent, of course, buy now pay later is targeted at a different type of merchant selling higher value products, where it is appropriate to be able to be splitting the transaction into multiple pieces. But the you know, the way in which this new method has emerged and the way in which it has attained adoption, I think amongst young people who prefer to buy now pay later and have been somewhat, you know, scarred potentially by bad experiences with credit cards means that I'm sure that buy now pay later has got is going to continue its growth and who knows will continue to displace consumer credit from credit cards, which in their turn really displaced the consumer credit a point of sale in a buy now pay later is nothing more than a new reinvention of something that was you know, happening in the 1970s when people were buying white goods and getting your credit in the shop at the time. And buy now pay later has reinvented that with a modern idiom. With Chris, perhaps you have more direct experience to say on the matter.
CY: Thanks, Jon. I think I caught many of your themes. I think one thing is disruption. One thing is I think your finger payments industry this is this instalment product, right. But I think then what makes it so interesting, right? So again, I'm playing the Southeast Asia context, you know, Southeast Asia, 680 million population, six out of 10, unbanked or underbanked. But the more interesting statistic is nine out of 10 do not have credit cards. So you've got this massive deep citizen base and you've got a product. I was getting traction because it has potential disrupt credit cards, right? And that's why we think we're so we're so interested in this product, we have a product called Pay Later, is a BNPL product. And how we think about it is that, you know, we are first started with a proprietary set of high quality data, we've got more than 25 million monthly transacting users on our platform. So we've got proprietary transactional data from, you know, for transport transactions, QR code payments, which are really popular in many parts of Southeast Asia, and even great rewards, right? Once you're here, use all that, you know, put it through AI, ml, and data scientists to really assess and whitelist which of our consumers should be offered a BNPL period product, right? And what should the individual personalised spending limit be? And we're able to adopt such a strict whitelist approach to assess who to offer peer to, and how much is just because of this data. And this, we think is important, right? Because, you know, most of Southeast Asia is uncarded, they have no credit cards, whereas majority of existing business models for for BNPL relies on credit card, credit worthiness and approvals by the issuing banks.
So once these barriers are, once you try to scale across Southeast Asia, which is basically an uncarded market, you'll believe skill, you know, hits a sort of issue, right. So this will be the other thing why we're so interested in this space is because, ultimately, for us, you know, this is a theme of financial inclusion, growth, financial growth, GrabPay, you know, we started out with a mission to enable increase financial inclusion. And for us, that means, lowering access to affordable and appropriate financial products, right. So affordable. In this case, as Jon was saying, unlike credit cards, the consumer pays zero, the merchant pays something for their increase eov their basket sizes, right? The other part is appropriate, right. So you want to offer appropriate spending limits for this instalment product, depending on your spend patterns, and not some predetermined, blunt spending limit. So that's why we are so interested in BNPL. And, you know, we see good transact good traction on this across our merchant base, we've rolled it out. I'll pay that product in Singapore and Malaysia. And we'll be rolling out to other countries in the region next year. And we are really bullish and look forward to the expansion of this product.
DP: That's great, Chris. And I think since we're on this topic and how we're talking about, it's essentially some old methods that are coming up in a new perspective. That's a question that's coming from the audience. And I think it's relevant to cover right now that as we are seeing this innovation in the payment technology, what do you all think might be the innovation that credit cards are going to go through? Right? So obviously, this whole disruption is going to impact how they have evolved over the years. So what do you think might be some of the new approaches you may see from the credit card perspective? I know it's very regional, of course, it's very region specific. But I would love to hear from you all your thoughts on that?
JP: I mean, I'll give my opinion. And I would just hop back to what Chris said, nine out of 10 people in the region don't have a credit card. There's no God given right for the credit card to be a vehicle, which is relevant in consumer credit. And in fact, it's a method that emerged through the I suppose 60s 70s, etc, in the US and sort of came out over the rest of the world for quite some time ago. And it has an idiom that requires a pre issuance through quite a complicated process, and has achieved a certain level of penetration, I don't think there is any sort of God given a reason why credit cards are going to be able to come back onto the scene. I think what we're seeing is the long term disruption of an instrument that was appropriate for its time by new instruments that are better suited to the technology and the consumers. What does it take for somebody to get a Grab account? What does it take for somebody to be able to have access to credit or Grab on the basis of their actual transaction data? Compare that to that, you know, the problems that a bank is having, in needing to issue a credit card, potentially a piece of plastic? I mean, do they move down an entirely virtual route? What specific advantages they got over people who are, frankly, stronger technology companies to be able to come up with a better user experience? I mean, you just have to listen to Chris, and frankly, also to myself, you know, we spend all day worrying about how we can help our merchants to sell more stuff and to enable our consumers to have a more convenient life.
And typically, you know, within the credit card environment, you know, if you were listening to the bank, it would be more about what's the credit last the issuance process, the marketing profile, and it's, I don't see it as being inevitable, but cards will be able to respond. In fact, quite the reverse. I think what we're seeing here is a long term trend of a declining relevance of cards, particularly in Asia. Now, if you wanted to look in the West, I think cards are actually quite well established. And so most innovation does take place on the card rails. And there you can see that card somehow got embedded into the brands of companies like Apple Pay, or Google Pay, or what have you, where the idiom is about putting a card into your Apple Pay wallet. And so in effect, then that the credit card becomes, you know, a piece of technical infrastructure, procured from a regulated entity, but presented to the public by a bigger brand, somebody else in Asia, where cards, frankly, have never achieved what please, credit cards have never achieved that level of penetration, there's no need to build your innovation on that layer, you're going to build the innovation on the technology that people have. And that's the mobile phone that people have. And genuinely, you know, I'm not sure if there's a way back for cards to become relevant to more than about 10% of people that they're relevant to today.
CY: I think the only thing I'll add to what Jon was saying is that ultimately payments you know, it's not a one or zero it's you know, the market’s huge, right. And they'll always be a role for different infrastructure, different set of rails, different so players in this complex and ever evolving ecosystem. So what's more important is for each player to really understand their role and how they serve their customer base well, whether it's on the merchant side, or on the consumer side. Certainly we, the way we think about it is we always have an open partnership approach. So again, you know, we've talked about national rails this for important for P2P for procure code, for accounting account, but we used to have a first a rails from the schemes, and we use a partner of the schemes like Mastercard, to sort of roll out the right products, the right markets, in Singapore cards are relevant product. And therefore we partner with Mastercard, rollout GrabPay, prepaid card, which is doing quite well. And then we're working with Mastercard, roll this out in more markets, for example, in Philippines. So I think it really goes back to really understanding the customer needs and to really customise a hyper local interest offering your products in each country.
DP: Thanks. So just I think you've talked about so many different instruments, and obviously them having a relevance based on what a region or a consumer uses. Right. So I would love to hear a little bit more around what you're seeing around the whole fraud and the cybersecurity. And from what we've seen over the last year from the Akamai state of the internet report. We've seen DDoS attacks increasing, we've seen application layer attacks, just like Jef was talking on the previous session, we see application layer attacks, increasing many fold, almost three times from before SQL injection being the top one, and credential abuse, which is an important one, right? When you talk about fraud and account takeover, how do you get username passwords on the dark web? We've seen that even peak at one billion a day. So we'd love to hear something around what are the trends that you're seeing right now, around cybersecurity? And how are you leveraging privacy by design? Like you mentioned, Chris, you know, in your frameworks?
CY: I think this is a very important topic. Because especially in again, back to developing Southeast Asian markets, fintech players, you know, and with, with web 3.0, and all that coming up, is very important to establish and maintain the trust that consumers have in terms of new technology, especially fintech. Right? So for us the way we think about it. One important part is just how we leverage data and technology to achieve that trust and a high level of security, right? So for us, for example, when we think about data, we think about using it in three basic ways. You know, one, of course cross selling, there's a consumer side, that's fairly straightforward.
The second thing of course, then we talked about security, and fraud. And the third thing related to BNPL is then how we think about credit risk modelling which is so important for security and trust in terms of second point security. The rise of digital payments, of course, user security is absolute key priority. And therefore, as for GrabPay, the way we think about it is that, you know, it's a marathon, right? You just need to keep improving on your security. So we have a layered security approach, right? You know, very basically, you know, of course, we've got, we want to protect the users information and identity. So we are, of course, we are complying with the highest standard of security. And of course, got, you know, to FAS, biometrics, and so on and so forth. Account controls.
The other part, which is really important, there is fraud protection, right? So we've got 24/7 fraud detection engine. And this been trained through, you know, nine years of operating in transport and food where there are many interesting cases of fraud happening to an extent that we sort of came up this new business unit called Grab defence. And now we're so reselling these capabilities to other tech companies, right? Because this is a value for that. So the success of using AI in production really, as I think all of us know, really, it depends on the quality of the data, right? That's being fed into the AI ml, right? So fortunately for us, you know, we've got data from billions of transactions from Grab, which pretty policy are modelling.
The third thing just very quickly is credit risk modelling, right. So this is very important for BNPL. Again,because we adopt, again, a flight risk, white label, white label approach. So our entire risk model is predictive, we use proprietary ml models for our risk management. And that means that becomes more intelligent, robust over time. As you get more data, it has engagement and repayments every that really facilitates better risk management. So this is very important, because again, being a productive player in terms of trying to do these things, whether it's just a row for payments, or just for BNPL is very important, establish trust, and you know, credit risk model for us, it's just one way to sort of establish that trust in a very proactive manner.
JP: Picking up on, you know, a couple of things, obviously, firstly, they want to have a fraud. And secondly, just the one about sort of data for optimisation. We were on the question of fraud. And I can only reinforce what you were saying deeper in your initial sort of question and remarks. You know, you have a system you have AAA merchants who are using it, you're a bit of a honeypot for people to come along, and to try to, to get to break into the system, you know, for one reason or another. And whether as you say it's SQL injection, whether it's people trying to disrupt through some type of DDoS, whether it is social engineering of one sort or another, where, you know, perhaps the predominant attack vector would be just attempting to use social networks to try to get hold of some genuine credentials through human deceit. I mean, these are constant problems, albeit ones that I think we can handle better in the sort of new, more modern sort of payment paradigms that are linked towards mobile.
Boku also has a specialised unit, if you like working in this domain, so called sort of vocal identity. And this is driven very much from our history of working together with mobile network operators where we started off effectively building a payment network, not just of wallets, but of a payment network of mobile network operators to buy things and charge it to your phone bill. And, you know, many of the solutions to these problems involve answering fairly simple questions, you know, Whose phone is this? What's the phone number? And, you know, the mobile we have some fairly sort of convoluted ways of trying to answer those questions, you know, we send text messages around with pins of them that can be intercepted, probably the simplest way of answering that question of whose phone number is, and what's the number is to ask the telco. And, you know, that might not have been the most blinding insight in the world.
But it's been quite a complicated thing for us to build that network of mobile network operators, where we can now simply answer that question in a frictionless way. And you know, in Indonesia, for example, we're helping, you know, some of the wallets in Indonesia to help with their signup processes by enabling them precisely not just to sort of use a text message to figure out what the number is, which is inconvenient for the user, but automatically to detect what the phone number is based on data which comes through from the telco. And this idea, always within fraud management has been well, you can have something that's convenient or you can have something that's secure, but you can't have both at the same time.
New technology is helping us to sort of break that paradigm. And find ourselves in a position where we can do something which is in the background, frictionless and certain. The second point, which is sort of a little bit allied to some of the points that Chris was making, which less to do with fraud, but more to do with sort of using data. And probably the predominant use of data with Boku is not, you know, we don't offer credit, we're not trying to do a credit scoring prices, what we're trying to do is to help our merchants to acquire new users and to retain them. And the amount of data that's available to help you figure out just small wrinkles within the system, what's going to be the thing that's going to be able to help increase your conversion rates to improve customer retention rates to improve, you know, lifetime value. And we spend a huge amount of effort, really sort of optimising each of these stages of the funnel, starting from the very moment when you capture the, you know, the payment credential at the start, right the way through to renewals and such like, and some of the results can be quite extraordinary. I mean, we've seen, you know, 10 points of extra authorisation, we've seen sort of several months of an average extra lifetime through this process. And this is the sort of thing that merchants value. And it's all come from a proper analysis of the data all the way through. And so we very much see that as part of the optimisation process.
DP: Great. So I think this has been a really, we learned a good learning session for me. I'm sure the audience has enjoyed, too. I wish we could go on for a little bit more, Chris and Jon, but I'm hearing our time is up. So thank you so much for those thoughts. And I've really enjoyed learning about the whole disruption that's happening and how a unified platform enables so many merchants and users to come together. And how you all are using data and AI ML to overcome the fraud and the security aspects. So thank you so much for your time.
Host: Thank you to all our speakers and our moderator. Ladies and gentlemen, we have now reached the end of the Payments Summit APAC 2021. And I would like to re-invite Foo Boon Ping, managing editor at The Asian Banker for the closing remarks.
FBP: Wow, what an exciting, inspiring and fitting end to this inaugural Payments Summit in association with Akamai. Thank you, Chris Yeo of GrabPay, Jon Prideaux of Boku and Deepa Parikh of Akamai for giving us a glimpse into what the future of digital payments will be like, and the opportunities that await us. And thank you to our audience for staying with us. Until now, I trust that you will be richly rewarded by all the insightful discussion that we have had today. Let me now as I close the event, take a few moments to recap some of the highlights of the summit. As I said at the start, there has never been a more exciting time to be in payments than now. There are so many exciting innovative developments that are fundamentally transforming the industry.
In our leadership dialogue with Parimal Pandya, the managing director for Asia Pacific and Aparna Rayasam, the SVP and general manager for application security at Akamai Technologies. We hear that amidst the increasing competitive payment landscape, with new non traditional players, and challenges posed by rapid business, operational technology and security changes, Akamai is keeping close to its customers and leveraging its deep technological knowhow, talents and experience to keep customers reposition and ahead of the competition. We also heard from Manohar Chadalavada of StanChart, Henry Aguda of Union Bank and Rottapron Ekabutr of Bank of Ayudhya discuss with Akamai’s James Richmond on how they are leveraging data and API connectivity to create open banking platforms and ecosystems to better understand and read customer needs through seamless, embedded service and offerings. We also updated on the latest cross border, real time payments developments and trends around the world by Mobasher Zein Kazmi, head of research at TABInsights, the research arm of The Asian Banker.
Amidst all this innovation and digitalisation that have accelerated during COVID-19, the trends and incidence of payment frauds have also increased. It was eye opening to learn from Phoram Mehta, the chief information security officer for APAC at PayPal, along with Jef Hu at Akamai about the new methods that fraudsters have come up with and how the industry is exploring strategies for payment fraud prevention, with Sorin Toma of Emerging Payments Association Asia. I would like to thank all our wonderful speakers and moderators. This outstanding event would not be possible without you. And a big thank you to our audience for your support. We hope you have enjoyed and benefited from all the sessions. I hope this has been a rewarding Payments Summit for you as it has been for us and on behalf of Akamai Technologies and The Asian Banker, I wish everyone a great day. And we look forward to welcoming you back to the Payments Summit next year. We hope we'll be able to hold it on site in person by then somewhere in Asia Pacific. And we hope to see you there. So keep your eyes and ears peeled for more information coming your way.
Host: With this we have come to the end of the Payments Summit APAC 2021. We hope you have enjoyed the event. Your feedback is invaluable to us for future planning so we can continuously improve on the content of the programme. We would be so grateful if you could take some time to complete the survey that will pop up on the screen once we end the webinar. Please don't forget to check back on the video recording on www.theasianbanker.com, Facebook and LinkedIn. Thank you and we look forward to seeing you again.