Has the revamped Google Pay app gone one better than Open Banking and PSD2?

Next story

Late 2020 saw Google launch its updated Google Pay app. If you follow these sorts of things, the revamp ups the ante in an ever more crowded FinTech marketplace. The launch may simultaneously signal intent not only to challenge rival Apple Pay, which accounts for around 5% of global card transactions, but to transform the digital finance market. The update may accomplish this in many ways, but chiefly because the innovation being offered introduces the product to a landscape governed by two alternative approaches to future forms of digital finance, with open banking perhaps chief among them.

The first is a future largely governed by regulation via the EU’s Revised Payment Services Directive(PSD2), which mandates European banks “open up” and allow licenced third-party providers (TPPs) of financial services to access securely their customer-account data, which then encourages customer empowerment through increased innovation and competition among banks and other financial service providers. In this environment, success is determined largely on benchmarking improved market competition, data integration, security and consumer empowerment. The second approach, found in the US, sees both Google and its pay app competing and innovating in a market driven not by regulation, but by consumer demand and adoption. While regulation in the US is sure to come, at present we haven’t seen any activity on par with PSD2.

Before going further, we would like to point out that ESET, while not involved with Google Pay, has several ongoing partnerships with Google related to security. More details can be found here.

So, what’s new with Google Pay anyway? With a solid 150 million users in 30 countries and five years on the FinTech market, the revamp, while continuing with existing wallet features, increases focus on personal finance and enables users to search more easily for competitive offers of financial services more easily. Google Pay now also includes Plex, an integrated mobile-first bank account with both checking and savings, no monthly fees, no overdraft charges or minimum balance requirements, and built-in encryption and other security features.

Google Pay’s new feature set parallels many of those introduced to European banks via PSD2 – as applied since 2018. For example, Google’s revamp has an in-app market of service offerings akin to leading apps from Erste Group’s George or Intesa Sanpaolo’s XME Banks, both built to comply with PSD2’s clauses on increased competition. These days, entering “[EU bank name]” and “open banking” into a search engine will find either an open API developer portal or an open banking landing page – almost as if banks have created Google Play-like marketplaces with various integrations as core to their own services.

 
Image 1. Intesa Sanpaolo’s PSD2 Developer Portal sites

 

Divergent approaches to innovations in global finance

Finance may be global, but approaches to innovation haven’t fully caught up. If you are in the US, for example, where no regulatory construct like PSD2 is pushing banks to open themselves to increased competition from alternative financial providers and additionally to open their systems to data sharing and integration with tech companies, then Google Pay’s revamp may seem like business as usual. That is because in the US, trends in innovation have tended toward the tech industry gathering as a collective to introduce and promote change or, in this case, openness (open APIs, open data, etc.). Where the industry may fall into anti-competitive behaviours or fail to adopt or rationally govern change, the government will either break up, shake up or reel in the industry via threatened or actual legislation. That, however, is not the case in the EU, where three years into a PSD2-regulated banking environment, banks largely promote themselves on their openness in granting third-party access to their data and systems within the Open Banking environment. Here, provision for developer portals, open APIs and banking system architecture is a legal requirement. However, whether the legislated competitive environment brought by the measures actually benefits consumers remains to be seen.

Reading the press release and various blogs about the updated Google Pay app made us wonder whether they were loath to watch idly as EU banks demonstrated technical progress, albeit innovation largely driven by regulatory compliance. While the post-2017 period was a busy transition period for many European banks to demonstrate Open Banking, the 2020s may see an even busier move to an open data economy. Simply, this was a journey destined for Google to embark upon.

 
Image 2. INNOPAY’s Open Banking Monitor


This is a journey in which some might argue that EU banks are pulling away from their US counterparts. However, despite the fact that US banks have been largely standoffish about opening up, the less integrated and regulated environment hasn’t necessarily hurt innovation. Instead, much of it has been driven by FinTech developers, many making inroads into traditional service offerings in trading and budgeting apps, for example, or engineering massive profits and markets with virtual currencies like cryptocoins. Furthermore, Google apparently didn’t need regulators to ‘speed date’ the finance and tech sectors to innovate. Was the revamp of Google Pay a way to hedge bets and build critical experience with Open Banking and Open Data, albeit without a PSD2-like regulation to open the way, or just a reflection of organic innovation?

Contrasting Google’s moves with those of the EU’s leading banks seen here in INNOPAY’s Open Banking Monitor (OBM) – Developer Portal benchmark (update May 2020) it does seem Google has good reason to get deeper in the mix. Just by gauging maturity with respect to “developer experience” in open API development and “functional scope” of APIs for the EU-regulated banking environment, a number of large Europe-based global banks are already knee-deep in the technology and data game (including a smaller number of US-based banks and banks with a strong US affinity).

 

A race to the money or the data?

Innovation that is needs-driven has gained traction fastest. In smaller economies – with tight margins – FinTech has strong traction: Sub-Saharan Africa with its one billion peer-to-peer users on mobile money leveraging platforms from M-PESA and MTN Mobile Money, for example. Asia? Well, it follows the US’ leveraging of FinTech closely with TenX, Quoine and Keyber network, to name a few popular apps. Thus, EU stands as a prize, perhaps not for its large but fixed banking demographic, but when seen as a vast market of user data. November’s relaunch saw Google Pay become available (enabled by Mastercard) for the first time in 10 additional EU countries, including Austria, Estonia and the Netherlands – markets already considered very digitally progressive. From this angle, Google Pay’s move into new geographies may take on more significance. Is this all leading to a showdown between US and European approaches to FinTech and banking innovation? Not likely. Ironically, Google Pay’s landing in Europe may be doing PSD2 a favour, giving the EU’s banking environment an organic injection, further widening consumer choice. In contrast, innovation in the US’ relatively unregulated environment, seen by most technologists as a greenfield lacking the restrictions imposed by top-down approaches and instead determined by market-driven innovations, app utility and security, now has a new playground.

 

Can it all stay secure?

Questions around the security of APIs, system integrations and standalone FinTech apps across a diversity of platforms, as well as different approaches and norms for authentication and encryption of financial and personal data, hover around FinTech, the democratisation of finance and Open Banking. Regardless of any competition between approaches, both efforts share one key requirement – security. Security will make or break this evolutionary step, and with all eyes focussed on COVID-19 and its transformative impact on finance, the stage has been set for suspense.

With the European Banking Authority’s December 31, 2020, deadline for implementation of Strong Customer Authentication having elapsed, compliance will be front and centre for banks and businesses in 2021. In the US too, much research has gone into identifying security gaps and addressing concerns around data security and secure processes for FinTech apps – with concerns around Mint and Robinhood as notable examples. However, much of this technology will still be new to many users worldwide. ESET’s recent global B2C FinTech survey of 10,000 participants revealed that 40% of consumers worldwide use between one and three FinTech applications; only half of those consumers have security software installed on all their personal devices. Addressing security will remain a key question for innovators on both sides of the Atlantic.

All that said, a globally-recognised player like Google – with extensive investments into protective technologies, security partnerships and, within the Google Pay app, security technologies like built-in encryption and virtualisation of account numbers – would be remiss not to ensure its FinTech offer in Europe. This demonstration of leadership, especially with respect to the valuable data economy, means delivering viable FinTech in the EU’s single market and offering both its unique expertise and scale in providing a safe place to innovate in the future of finance. All the same, follow FinTech: it’s a useful vehicle, delivering critical topics around the future of finance, cybersecurity and digital transformation.