European Rails for Identity, Payments & Data?

I sat down with the marketing team at Anthemis to discuss the opportunities and geopolitical challenges of open finance. This is the fifth part in a series of five articles. You can find part one on premium APIs here, part two on PSD2 here, part three on the geopolitical motivations of European Open Banking here and part four on the ramifications of Brexit here.

Hi John, I’m lost already, European Rails? High Speed trains?

Well let’s go back a few steps. A lot is happening in the EU at the minute with elections and referendums and legislation. So much so that sometimes we can lose sight of the objectives, especially when they’re one degree removed from our day to day life. “Rails” is a term usually used to refer to the connected technology and infrastructure needed to facilitate payments. Visa and Mastercard for example have created significant payment rails to facilitate credit card transactions. Companies then pay Visa and Mastercard to use those rails. I believe there is increasing evidence to suggest that the EU is trying to create a public-private rails utility in Europe that goes far beyond the existing capacity of payment rails.

What makes you think that?

There is a lot going on but it’s important to keep in mind that the EU is desperately trying to encourage a cohort of global digital players in Europe. It puts us at a significant disadvantage that we’re a massive buyer of digital goods and services but we are an insignificant producer. To understand why it seems like the EU are trying to create connected, interoperable, interaction infrastructure you need to consider what’s happening in parallel across three interdependent verticals; Data, Identity and Finance.

Alright, let’s start with Data.

Specifically personal data. GDPR effectively set the definition of personal data and then mandated that the rest of the world accepted that definition if they wanted to sell into the world’s largest trade bloc. This disadvantaged American tech companies who now need to treat European citizens differently than citizens in other jurisdictions. The right to be forgotten, privacy by design and the ability of citizens to lodge a complaint in any EU country regardless of where in the EU the company is based were also distinctly anti big tech, which by default was anti American corporate interest. PSD2 will also shift significant quanta of transaction data out of the hands of merchants and onto the servers of regulated entities. This, I expect, is the beginning of the age where a licence will be required to hold personal data.

OK, so the EU are progressive on private data. What about Identity?

Well personal data is obviously derivative to identity but it is identity that bridges the gap between personal data and finance and it is an astoundingly complex subject. Even defining it gets difficult but it’s becoming clear that robust identity infrastructure is the key to everything from micro-payments to free movement of labour. If the EU is able to create a layer of immutable and secure but accessible identity infrastructure that citizens can leverage for payment initiation, authentication and authorisation as well as the facilitation of mobility, it will expedite everything from opening an account to securing accommodation. The parliament have actively discussed amending the fourth anti-money laundering directive to solve for Bitcoin based fraud and illegalities and it seems clear the the EU would like to develop its own identifiable distributed ledger infrastructure. People often think that it will be Facebook or Google that supply the identity products but it seems naive to think that the EU will be content to allow state compromised corporations to own and manage the data relating to European citizens data.

And how does finance fit into this?

PSD2 will actively seek to displace credit card rails in their current form through direct account payments and rapid settlement times. Cards won’t be as attractive for ecommerce due to cost and the banks and adjacent players are actively developing short term credit alternatives. Whilst MIFID2 and IFRS9 will have obvious impacts of the way we treat and account for financial instruments it is the continuing intent to create a Capital Markets Union in Europe to make banks less dependent on international wholesale funding that is particularly interesting. The upshot being that within five years the world’s largest trade bloc is likely going to have a highly interoperable retail and SME banking environment delivered through APIs and microservices as a result of PSD2, as well the beginnings of a capital markets union to reduce the need for smaller single jurisdiction licensees to pay higher costs for access to capital.

Is this like what they’ve done in China with credit scoring?

Credit scoring may well be an aspect of it but no, I’m suggesting something far more elegant. China created universal credit scores, I’m suggesting that Europe intends to create a regional network of standardised APIs, smart contracts and microservices to enable free transactions, with immediate settlement, leveraging distributed identity architecture for verification and machine regulation allowing any start-up immediate access to the world’s largest marketplace in order to drive growth in Europe through a new generation of digital companies.

Ok. So how would that work exactly?

Consider this. A start-up begins business. They employ freely available, standardised microservices architecture that allows them to interoperate with any business in the EU, with absolute fidelity, immediately, without knowing them. They can sell to any customer and expect payment immediately, regardless of country of residence, without paying fees. They can partner and un-partner quickly with other companies to take advantage of opportunities in other countries as they arise. They can pay for access to large repositories of user data to assist with decisions on products or strategic expansion. Or a more practical example; I move to a new country and I can lease an apartment and pay my rent without ever needing references or a new bank account because my payment ability and identity is connected through one platform. The landlord can verify I am who I say I am, see my previous rental, work and character references, with my permission and set up the payment order. Does that make sense?

Yes. I get it. So how will this affect non EU companies?

They’ll have to pay a form of tariff to rent the rails. It will be a stealth tax cost of doing business in the world’s largest trade bloc that will mean European offerings should be more competitive in the region. This tariff will be amended as needed to adjust for trade requirements, e.g. low or no charge for regions adept at producing goods Europe wants but doesn’t produce with a comparative advantage. I expect most large jurisdictions or economic areas will look to do the same over time. They just happen to be a long way behind.

European Rails for Identity, Payments & Data? was originally published in #hackingfinance on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tags: data EU fintech open banking

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__RequestVerificationToken	session	This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.
_abck	1 year	This cookie is used to detect and defend when a client attempt to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.
34f6831605	session	General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
a64cedc0bf	session	General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
ak_bmsc	2 hours	This cookie is used by Akamai to optimize site security by distinguishing between humans and bots
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
AWSELB	session	Associated with Amazon Web Services and created by Elastic Load Balancing, AWSELB cookie is used to manage sticky sessions across production servers.
bm_sz	4 hours	This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions
cf_ob_info	past	The cf_ob_info cookie is set by Cloudflare to provide information on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic.
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
CONCRETE5	session	This cookie is set by the provider Concrete5 web content management system. This is a necessary cookie used for maintaining the user session between pages.
connect.sid	1 month	This cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookiesession1	1 year	This cookie is set by the Fortinet firewall. This cookie is used for protecting the website from abuse.
crmcsr	session	General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
ep201	30 minutes	This cookie is set by Wufoo for load balancing, site traffic and preventing site abuse.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
sxa_site	session	This cookie is used to identify the webiste visitor's session state across page requests on server.
ts	3 years	PayPal sets this cookie to enable secure transactions through PayPal.
ts_c	3 years	PayPal sets this cookie to make safe payments through PayPal.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.
663a60c55d	session	This cookie is related to Zoho (Customer Service) Chatbox
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
e188bc05fe	session	This cookie is set in relation to Zoho Campaigns
geo	session	This cookie is used for identifying the geographical location by country of the user.
iamcsr	session	Zoho (Customer Support) sets this cookie and is used for tracking visitors (for performance purposes)
lang	session	LinkedIn sets this cookie to remember a user's language setting.
language	session	This cookie is used to store the language preference of the user.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
optimizelyEndUserId	1 year	Optimizely uses this cookie to store a visitor's unique identifier which is a combination of a timestamp and a random number. Different variations of web parts are shown to users that optimizes the website's user experience.
tableau_locale	session	Tableau uses this cookie to determine the preferred language and country-setting of the visitor - This allows the website to show content most relevant to that region and language.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	never	This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_id	never	This cookie is set by Segment to track visitor usage and events within the website.
ajs_user_id	never	This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
sid	1 year	The sid cookie contains digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time.
uid	1 year	This is a Google UserID cookie that tracks users across various website segments.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
WMF-Last-Access	1 month 21 hours 5 minutes	This cookie is used to calculate unique devices accessing the website.

Cookie	Duration	Description
_dc_gtm_UA-1038974-4	1 minute	Used to help identify the visitors by either age, gender, or interests by DoubleClick - Google Tag Manager.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_pxhd	past	Used by Zoominfo to enhance customer data.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
049fc2ef5beb27056b07d9e4c4d13fd3	session	No description
akaalb_http_misc_subs	session	No description
AnalyticsSyncHistory	1 month	No description
BIGipServermsocu-web-2-rr.webfarm.ms.com.10882	session	No description
bm_mi	session	No description available.
CX_406152288	1 year	No description
DCID	20 minutes	No description
debug	never	No description available.
DrupalVisitorMobile	session	No description available.
ep203	3 months	No description available.
frbatlanta#lang	session	No description
geo_info	1 year	No description available.
GoogleAdServingTest	session	No description
li_gc	2 years	No description
loglevel	never	No description available.
loom_anon_comment	session	No description available.
loom_referral_video	session	No description
mkjs_group_id	never	No description available.
mkjs_user_id	never	No description available.
MorganStanley.ClientServ.Common.IPZipAccess.IPZipCookie.DEFAULT_COOKIE_NAME	past	No description
NSC_us_nbsl-83+63+21+25-91	session	No description
nyt-a	1 year	This cookie is set by the provider New York Times. This cookie is used for saving the user preferences. It is used in context with video and audio content.
nyt-gdpr	6 hours	No description available.
nyt-purr	1 year	No description available.
OCC_Encrypted_Cookie	session	No description
polleverywhere_session_id	14 days	No description
ppnet_2020	session	No description available.
ppnet_2777	session	No description available.
reuters-geo	session	No description
shell#lang	session	No description
smcx_0_last_shown_at	session	No description available.
tableau_public_negotiated_locale	session	No description available.
vary	1 month	No description
www#lang	session	No description
X-Vive-Country	session	No description
xn_uuid	1 month	No description

European Rails for Identity, Payments & Data?

5 Chinese fintechs making waves in the U.S.

Bank Branch Isn’t Going Anywhere (At Least for Small Banks)

Related Posts

Fiserv, Global Payments, FIS tap M&A for growth

Fiserv resolves data center outage

Auto aftermarket sees rising need for BNPL

Bank Branch Isn’t Going Anywhere (At Least for Small Banks)

Stay Informed with Our Newsletters

EMERGING FINTECH DIRECTORY

The Buzz Podcast

RETAIL BANKING

Huntington Bank resolves outage

Barclays, Banco Santander, Lloyds plan product expansion

Online banks lead FIs in customer satisfaction

SPONSORED

Just Released! 2025 Strategy Benchmark

Leverage Treasury Management to Turn Fraud Prevention Into a Strategic, Revenue-Generating Opportunity

A growth mindset in banking requires AI

Connect

Welcome Back!

Retrieve your password