Freedom of choice. Call that the theme of this week’s column which looks at how credit unions that want can tell their core providers to take their mobile apps and shove them. Even more startling: it is possible to home-brew mobile RDC, dodging hefty monthly licensing and maintenance fees. And, lastly, it may be time for a complete rethink of how to protect mobile banking users from crooks, starting with a shift of responsibility away from the member.
The Direct Mobile Pipeline: Still think that mobile banking is another window on online banking? You just don’t get it, shrugged Robb Gaynor, founder and chief product officer of Austin, Texas-based Malauzai, a developer of standalone mobile banking solutions that bypass online banking and instead directly interface with any of many core banking platforms.
One fact: at least some core providers have not been hospitable about opening up their platform to third-party developers like Malauzai but, said Gaynor, his company has doggedly worked on middleware – software that lets one system talk with another – and the result is that it is becoming straightforward to directly connect mobile banking to the core.
That could become key because many institutions are anecdotally reporting a sharp rise in members who are mobile only. They do not have online banking, don’t want it and don’t want to be forced to set up an online banking account as a prerequisite for mobile banking. Many of the core platform developed mobile banking apps force mobile to piggyback on online by using the same log-in credentials which have to be set up in online banking. New bill pay payees also usually have to be set up in online banking in those apps too.
Which is what opens the door for specialty houses such as Malauzai which, said Gaynor, “see mobile banking as transformational. There is a usefulness that online banking cannot rival.”
And the goal of these new-style mobile banking apps developers is to create apps that dazzle users by making use of the many features built into smartphones (such as location).
Malauzai, said Gaynor, building on its relationship with corporate credit union Catalyst, presently has deals with 11 credit unions (plus 55 other customers) but he expects the pace of adoption to quicken. “Within three years we believe the market penetration will be massive. Not many credit unions are telling us, ‘Sorry, we don’t need it.’ Almost all realize they do.”
Do It Yourself Mobile RDC: The hot, must-have mobile banking add on is mobile remote deposit capture which uses a smartphone's camera to snap a photo of a check and that powers the transaction. Versions are available from Vertifi, the Massachusetts-based technology CUSO, and from Mitek, which lets mobile banking app vendors such as Fiservdo the direct selling to most credit unions.
The one consistent grumble - heard in pained yelps from smaller credit unions - is what the feature costs.
Now Austin credit union Amplify– with $611 million in assets and 44,000 members – is showing there may be a third path: Home brewing.
Vendors are vague about mobile RDC pricing – getting exact numbers is slippery – but small credit unions have told Credit Union Times about fees that involve an initial payment in the low four figures, a monthly license charge of around $500, and perhaps 50 cents per deposit, the last representing a worrisome wildcard. Were the feature to catch on with members, monthly use fees could skyrocket.
Not at Amplify, which had projected in would take in around $100,000 in mobile RDC deposits in the first month after the June 6 launch. It in fact took in $364,000, said Eric Clemons, director of software development with Amplify. “It shows how big the pent up demand was,” said Clemons.
He added that Amplify did not pay a dime in monthly maintenance fees. The credit union bought the software engine that powers its mobile RDC from California-based AllMyPapers - “We paid a onetime fee of $5,000,” said Clemons.
Then he and his team developed the mobile RDC app for Amplify members in-house. “It took around six months,” said Clemons, “but it became one of our smoothest rollouts ever.”
“This definitely is the cheaper way to go,” said Clemons, who acknowledged he was unaware of any other credit unions that have introduced a DIY mobile RDC. “We have shown it can be done and our members love it.”
Healthier apps. What if the entire approach to safeguarding members’ mobile banking experience is wrongheaded? And maybe doomed to fail. That is the provocative idea behind San Jose, Calif., venture capital-backed Metaforic which takes its start in the idea that “apps need to take their cue from biology and learn to defend themselves against malware,” said Metaforic CEO Dan Stickel.
Stickel is candid: The startup Metaforic has no credit union customers but it is beginning to get a listen in mobile banking circles.
The idea is simple. Metaforic says that relying on consumers to protect themselves is foolhardyand relying on institutional checkpoints at the mobile gateway isn’t much smarter. “You cannot protect the consumer device. Accept that. What you can do is protect your app itself,” said Stickel.
How? Per Metaforic, the shrewd move is to inject apps with code that distributes itself throughout the app. “It can communicate back if something goes wrong. What we are doing is injecting an immune system into the app,” said Stickel.
If a cyber criminal attempted to hijack the protected app, it would know it was under assault – and it could warn the financial institution to ban it, for instance.
Stickel said that the hit on performance is “less than 1%,” meaning users should see no impact on their end.
Will the Metaforic injection work in financial services? That jury is out. The important takeaway is that it’s time to rethink how to protect mobile devices when the users honestly should not be tasked with doing so, Count Metaforic as first steps in what will probably be many new directions in security.