„The SCA launch: a 5-minute instant soup?“

„The SCA launch: a 5-minute instant soup?“

POSTED ON 01. OCTOBER 2019 BY RALF HESSE & DAVID KRUSE

 

On 14.09.2019 the martyrdom of European payment diversity in electronic payments began

What has happened so far …

When the European Commissioners were considering an amendment to the PSD1, which came into force on 1 November 2009, the desire for greater security in electronic payment transactions was one of the driving factors, along with the idea of a level playing field in the payments market. Very noble and also challenging goals, which were certainly owed to the market events in the electronic payment industry.

Strong Customer Authentication (SCA), as one of the driving factors in the PSD2, should reduce the problem of uncontrolled misuse in electronic payments by allowing electronic payments to be doubly secured through independent authentication procedures. So far, a really commendable approach, which should help to get the fraud problem under control.

For the implementation, however, a definition of a catalogue of requirements was required, which had to describe exactly this so-called two-factor authentication (2FA) in the payment systems of the EEA payment service providers. In accordance with the motto “many chefs spoil the broth”, the star chefs of the European Banking Supervision Authority (EBA) were put in front of the stove in Europe, supposed to cook exactly this soup with the ingredients of the Strong Customer Authentication (SCA). The EBA soon found out that the ingredients for preparing the soup were not clear to them and asked his assistant chefs – the payment service providers – how the composition of the soup should be made. By the time this survey and information gathering was complete, our star chefs had written down their recipe in the Regulatory Technical Standards (RTS).

And now the great cooking began…

From water pot to finished soup …

On 27 November 2017, BaFin adopted the “Delegated Regulation (EU) 2018/389 of the Commission of 27 November 2017 supplementing Directive (EU) 2015/2366”, the German implementation of RTS. So the RTS now manifested the basic technical rules in the German text of the law that were supposed to make the SCA soup boil – and preferably with a pleasant taste for everyone. At the same time, 14 September 2019 was mentioned as the target date by which all EEA payment service providers must authenticate their electronic transactions according to a “new reading”.

However, card-based payment transactions are based on the networks of the large credit and debit card organisations (VISA, MasterCard, American Express, JCB, Diners, DK, etc.). Exactly these scheme operators have now been ordered to draft a set of rules which integrates the information on the adaptation measures required in the RTS into the processes of the individual parties. This implementation in the individual companies was implemented centrally with the introduction of the new 3D Secure 2.0 (3DS2) protocol. Unfortunately, however, there was a whole cookbook of rules per entity that had to be taken into account with the use of 3DS2. And as is usual with cookbooks, these are never congruent across the board – at best similar – which naturally led to a significant increase in the requirement criteria for technical implementation.

Now the big guessing began. The payment market is a very heterogeneous system in which many service providers have different tasks and responsibilities. The EBA, as the initiator of the amendment, only spoke and talks to the regulated payment institutions and service providers and prescribes the newly adopted procedures for them. Other service providers involved in the service chain (e.g. MPI/3DS2 operators, GDS (Global Distribution Systems) such as Amadeus or Sabre, etc.) are not or were not directly affected by the SCA requirement, but sometimes play a major role in technical/operational processing for the execution of authentication. The pure authentication process is therefore a regulated process, which should, however, sometimes be implemented by unregulated service providers – a contradiction in itself.

Many cooks spoil the broth…

The payment processing empire consists of many parties. There are the

  • Merchants whose bad experience from 3DS1 could repeat or even increase their skepticism about negatively influencing the conversion rate with a new authentication process (Strong Customer Authentication).
  • PSPs who are interested in a constant or increased number of transactions with the broadest possible use of their payment type portfolio
  • The acquirers who do not want to lose any sales in the credit/debit card business with SCA either
  • Schemes that see securing revenue as a top priority in the new authentication process, but at the same time must comply with regulatory requirements
  • The issuers, who want to ensure the implementation of regulations in the field of payment. In addition to reducing the number of fraud incidents, this also implies securing the portfolio volume of their card portfolio.

All these parties and stakeholders are involved in the implementation of the SCA requirements, but sometimes pursue very different objectives and interests.

As a result, certain use cases are not considered at all or only peripherally by one or the other party. However, it is at least as irritating for the payment ecosystem that different stakeholders interpret and implement supposedly identical facts in different ways – and this in the absence of clear regulatory or defined specifications of the schemes.

A very prominent example of this is the very hotly discussed handling of key entry transactions in the travel and tourism industry in recent weeks. With this transaction type, card data is entered manually into the payment terminal at the point of sale or an online input screen (sometimes without the cardholder being present). Since neither the regulator describes these transactions as “electronic payments”, nor the card organisations themselves present an alternative to the SCA obligation, this increases the creativity of merchants (and thus the service providers serving the merchant, PSPs and acquirers) to circumvent the SCA obligation.

Unfortunately, there is no homogeneous procedure or guideline for implementing SCA logic that has been agreed with all parties.

The oversalted soup: not only a bitter aftertaste

Since 14.09.2019 the PSD2 and with it the strong customer authentication has officially entered into force and many open questions are still unanswered. The business transactions in the aforementioned travel and tourism industry are particularly affected by this.

The ignorance of the regulators – be it the EBA or the respective national regulator (BaFin) – have fueled the uncertainty in the market in recent weeks through its reluctance to make decisions rather than to rebute it.

Unfortunately, the result is not quite unexpected. Large and well-known players in the payment ecosystem such as Amadeus and Galileo have already informed their customers that their systems will not be able to fully meet SCA requirements by 14 September 2019. Although this is only a restrictive statement, it nevertheless shows that the time period for implementing the outstanding questions was not sufficient. And this is exactly what BaFin has not yet wanted to take into account, despite the ever louder signals from the market and also from the companies regulated by BaFin.

The previously mentioned 3DS2 protocol has a decisive advantage compared to 3DS1, which raises the justified hope that a drop in the conversion rate can at least be avoided: the so-called “frictionless authentication”.

In this process, the merchant provides the issuer with a complete set of additional, risk-relevant information that the issuer can evaluate itself and then approve the transaction or payments without interacting with the cardholder. On the one hand, this procedure removes the liability of the merchant for the loss event and transfers it to the issuer, and on the other hand does not require any further interaction with the cardholder, which could possibly lead to a termination of the transaction.

But since – as things stand today – neither the issuers know exactly which parameters for evaluation in their fraud prevention systems will really have a positive effect on smooth transaction processing, nor the merchants are able to transmit the optional fields required for the issuers in the authentication message across the board, the market runs the risk of not using this powerful instrument at all. The PSD2 guidelines should avoid exactly this.

And it is precisely at this point that it would once again be necessary to have a regulative specification through the corresponding schemes, which would put the issuers in a uniformly defined state.

Seasoning of the soup and its improvement

Ultimately, however, the BaFin gave in on August 21 – at least for the e-commerce sector – and announced in its statement that it would tolerate e-commerce transactions that had not (yet) been SCA-authenticated for an indefinite period of time. However, the SCA obligation was by no means lifted as of 14 September 2019. According to our star chef, the BaFin will never give up its SCA soup, but rather try to make it “bearable” for the consumer by skillfully tasting it.

However, BaFin must not forget when “tasting” that it is only one of the assistant cooks of the SCA soup. An inhomogeneous handling in the EEA of the toleration regulation described above generates an even greater sense of uncertainty than is already the case. Nationally differing regulations would confuse both the merchant and the cardholder to the maximum. To avoid precisely this situation, a much clearer EBA specification would be much more helpful.

Therefore, it remains to be seen to what extent this will be achieved or implemented.

Summary of the cooking course

As already mentioned, the uncertainty on the market in dealing with the use of SCA has clearly stimulated the creativity of the merchants due to the acute urgency before the implementation on 14.09.2019. This sometimes goes so far that in the absence of suitable SCA alternatives, so-called “alternative payment methods” (such as PayPal, Paydirekt, Wallet systems, etc.) are given preference over SCA-liable card transactions. The operators of these alternative payment methods observe this extremely favourable effect with a broad smile for them, as without extensive marketing expenditure they do profit from the lack of coordination and the weaknesses of the regulatory system without own effort from the competitors. And this was – and cannot have been – in the spirit of the regulator when the SCA obligation was developed (we remember the goal of increasing competition).

Even if the SCA obligation has now entered into force on 14 September 2019 – albeit in a weakened or delayed form – the toleration period with regard to the PSD2 guidelines should be used sensibly. Above all, one should learn from the mistakes since the release of the RTS. And this learning effect must start with all parties involved, so that after the end of the toleration period there is no D-Day again and nobody knows how and when to prepare for it. The alarm signals for such a situation are already red, as merchants have already announced that they will only activate the SCA obligation at the end of the toleration period, in order not to suffer a competitive disadvantage against the competition themselves prematurely.

Coming back to the initial concern of the SCA obligation – namely the reduction of fraud and thus the safeguarding of cardholder integrity – it can only be stated at this point that the EBA, with its chef assistants, the national regulators, has led the “SCA project” up the garden path for lack of clearly defined specifications. Let us hope that the regulators have learned from the past months.

Only a common approach involving all stakeholders in the payment ecosystem can guarantee the desired success with regard to rule-compliant SCA use. It would be a pity if the opportunities opened up by SCA for clear security and also for a customer and cardholder-friendly authentication procedure could not be exploited due to exceptions and the ignorance or decision-failure of the competent authorities.

„Status Quo in B2B Payment Transactions: From Desire to Reality“

Status Quo in B2B Payment Transactions: From Desire to Reality

POSTED ON 18. JUNE 2019 BY NIKLAS SIMON

 

While citizens in Germany are consciously or unconsciously using new and innovative forms of payment beyond cash, mobile-only banks and other payment means driven, among other things, by Fintech’s, the use of innovative methods is stalling in other areas of banking. We are talking about the complex subject of corporate banking, here in particular with a view to payment transactions.

 

But why is that?

 

We’ll start with an example: “Please help the authorized signatory of company XY to fill out the bank transfer form and then submit the floppy disc for processing the salary payment to the back office? ” Does that look familiar to you? The cashier’s inquiry might have sounded like this or something else in the training of a bank clerk.

The training was completed years ago and (fortunately) a lot has happened in payment transactions apart from cash payments and accounts. Or isn’t the difference to the past then so great? For comparison: 10 years ago Steve Jobs presented the first iPhone. Considering the development stages the iPhone has gone through as a smartphone since then, the further development of payment transactions by corporate banking customers over the past decade has been very cautious.

Payment transaction requirements differ considerably among users (private customers or corporate customers). The thought leaders, digital natives and technology nerds attach importance to an appealing user experience and innovative features in their private environment. They now want to enjoy all facets of the banking business digitally far beyond the online account alone. However, companies pay much more attention to issues such as security, data protection, system stability and the (unfortunately) well-known “never change a running system”. Despite increased private curiosity about innovative, digital products for finance and money, progress among corporate customers is almost non-existent.

 

But what or who can be a driver of innovation and where is a corporate customer’s payment traffic heading?

 

A company has two essential requirements for its payment transactions

1.) Receipt of information in the form of an (electronic) account statement, and

2.) the execution of payment transactions (e.g. bank wire transfer)

This is usually controlled and managed via an electronic banking system. Communication is largely defined by the EBICS standard. In particular, the introduction of SEPA was and is for many corporate customers a (first) major step towards the professionalisation of payment transactions. The conscious examination of the existing path of payment transaction management showed the status quo and highlighted the strengths but above all also the weak points. SEPA provided the Cash Manager/Treasurer with a tool which, if used correctly, increased efficiency and can continue to do so. Through the introduction of SEPA, formats were defined that are identical in the SEPA area and thus make payment transactions across national borders easy.

Now, however, there are some limitations. Very often, medium-sized companies in particular use systems for payment transactions and account management that meet the minimum requirements for an electronic banking system but slow down the modernisation, automation and professionalisation of payment transactions within companies. Why is that? Habit, fear of change, personal preferences, no trust in future generations and technologies?

Quickly we end up with the ‘chicken-and-egg’ problem. Should banks set the course and impose their own digital agenda on companies and, for example, offer modern electronic banking systems with great features, if possible by use of a block chain (somewhat exaggerated) and interface-optimized? Or does this impulse also have to come from the companies? Do the banks have to make their customers much more accountable for this, or must mutual understanding first be established? Is such, almost cooperative, behaviour possible at all, or is the relationship between customer and service provider too pronounced for this?

 

What do companies want when it comes to payment transactions?

 

According to a study conducted by Commerzbank together with FH Mittelstand, companies today want to manage their liquidity and cash flows holistically at all times. In the past, it was only administered, today it used to be efficient, active and professionally managed – also through the use of software. The reasons for this are transparency, reduced transaction costs, intra-group liquidity management and automation. A cash management system/electronic banking system is now used by around 50 percent of all companies (both large corporates and SMEs).

Despite the use of an electronic banking system, only 10 percent of companies also use access via an app to a mobile device or tablet. Unlike private use, where a variety of third parties now access our financial information, companies do not want their information to be used by third parties (excluding tax advisors and auditors). This was stated by 75 percent of the respondents. A similarly high number of users of cash management systems do not expect cash management to be interconnected with other internal systems for the reasons of data protection and security mentioned above. It is astonishing when one looks at the already described curiosity for innovation in the private environment and digitisation activities in other areas of a company.

Nevertheless, many employees in finance departments make an effort and claim to gradually transform the structures that have grown over time into the modern and digital world. No quantum leaps, but adapted to the circumstances. This is where the banks come in.

 

What do the banks want concerning the payment traffic of the future?

 

The attractiveness and earnings potential of corporate customers should be a source of inspiration for domestic banks. Confidence remains high and the hurdles to switching after setting up a functioning electronic banking system including payment transactions are very high. Enough reasons to continue to act as the hub of a corporate client’s finances in the future. However, there is only limited time to rest. The banks find themselves in a competitive crowded-out market and are attacked by large foreign banking institutions and above all technology groups.

Banks often offer their customers cooperations with partners or set up platforms that provide the customers with supposed added value without responding to the concrete wishes of the customers. Fintech’s many good ideas and in-house approaches are made available to the customer as unfinished piecework without (felt to be) a clear strategy. Whether there is a concrete need is often only questioned in the next step. The developments within the banks are thus developed independently of the customer and, in many cases, are not in line with the customer.

Banks want to make their services appealing to customers through their advisory strength and expertise. The Transaction Banking departments advise their clients with experts on all topics and information relating to the transaction business. More complex issues in particular, such as the sale and payment of a machine or the provision of a service abroad, are complex, cross-border and cross-currency and require the bank’s expertise or correspondent banking network. Here the banks currently still have a very large asset to defend. Many new players on the market, such as Transferwise in foreign payments, portray things that were originally a traditional banking domain (see also Michel Hilker’s blog article “Quo vadis AZV“).

In addition, banks not only want to make their corporate customers happy, they also want to drive their own processes forward. Because in order to offer a customer an innovative product, you have to be an innovative bank that can also provide and execute these products. Often a break in the thought process between the wishful thinking of “modern bank” and reality.

 

Common denominator!?

 

We see that a professionalization and a certain rethinking has begun in the finance departments of companies. The desire for changes is there, but from the point of view of the respective departments often resembles an open-heart surgery at the payment transaction processes. An adaptation is only possible step by step. The bank must create system-side conditions in order to be able to implement new systems, processes and requirements and not remain stuck on its “legacy”. The often cited “thinking from the customer’s point of view” must also remain a strong focus in corporate banking. The banks should avoid going it alone.

Companies must initiate and closely accompany the change of their systems, and there must be a strong commitment by the employees conducting the change and the responsible management. The active involvement with the topic of payment transactions must be an essential part of the job profile.

The majority of medium-sized companies should give the coming technical and personnel generations in the finance departments the chance to implement new approaches and to trust these approaches as well as the executors. Otherwise, the desire for progress remains only a wishful thought – and not only with regard to payment transactions.

„The OSTHAVEN view of the present & future of Artificial Intelligence in Banking & Payment“

The OSTHAVEN view of the present
& future of Artificial Intelligence in Banking & Payment

POSTED ON 16. APRIL 2019 BY TIM DANKER

 

Are we really abolishing ourselves?

 

The topic of artificial intelligence (AI) has been discussed so often in recent days. The German government plans to spend several billion Euros to make Germany fit and to keep up the pace in the dramatically increasing competition of R&D within the field of AI. Companies from Silicon Valley compete with transfer fees for demanded researchers. One might think that AI is about to seize world domination. The myths and stories picture various horror scenarios and outdo each other in drama. Celebrities like Elon Musk and the recently deceased Stephen Hawking warned of nothing less than the downfall of mankind.

High time to take a look at this topic on our OSTHAVEN blog – factually, differentiated and specifically related to our industry – Banking & Payment.

 

Artificial? Intelligence?

Let’s start by taking a close look at what we are actually talking about. Before we deal with the “artificial” part of intelligence, let us first focus on the topic of “intelligence”. To this day, the field of “intelligence” is largely unexplored and lacks a clear definition of what exactly intelligence is. The existing definitions blur between biology, physics and philosophy. Up until today we do not understand exactly how we humans actually function. Expressed in lay terms, one can say that our body is streaked by nerve tracts and muscles, whereby in their control centre, the brain, all threads run together. Neurons flow back and forth in our brain and nerve tracts, switching and acting in a similar way to modern computer processors in our thoughts and actions. From birth, and actually before that, we humans gradually learn all our abilities. During our first weeks of life, for example, our brain learns that what we see in front of our own eyes are our own arms, hands, legs and feet and that we can control them with targeted muscle contractions. So the cute clumsy baby, who unconsciously hits itself in the face with the hand, eventually becomes the cute toddler, who consciously takes his shaky first steps. Behind this process lies a complex interaction of nerves, brain and muscles that we have not yet fully understood. You could say it’s a miracle. But the more we explore the field, the more we see that what looks rather complex at first glance is on a small scale simply the interaction of biological and physical processes. It gets even more complicated when you think about what exactly our soul is, where our free will comes from and in very simple terms what makes us get out of bed every morning and what makes us do everything we do all day long.

The vernacular would declare us humans as intelligent beings. Some certainly more intelligent than others. Humans do things using their mind. Humans are weighing a given situation and decide based on their assessement of the situation. Humans plan ahead and anticipate. Humans act based on experience and what has been learned. Humans try out. But humans also do make mistakes. Why is that? This is a question that we are unable to answer completely based on the current state of knowledge. But we are certain – we are intelligent.

Now the human race has set itself the ambitious goal of artificially recreating “intelligence”, which it neither understands nor is able to define precisely. So let us note that we cannot exactly understand or even define the target we are pursuing.

We now have arrived at the interesting aspects of this dilemma, which makes this topic incredibly attractive, exciting and complex. Research on AI is entering a new field, driving and chasing other fields of research forward and has even helped us humans to better understand ourselves.

Broadly speaking, we have begun to reproduce the researched areas and functions of the human brain with computers, which are ultimately very complex electronic circuits.

 

Man versus machine – two simple examples

For the following thought experiment imagine a photo of any cat. Who will recognize faster whether the animal on the photo is a cat – man or machine? The answer is usually man. For another thought experiment, please briefly consider who will find it easier to calculate the following formula: (2342 * 2345) / 234444 + 23445 * 12499584 – man or machine? In this discipline we would most likely be beaten and use a calculator instead.

A researcher at Stanford University, together with Google, has taught an AI to recognise cats in images. Any cats, in any colors, positions and clippings. For this, AI had to be trained manually in a cumbersome process with over 1 million images. But if you present this artificial intelligence with a picture of a dog, it is at a loss.

What we can learn from these two thought experiments is that computers can work insanely well with structured, formalised content, such as mathematical formulas. There are clearly defined numbers, operators and calculation rules that have to be adhered to in order to reach a result. Computers can do this at speeds unthinkable for the human brain.

We can also see that human brains, together with its various senses, can work impressively well with unstructured and incomplete data sets. As an infant we once learn what a cat is and can recognise cats until the end of our lives; and that goes also for cats in other colours and completely different forms. We humans are able to abstract the format “cat” accordingly and apply it in completely new circumstances. The easiest way to make this clear is that every human who knows what a cat looks like can usually draw a cat. These drawings usually have at least one thing in common – pointed cat ears. Most of the time we also add a cat tail.

We owe it to Stanford University’s impressive research that we are able to train these skills on computers as well. At the same time, this research also highlights the enormous challenges that such a goal entails and, alongside, illustrates the very different strengths and weaknesses that we humans and computers have.

 

Fields of application of AI in banking & payment

In the area of payment, the topic of AI, especially machine learning and pattern recognition, has long been a fixed component. The most prominent and widespread example is risk monitoring at payment service providers and credit card companies. Today, systems based on artificial intelligence generally support the real-time detection of credit card fraud. Companies such as Risk Ident, Fraugster or Feedzai have established themselves in this area, but companies such as Adyen also count on these technologies. The Otto Group company collectAI is currently establishing itself in the field of receivables management, which implements a customer-centric approach in receivables management that is optimised, automated and individualised through AI, thereby reducing effort and costs and at the same time achieving higher success rates in the receivables process.

The use of new technologies in banking is somewhat more differentiated and not widely used yet. First market participants established themselves in the area of Robo Advisor, such as Scalable Capital, which is pursuing a value-at-risk investment approach and uses advanced risk management and simulation algorithms based on AI technologies. Interestingly enough, final investment decisions are still controlled by humans. More and more applications can be found in the field of bank account analysis, which automatically allocate expenses to categories and detect patterns in account movements in order to plan or control budgets and expenses. Examples in this field are the App numbrs, Kontowecker of the savings banks or N26. Programs that automatically trigger account movements, such as savedroid, go even further. In addition, there are applications that provide financial recommendations on the basis of existing knowledge and more and more chatbots and self-service offerings. If you combine all these things and think them a little bit further, a fully automated, individualised and AI-supported  holistic banking advice will be possible in the future.

The banking business seems predestined for the use of these technologies for the simple reason that the data basis of banks is highly standardised and the processes in banks are strongly regulated and formalised. To put it simply, one can assume that processes in banks can be replaced or extended by AI-supported technologies, especially if they follow clear and formal rules.

 

What will become important in the future with AI in Banking & Payment

In particular, with a view to the payment and banking industry, we have identified some aspects that we consider to be important dimensions with regards to the progress of AI as important topics of the future.

These aspects are:

  • Auditing of algorithms and automated decision processes
    When algorithms and AIs make important decisions, they must follow clear rules and be comprehensible. Traceability is difficult to achieve in most AI systems. Therefore, a solution must be found so that audit requirements can be met nevertheless.
  • Regulation for algorithmic decision-making processes
    Not only internal company audit provisions will have to be taken into account, but also requirements from regulators will be given and these must be able to be verified. Rigid regulatory requirements and dynamically growing AI systems seem to be not really compatible. This requires new approaches on both sides.
  • Data quality
    AI-systems are generally based on large amounts of data, which is the only way to achieve good results and efficiency gains. Very simply and accurate one can summarise this with the well-known IT saying: “Garbage in. Garbage out.” If you want high-quality decisions, you need high-quality data.
  • Room for error
    As explained at the beginning of this article, AI-systems learn analogously to humans. People make mistakes and so do AI-systems, mostly due to poor data quality or simply wrong training. In a world with 0% fault tolerance, to which the banking and payment world tends to belong, this means a new challenge. This is particularly important, as we are usually talking about mass transaction business in which real money is moved. Here it is necessary to design solid test frameworks, which are developed especially with regard to the peculiarities of self-learning and self-changing systems.
  • Risks of data monopolies
    As Spiderman had to learn on the cinema screen: “with great power comes great responsibility”. The larger and more significant data monopolies become, the greater the risk of abuse. Politicians, public authorities and society will have to find ways to avoid data monopolies and ensure fair and healthy competition in order to contain the risks of increasing concentrations of power.
  • Regulatory decision-making processes
    How do you give regulatory approvals for self-learning and self-changing systems? Licensing and control processes have to evolve with technical developments and find new ways.

 

A plea for cooperation and the eternal dilemma of AI

The world will change. Computers will take over activities that humans do today. But until further notice, people will not be displaced by computers. Many tasks will change and completely new ones will emerge. For the time being, computers in particular will need humans to teach them the things we want to automate. A computer by itself can do less than a new born child when it comes into this world. Like with the baby, the computer needs a human person who shows him the world, explains it to him and teaches him how to do his tasks.

People should engage with AI and use the respective strengths of humans and computers to maximise overall benefits. We will thus free up precious life time that we will be able to use for new, creative and important things, while boring, recurring tasks and activities will be more and more automated.

The great dilemma of AI is at the same time the most important factor for human beings. Computers are dumb. Computers only work when  a human has given them a clear goal. This is a great chance for humans to not become redundant for the time being. At the same time, there is a great risk in this particular detail. Because computers pursue their goals with all means. Even if it’s the wrong target or an immoral target. Finally, a very simple example to think about: Imagine a fully automated banking advice. The AI takes over all of your banking transactions fully automated, including your investment decisions. The computer behind it can now be given two similar but fundamentally different objectives. On the one hand, it can be given the goal of maximising the investment – that is, getting the best out of it for you in a risk-optimised, cost-optimised and return-optimised manner. On the other hand, it could also be given the objective of maximising the investment while at the same time optimising the bank’s earnings by, for example, exclusively acquiring its own bank’s ETF products, which are perhaps not the most cost-effective for the client but the most profitable for the bank. You think you would notice the difference? And who monitors these algorithms? Your bank?

We are only at the very beginning of this story…