Competition in Fintech is getting fierce as many companies compete to be the next unicorn. But start-up money can be tight- especially because of PCI standards. To have the right security measures in place is expensive and this can ruin many start-ups chances. John Cragg, CEO of MYHSM explains how in order to support start-ups, payment security companies need to suggest a solution to eliminate capital purchases.
This really is the decade of the Fintech start-up. The payments world is experiencing an unprecedented rate of change; new payment methods and technologies are resulting in increasingly frictionless payment experiences, causing closer integration between online shopping and payments to match the user experience.
The major financial institutions that have previously owned the payments space are working hard to maintain their dominance in this ever-changing landscape. However, it is apparent that new Fintech companies are leading the way in innovation, most of which are, by definition, start-ups. In fact, one of the objectives of the EU’s PSD2 is to increase competition in the payments industry and to encourage involvement by non-banks, fanning the flames of fintech opportunities.
So, what are the barriers facing these Fintechs?
Start-ups in the financial payments world face very similar challenges to start-ups in other industries. Of course, they need to establish financing and convince investors that their idea will convert into real money, and they may even have to go through several rounds of this. Throughout their journey these backers will be closely watching the companies they have entrusted with their investments to ensure that the money is being spent only on the essentials. With this in mind, start-ups must focus on entering the market quickly in order to beat their competitors and ensure fast returns on investment.
But if you look specifically at Fintech start-ups in the payments ecosystem, they face additional challenges, such as the security standards enforced by bodies such as PCI. These standards play a critical role in protecting consumers, merchants, and financial institutions, but there is no getting away from the fact that they are an added stress for start-ups.
These payment-specific challenges will require the right knowledge to select, acquire, and operate appropriately approved devices, such as POS terminals and Payment HSMs. These can be expensive items for a start-up to purchase and owning them will not bode well for the balance sheet. If we specifically look at HSMs, one is never enough; you’ll need at least one more for testing and development work, and one for standby. To add to this headache, HSMs will also need to be purchased early in the product development cycle for testing purposes. Of course, more established competitors will already have this technology in place, making time of the essence for start-ups.
How can companies help?
If we look at the issues above, the biggest one facing start-ups is the pricing of HSMs and POS terminals. They are just to expensive for a single purchase early in a company’s lifespan. So, the biggest assistance companies can provide start-ups in this area is to make the HSMs and POS terminals more affordable, however this is easier said than done – afterall the technology provider still needs to make a profit.
The solution to this is to eliminate the need for capital purchase of HSMs by making them available as a fee-based service which can be implemented very quickly. Then for POS terminals the ideal is to provide a less expensive product. This can be done by using off-the-shelf software that can turn e merchant’s existing smartphones and tablets into a POS terminal instead. That way there is no need to purchase an additional device.
It’s still important to note that shelling out the cash to buy Payment HSMs is still only the start of the process. They’ll need to be accommodated in a secure and resilient data centre that’s approved to the PCI DSS standard.
To add to this, the security design around the whole system, and the estate of HSMs in particular, is complex. This will need skilled security specialists to determine how to set-up the HSMs, and thereafter to design, document, and audit the procedures that will be used to manage and operate the HSMs. Finally, there is the joy of going through specific application-related approvals, such as PCI PIN, and then renewing this approval every couple of years.
So, Fintech start-ups have to do all of this work – which is necessary but does not add to the functionality experienced by the consumer – when what they really want to be doing is making their product more exciting, and getting it to market quickly.
Previously, a Fintech start-up would have to negotiate the minefield of HSMs in order to operate in the payments industry. Now, technology providers are changing their ways so they can come to the aid of the embattled Fintech start-up. By acquiring Payment HSM capability as a pay-as-you-go service, Fintech start-ups not only avoid the investment demands around HSMs, but also the issues around distraction, delay, skills, resourcing, and the PCI approval of HSMs that will be encountered if they buy their own hardware.
Now, Fintech start-ups can focus on their product and getting it to market quickly. This is the driving motivation of any Fintech start-up. So, by entering a collaboration with specific technology providers, start-ups are not alone. They become part of an ecosystem in which they are visible to both customers and potential partners, helping them to get their voice heard above the clamour from their competitors.
By John Cragg
CEO