Searching For A New Way To Safeguard Digital Banking

Online fraudsters have become the 21st Century’s version of Wild West bandits, targeting banks and terrorizing the digital frontier. But, when it comes to safeguarding consumer information, there’s a new sheriff in town. In the latest PYMNTS Digital Identity Tracker™, powered by Socure, Stephane Lintner, CEO of Jiko, explains how the pre-launch digital bank is working to change the way online security lays down the law on cybercriminals. Find that, plus a directory of 139 industry players, inside the Tracker.

In the Wild West, “Stick ‘em up” were the words that accompanied a common banker’s worst nightmare — as was the bandanaed outlaw likely delivering them.

Frontier ruffians may be a thing of the past, but as banks increasingly move toward or are born online, “robbers” have followed them into the digital age. Worse yet, they’ve got more sophisticated tricks and disguises at their disposal to pull off much larger modern heists.

Financial institutions (FIs) and their customers are haunted by fears of far-off hackers who can break their way into massive stores of personal and financial data, potentially making off with far more than their predecessors ever could have carried away on horseback.

That’s where companies like Jiko come into play. According to the forthcoming digital bank-and-brokerage service combo’s co-founder and CEO, Stephane Lintner, the firm is launching a model that reimagines security in the digital age.

Before we get to the new model, though, let’s head back to the Wild West for a moment. Imagine the aforementioned (and presumably-mustachioed) robber held up a bank, only to find the vault stored just one depositor’s cash — a rather disappointing haul, particularly considering the effort involved. If the robber wanted more, he’d have to break into a bunch of banks, an exponentially more risky and labor-intensive proposition.

That is exactly the reaction a new bank like Jiko is looking to illicit from a “successful” hacker. With its model, every user account acts like its own bank in today’s somewhat Wild West of digital, each holding only one person’s money. And, as an added safeguard against hacking, the FI avoids housing its information in a central database, instead making each user’s account separate and responsible for its own information.

“Instead of building a stack that requires large central databases with database administrators and all these other things, we shrank the stack to the level of the user,” Lintner said. “It’s a very decentralized architecture.”

Investors seem to see potential in this approach, too. Jiko recently netted $7.7 million in Series A funding for its bank, which is slated to be offered in beta in early 2018.

Security through decentralization

No man is an island, but for safety, one might want one’s bank to be. Lintner’s security approach is all about keeping user data separate, and bank accounts will be distributed via the cloud. Each customer’s account will have its own firewalls and separately store and process its individual user data. As such, other accounts cannot be impacted should one account be compromised.

“The Jiko is what we call, technically, a private computational bank,” Lintner said, in reference to one of the firm’s bank account options, named as such. “It’s your own set of resources that are running on the cloud. Security is a focus. We’re trying to ensure we’re less prone to mass hacks and mass attacks than other [banks].”

Insulating each account is a theme carried throughout the company’s varied processes. Jiko’s roadmap includes offering standard virtual payment cards and virtual single-use, merchant-locked payment cards, according to Lintner. Customers will be able to designate a different card to each vendor or app. Should one be hacked, the others will remain safe.

As an added measure, the bank is currently working with payments processing firm Discover to pilot physical debit cards that carry no card number, CVV or other identifying information, thus preventing use if stolen.

Data privacy and security

When verifying client identity for know your customer (KYC) and anti-money laundering (AML) compliance, Jiko does not pull customer data and check it against regulators’ do-not-serve lists. Instead, the bank sends the lists to the user’s account, which then handles the analysis and identify verification itself.

“It’s not just that your data is individually stored, [but that] it’s individually processed,” Lintner said. “[For background checks], we’re not taking all the data out and running it against a mass list. Instead, we’re uploading the list to your Jiko, and your Jiko will decide whether or not you’re on the list and, if so, potentially block you from transacting. We have a unique architecture that’s very private, that keeps the user at heart and is still compatible with the requirements of banking regulations.”

Once the firm gathers a sizable enough customer base to generate sufficient data, Lintner hopes to apply artificial intelligence (AI) processing to enhance fraud detection. The company will avoid compiling a centralized database for its AI to analyze, though, as such storage could prove a tempting target for hackers. To remove the risk of attack — but still allow the company to garner insights from its many users — each account will analyze its own data.

Keeper of the crypto-keys

At present, Jiko is keeping its focus on more standard offerings to meet the demands of average Americans, including deposits, payroll and general spending. In the future, Lintner hopes to bring his bank’s services to an arena he sees as a natural extension: cryptocurrency security.

While blockchain technology protects Bitcoins from hackers, the question of how to safeguard the keys used to access property on the chain remains. Here, an entity like Jiko — a regulated, digital institution with a focus on limiting the impact of potential mass hacks — has room to shine, according to Lintner.

“Where do you store your keys and who do you trust with your keys?” he asked. “A software company, which [is] not regulated? A large bank with a legacy system? Or, a more distributed banking player like ourselves or [our] potential competitors — [firms] that will have these Jikos or look-alikes that really are decentralized? Where, if Jiko is compromised and your coins are stolen as a result — well, is it a regulated institution, one potentially insured to handle that?”

From scratch

For the firm, the path to this new way of banking included going old school and getting licensed. Jiko worked with regulators to attain its own banking and broker-dealer licenses, unlike some new digital operators that rely on other entities to meet regulatory requirements.

“Everything sits on top of bank charters they don’t control or work with that closely,” Lintner said. “That doesn’t create the full disruption.”

He credits starting from scratch for giving Jiko a blank page on which to draw its vision.

“Play by the book so you can operate, which then gives you the opportunity to own your destiny, because you own the license, you own the business model and you own the technology,” Lintner said. “We are building our technology from the ground up so we don’t have to deal with legacy and can really build what the world needs today.”

Guarding privacy and getting paid

No matter how innovative, no bank can succeed if it isn’t profitable. Jiko’s model forgoes one traditional revenue stream — lending out depositors’ funds — while still paying customers at least 0.5 percent cash back on debit card transactions.

To meet its funding needs, it will rely on two sources, Lintner said. The first is interchange fees, levied on merchants when customers swipe their debit cards. Much of those funds will go to the customer in the form of cash back, though the firm will take a slice for itself.

The second involves a longer-term goal to receive a level of revenue from developers that create apps for Jiko users — some of whom Lintner expects will be consumers who tire of not earning debit card rewards. To convince developers its worth paying, he points to his firm’s offerings of infrastructure, privacy and KYC and AML measures.

The future for banking?

Lintner doesn’t expect all banks of the future will operate like Jiko, but there are several trends into which his bank is keyed that he expects to see popularized. These including new financial institutions obtaining their own licenses to allow them to test greater innovation.

Other trends will likely include giving users more control over how they manage their money, and keeping balance sheets separate from lending. Jiko will refrain from lending out deposits, instead enabling customers to invest funds for their own returns. To that extent, the company will provide every user with a brokerage account and access to treasury bonds, Lintner said.

“[I anticipate a] new model of users at the center, controlling how they use their money,” he explained.

When the Jiko team releases its digital bank accounts for public use, it will quickly find out if another trend it brings involves making mass hacks a thing of the past.

To download the November edition of the Digital Identity Tracker™, powered by Socure, please fill out the form below.

First Name*

Last Name*

Title*

Company*

Work Email*

About the Tracker

The PYMNTS.com Digital Identity Tracker™, powered by Socure, is a forum for framing and addressing key issues and trends facing the entities charged with efficiently and securely identifying and granting permission to individuals to access, purchase, transact or otherwise confirm their identity.