Today’s leading financial institutions still operate outdated card and payment platforms from the 1990s and need to change. But why are so many opting to patch their systems up, rather than switch? James Wood walks a mile in their shoes.
Scratch the surface of any payment system and you’ll see a web of interconnected technologies that provide links between merchants, financial institutions and intermediaries.
Inside major banks, these technology stacks are known as “card platforms” – the software that connects with card networks, acquirers and merchants, bank internal systems and customer accounts themselves.
First launched by most banks in the early to mid-80s, some card platforms now resemble a medieval library in the digital era.
This writer has heard persistent rumours from London about COBOL programmers in their mid-to-late sixties coming out of retirement to provide software “patches” that enable ancient platforms to handle modern features.
True or not, such rumours show how unwilling banks are to dump these outdated platforms and switch systems for the modern age.
Adapt and patch
So why don’t banks want to switch card platforms?
There are some obvious answers any banker would always cite – cost and risk.
When it comes to risk, there have been around 16 billion card transactions processed in the UK so far this year to a value of around £75 billion per month – 20 percent more than a year ago.
Any failure to shift platform with 100 percent certainty could see catastrophic failures and customers leaving banks in droves.
And with most customers now holding accounts with both traditional banks and a digital player, that’s not something banks want to see.
“Three-quarters of bank IT spend goes on systems maintenance.”
In terms of cost and complexity, switching platforms isn’t cheap. But it may be that the alternative – of staying put and making do – could be even more expensive in the long run.
In a 2020 study, McKinsey and Company did not recommend a switch unless maintaining legacy systems cost banks more than five percent of their IT budgets.
However, a 2022 report by ModLogix suggests up to three-quarters of global bank IT spend goes on maintaining and patching systems rather than investing in new technologies.
“Most banks adopt an “if it ain’t broke, don’t fix it” approach.”
Looked at from a cost point of view, standing still is indefensible. But it’s not all about cost.
The blunt fact is that most banks are adopting an “if it ain’t broke, don’t fix it” mentality to platform modernisation. They patch, update and work around because… it works – so far at least.
It’s also possible that banks are choosing to stay with the same platforms because of the sheer complexity of untangling their systems from each other.
Introducing a new card platform implies introducing new connectivities between – for example – customer account balances and interest rate calculation engines, risk management systems and others.
The “cost” mantra so often cited by banks looks like something of a fig leaf for the truth that it has, to date, simply been easier for banks to carry on as they were.
However, such an approach could be, to put it mildly, myopic. With legacy systems costing banks worldwide some $26.25 trillion annually, they represent a significant brake on future investment and growth.
What’s more, so-called “neobanks” (start-ups with new digital core technologies) are catching up fast.
Business Insider say more than a third of traditional bank revenues are at risk of disintermediation, predicting that 80 percent of the US population will have a start-up bank account by 2026.
If anything like that prediction comes true, traditional banks will look like cost centres with some revenue attached. Not a good look for investors – or new customers, for that matter.
Options and benefits
If a bank decides that their IT engineers from the seventies finally deserve some form of retirement, there are a number of approaches they can adopt.
These are, broadly speaking, a wider application of the “patch and fix” strategy, outsourcing modules or entire areas of the card business, or the wholesale adoption of a new card platform, either brought in-house or outsourced to a service provider.
Given the huge costs outlined above, it’s more or less a certainty that banks are going to have to replace all or some of their systems in the next 3-5 years.
Indeed, a survey for Nordic banking infrastructure provider Tietoevry claims more than two-thirds of banks intend to outsource some of their card systems over the next five years.
“Banks should adopt payments platforms that future-proof their businesses.”
Another option is wholesale replacement, and it’s no surprise that companies providing alternatives make the claim they can save banks money. At a time when margins are under pressure, that’s attractive.
That said, the bigger gains probably come from the flexibility of new platforms, especially when integrating new payment systems. And as Open Banking picks up speed across Europe, systems interfaces are only going to grow in importance.
Modern platforms can more easily integrate new payment options – think BNPL or account-to-account payments – thanks to their up-to-date Application Programming Interfaces, or APIs.
Today’s APIs rarely require specialist integrations as their coding uses standard approaches, a fact that’s markedly different from systems coded in the 1980s, which tended to be individual to any given bank.
That in turn meant that any integration with another system required specialist coding for each integration – a practice that still plagues banks maintaining legacy systems today.
As Open Banking gathers pace, the idea that banks would manage integrations with trusted third parties on a case-by-case basis looks untenable – and indeed, the UK and EU provisions for Open Banking mandate that APIs should be “open”; that is, available to other parties.
When it comes to the card business, Open Banking will allow a credit card provider to link with a supermarket loyalty scheme without the use of a different card or app.
As well as saving money and simplifying internal architectures, modern platforms would make these kinds of integration easier and cheaper.
Not all choices are equal
Banks should be wary when it comes to selecting the right option for their needs, however.
Maria Nottingham, Executive Vice President and Managing Director of Compass Plus Technologies, cautions: “Despite recognising the need to change, many banks are choosing to replace their legacy systems with platforms that are still built around cards.
Today, cards are just one of the many types of payment methods.
So, when choosing a modernisation approach, banks should adopt payments platforms that future-proof their business as much as possible, and avoid investing heavily into card-based technology.”
However, modernising card platforms isn’t just a question of technology – it’s also a strategic question, one that requires the foresight to include fast-emerging payment forms such as request-to-pay (R2P), account-to-account (A2A) solutions and BNPL.
“Platform replacement is a strategic question that demands foresight.”
This fact perhaps explains why so many banks are choosing to outsource all or part of their card platform requirements to third parties.
Depending on the outsourcing option chosen – of which more in a second – banks can either “fire and forget” their card platform problems, or choose to upgrade them piece by piece.
Outsourcing card services
Broadly speaking, there are two main ways to go about outsourcing.
The first, called Business Process Outsourcing or BPO, involves the wholesale outsourcing of parts or all of a bank’s card business.
Best suited to smaller banks and to non-bank financial institutions looking to enter the card business, BPO has the advantage of reducing Capital Expenditure and headcount devoted to the provision of cards.
At the same time – or so BPO providers would tell you – systems are continuously updated and compliance is maintained on the bank’s behalf.
“While BPO is more popular today, more banks are turning to SaaS for their outsourcing needs.”
The other main outsourcing route is via “software as a service”, or SaaS.
In this scenario, a bank retains control over those parts of the process it wants to maintain – let’s say card management, or account management – and outsources the rest.
Here, the same cost savings and efficiency advantages apply, but the bank in question retains more control, usually at the customer service end.
Based on a survey of more than 60 banks by Tietoevry, it looks as though BPO outsourcing is currently the most popular option – though more and more banks are turning to SaaS for their card outsourcing needs.
The rising popularity of SaaS as an outsourcing method shouldn’t blind banks to its drawbacks, however: SaaS outsourcing implies greater sophistication in internal processes and experience of managing service level agreements, outsourcing contracts and other complexities.
What’s more, it could be argued that outsourcing some processes, rather than replacing systems wholesale, is at best a medium-term strategy.
Once again, then, the issue of trust – fundamental to banking since the thirteenth century – reasserts itself in the digital era.
Banks looking to outsource their card platforms need to find partners they can trust to maintain their trust promise to their customers; meanwhile, banks seeking to replace their platforms have to trust their own judgement, and the reliability of the technology platforms they are adopting.
“Trust is reasserting itself as a central issue for banks in the digital era.”
If there’s a certainty in this market, it is that standing still is not an option.
With cross-border payments set to grow at more than seven percent each year out to the end of the decade, digital wallets surging by more than a third and so-called “alt pays” such as A2A payments rocketing at crazy rates of growth, banks need to make sure they have a reliable, secure and modern payments platform.
Fail to act soon, and they’ll find their payments business being eaten by agile, digital-first competitors which, like King David facing Goliath, may seem small, but…