Branchless Banking: Evolution, Challenges and Potential

The digital-first, highly functional, and incredibly user-friendly branchless neobanks like Revolut, N26, Monzo and NuBank have hit the mainstream not so long ago. However, it may be surprising to learn that branchless banks have been around for nearly 25 years. In fact, the first Internet-only bank, Security First Network Bank (SFNB), was one of the hottest Internet IPOs in 1996.

At first glance, branchless banking saves the cost of operating branches. It provides customers with added convenience, as all transactions can be made anytime, anywhere.

But if that were all there were, there would be no branches today. In fact, the number of branches has steadily increased over the last 15 years.

Commercial bank branches per 100 thousand adults. Source: World Bank

But let’s start from the very beginning and define the meaning of branchless.

What is branchless banking?

Branchless banking is the provision of financial services outside traditional bank branches, often via agents, and transmitting transaction data via information and communication technologies. These usually include card-reading POS terminals and cell phones.

What are the advantages of branchless banking?

• Saving time
• Convenience
• Hygiene (so relevant for the pandemic times)
• Accessibility 24/7/365

These are the most obvious benefits that should make branchless banking attractive to consumers, but do they?

Why customers may still prefer bank branches over the branchless banking account?

They’re familiar
In remote areas and distant cities, a bank branch is seen thousands of times by residents as they go about their lives. When one of them wants to open a new bank account, where are they most likely to go? To their local branch, which they have seen many times, or to an unknown bank advertised on a billboard?

Trust through interpersonal communication
Once a customer opens an account, the branch becomes a tool to promote loyalty to the bank. Counter staff can answer questions and help customers choose the right financial solutions for their needs. Advice and assistance build trust, and every interaction is an opportunity for the bank to deepen its relationship with the customer and sell additional services.

They advertise their own services
Just like billboards, newspaper ads and TV, bank branches are used to advertise their products and services. Whether it’s the Barclays branch in the middle of Piccadilly Circus in London or the JPMorgan Chase branch in Times Square in New York, both branches are permanent and functional advertising vehicles for their banks.

Barclays branch in Piccadilly Circus, London, United Kingdom. Source: Wikipedia

Why do banks stick to branches?

Lower identity theft risks
Face-to-face contact at the branch not only opens up additional financial and business opportunities for customers and banks, but also helps minimize security risks. An often overlooked method of confirming a customer’s identity is a proven protection against fraud. For criminals, identity theft and impersonation are much riskier in the branch than online.

Revenue growth through cross-selling and self-service
For JPMorgan Chase, the benefits from new account opening, customer loyalty, and cross-selling opportunities generally amount to additional revenues of $1 million per year per branch. In recent years, bankers have had even more time to focus on advising and retaining customers. Since automating most day-to-day branch transactions with self-service terminals, additional revenue has shaved seven months off the payback period for new branches.

Improved employee utilization
Aside from their benefits as standalone units, stores have additional advantages when they are grouped together in a network. By distributing back-office tasks from busy to less busy stores, employee utilization is maximized. It also reduces costs, as a branch in New York would have much higher personnel costs than one in rural Iowa.

Explore mobile banking app development cost in our latest article.

The evolution of branchless banking. Is it really king?

With the unprecedented stress test triggered by the coronavirus pandemic, the banking world is once again embroiled in a debate about the future of the industry: branch vs branchless. With a third of the world’s population locked up and numerous bank branches closed, many are convinced that branch banking is dead and that the branchless future looks bright. But this opinion is not new either. While it may seem that branches have outlived their usefulness, the branch vs. branchless debate is actually much more complicated.

Let’s overview the tendencies from the historic perspective to investigate what the branchless bank concept was meant to fix and how it has evolved into the digital branchless banks of today.

1990s – meet the first branchless bank

Back in 1995, the senior vice president of First Union National Bank (now Wells Fargo) claimed that “the banking industry will suffer the same fate as the dinosaur within the next five years unless the brick and mortar branch banking system is cast off in favor of more nimble alternatives.” He thought that firms like IBM, Microsoft, and AT&T would enter the banking industry with their branchless alternatives and outperform the competition.

To better understand why this was a major concern for a top executive, we need to look at the economic situation at the time. The late 1990s were a time of strong economic growth, low inflation, rising productivity and a booming stock market.

Confidence in the economy led some banks to open too many branches in an effort to increase revenues by adding customer convenience while ignoring costs. A 1996 paper in the Journal of Monetary Economics estimated that the inefficiency was over 20% of operating costs.

With the rapid growth of many technology companies, the board feared that banks would not be able to keep up with high-tech competition. Branchless banking was seen as a solution to inefficient branch networks and a way to significantly reduce costs.

However, the first branchless bank, SFNB, had a different story. After a successful IPO in 1996, the company had raised significant capital and had $55 million in deposits at the end of 1997. SFNB focused heavily on developing its widely acclaimed banking software, which was used by 16 of the 100 largest U.S. banks, but left nothing to build its bank. Costs added up to $50 million in losses in 1996-1997, and the bank’s assets were sold at just above book value.

Read this article to find out the difference between core and coreless banking.

2000s. Mobile banking emerges

Although SFNB was not successful, it showed that the branchless bank concept could work, and other companies launched their own branchless versions. By the early 2000s, there were nine stand-alone virtual banks and 20 spin-offs from existing banks. But similar to SFNB, the financial advantage of much lower physical overhead costs did not immediately translate into high profits.

A 2001 article published by the Federal Reserve Bank of Chicago attributed the problem to the fact that the technology “is still relatively young, so the learning effects have not yet been exhausted.” But then the dot-com bubble burst, demand and capital dried up, and branchless banks became a risky investment.

At Finovate’s first financial services technology event in 2007, numerous demos featured software that enabled online banking on mobile devices. Firethorn and Monitise offered applications that allowed users to interact with their bank account, transfer money and make payments.

A cover story in the Economist predicted that “cash, after millennia as one of humanity’s most versatile and enduring technologies, will finally merge into an electronic stream of ones and zeros in the next 15 years.” The article speaks of a new world order in which mobile banking will displace metal and paper.

Source: The Economist, February 2007 

More importantly, the article ends with the issue of data anonymity. When it comes to weighing convenience against privacy, most people tend to choose convenience. For all their advantages, electronic payments and remote banking have security flaws that can lead to criminal abuse.

In 2009, the World Bank identified four potential vulnerabilities of the branchless concept:

• Anonymity
  the risk of not knowing a customer’s true identity
• Volatility
  the ability to disguise the sums, origins and destinations of mobile transactions
• Speed
  the speed at which illicit transactions can be conducted
• Inadequate regulatory and supervisory oversight
  the risk that the lack of clarity about the roles and responsibilities of telecommunications and financial regulators will affect the quality of oversight

2010s. The rise of neobanks

The new decade saw a surge in the use of mobile and online banking. By 2010, more than 80% of the world’s population had cell phone coverage, and branchless banking had found a new medium.

Improvements in cell phones and the quality of Internet connectivity led to a dramatic expansion in the number of banking applications. Learning effects began to be exhausted, and this led to cost savings.

A Bain report on retail banking calculated that each digital banking interaction cost a variable cost of about 10 cents, while an interaction with a teller or call agent cost $4, or 40 times that! To optimize costs, banks began to more aggressively and thoughtfully drive customers to self-service through digital channels.

Although branches had many benefits that generated additional revenue, they were becoming more expensive to produce. The average cost per square foot increased 25% from 2013 to 2016, with the average branch costing $2.4 million to build, including land. Despite their cost, branches were essentially irreplaceable for most U.S. banks. US Bank noted that in 2016, 60% of its transactions were conducted digitally, but 80% of sales activity still took place in the branch.

The new generation of branchless banks began to capitalize on the recent trend of customers using only digital banking services and visiting a branch less frequently. With extensive funding from investors, Nubank, N26, Monzo, Revolut and other neobanks emerged.

Neobanks use innovative and highly efficient technology that not only keeps costs down, but also allows them to roll out new features in a fraction of the time it takes their traditional competitors. Revolut, for example, has made it incredibly easy to get started – anyone can open an account in less than 60 seconds. All you have to do is download the app, enter your information, and confirm your identity.

It’s not just convenience that’s driving new customers to digital0-only banks. The ability to keep money in multiple currencies for free, currency exchange at market rates, instant transfers, and transparent fees made challengers an enticing alternative to the traditional banks.

However, not everyone is convinced that all neobanks will last in the long run.

The profitability issue – how do neobanks make money?

The head of fintech at ING, Benoit Legrand, had this to say about neobanks in 2016,
“They are flourishing everywhere, but we are still waiting for the business model to emerge. Where is the money? Where is the return?”
Traditional banks make most of their money from credit products like loans and mortgages, which the vast majority of neobanks do not currently offer. When funding dries up, as it did in the early 2000s, neobanks that have not made a profit will struggle to survive.

Profit comparison of challenger banks. Source: Fincog

During 25 years, branches survived and thrived because they brought more revenue to banks in ways other than processing customer transactions. Bank branches serve as advertising vehicles, encourage customer loyalty and create opportunities for cross-selling.

However, many financial experts point out that branches still exist because the older generation needs them. The younger, digitally savvy generation can complete the same transactions faster and more conveniently online.

There was a consensus that branches would no longer be needed after the generational shift. But these statements were based on the unshakable certainty that the future will be without branches, since branchless banking alternatives such as Revolut, N26, Monzo and NuBank allow customers to achieve the same and often better results in a fraction of the time and at the cost of traditional banks.

Branchless banking authentication security challenge

Out of all the functions of bank branches, one simple but crucial process is often overlooked. Whenever a customer wants something done at a bank branch, they first have to verify their identity. This relatively straightforward procedure is many times more complicated and difficult to do online. 

Consumer authentication plays a vital role in the branch vs. branchless debate. If we can’t be sure that the person on the other end of the connection is who they claim to be, then the whole system is at risk. Hackers can disguise themselves as law respecting citizens, money launderers can move money around anonymously, and cybercriminals can remain elusive indefinitely.  

What about two-factor authorization, biometrics, and other authentication systems? Don’t they already confirm a customer’s identity remotely and securely, you may ask? 

The short answer is that they do until they don’t. 

Every new security development is met with numerous attempts to exploit it. Just like Newton’s third law, for every action, there is an equal and opposite reaction. Throughout history, humanity has been locked in this perpetual arms race, which isn’t likely to end anytime soon. 

The fact of the matter is that no matter how good and secure new technology is, after five, ten, or a dozen years, there will be a way to exploit it. Despite that, there’s more to it than just security, as the next example will demonstrate. 

Enter two-factor authentication

In the early 2000s, two-factor authorization (2FA) was performed using a security token, usually in the form of a key fob that would generate a unique code every 60 seconds. RSA SecurID hardware was a popular solution, and the company commanded over 70% of the two-factor authentication market in 2003, including banks and companies like Lockheed Martin. 

RSA SecurID hardware

In 2011, RSA’s systems were compromised as they fell victim to a sophisticated cyber-attack. As a result, they had to replace 40 million active devices for 30 thousand clients. A year later, a research team cracked RSA’s device in under 13 minutes, demonstrating further exploitable vulnerabilities. 

However, even before RSA’s systems were compromised, their cost prohibited them from going mass market. Banks simply could not afford to give every customer an RSA device when they cost $50 per key fob for two years. Instead, only clients with sizable accounts that generated significant revenue for the bank would have access to them. For all its security merits, a physical key fob could not be used for mass authentication without incurring substantial costs. 

SMS: the almost perfect solution

The 2000s saw rapid growth in the number of mobile devices used to receive one time passwords (OTP) over SMS. The method had several advantages over the token system, which resulted in its widespread adoption. 

First and foremost, cost. Banks no longer had to issue expensive key fobs to clients. Instead, customers bought their mobile devices on their own. The only major investment for banks was the technology that would allow them to send OTPs. Each SMS costs a negligible amount at scale, and customers have a convenient way of authenticating their operations. The system was a brilliant upgrade. For some time.  

The problem with SMS OTP authentication is that it has numerous exploitable flaws. Hackers have been able to bypass SMS OTP in many different ways for years. From mobile number transfer and operator interceptions to lost password bypasses and social engineering attacks, multiple exploits make the technology unsafe. In 2018 alone, there were 680 thousand known instances of mobile SIM takeovers used to steal funds. 

The EU’s PSD2 directive that aims to protect consumers better and increase fraud prevention prohibits the use of SMS OTP because it does not provide Strong Customer Authentication (SCA) in online payments. The once brilliant solution is no longer considered safe on its own. 

Digital activity is as unique as a fingerprint, but is it enough?

Besides SMS, banks and financial institutions have used a customer’s location and online activity to create a unique digital fingerprint that would be used to access their information. However, cybercriminals were able to hack these systems to access the digital fingerprint databases and sell access to them online. 

With access to that information, attackers can completely impersonate someone’s online identity using more than 100 recorded data points, such as a user’s IP address, geolocation, operating system version, and how an individual interacts with their device.

Biometrics are not private

What about biometrics? Fingerprint, facial, iris, retina, and voice scanners are just some of the sensors used for security and authentication on modern mobile devices, but that does not make them safe to use.   

Besides unprotected online databases that could be breached to obtain biometric data, Japanese researchers successfully extracted fingerprints from photos of individuals using mid-level consumer cameras that were then replicated using 3D resin printers. 

While rudimentary face recognition has been defeated using simple photos of an individual, the more advanced systems were bypassed using a 3D-printed head that was formed using several pictures taken from different angles. Eye and retina scans were defeated in less than a month by printing a picture of an iris and adding a contact lens to match the eye’s curvature. 

Voice authentication was circumvented by synthesizing voice from audio recordings and running them through artificial intelligence (AI) and machine learning (ML) algorithms. The use of modern technology resulted in new, highly sophisticated threats to digital security that are difficult, if not impossible, to counteract for good. 

The biggest problem with biometric data is that it is static – it can’t be changed. If your password is compromised, you can reset it and create a new one quickly. If your fingerprint or retina scan gets stolen, how do you get them back? Once it has been leaked, it creates a permanent security problem. 

For branchless banks and traditional ones alike, the merits of biometric authentication are clear.It’s quick to use, impossible for customers to forget, and can act as an additional layer of authentication. But the security flaws and vulnerabilities are as if not more apparent. With access to consumer biometrics, attackers can not only steal funds but commit fraud and money laundering at an unmatched scale without risking getting caught. 

Security issue solution is yet to be found?

Even if all of these systems could be invulnerable to man-in-the-middle attacks, there would still be a problem with physical security. Every system described above is based on trust. A belief that a customer is the one holding a token key fob, a mobile phone, a laptop, etc. If a criminal takes the device away or forces a customer to unlock their device using biometrics under the threat of force, trust is broken, and these systems can be exploited in other ways.

The future of banking

Now it’s time for the most exciting part – speculations and suggestions on where the banking market will go in the next decades.

There are 75 thousand bank branches worldwide. It is important that their number continues to grow, and it is clear why. The tried-and-true branch promotes customer loyalty, increases sales, and helps customers identify themselves personally. However, it is also expensive. High operating costs were one of the main reasons for the establishment of the first branchless banks.

Today, branchless banking technology has become much more cost-effective and versatile. Nevertheless, there are caveats here as well: Remote authentication methods such as 2FA, biometrics and digital fingerprints have already been exploited and compromised. They are not future-proof. And here lies the greatest danger for branchless banking.

A global network of branches for all financial institutions

Let us imagine for a moment that these 75 thousand branches form a separate entity, an independent network. Separate from banks, but accessible to them and other financial institutions such as brokers, financial advisors, payment service providers, currency exchange and money transfer services, and many other financial institutions for a membership fee.

The following examples are bank-related services that require and benefit from a physical presence.

Reliable identification process

Branchless banks are on the rise because of advances in mobile identification technology, such as multi-factor authentication, Touch ID, Face ID, Voice ID, etc. These identification methods work well for everyday transactions, but are not secure enough for high-value transactions. Large-scale transactions still require a combination of industrial-grade biometrics and human-to-human interaction.

Imagine if every branch had a facility that allowed customers to verify their identity with absolute security using industrial-grade biometric scanners. It does not matter if you are on holiday in Sri Lanka or at home in London, all you have to do is walk in, identify yourself and confirm the transaction.

If everything is in order, you can proceed with your login and biometric data. If not, the bank can investigate whether your credentials have been compromised and identify the source of the security breach, while your assets remain safe.

Confirming who is who on both sides of a transaction not only helps prevent fraud, money laundering and cybercrime, but protects everyone involved from man-in-the-middle and physical attacks.

Physical meetings

A good place for negotiations requires adequate protection from eavesdropping and a pleasant interior, as well as advanced authentication. Modern technology allows us to extend the capabilities of such negotiation spaces with a secure Internet connection and highly encrypted video conferencing equipment. At least in theory, this could lead to a global network of highly secure meeting rooms that enable the exchange of sensitive information and impactful ideas.

Shared bank branches could be used for face-to-face meetings between company representatives and customers to advise them on more complex financial products and services – an important tool not only for customer retention but also for customer satisfaction.

If you are looking to take out a mortgage, you could make an appointment with a representative from your bank to discuss details and terms in person at a branch near you: in New York, Tokyo or Wyssneve. Wherever you are.

But let us say you also want to weigh your options, so schedule another appointment with a P2P lender in the same location. You can then attend both appointments, decide which provider is better for you, and use the identification options to verify your identity and sign a contract – all without leaving the branch.

Space for financial education

A space where many assets change hands and many financial and economic experts gather should be a preferred place to learn about finance, business and economics in general. Free lectures and workshops are a way for aspiring experts to gain recognition, while paid lectures and tutorials allow established experts to monetize their recognition. Educational events and opportunities in everyday workplaces would allow for more and better knowledge sharing.

It all boils down to traditional banks adapting their business models to better leverage their real estate. From a local property owner to a member of a global network of financial centres in every city on earth. Global representation is a big step for any local bank.

ATMs – an example of a global network approach in action

In terms of infrastructure and data sharing, we already have a good example: the current network ATM provides services to customers of any bank around the world ATM. For a fraction of the cost, consumers and banks gain access to a truly global and functional network. The system already exists, albeit for a different purpose.

However, the merging process for branches belonging to many different banks won’t be easy. At a minimum, a global network of financial centres would require a uniform standard for things like encrypted connections for video calls, global data management and protection patterns, biometric identification standards, physical security standards, and more.

In some ways, this model focuses on what banks have always been – trust networks. The world needs a trusted network on a global scale like never before.

Trusted branchless banking solution vendor

SDK.finance recognizes the challenges fully-digital banks face, and offers the retail banking platform that makes overcoming them easier. Interested in a robust transactional core for a neobank to start off your own branchless venture? Then reach out and let’s discuss  your requirements to see how our solutions meet them.

References:

• www.businessinsider.com/countries-on-lockdown-coronavirus-italy-2020-3
• thefinanser.com/2012/05/bank-innovations-must-be-culturally-relevant
• www.cnet.com/news/first-online-banks-final-withdrawal
• finovate.com/videos/finovate-2007-firethorn/
• www.economist.com/leaders/2007/02/15/the-end-of-the-cash-era
• www.bain.com/insights/customer-loyalty-in-retail-banking-2016
• bankingjournal.aba.com/2016/10/branch-costs-and-size-are-changing
• www.businessinsider.com/branch-banking-still-plays-an-important-role-2016-12
• fincog.nl/blog/15/the-profitability-challenge-for-challenger-banks
• www.howtogeek.com/350676/how-secure-are-face-id-and-touch-id