Next event:

QA Financial Forum: Milano 2019

23 January, 2019
News and research on financial software quality assurance and risk management

Leadership Insight: Jim Tomaney, COO, Renovite

12 March 2018
The payments industry has seen some major changes in its recent history. PSD2 and open banking have brought new players to the market and consumers are authorising payments via all kinds of devices. Jim Tomaney, COO at payments systems specialist Renovite, talks about the need for banks to expand test coverage and revisit security frameworks as they begin to integrate with third parties

The payments industry has seen some major changes in its recent history. The introduction of open banking and the enforcement of the second Payments Services Directive (PSD2) means that banks are allowing third parties to access their customers’ data via application programming interfaces (APIs). This has paved the way for new players to enter the market, offering payment initiation and account information services. But are banks ready for this integration? Add to the mix that transactions are no longer only initiated through an ATM or a simple card transaction, but rather payments initiated via a mobile, tablet and even a watch are gaining traction.

In this interview, Jim Tomaney, Chief Operating Officer of Renovite, the California-based payments solutions provider specialising in updating legacy platforms, tells QA Financial how banks need to revisit their security protocols to protect their customers’ data as third parties begin to take advantage of the open banking initiative, and why the humble contactless card is still one of the most disruptive technologies he has seen in the payments industry to date.

Q. Who are Renovite’s customers? And how are they using Renovite’s products and services?

We have a strong relationship with online payments company PayPal. They are an interesting organisation that originally hired us to do some professional services work, where we provided a number of different teams to undertake development and QA services – which we still do – both in the US and India. Recently, they have licensed our Reno-Switch product, which is our core product for switching between different tokens and channels. This will allow PayPal to adopt new payment connections in new territories much more quickly than if they were to build the infrastructure themselves each time. For example, they recently announced that they were going to start doing business in India, and in order to do payment business in India you have to connect to the Reserve Bank of India’s UPI (universal payment infrastructure); we support this connection in Reno-Switch. We are now also engaged in how we can help them adopt test automation.

Over the past year, we have had a lot of success with the Reno-Test product, our test automation platform. This is a targeted solution, but also has general features. In the payments domain, there are generic standards that providers need to test, but we have found that most solutions on the market tend to ignore anything other than testing the messaging between systems. There are generic testing products like HP ALM, which can be used to test almost anything as long as you are prepared to do enough work yourself to configure and build the test scripts.

Because in the modern world, transactions are no longer initiated only via an ATM – they can come through a customer’s mobile phone, tablet and even a watch – you need to be able to create scripts which simulate activity through multiple devices in order to run a complete end-to-end test. Reno-Test can build multiple complex scenarios in a single script. This is a game-changer we think; there is no other product on the market that can do all of that.

Q. What regulatory changes have impacted the payments ecosystem recently, and how are these changes affecting your financial services customers?

There is a constant stream of minor regulatory changes driven by card schemes, etc., but I think the industry just copes with these as they come.

The biggest change has been PSD2 and the introduction of open banking, which makes transaction data available to third-party participants. This is a major change for a number of reasons.

Firstly, most banks don’t have infrastructure that supports integrating with a third-party technology. And so there are a lot of banks building what I would call “wrappers” around their systems, in order to present an “open” face to the rest of the world. But behind the scenes there is technology scurrying around to convert open requests into representations that the legacy systems can understand. The open banking initiative is affecting the heart of banks’ technology infrastructures, and in most cases they can’t cope.

Secondly, many banks don’t operationally have the processes set up to certify third-party APIs. There’s a well-worn path for banks when connecting to the likes of Visa, which provides the level of testing a company needs to achieve in order to connect to it. But very few organisations like banks have ever figured out how they are going to certify a third-party organisation that wants to connect to them. At the moment my guess is that they are reviewing third parties manually, and it is probably more of an integration project rather than a certification project. There will be demand for the big banking players that own the data to provide standards and guidance for third parties that want to connect to their APIs. The reality of the market is that if the service provider fails in some way to protect the data, the blame will fall on the bank, the owner of the data, that allowed access to the data.

Our Reno-Test product can provide a hosted environment where each connecting system can be tested exhaustively against a simulation of the platform exposing the APIs. We think this sort of service is going to be important.

Q. What are the main advances in technology that you have seen in the payments ecosystem over recent years, and how have these affected your financial services customers?

I think something that is massively underestimated is the consumer transition to contactless card payments. Although the technology behind them has been around for years and there was no major infrastructural change that was required for people to take on contactless payments, the whole initiative completely changed consumer behaviour. Consumers have accepted that a payment can be transmitted between two physical devices, and this has paved the way for new developments in payments. I think the whole acceptance of mobile payments or IoT payments is based on people’s comfort with contactless cards. It’s much easier for a consumer to consider a mobile payment if they are already using contactless.

In countries where contactless is not widely used, payments organisations should be focusing on getting acceptance from merchants and consumers, because this is the key hurdle which gets you to the next step of deploying new payment types and new payment channels.

Q. What were the drivers behind Renovite’s acquisition of Q-ATM in 2017?

One of the drivers behind the acquisition was the combination of the companies’ resources and tools.

Q-ATM was a pure consulting company, and we were increasingly being asked to lead programmes of change. To do that you need a resource pool and the technology stack and we were using Renovite’s resources to complement these change programmes – particularly in the testing space. And so there was a natural convergence there.

At the time of the acquisition, Renovite was building its core products and the Q-ATM team’s 30 years of industry experience of getting a product to market was a big part of the decision to join forces. We have combined our product management experience with Renovite’s agile development capability to assure that we are not only building code quickly, but building products that people want to use.

Q. Who are Renovite’s competitors? What is your technology edge?

In the testing space, there are companies offering simulator tools, particularly around cards and ATMs, and you could consider these players as our competitors. However, they are a sub-set of our competition, because those solutions only deal with testing classic ISO or terminal messaging. Renovite deals with the whole operational aspect of the system under test. Many of these players are competitors we want to replace, but at the same time we want to expand the test coverage that our clients can achieve.

In terms of our integrated payments processing product, our competitors are typically the companies that we are trying to displace in the legacy world. So the likes of ACI and FIS – companies providing payments solutions that have been around since the 80s and 90s.

Our advantage is that we do not have legacy – we don’t have legacy systems to support and we don’t have legacy thinking. Most of our competition build everything themselves from the ground up. And that’s the only way you could do it in the past. Renovite embraces working with third-party vendors, and we utilise well-proven industry standard components in order to deploy our own. Because of this, clients get solutions that are rapid to build, cheaper to deploy and easier to maintain.

Q. What does the future hold for Renovite?

We are expecting to see that adoption of our core products into production by organisations in 2018 and early 2019. Because we have built our business and products to scale operationally, we will be able to grow rapidly. I think that there will be an increasing appetite for banks to deploy replacements to displace legacy infrastructure and I don’t think they will go back to their original providers to do so.

We are in the right place at the right time to help people move into the 21st century.

Tomaney was a keynote speaker at the QA Financial Forum London 2018. You can check out his video interview on taming legacy dragons, here.

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form