Why a former Visa exec joined a U.K. blockchain security startup
Kevin Jenkins, former managing director of Visa U.K. and Ireland, joined the board of London-based fintech Nuggets to oversee business development for the blockchain-based security provider as it enters the massive mobile payments market in Asia.
Jenkins, who will be a non-executive director at Nuggets, joined Visa in May 2007 and became managing director from January 2014 until he left in May 2018. At Visa, he helped grow revenue of the company to over £1 billion and was responsible for overseeing the rollout of contactless card acceptance in the U.K. Nuggets, which launched in 2016, is based in London and operates in the U.K. and Europe.
Jenkins brings to Nuggets his many years of experience from the world of banking and payments.
“Fintechs can’t operate in isolation, and the reality is that consumers, while they may not always like their banks, still trust them,” he said. “So any fintech needs to find a way to gain access to the millions of consumers with bank accounts, which involves working with existing banking players. Indeed, the more innovative banks, acquirers, payments service providers and retailers are now forming JVs with fintechs.”
Zero knowledge storage principle
In the aftermath of the scandal over Facebook and Cambridge Analytica’s treatment of consumer data, there is a growing interest in consumers being able to control their own data and determine how, where and indeed whether it is stored and shared.
Nuggets’ technology enables consumers to generate a single biometric tool for login, payment and identity verification, without sharing or storing private data, not even with Nuggets. Its CEO and co-founder, Alastair Johnson, said that because Nuggets uses a private blockchain that is controlled by each user, Nuggets doesn’t have backdoor access to the user’s ID credentials and doesn’t store their data on its server. "Our policy is that Nuggets has zero ID storage for its users," he said.
Johnson had the idea for Nuggets after his credit card was compromised.
“I had the painful task of contacting the various companies which had my credit card on file and updating them with my new card number,” Johnson said. “I thought there had to be a better way than this.”
Users can log into bank accounts and make online payments on smartphones and desktop PCs using their Nuggets ID without sharing any personal information such as credit card numbers or passwords. When they register for a Nuggets ID, they need to take a selfie on their smartphone, and scan a government-issued photo ID such as a driver's license into the Nuggets app. They can register credit or debit cards with their Nuggets ID, which uses tokenization technology for payments transactions.
“We can work with proprietary tokens from different payment gateways, or with open-standard tokens, and we have our own tokenization protocols,” said Johnson.
The company was named after the word used by Johnson when he founded the firm, to explain how “nuggets” of personal data are encrypted in zero-knowledge storage in a blockchain. “When you decide to share data, the platform only shares the smallest ‘nugget’ of information necessary to complete the transaction,” he said.
In June 2017, Nuggets was among 24 fintechs chosen by the Financial Conduct Authority to participate in the U.K. financial regulator’s second phase of testing of its regulatory sandbox.
A global opportunity
Nuggets has received support from the U.K. Government’s Department of Trade and Industry, which included it in an export tour of U.K. tech firms to China. A direct consequence of this visit occurred in June 2018, when Nuggets announced a technology partnership with QFPay, the Chinese payments processor used by Asian e-commerce giants Alipay and WeChat.
Johnson said that QFPay, which has processed over 500 million mobile payment transactions to date, will be able to offer its Asian merchant clients Nuggets’ payments and identity management technology.
Nuggets is also looking to enter the vast Indian m-payments market, Johnson said. The company has been selected to participate in the first phase of the Access India Programme, an Indian Government initiative led by the Indian High Commission in London to encourage SMEs with innovative technologies to enter the Indian market.
Jenkins joined the startup because he felt that Nuggets has a key role to play in the digital ID space that Jenkins became involved with the company.
“I’m increasingly seeing a lot of my peers in the payments industry moving into the fintech sector for various reasons,” he said. “Partly it’s because there is great opportunity, as existing payments systems and schemes will be disrupted due to regulatory initiatives such as PSD2 and open access to data. My perspective is that what Nuggets has developed using blockchain represents something that hasn’t been resolved in the past. The whole concept of storing personal information on centralized databases is a model which is broken."
PSD2’s requirements will impose further strain on existing payment authentication methods, Jenkins said. From September 2019, under PSD2, the EU will require “strong customer authentication” (two-factor authentication) for online card payments. Strong customer authentication is intended to reduce fraud by confirming customer approval of all significant transactions.
“Many banking regulations such as KYC and the requirement to retain documents for seven years predate the digital age,” Jenkins said. “They haven’t really caught up. Another problem is that e-commerce came along, not because banks originated it, but because merchants and consumers started transacting online, and the banking industry had to adapt to this. So existing security controls are inadequate.”
The advantage of using Nuggets for strong customer authentication over existing two-factor techniques is that Nuggets doesn’t require users to verify their ID by typing in personal data, as they are already authenticated by virtue of using Nuggets, Johnson said. “Existing payments systems will find this new requirement very difficult,” he said.
Jenkins noted that his discussions over the last 18 months with CEOs of U.K. banks have shown that they are concerned about the downstream risks of open banking, particularly the unintended consequences of providing open access to customer data.
“The standard protocols for protecting banking data, which were designed for more closed systems, are going into a different environment as a result of open banking,” Jenkins said. “I think that the blockchain and decentralized ledger can give banks better protection in the new era of open banking.”