Saturday, 30 December 2017

POST Open banking and GDPR

The combination of OAuth 2.o and OpenID Connet is a good way to balance the demands of open banking and GDPR.

POST China clearing

As was explained to me on a trip to Shanghai in 2017, Alipay built bilateral relationships with individual banks, in effect becoming a clearing centre. Other “third party” systems followed so the Chinese central bank required them to create a single central clearing system. So now there is Unionpay for debit and the “Internet Association” for mobile payments.

Friday, 29 December 2017

Blockchain and Voting | Benlog

xxx

"It’s possible we use just simple Merkle trees and hash chains, but we call them Blockchain"

From "Blockchain and Voting | Benlog".

xxx

ICOs: The Beauty, the Beast and JFK - CoinDesk

xxx

"ICOs need a competent legal framework and until governments allocate resources to modernize outmoded laws, ICO teams will follow the path of least resistance and raise funds in the most friction-free manner possible."

From "ICOs: The Beauty, the Beast and JFK - CoinDesk".

xxx

Thursday, 28 December 2017

China’s central bank tightens security in US$5.5 trillion QR code payment services | South China Morning Post

xxx

"As well as the changes to the verification requirements, the new rules, which come into force on April 1, stipulate that all companies providing bar code-based payment services must obtain both an online payment licence and a bank card receipt business licence, and that all cross-bank transactions involving bar codes must be channelled through the PBOC’s or other approved clearing system."

From "China’s central bank tightens security in US$5.5 trillion QR code payment services | South China Morning Post".

xxx

Brokering Identity - Part 1 - Noyes Payments Blog

Back in 2014, Tom Noyes (who I always take very seriously on this kind of thing) put it another way. He said...

"Yes it would be completely wierd to launch a consumer brand called AppleIdenityBroker.. But ApplePay doesn’t quite capture the #1 retailer challenge: knowing WHO their consumers are"

From "Brokering Identity - Part 1 - Noyes Payments Blog".

xxx

Wednesday, 27 December 2017

Zcash: Meet Zooko Wilcox, the Man Building a Better Bitcoin | Fortune

xxx

"‘Personally, I think zk-SNARKs are a hugely important, absolutely game-changing technology,’ Buterin tells Fortune. ‘They are the single most under-hyped thing in cryptography right now.’"

From "Zcash: Meet Zooko Wilcox, the Man Building a Better Bitcoin | Fortune".

xxx

Dunkirk sort of review

Dunkirk is a good movie. It's not a great movie, but it is a good movie and I didn't resent paying to go and see it on the big screen. It made me think about my grandad (my mum’s dad) a lot. 

WO2 (RQMS) Acting WO1 Supt Clerk Walter William Page DCM, Royal Signals

This WO is Superintending Clerk to SO in C. He was sent from Premesques late on 26th May in charge of 10 other ranks to report to an officer at Dunkirk. For various means the rendezvous miscarried and RSM Page tried to reach the Signal office in Dunkirk. Being prevented by burning buildings in this object, he went to the docks in search of an officer. There he found an officer of the Merchantile Marine in command of a supply ship to be unloaded. He collected about 150 men of various arms and departments in the dock area and kept them at work unloading through the 27th under heavy bombing attacks, until an ammunition ship alongside was bombed and set on fire about 2200hrs. He showed resource, initiative and determination to a high degree.

Gazetted 11.7.40

That’s my Grandad, Walter William “Pip” Page. There were around eight million British and Commonwealth soldiers who served in World War II and between them they won 1900 DCMs, so he was part of a pretty select group. It was a medal awarded to non-commissioned officers (NCOs) and other ranks for “distinguished, gallant and good conduct in the field”.

The Distinguished Conduct Medal was instituted by Royal Warrant on 4 December 1854, during the Crimean War, as an award to Warrant Officers, Non-Commissioned Officers and men. For all ranks below commissioned officers, it was the second highest award for gallantry in action after the Victoria Cross, and the other ranks' equivalent of the Distinguished Service Order, which was awarded to commissioned officers for bravery. Prior to the institution of this decoration, there had been no medal awarded by the British government in recognition of individual acts of gallantry in the Army

When I was a kid, staying at my grandparents house for the summer in the 1960s, VE Day was only 20 years back. That’s as far back from now is the death of Princess Diana and I can remember that. It never occurred to me when I was little that my parents and grandparents could actually remember what it was like during an actual war.

DCM Parade

Well I devoured Victor (my favourite comic at the time) and ploughed through the Commando, I don’t remember being at all mind for that to my grandad (and my dad) these were not distant events with fresh memories stop fresh and pretty horrible memories.

 

Now that I’m old and realise all of this, I was in two minds about whether to go and see the movie or not, because I didn’t want to disrespectful to my grandfather’s memory by enjoying the film (if you see what I mean). After all, Dunkirk must have been pretty horrible for the people who were there.

Saturday, 23 December 2017

Take On Payments - Federal Reserve Bank of Atlanta

snippet

We need a more robust pipeline of available workers to support the growth in the industry.

[From

Take On Payments - Federal Reserve Bank of Atlanta

]

snippet

Japan Airlines falls victim to email fraud, paying out ¥384 million to Hong Kong accounts | The Japan Times

snippet

Japan Airlines Co. said it has been defrauded out of ¥384 million ($3.4 million) after receiving emails earlier this year that called for the payments of lease fees and commissions into bank accounts in Hong Kong.

[From Japan Airlines falls victim to email fraud, paying out ¥384 million to Hong Kong accounts | The Japan Times]

snippet

Thursday, 21 December 2017

POST Realistic visions of the next money

xxx

"If Estonia succeeds with its plan to create a token for its e-residents to trade in, it could be the monetary glue to hold its ‘digital nation’ together. Electronic payments specialist Dave Birch theorized in his book, Before Babylon, Beyond Bitcoin, that the future of money is one where ‘community is no longer geography,’ and it’s communities who will have the most to gain from issuing their own, customized forms of money."

From "Estonia's planning an ICO for estcoins despite Mario Draghi's warning — Quartz".

It’s very kind of 

Tuesday, 19 December 2017

Casualties of the Cashless Society: Those Who Get Seasonal Tips - The New York Times

xxx

“These guys, they don’t tip like they used to, because they don’t have the cash in their pockets like they used to,” said Mark, an elevator operator at an upscale Manhattan co-op, talking about his building’s tenants.

From Casualties of the Cashless Society: Those Who Get Seasonal Tips - The New York Times

xxx

Why you can’t cash out pt 1: Why Bitcoin’s “price” is largely fictional | Attack of the 50 Foot Blockchain

xxx

"‘Market cap’ is even worse. It’s literally just whatever the last price was, multiplied by the number of tokens in existence. This is a bogus number that’s not actually applicable to anything — it’s not money that was put into the crypto, it’s not a realisable value like a company market cap, it doesn’t affect prices — it’s just an easily-calculated splashy-looking number that looks good in a headline. Trading is so thin in any crypto, even Bitcoin, that you could never realise a fraction of the number. It is literally just marketing."

From "Why you can’t cash out pt 1: Why Bitcoin’s “price” is largely fictional | Attack of the 50 Foot Blockchain".

xxx

How do you want banks to protect you from scams?

xxx

"Update, 11 December: The Payments Strategy Forum has outlined plans for a new payments system architecture in the UK… The Forum has outlined that customers wishing to make a bank transfer will have to now enter the exact name on the account, as well as the other details."

 

From "How do you want banks to protect you from scams?".

xxx

xxx

The system will be available from December 2018, although it will be voluntary as to whether your bank offers it to you when you make a payment"

From "How do you want banks to protect you from scams?".

 

xxx

Thursday, 14 December 2017

Connected Rental Cars Leak Personal Driver Data - Infosecurity Magazine

xxx

Your name and navigation history is valuable personal information. The UK Metropolitan Polices’ 'Digital Control Strategy' identifies infotainment systems in cars, which store this information, as a new forensic opportunity.

From Connected Rental Cars Leak Personal Driver Data - Infosecurity Magazine

xxx

Wednesday, 13 December 2017

Food app calls off ICO after SEC declares its tokens are unregistered securities

xxx

Munchee, a San Francisco-based company, had told investors that they were buying a “utility” token, because the digital coin could be used within the app to buy goods and services at a later stage.

In a whitepaper, Munchee had also told investors that the token “does not pose a significant risk of implicating federal securities laws.”

But the SEC said that the company led investors to believe that the value of tokens would increase and be traded on secondary markets — thereby classifying them as securities, which must be registered with the regulator.

From Food app calls off ICO after SEC declares its tokens are unregistered securities

xxx

Monday, 11 December 2017

Discover announces that it will do away with signatures by April 2018

xxx

"Discover has become the latest credit card company to get rid of signatures as a means of verifying a cardholder’s identity… it’s becoming increasingly rare for consumers actually sign real letters when signing at check-outs"

From "Discover announces that it will do away with signatures by April 2018".

xxx

To be honest I think I’ll miss signing for purchases in America.

Money 2020 Signature

xxx

Bitcoin tells us nothing about the long term

xxx

"Technology is changing every industry and it is impossible for me to believe it won’t change our financial system. That’s particularly true because our current system—while stable—is imperfect. Cryptocurrencies can be more secure and more efficient to exchange. They can be inflation-proof and are easier to settle and easier to interoperate. "

From "Start Up: China’s LinkedIn friends, notching Huawei?, gender pay improbability, bitcoin redux, and more | The Overspill: when there's more that I want to say".

xxx

xxx

"While certainly a disruptive idea, evolving our current financial system to take advantage of cryptocurrencies is not a crazy one."

From "Start Up: China’s LinkedIn friends, notching Huawei?, gender pay improbability, bitcoin redux, and more | The Overspill: when there's more that I want to say".

xxx

Sunday, 10 December 2017

On Fascism, Identity, Cryptoassets and the Future of Censorship

xxx

"Bloomberg estimates only 1,000 individuals own 40% of available bitcoin, while the majority of bitcoin creation (mining) itself is also a tight-knit oligopoly."

From "On Fascism, Identity, Cryptoassets and the Future of Censorship".

xxx

POSY Quantum

I saw a fascinating presentation by Ursula Schilling on Infineon on “Securing the Quantum Computer World” in which said was talking about the need to develop cryptography that will be resistant to attacks from quantum computers. It’s a live topic, because if the figures she presented are approximately correct and there will be quantum computers capable of making practical attacks on RSA/ECC with 15-20 years, that means that information currently being secure using asymmetric cryptography (eg, Bitcoin) is essentially being put into the public domain!

Saturday, 9 December 2017

How to Price Hard Forks – Jill Carlson – Medium

xxx

"‘To explain that, one needs investors who are (in our specific case) irrational, woefully uninformed, or endowed with very strange preferences.’"

From "How to Price Hard Forks – Jill Carlson – Medium".

xxx

Data, oil, pipes

I was amazed to hear at Vendorcom that 30% of population's income doesn't get reconciled at HMRC and DWP for reasons such as they only handle RTI from BACS and lots of people use faster payments.

Now I understand! Having recently had occasion to send money to HMRC, I was very surprised to receive a threatening letter from them a month or so later. I can't remember exactly what it said, but it was something along the lines of "we've giving up on chasing Google and Richard Branson, so if you don't send us tenner the boys are coming round to sort you out". Shocked, I logged on to my HMRC business account to see that it said that a) I owed them the tenner and b) I'd sent them a tenner that was sitting there "unallocated". I phoned up and the nice woman up North somewhere said that she would "allocate" the tenner to the money I owed them and it was all good. Afterwards, I did wonder why they thought I'd sent them a tenner (ie, was it for no reason, as they seem to have assumed, or was it in payment for the tenner I owed them).

Thursday, 7 December 2017

Will you let a stranger look deep into your bank account?

xxx

People may baulk at sharing access to personal data yet millions are happily using online banking and enjoying the functionality of their bank’s online app. Millions more are content to share all kinds of personal data with Google and Facebook, which already offers debit card-linked payments in the UK via its Messenger app.

From Will you let a stranger look deep into your bank account?

xxx

Tuesday, 5 December 2017

Cranking it up

Felix Martin, writing in the Daily Telegraph (5th December 2017) says that "We will end by thanking the monetary cranks for inducing some policy sanity – and making our national financial systems fit for purpose once again", meaning (if I understand him correctly) that while bitcoin may not in the long run prove to be a viable alternative to the existing fiat currency infrastructure, it will stimulate the development of things that are and thus make money more suited to the new economy.

The Father of the ICO Is All About Identity Now - CoinDesk

xxx

ERC-725 specifically defines and standardizes the actions all identity implementations need to take, such as adding claims to the smart contract and the mechanism for obtaining those claims later.

From The Father of the ICO Is All About Identity Now - CoinDesk

xxx

Monday, 4 December 2017

Venezuela will start its own digital currency to beat sanctions

xxx

The "petro" will be backed by Venezuela's key natural resources (diamonds, gas, gold and oil) and, in theory, will help it get around the "financial blockade" imposed by the US and other nations.

From Venezuela will start its own digital currency to beat sanctions

xxx

Saturday, 2 December 2017

UK banks prepare to share customer data in radical shake-up

xxx

But there is a risk for banks that customers move away from their own apps or online services, weakening their relationship and thwarting their ability to cross-sell. It could leave banks as the plumbing behind the scenes, used to facilitate the movement of money.

From UK banks prepare to share customer data in radical shake-up

xxx

San Francisco Rail System Hacker Hacked — Krebs on Security

xxx

truthfully answering secret questions is a surefire way to get your online account hacked

From San Francisco Rail System Hacker Hacked — Krebs on Security

xxx

Design of new Hong Kong smart identity card revealed | South China Morning Post

xxx

Why Hong Kong has Mao to thank for ID cards

From Design of new Hong Kong smart identity card revealed | South China Morning Post

Well, we can’t testify to any input from Mao, but we certainly can testify to the great job that Consult Hyperion did helping to design this, the world’s first smart national identity card, all those years ago!

Amazon Pay Comes To Alexa Skills | PYMNTS.com

xxx

Amazon Pay is coming soon to apps developed for Amazon’s Alexa by third-party developers… A developer preview made available yesterday also indicated that Alexa’s Amazon Pay-powered skills will expanded more dramatically in 2018.

From Amazon Pay Comes To Alexa Skills | PYMNTS.com

xxx

San Francisco Rail System Hacker Hacked — Krebs on Security

xxx

On Nov. 20, hacked emails show that he successfully extorted 63 bitcoins (~$45,000) from a U.S.-based manufacturing firm.

From San Francisco Rail System Hacker Hacked — Krebs on Security

xxx

Tuesday, 28 November 2017

POST 2FA SMS

Thanks to Richard van Arnholt for pointing out to me that

NIST now states that if authentication is used via sms (out-of-band), ‘the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. […] Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.’

xxx

Monday, 27 November 2017

Blockchain: the future of the passport? | Reform

xxx

Blockchain could become the future of the passport. It is a transparent and tamper-proof ledger, which can be used to verify a person’s identity.

From Blockchain: the future of the passport? | Reform

This sounds like typical magical thinking, but if you look at the diagram in their report, what it actually shows is something not entirely crazy. The idea would be to have some form of government shared ledger (let’s call it the UKLegder) that is validated by a number of public bodies.

Consumers Want Tech Firms to Take On the Banks - Bloomberg

xxx

Instead, du Toit predicts, banks will partner with Amazon and others. Lenders would manufacture financial products, and tech giants would serve as distribution and servicing channels. In other words, what Amazon already does with consumer goods.

Yet because distribution accounts for two-thirds of banking profits, according to a McKinsey & Co. report, banks may not love being relegated to mere factories for mortgages and credit cards.

And because Amazon wouldn’t have to pay to lure customers -- it already has millions of them -- it could afford to set up digital accounts without “all the nuisance fees and relatively high minimum balances” that lenders impose

From Consumers Want Tech Firms to Take On the Banks - Bloomberg

xxx

POST Well, yes, banks are technology companies

The “meme” that banks are, essentially, a special kind of technology company (special because they are granted special privileges that other companies do not have, such as the ability to create money) is common.

Here's what Christian Edelmann and Patrick Hunt said in the Harvard Business Review: "Technology specialists will play a greater role in allocating investments, working alongside senior management from a more traditional background". From my early experiences as an advisors to boards, I can see the dynamics at work here. To pick an obvious topic, some financial organisations' early response to open banking was to see Application Programming Interfaces (APIs) as something to do with technology and therefore not strategic. This left them on the back as

 

xxx

Instead, du Toit predicts, banks will partner with Amazon and others. Lenders would manufacture financial products, and tech giants would serve as distribution and servicing channels. In other words, what Amazon already does with consumer goods.

Yet because distribution accounts for two-thirds of banking profits, according to a McKinsey & Co. report, banks may not love being relegated to mere factories for mortgages and credit cards.

From Consumers Want Tech Firms to Take On the Banks - Bloomberg

xxx

xxx

And because Amazon wouldn’t have to pay to lure customers -- it already has millions of them -- it could afford to set up digital accounts without “all the nuisance fees and relatively high minimum balances” that lenders impose

From Consumers Want Tech Firms to Take On the Banks - Bloomberg

xxx

Facebook rolls out AI to detect suicidal posts before they’re reported | TechCrunch

xxx

Facebook’s new “proactive detection” artificial intelligence technology will scan all posts for patterns of suicidal thoughts, and when necessary send mental health resources to the user at risk or their friends, or contact local first-responders.

From Facebook rolls out AI to detect suicidal posts before they’re reported | TechCrunch

This is admirable, of course. No-one would say otherwise. But it must be transparently obvious that the same technology could detect all sorts of other patterns as well.

Banks need to swipe their 'social media' cards to pay up for Person...

xxx

The advancements made in social media analytics empower deciphering social media data to forecast impending life events… The ability to discern such events in advance can certainly help retail banks in targeting customers – current and future, with personalized products and offerings that are most relevant to them.

From Banks need to swipe their 'social media' cards to pay up for Person...

xxx

Number of young people acting as 'money mules' doubles - BBC News

xxx

The number of young people caught acting as "money mules" has doubled in the past four years, according to the UK's fraud prevention service, Cifas

From Number of young people acting as 'money mules' doubles - BBC News

xxx

Friday, 24 November 2017

China Reports Breaking Up Gang That Moved $3 Billion Abroad - Bloomberg

xxx

The group in Shaoguan is accused of moving money illegally using 148 bank accounts opened in 20 provinces with stolen identity cards, according to Xinhua.

From China Reports Breaking Up Gang That Moved $3 Billion Abroad - Bloomberg

xxx

Sunday, 19 November 2017

POST It's going to get worse before it gets better

Identity fraud is absolutely out of control in the UK and there is, so far as I can see, no prospect of any form of infrastructure coming into place to deal with the problem. Whether we look at scammers going through Facebook to perpetrate dating fraud or going through LinkedIn to perpetrate invoice fraud or going through the Land Registry to perpetrate property fraud or going through Companies House to perpetrate corporate fraud, we can draw only one conclusion: identity is broken. Until we fix identity, we can’t attack fraud. And since it’s going to take a while to fix identity, even if we start now, that means that fraud is going to carry on getting worse. Don’t believe me? Then listen to a bank:

[Barclays] is predicting that online festive fraud will be at its highest ever levels in December 2017 and could cost shoppers more than £1.3bn.

From Barclays warns of unprecedented online fraud this Christmas

Well, here’s wishing you a Happy New Year! The truth is that we are under attack. It isn’t script kiddies and casual card counterfeiters any more, it’s organised crime. The Callcredit Annual Fraud & Risk Report surveyed over a hundred fraud professionals and found that more than three-quarters of them rated organised cybercrime as the biggest fraud threat to their organisations in the coming year. Given that current projections are that the damage from cybercrime will double from $3 trillion last year to $6 trillion in 2021, their fears are well-founded. I don’t need to labour the point: in the long term someone will fix the identity problem but in the short term we will continue to lose vast amounts to identity fraud.

Yet when those same fraud professionals were asked what their priorities were for the coming year, nearly nine in ten put regulatory compliance at the top of their list. At a time when organisations need to invest in defending themselves by using new types of dynamic data in combination with “traditional” identity verification and strong authentication techniques, the spend is going on compliance (which clearly isn’t working - if it was identity fraud wouldn’t be out of control). Surely the ROI on bringing in new and actionable data is such that it deserves a separate line in the budget? After all, the investment should be measured against the fraud in a couple of years’ time not the fraud of a couple of years ago.

Why do I focus on data in this way? The answer is that if there is any light at the end of the tunnel right now, it’s coming from the world of Artificial Intelligence (AI). If we look at what kinds of AI are being deployed in the banking sector and what they are being used for, we see that machine learning tops the list of technologies and fraud detection and prevention tops the list of applications. Companies will be able to use new forms of varied and dynamic data for fraud prevention precisely because it will be AI consuming that data and making effective use of the wider range of inputs. As more accomplished bankers than me have noted, the battleground for banks is data, and this is one of the key reasons why. Without data, you can’t do decent risk management and if you can’t do decent risk management… then why have the bank in the loop?

 

Tuesday, 14 November 2017

Central banks should embrace digital currencies, Axel Weber says

xxx

Less clear cut, however, are likely to be arguments over digital currencies issued by central banks. Like cash, which they could eventually replace — but unlike bitcoin — they would be backed by monetary authorities, so they would also act as a store of value as well as widely accepted means of payment.

From Central banks should embrace digital currencies, Axel Weber says

xxx

Sunday, 12 November 2017

net.wars: Regulatory disruption

xxx

The financial revolution due to hit Britain in mid-January has had surprisingly little publicity and has little to do with the money-related things making news headlines over the last few years. In other words, it's not a new technology, not even a cryptocurrency. Instead, this revolution is regulatory: banks will be required to open up access to their accounts to third parties.

From net.wars: Regulatory disruption

xxx

Tuesday, 7 November 2017

Apple plans to share some iPhone X Face ID data. Uh oh.

xxx

Police can’t force you to turn over your passcode, but they can, theoretically, force you to unlock the phone with your face.

From Apple plans to share some iPhone X Face ID data. Uh oh.

xxx

Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica

xxx

On Friday, Estonia's Police and Border Guard suspended an estimated 760,000 ID cards known to be affected by the crypto vulnerability.

From Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica

xxx

xxx

The country is now issuing cards that use elliptic curve cryptography instead of the vulnerable RSA keys, which are generated by a code library developed and sold by German chipmaker Infineon.

From Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica

xxx

Monday, 6 November 2017

Shanghai shops refusing cash are illegal: authority - Global Times

xxx

Reporters found that, in Shanghai, some shops even ask consumers to apply for a membership card if consumers want to use cash, and others hang "no cash" signs on their doors, Laodong Daily reported Thursday.

From Shanghai shops refusing cash are illegal: authority - Global Times

xxx

NFC drivers | Consult Hyperion

xxx

modesty forbids me from noting Consult Hyperion’s role in the project, so I’ll let Finextra do it instead

From NFC drivers | Consult Hyperion

xxx

Authoritarian Cryptocurrencies Are Coming - Bloomberg

xxx

To those who believe bitcoin's main innovation is the exclusion of a central authority -- a peer-to-peer system in which transactions are validated by "miners" -- the interest of China and Russia is baffling. But those governments aren't looking to give up control to the blockchain. On the contrary, they are trying to figure out how to lower the cost for a centralized issuer to control everything that's going on in the financial system. 

From Authoritarian Cryptocurrencies Are Coming - Bloomberg

xxx

RBC CEO Dave McKay: Battleground for banks is data - Article - BNN

xxx

Royal Bank of Canada's chief executive says data is the battleground for banks that will determine the future success of financial institutions.

From RBC CEO Dave McKay: Battleground for banks is data - Article - BNN

xxx

Nationwide customers 'bank cards suddenly stopped working' after technical glitch

xxx

FURIOUS Nationwide customers had their payments declined and were locked out of their accounts when the bank's system went down yesterday.

From Nationwide customers 'bank cards suddenly stopped working' after technical glitch

The system went down. But what if there was no system to go down? Imagine that each ATM is a node in a shared ledger. Suppose a bank has a million customers, and each customer’s transaction record is 1Kb. A balance, last few transactions, that sort of thing. No need to store the whole transaction history in the ledger. That’s 1Gb. Maybe 10Gb for all of the bank customers in the UK. I have a flash drive in my bag with 128Gb on it and it cost like $50. Now, when someone draws money from an ATM the ledger is updated over a few minutes at all of the other ATMs (remember, ATMs are doing nothing most of the time). If an ATM goes down, so what? Just go to another one. When an ATM comes back, the ledger will update.

Sunday, 5 November 2017

POST Blockchain, disease and

xxx

While individual organizations in the public health network share the same overall mission, a complex mishmash of data usage agreements and government privacy rules dictate which members can access information and which ones can modify it.

From Why the CDC Wants in on Blockchain - MIT Technology Review

A blockchain, I guarantee, won’t make any difference to this. Those privacy rules don’t depend on whether you store the data in a spreadsheet or a database and they don’t depend on whether the data is in a shared ledger of some form either.

How should identities, not only patient IDs but also the IDs of public health organizations, be managed on the blockchain?

From Why the CDC Wants in on Blockchain - MIT Technology Review

If Open Banking is a success, then banks are going to fail. One viable picture of the future is of a few giant megabucks sitting in the background, like PG&E or British Gas, while other banks go to the wall and consumers obtain their financial services from Amazon and Facebook.

One Year After Rollout, Banks Are Bullish on Zelle | Bank Innovation | Bank Innovation

xxx

The banks’ response to the growth of the Zelle network follows positive statistics from the service itself, which reported 100 million transactions in September 2017 totaling $33.6 billion.

From One Year After Rollout, Banks Are Bullish on Zelle | Bank Innovation | Bank Innovation

xxx

Saturday, 4 November 2017

POST Bitcoin and crime on a street corner near you

According to the Daily Mail, the police have seen an "explosion in the use of digital currency by criminals who are strolling into cafes, newsagents and corner shops to dump their ill-gotten gains in virtual currency ATMs". Well, let’s hope so because Bitcoin isn’t fungible (unlike the £50 notes so helpfully provided to the criminal fraternity by the - yes, couldn’t make this up - Bank of England) which means that the money can be traced from wallet to wallet so that should make it easier for these detectives to get a handle on where the ill-gotten gains are heading.

While I remain concerned about the rise of Bitcoin for reasons of consumer protection, I am much less concerned about its use in crime. First of all, if the demand for Bitcoin were about crime (and not speculation) is would actually be worth far less than it is today. There just isn’t enough crime. Calculations based on the use of Bitcoin in this sector of the economy put its value at something like one-twentieth of the current price. Now, I think these kinds of calculations are highly spurious, for two main reasons. First of all, I have yet to see any evidence that criminals are adopting Bitcoin at scale. And the reason for this is obvious: it’s not anonymous enough. Wallet addresses are pseudonyms, and once any of these pseudonyms has been linked to a mundane identity in anyway, the identities can be connected, monitored, tracked and traced. This is why ransomware rogues convert their Bitcoins out into something more suited to the less-regulated corners of the economy. The people behind the famous “WannaCry”, which hit more than 300,000 computers in over 150 countries, took their rewards and converted them into Monero, a privacy-focused cryptocurrency that has seen some growth in its popularity over the last year or so.

The second reason why I think such calculations are spurious is that it is they are often based the value of the global market in illegal drugs. Now, while no-one can be sure of the exact size, this is undoubtedly a vast market. But it is a market that is conducted almost entirely in cash. Were these transactions to be converted to digital money, the sums involved are so vast that it would be almost impossible to create to an AI machine-learning transaction monitoring services to ignore them.

IS_A_PERSON and IS_A_LEGAL_PERSON

xxx

Alt-right blogger Jenna Abrams (@Jenn_Abrams) enjoyed a large following in Twitter, and her tweets were cited by Buzzfeed, the NY Times, and other news agencies. It turned out "she" was another creation of the Internet Research Agency, the Russian government-funded troll farm in St. Petersburg.

From An alt-right Tweeter with 80k followers is a fictional entity created by Russian troll farm / Boing Boing

xxx

Thursday, 2 November 2017

The evolution of gift card fraud » PaymentEye

xxx

Criminals are exploiting the gift card loophole to commit financial fraud for a myriad of reasons, including money laundering, and as a way of moving illicit funds by drug cartels and terrorists.

From The evolution of gift card fraud » PaymentEye

xxx

Wednesday, 1 November 2017

One in five ATMs set to close over next four years

xxx

One in five cash points will disappear from Britain's high streets within four years, according to the ATM industry body. 

From One in five ATMs set to close over next four years

xxx

Monday, 23 October 2017

Identity in the UK is a gas

From time to time, when making presentations about identity and related topics, I have to stop to explain to baffled foreigners that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. I understand that these are notoriously difficult to forge and that the skilled artisans behind the North Korean $100 bill “supernote” threw down their tools in frustration when faced with the multiple layers of security that are part of the British Gas quarterly statement for residential users. Hence our gas bill is a uniquely trusted document, and the obvious choice of platform for anyone concerned about fraud.

(By the way, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here for theatrical or novelty use only.)

No wonder identity fraud is an epidemic in the UK. Fraudsters are ruthless about exploiting the gaps in identification, authentication and authorisation infrastructure and as I’ve been saying for time, the UK has only gaps and no actual infrastructure. I am very sorry to say it, but our system based on the gold standard of gas bills is no longer fit for purpose.

Police later discovered Ghani and Mahmood carried out the fraud after stealing three utility bills from Mr To's mailbox.

From Stockport identity fraud victim's £500k home put on market - BBC News

"Having forged his signature, they then transferred the deeds to his house into Ghani's name". Yes, I know I know, I'm sure the blockchain will put a stop to this, but in the meantime... should a homewoner whose house is stolen in this way be entitled to compensation from the utility company for sending the bills? Or from whoever it is that transferred the deeds based on a forged signature? If I can steal your house just by getting information from gas bills and forging your signature, shouldn’t you be within your rights to expect the powers-that-be to do something?

But what?

Well, for a start, we can stop using sort codes and account numbers and choose more meaningful identifiers when it comes to money. You shouldn’t be sending money to me at XX-XX-XX 99999999, you should be sending it to @dgwbirch. I defy anybody to carry around the six digit sort code and nine digit account number of their correspondents in their heads or to be able to spot their solicitor's real payment details from some fake payee details when reading an email. If you are expecting to send money to $dgwbirch (please go ahead, but the way, as, it’s my Square Cash name) and then get an email asking you to send instead to $davidovichbirchski then you might be a little suspicious, but if you get an e-mail using to switch from sort code 12-34-56 to 34-56-78 its less obviously a fraud.

 And which actual payment account I choose to associate with that identifier should be up to me: it’s none of your business whether I’m with Barclays, Amazon or my brother-in-law. Personal information should be kept of transactions where it is not needed. You send the money to @dgwbirch and that’s it.

(In fact, it’s not all obvious to me that you should know my “real” name at all, since that’s just an invitation to identity theft.)

xxx

Lloyds, which took eight hours to make the payment, did not carry out any checks to ensure the name of the firm to which the payment was to be made matched the account numbers,

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

Neither Lloyds, nor any other bank do this. That’s just how the system works: the account name is an attribute, not an identifier.

The UK’s new payment architecture includes a directory service to map a variety of identifiers to bank accounts.

Chinese Government rolls out trust ratings to combat corruption | World Finance

xxx

According to research published in the Journal of the European Economic Association, the level of trust in cultures today can be informed by events that occurred hundreds of years ago. The research shows that Italian states that became free cities in the Middle Ages – a process that required mass cooperation – exhibit higher levels of trust today than those that didn’t.

From Chinese Government rolls out trust ratings to combat corruption | World Finance

xxx

Chinese Government rolls out trust ratings to combat corruption | World Finance

xxx

The Chinese Government’s new tool to generate trust is known as ‘social credit’, and is currently in the process of being rolled out. The plan is to generate a score for every citizen based on how trustworthy they are. The system will aim to instil trust by combining carrot and stick: those with a good score will reap rewards, while a bad score will lead to punishments, such as public blacklisting and restrictions.

From Chinese Government rolls out trust ratings to combat corruption | World Finance

Now, in one way, this is a back to the future thing. When we all lived in clans and roamed the savannah, the social credit score of each and every one of us was stored in the “shared ledger” of the memories of the clan members.

Sunday, 22 October 2017

‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

xxx

the regulations that govern this area. These state that a bank has to “have made clear to their customer how a Chaps payment will be processed” and that the bank “will make a payment solely on the basis of a unique identifier and will not execute it on the basis of the intended recipient’s name”.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

xxx

‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

xxx

Lloyds, which took eight hours to make the payment, did not carry out any checks to ensure the name of the firm to which the payment was to be made matched the account numbers,

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

Neither Lloyds, nor any other bank do this. That’s just how the system works: the account name is an attribute, not an identifier.

POST Payments are the not problem, identity is

There's a huge amount of payment fraud going on in the UK at the moment. The fraudsters intercept legitimate requests to transfer money from one account to another, often from solicitors in relation to house purchases but also from tradespersons such as builders) and they change the details so that the payer sends the money to an account under the control of the fraudsters rather than the intended destination. So, typically, the fraudsters will monitor e-mails coming from a solicitor and when that solicitor sends an email to a customer asking for money (e.g., for a house purchase), the fraudsters replace solicitor's legitimate account details with details of another account that they control. I wrote about this ages ago and put forward the obvious solution, which is to stop using e-mail for important transactions, but nobody paid any attention, and the problem continued to grow. In the first half of this year there were about 20,000 such frauds with some £100m lost (and only £25m subsequently recovered). This is the second largest category of payment fraud behind card fraud (which is about six time larger) because the numbers are low but the average values involved are high.

Now, for someone like me who is reasonably savvy about the operations of the UK domestic interbank payment networks, instant payment fraud isn’t a problem. Whenever I have to set up a new payee for instant payments, I always send an initial payment of a fiver and wait for confirmation that it has arrived before I go ahead and transfer any larger amount. But a great many people, and a great many people who are intelligent and sophisticated customers, do not. They enter the incorrect payee details and hit send. The impact of this is significant as the number of frauds continues to increase. As Hannah Nixon, head of the UK’s Payment System Regulator (PSR), put it toward the end of last year, “tens of thousands of people have, combined, lost hundreds of millions of pounds to these scams”. Indeed they have. And, in fact, still are. 

An Essex couple have lost £120,000 after sending the money to what they thought was their solicitor’s bank account, but which instead went to an account in Kent that was systematically emptied of £20,000 in cash every day for the next six days.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

This isn’t a payments problem, it’s an identity problem. So just whose fault is it when someone gets scammed in a sector with no effective identity infrastructure? The couple at the centre of this story sent the money via the Clearing House Automated Payments System (CHAPS) and the CHAPS regulations are unequivocal.

the bank “will make a payment solely on the basis of a unique identifier and will not execute it on the basis of the intended recipient’s name”.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

I’ll sure the couple have an e-mail or a piece of paper pointing this out, but it clearly didn’t help. As I wrote earlier in the year, fraudsters are ruthless about exploiting the gaps in identification, authentication and authorisation infrastructure and as far as I can tell, right now there are only gaps and no actual infrastructure.

Meanwhile, the security or otherwise of Steed & Steed’s email system is also likely to be investigated. In December 2016, regulatory body the Solicitors Regulation Authority warned that email hacks of conveyancing transactions had become the most common cybercrime in the legal sector.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

This reinforces my theory that solicitors who use e-mail to send important information to customers are, essentially, negligent. They should be using WhatsApp or Signal for this sort of thing. If it was the solicitor’s e-mail server that got hacked, then they should be responsible for compensating the customers, shouldn’t they? If I tell my bank to send £10,000 to the Nat West in Barnsley by mistake - whether I was scammed or typed in the wrong sort code or was using an out-of-date account reference or whatever - and I go through all of the security hoops to do so, why is it my bank’s fault that the money went to the wrong place? It is not obvious at all that it is my bank that should be compensating me for my mistake. If scammer gets me to send my house deposit to the wrong account, then my claim is against the scammers or the destination bank if it was negligent in some way (e.g., if it didn’t do KYC) isn’t it?

Anyway, my reason for going over this old ground again is that the PSR response to the “super complaint” about this type of fraud came up in discussion at the Payment Strategy Forum. In addition to education, guidelines and that sort of thing, they were talking about three substantial initiatives to do something about what they called Authorised Push Payment (APP) fraud, but that I call Authorised Credit Transfer (ACT) fraud because I think “app” is a confusing sobriquet. These are:

  • KYC Sharing, to try to prevent fraudsters from opening accounts. The PSF's earlier consultation document on the "Blueprint for the Future of UK Payments" includes a detail discussion of this issue and also highlighted one of my pet peeves, which is the "poor customer experience for good actors". In other words, the UK’s stringent and expensive KYC procedures don’t stop criminals from opening accounts but do massively inconvenience honest working folk, your author included. The PSR has handed the baton over to the trade association on this one, so we’ll have to wait and see what they come up with.

    The Forum handed over to UK Finance the development of best practice guidelines for PSPs when verifying a user’s identity. The guidelines will also cover how identity verification is managed across different types of payments.

    My guess is what they won’t come up with is a comprehensive and cost-effective solution using some sort of “financial services passport”, much discussed here and elsewhere. (I was part of the techUK working group on this three years ago.)

  • Payee Confirmation, to try to prevent malicious redirection scams by matching the name as well as the sort code and account number. So the idea here is that when you set up David G.W. Birch as a payee, the destination bank will match the name against the name of the destination account (which is what they don’t currently do) and will reject the payment is they do not correspond. I have mixed feelings about this, because I would rather just scrap the use of sort codes and account numbers and use the directory services in the new National Payments Architecture (NPA) to replace them with e-maill addresses, mobile phone numbers or (my preferred solution) “paynames”. Instead of typing in meaningless numbers, you would just tell your bank to send the money to £dgwbirch or accounts@dgwbirch.com or whatever.

  • Contingent Reimbursement (this is what got the media attention) which would require PSPs to reimburse victims when they could not have reasonably prevented an ACT scam but either the customer's PSP or the destination PSP "has not met the required standards". The consultation notes that "there was very limited support from PSPs for a full chargeback-like process" (apart from anything else, this would cost a fair amount to run) so you can see why it's important to find an alternative. The proposed solution rather hinges on whether the victims of fraud took the "appropriate" level of care. For me, this would be sending a quid and checking it went to the right place before I send the other £499,999 of the house purchase.

xxx

7 Thoughts On Blockchain, Cryptocurrency & Decentralization After Another Three Months Down The…

xxx

"While most of the ICOs to date have been Utility Tokens, because of the massive advantages that Security Tokens have over traditional capital raising, I think the total market cap of all security tokens will be much larger than the total market cap of all utility tokens."

From "7 Thoughts On Blockchain, Cryptocurrency & Decentralization After Another Three Months Down The…".

xxx

Wednesday, 18 October 2017

POST Risk

xxx

NEW YORK, NY--(Marketwired - May 03, 2016) - SmartMetric, Inc. (OTCQB: SMME) -- According to a research report conducted by the research organization The Nilson Report, for 2015 through 2020, card fraud worldwide is expected to total $183.29 billion. In 2020, global card fraud is projected to exceed $35.54 billion. Fraud, grew by 19%, and outpaced volume, which grew by 15%. Fraud losses by banks and merchants on all cards issued worldwide reached $16.31 billion in 2014 when global card volume for the same period totaled $28.844 trillion.

From Annual Global Card Fraud to More Than Double Reaching Over $35 Billion in Four Years

My general sense of the industry, without giving away anyone’s figures, is that not only is fraud growing faster than volume, but that merchants are annoyed because declines are growing faster than fraud. We need a sea change in tackling fraud and I think there are two parts to this: changing the security vs. convenience model at the front end and changing the transaction validations model at the back end.

POST Open banking, breaking banks and

As the former governor of the Bank of England, Meryvn King, has eloquently pointed out, banks are institutions that pre-date modern capitalism and “owe much to the technologies of an earlier age” (The End of Alchemy, 2016). There is no reason to expect them to continue in this form under the technological, regulatory, social and business pressures for change that are about to overwhelm them. If that sounds like waffle futurism that does not need to be taken seriously, you could not be more wrong. In the UK, those changes are going to begin in January when the world of “open banking” is created by the implementation of the Competition and Markets Authority (CMA) “remedies”. That is, the nine largest banks are compelled to provide Application Programming Interfaces (APIs) for third-party applications to access bank accounts, a milestone in a long journey to bring a revolutionary degree of competition to the sector.

This all rooted in the frustration of the regulators to see more competition. They tried forcing the banks to spend a billion or so quid on an account switching services and that didn’t work, so they decided that they had to look to more radical solutions.

The CMA reports a study by one of the very few new entrants, Tesco Bank, which found that a clear majority of account holders agreed with the statement “I cannot be bothered to switch accounts as I do not believe I would get better service/value for money elsewhere”.

[From John Kay - Competition in banking does not necessarily benefit consumers]

In the UK, the regulators’ determination to change this situations means that we are about to see major disruption in the space. I called this before a “crossing of the streams” (in an hommage to Ghostbusters!) because there are three different initiatives coming together.

The first stream is the PSD2 provisions for access to payment accounts. As you may recall, these include a set of proposals that are due to come into force in 2018. A group of those proposals are what we in the business call “XS2A”, the proposals which force banks to open up to permit the initiation of credit transfer (“push payments”) and account information queries. Even at a pure compliance level these PSD2 regulations pose significant questions for the structure of the existing payments industry. While PSD2 does not mandate APIs (I think - it’s all gotten a bit complicated but as far as I know the screen-scrapers have fought d a decent rearguard action) an open banking API is the obvious way to implement the PSD2 provisions.

The second stream is Her Majesty’s Treasury’s push for more competition in retail banking. This led to the creation of the Open Banking Working Group (OBWG), which published its report in 2016.  It set out was a four part framework, comprising:

  • A data model (so that everyone knows what “account", "amount", "account holder" etc means);
  • An API standard.
  • A security standard.
  • A governance model. 

The third stream is the CMA report that triggered the remedies mentioned above. This envisages APIs to improve competition in retail banking by focusing on the use of APIs to obtain access to personal data that can be shared with third-parties to obtain better, more cost-effective services.  These streams are coming together to create an environment of what is now called Open Banking. And it’s a big deal.

Open Banking makes it possible to pay with lightning speed directly from a bank account – in effect, creating an Amazon “One Click” for the entire internet.

From To change how you use money, Open Banking must break banks | WIRED UK

I think the use of Amazon in this example is far more disruptive than the author may have intended. Amazon Payments is, in my opinion, precisely the kind of business that will benefit from open banking. It won’t be fintech startups who eviscerate the existing payments industry, it will be the heavy hitters who are able to gain access to the bank account and merge that ability with their colossal resources and gigantic data reservoirs to create a new customer experience. Indeed, in that Wired article, Rowland Manthorpe says plainly that open banking is a new way of dealing with the twenty-first century’s most sought-after resource, personal data. This point was recently echoed by the Dave McKey, the CEO of RBC, who said “data is the battleground for banks that will determine the future success of financial institutions”.

All of which reinforces my opinion that banks need get into the business of identity, reputation and trust pretty quickly.

Tuesday, 17 October 2017

In a Cashless World, You'd Better Pray the Power Never Goes Out - Slashdot

Puerto Rico

"Cash only," said Abraham Lebron, the store manager standing guard at Supermax, a supermarket in San Juan's Plaza de las Armas. He was in a well-policed area, but admitted feeling like a sitting duck with so many bills on hand. "The system is down, so we can't process the cards. It's tough, but one finds a way to make it work."

From In a Cashless World, You'd Better Pray the Power Never Goes Out - Slashdot

xxx

xxx

If I was the manager of Waitrose after the Woking earthquake, then I would simply accept payment by writing down card numbers, or photocopying driving licences, or taking pictures of customers, or whatever. The core of the issue is identification and trust, not the payment instrument. As many media commentators noted, society in Japan did not collapse. My conclusion: natural disasters are not a convincing argument for cash.

From The disaster in Japan has lessons for payments | Consult Hyperion

xxx

Monday, 16 October 2017

Jewelers Rally After India Anti-Money-Laundering Rule Reversal - Bloomberg

xxx

Shares of jewelers climbed in India after the government withdrew an order that brought the industry under anti money-laundering legislation, a move that comes just as gold buying improves before the Hindu festival of Diwali, the peak season for demand.

Jewelers were included in the Prevention of Money-Laundering Act in August, increasing compliance requirements. Buyers have been shying away from making purchases as they had to provide their income tax identity for transactions above 50,000 rupees ($766), hindering high-value deals.

From Jewelers Rally After India Anti-Money-Laundering Rule Reversal - Bloomberg

xxx

In the contactless payment era, why is cash making a comeback? | Business | The Guardian

xxx

Mass cash stashing might signal a widespread fear of a looming apocalypse – or, more prosaically, it could signal rampant illegality.

From In the contactless payment era, why is cash making a comeback? | Business | The Guardian

xxx

Friday, 13 October 2017

Salad Days

I’m not sure if you’re supposed to have a favourite supply chain fraud or not but I do, and it is the famous case of the vegetable oil that almost bankrupted American Express (and went some way toward making Warren Buffet a multi-billionaire). The essence of the story is that a conman, Anthony “Tino” De Angelis, discovered that people would lend him money on the basis of commodities in the supply chain. His chosen commodity was vegetable oil (see How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE). Amex had a division that made loans to businesses using inventories as collateral. They gave De Angelis financing for vegetable oil and he took the Amex receipts to a broker who discounted them for cash. So he had tanks of vegetable oil and Amex had loaned him money against the value of the oil in those tanks, the idea being that they would get the money back with a bit extra when the oil was sold on. Now as it happened, the tanks didn’t much contain oil at all. They were mostly water with a layer of oil on top so that when the inspectors opened the tanks and looked inside they saw oil and signed off whatever documentation was required. Eventually the whole scam blew up and nearly took Amex down, enabling the sage of Omaha to buy up their stock and make a fortune.

Fortunately for us and unfortunately for conmen like Tino, the supply chain is one of the many industries that the blockchain is going to disrupt. As my good friend Michael Casey and his co-author Pindar Wong explain in their recent Harvard Business Review piece on the topic (Global Supply Chains are about to get Better, Thanks to Blockchain in HBR, 13th March 2017), blockchain technology allows computers from different organisations to collaborate and validate entries in a blockchain. This removes the need for error prone reconciliation between the different organisation’s internal records and therefore allows stakeholders better and timelier visibility of overall activity. The idea discussed in this HBR piece (and elsewhere) is that some combination of “smart contracts” and tagging and tracing will mean that supply chains become somehow more efficient and more cost-effective.

An aside. I put “smart contracts” in quotes because, of course, they are not actually contracts. Or smart. Bill Maurer and DuPont nailed this in their superb King’s Review article on Ledgers and Law in the Blockchain (22nd June 2015), where they note that smart contracts are not contracts at all but computer programs and so strictly speaking just an “automaticity” on the ledger. (Indeed, they go on to quote Ethereum architect Vitalik Buterin saying that “I now regret calling the objects in Ethereum ‘contracts’ as you’re meant to think of them as arbitrary programs and not smart contracts specifically”.)

Using the blockchain and “smart contracts” sounds like an excellent idea and there’s no doubt that supply chain participants are taking this line of thinking pretty seriously. Foxconn (best known as the makers of the iPhone) are a recent case study. In March 2017 they demonstrated a blockchain prototype that they used to loan more than six million dollars to suppliers. I should note in passing that the article didn’t make it clear why they were using a blockchain (as opposed to any other form of shared ledger) or why they were using a shared ledger rather than a database but, like Merck and Walmart and many others, Foxconn is a serious business that sees promise in the technology so we should take the case study seriously.
 
While I was reading about Foxconn, and a couple of other related articles in connection with a project for a client, I started to wonder just how exactly would the supply chain industry be disrupted? How would the blockchain have fixed the salad oil problem? It’s very easy to think of a fancy fintech setup whereby smart contracts took care of passing money from the lender to the conman when the tanks were certified by the inspectors but as sceptical commentators (e.g., the redoubtable Steve Wilson of Lockstep) frequently point out, transactions using blockchain technology are only “trustless” insofar as they relate to assets on the blockchain itself. As soon as the blockchain has to be connected to some real-world asset, like vegetable oil, then it is inevitable that someone has to trust a third-party to make that connection.

Trusting these third parties can be a risk. Another of my favourite scandals (I have quite a few, I should have mentioned that) is the horsemeat scandal that swept Europe on the 50th anniversary of the salad oil scandal. Basically horsemeat was being mixed with beef in the supply chain and then sold on to the suppliers of major supermarkets in, for example, the UK. One of the traders involved was sentenced to jail for forging labels on 330 tonnes of meat as being 100% beef when they were not. Once again, I am curious to know how a blockchain would have helped the situation since the enterprising Eastern European equine entrepreneur would simply have digitally-signed that the consignment of donkey dongs were Polish dogs and no-one would have been any the wiser. It is not clear how a fintech solution based on blockchains and smart contracts would have helped, other than to make the frauds propagate more quickly.

The reason that I am interested in scandals like this one is that the tracking of food features as a one of the main supply chain problems that advocates hope the blockchain will solve for us. Work is already under way in a number of areas. I understand that Walmart have carried out some sort of pilot with IBM to try to track pork from China to the US and another pilot was used to track tuna from Indonesia all the way to the US. But if someone has signed a certificate to say that the ethically-reared pork is actually tuna, or whatever, how is the shared ledger going to know any different? A smart contract that pays the Chinese supplier when the refrigerated pork arrives in a US warehouse, as detected by RFID tags and such like, has no idea whether the slabs in the freezer are pork or platypus.

If you do discover platypus in your chow mein, then I suppose you could argue that the blockchain provides an immutable record that will enable you to track back along the supply chain to find out where it came from. But how will you know when or where the switcheroo took place? Some of the representations of the blockchain’s powers are frankly incredible, but it isn’t magic. It’s a data structure that recapitulates the consensus of its construction, not a Chain of True Seeing with +2 save against poison. So is there any point in considering a form of shared ledger technology (whether a blockchain or anything else) for this kind of supply chain application? Well, yes. We think there is.

Let’s go back to the first example, the great vegetable oil swindle. Had American Express and other stakeholders had access to a shared ledger that recorded the volumes of vegetable oil being used as collateral, the fraud would have been easily discovered.

“If American Express had done their homework, they would have realized that De Angelis’s reported vegetable oil ‘holdings’ were greater than the inventories of the entire United States as reported by the Department of Agriculture. “

via How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE

Interesting. So if the amounts of vegetable oil had been gathered together in one place, the fraud would have been noticed. What could that one place be? A federation of credit provider’s databases? A shared service operated by the regulator? Some utility funded by industry stakeholders? How would they work? What if the stakeholders instead of paying some third party to run such a utility used a shared ledger for their own use? It would be as if each market participant and regulator had a gateway computer to a central utility except that there would be no central utility. The gateways would talk to each other and if one of them failed for any reason it would have no impact on the others. That sounds like an idea to explore further.

How might such a ledger might operate? Would American Express want a rival to know how much vegetable oil it had on its books? Would it want anyone to know? The Bank of Canada, in their discussion of lessons learned from their first blockchain project, said that “in an actual production system, trade-offs will need to be resolved between how widely data and transactions are verified by members of the system, and how widely information is shared”. In other words, we have to think very carefully about what information we put in a shared ledger and who is allowed to say whether that information is valid or not. Luckily, there are cryptographic techniques known as “Zero Knowledge Proofs” (ZKPs) that can deliver the apparently paradoxical functionality of allowing observers to check that ledger entries are correct without revealing their contents and these, together with other well-known cryptographic techniques, are what allow us to create a whole new and surprising solution to the problem of the integrity of private information in a public space.

It is clear from this description that a workable solution rests on what Casey and Wong call “partial transparency”. At Consult Hyperion we agree, and we borrowed the term translucency from Peter Wagner for the concept. For the past couple of years we have used a narrative built around this to help senior management to understand the potential of shared ledger technology and form strategies to exploit it. Indeed, in some contexts we focus on translucent transactions as the most important property of shared ledgers and as a platform for new kinds of marketplaces that will be cheaper and safer, a position that you can find explored in more detail in the paper that I co-authored with my colleague Salome Parulava and Richard Brown, CTO of R3CEV. See Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis.Journal of Payment Strategy and Systems 10(2): 118-131 (2016).

As you might deduce from the title, in this paper we co-opt the architectural term “ambient accountability” to describe the combination of practical Byazantine fault tolerance consensus protocols and replicated incorruptible data structures (together forming “shared ledger” technology) to deliver a transactional environment with translucency. As Anthony Lewis from R3CEV describes in an insightful piece on this new environment, it is much simpler to operate and regulate markets that are built from such structures.

The reconciliation comes as part of the fact recording; not after. Organisations can “confirm as they go“, rather than recording something, then checking externally afterwards.

From Distributed ledgers: “Confirm-as-you-go” | Bits on blocks

In this way the traditional disciplines of accounting and auditing are dissolved, re-combined and embedded in the environment. Smart contracts wouldn’t have disrupted Tino’s business, but ambient accountability would have uncovered his plot at a much earlier stage, when the near real-time computation of vegetable oil inventories would delivered data on his dastardly plot. You’d hardly need Watson to spot that inventories greater than the United States entire annual production ought to be looked into in more detail.

Perhaps we need to shift perspective. It is the industry-wide perspective of the shared ledger, the shared ledger as a regtech, that makes the disruptive difference to supply chains, just as it is the shared ledger as a regtech that will reshape financial markets by creating environments for faster, cheaper and less opaque transactions between intermediaries that have to add value to earn their fees rather than rely on information asymmetries to extract their rent. As the World Economic Forum’s report on the Future of Financial Services says, “New financial services infrastructure built on [shared ledgers] will redraw processes and call into question orthodoxies that are foundational to today’s business models”. We agree, and if you want to make this a reality for your organisation, give me or my colleagues at Consult Hyperion a call. We will provide help, not hype.

Incidentally, the brilliant Maya Zahavi from QED-it will be explaining how ZKPs can transform supply chains at the 20th annual Consult Hyperion Tomorrow’s Transactions Forum on April 26th and 27th in London. Run, don’t walk, over to that link and sign up now for one of the few remaining delegate places and to be kept up-to-date in the future, sign up for our mailing list as well.

[Sincere thanks to my colleague Tim Richards and to my former colleague Salome Parulava for their helpful comments on an earlier draft of this post.]

Tuesday, 10 October 2017

Making Britain the safest place in the world to be online - GOV.UK

xxx

‘found worrying or nasty in some way’

From Making Britain the safest place in the world to be online - GOV.UK

Yes, well I find things like this every single day on the internet. For example, I am very worried about 

Making Britain the safest place in the world to be online - GOV.UK

xxx

A new social media code of practice…

From Making Britain the safest place in the world to be online - GOV.UK

And so forth. There’s no point elucidating, because the strategy is, broadly speaking, to do nothing. A voluntary programme to ask people not to bully each other on Facebook. Publishing advertisements to tell people to be nice to each other is pointless. 

Fake news: Dow Jones blames technical error for headlines claiming...

xxx

While the implausible nature of the $9 billion price tag may have been a red flag to human traders, Apple did briefly see its stock rise to $158 before settling back down to around $156, raising the possibility that some algos were fooled.

From Fake news: Dow Jones blames technical error for headlines claiming...

xxx

Book review: Big Mind

Perhaps the universe was telling me something, because it seems to me beyond coincidence that I don’t remember hearing the word “homophily” before and yet I’ve just come across it twice in the same day: once when listening to historian Niall Ferguson on the BBC’s Today programme while in the shower and then again a couple of hours later while reading Geoff Mulgan’s new book “Big Mind” on the couch. Homophily means the tendency of people (e.g., me) to tend to congregate online with people who think the same as they do (e.g., the Chancellor of the Exchequer is very probably insane) but worse still in the new online world, also view only “news” (fake or real) that reinforces their position.

We will come back to homophily in a moment.

Geoff’s thesis is that the "collective intelligence” formed from groups of people connected together online functions according to new dynamics. Now, while he notes early on that a more networked world does not automatically means a higher IQ world (in fact, as far as I can see, the general level of idiocy has increased substantially since the early days of the the telegraph and the bulletin board), and that "shared thought is not only knowledge but delusions, illusions and fantasies”, I’m not sure that Snapchat boosts either individual or collective IQs.

Hence I began with caution, and about two thirds of the way through the book I was caught in a terrible English dilemma. I’ve known the author for a long time and admired his work with Demos and NESTA. But I wasn’t enjoying the book and didn’t feel I was getting anything from it. So how could I say that politely?

Luckily I carried on reading and I realised that the first two-thirds of the book is not for people like me who spend their entire lives on LinkedIn and Twitter but for politicians and policymakers who have only the vaguest idea of what these new technologies are and just how different these new dynamics of the collective that they have created is from the collection of individuals that they are used to dealing with.

It’s the last third of the book where Geoff gets into the tough questions. I’d not heard of the “folk theory of democracy” (i.e., that the people are wise and come to the right answer) before but I can say with certainty that it is doomed with the masses so easily subverted through Facebook adverts and clickbait headlines. While it is appealing to hope that new technology is the answer, a means to rejuvenate democracy, I’m not sure. As the author notes, crowds are good at ideas, not judgements.

Do we then give decision making to an elite? Maybe, but the experts aren’t always right even when they are more connected than ever before. I strongly agree with the author’s view that “expertise can entrap”, or to put it another way, foxes make better predictions than hedgehogs, but we don’t seem to be rummaging through the dustbins of knowledge to pick out the good stuff at all. The example the author uses illustrates this rather well: we have more data about health and diet and nutrition than ever before, yet we have an epidemic of obesity. More data does not mean wisdom.

Which leads me to my suspicion is that it isn’t networking people together that is going to help, but networking people with artificial intelligences. As Geoff himself points out, technologies can effectively perform many of the elements of collective intelligence. He references a a Hong Kong investment firm has already invited an AI to join its board and given it the same vote as human board member.

A cabinet of ZX Spectrums could hardly do worse than the flesh and blood version. I laughed out loud when I saw “government is collective intelligence” since there’s precious little evidence of such (“government is muddling through” is more the British way). Geoff has had access to government decision-making process that I have not, so how accurate his characterisation is I can’t say. He certainly right when he says that companies pretend to operate with collective intelligence but actually go by gut feeling rules of thumb (as memorably described in one of my favourite books from last year “Chaos Monkeys”).

Geoff puts forward an interesting thesis but doesn’t completely convince with it. At the end of the book, I was left unsure whether he thinks that the online collective multi-intelligence of the connected crowd is something to be harnessed, managed or avoided at all costs.

Monday, 9 October 2017

‘Mind-Boggling’ Math Could Make Blockchain Work for Wall Street - Bloomberg

xxx

“Zero-knowledge proofs are one of the biggest inventions in the last two decades in cryptography,” said Emin Gun Sirer, an associate professor of computer science at Cornell University. It “will allow a slew of applications we can’t even imagine right now.”

From ‘Mind-Boggling’ Math Could Make Blockchain Work for Wall Street - Bloomberg

xxx

POST Machines learning about fraud

As I’ve written many times (e.g., here), it is difficult to overestimate the impact of artificial intelligence (AI) on the financial services industry. As Wired magazine said, "it is no surprise that AI tops the list of potentially disruptive technologies”. With Forrester further forecasting that a quarter of financial sector jobs will be “impacted” by AI before 2020, there’s an urgent need to develop strategies in this. It is because the need is so urgent that I was delighted to be asked to give a keynote at the Digital Jersey AI Retreat in September, an event was put together by my good friends at Digital Jersey (where I am advisor to the board) working with Cognitive Finance. They did a great job of bringing together a spectrum of both subject matter experts and informed commentators to cover a wide variety of issues and provide a great platform for learning.

In “Radical Technologies”, Adam Greenfield wrote of the advance of automation that many of us (me included, by the way) cling to the hope that “there are some creative tasks that computers will simply never be able to peform”. I have no evidence that financial services regulation will be one of those tasks, so in my talk I suggested AI will be the most important “regtech” of all and made a few suggestions as to how regulators can plan to use the technology to create a better (that is faster, cheaper and more transparent) financial services sector.

AI as Regtech

Regulation, however, was only one the topics discussed in a fascinating couple of days of talks, discussions and case studies. The surprise for me was that there was a lot of discussion about ethics, and how to incorporate ethics into the decision-making processes of AI systems so that they can be audible and accountable. I hadn’t spent too much time thinking about this before, but I was certainly left with the impression that this might be one of the more difficult problems to address and talking with very well-informed experts. Although I must say that the most surprising discussion of the event that I was personally involved in took a very different tack: whether AIs employed in the service of financial institutions should come under the HR department or the IT department!

OK. So banks are going to be disrupted by AI. But where to start? I happened to be reading Call Credit’s interesting white paper “Credit, Fraud and Risk in the Age of Machines”. Their data scientists explore the use of machine learning in credit risk and fraud prevention. It’s that latter category that interests me most at the moment simply because fraud is so out of control, so I began to wonder whether this new technology is having any impact. Are Call Credit right to be optimistic about machine learning? The answer seems to be that they are, and that there may be light at the end of the tunnel. If we look at what AI is being deployed in the banking sector and what is it being used for, we see this optimistic reinforced.

Let’s look in more detail. First of all, AI is an umbrella term so we need to be a little more specific. The most recent figures seem to indicate that the technology of machine learning is the main area of investment in banking. This is not surprising, because machine learning thrives when fed wast quantities of structured data. Banks have this in spades but have historically found it difficult to extract wisdom from it. 

Bank use of AI by technology  

What are they using these machine learning systems for? Well, fraud does indeed seem to be the main business case with identification and authentication (including the use of biometrics) the highest priorities. Chatbots, robo-advisors and digital assistants are all fun, but in terms of making an impact on the bottom line, doing something about fraud beats everything else.

AI for what?

Hence my optimistic interpretation. Identity is a mess, but we may be able to use AI to begin to mitigate some of the effects of this in the banking sector. Dave Webber, Director of Concept Management at Call Credit, sums it up nicely in their white paper by saying that “machine learning can help businesses make decisions by looking at data patterns… then looking for anomalies that indicate something isn’t right”. AI is good at this sort of pattern recognition and, I think, so much better at it than we are that it might even outsmart the fraudsters.

The hidden cost of the tap-and-go boom

xxx

According to RBA estimates, the merchant will pay an average of about 0.55 per cent of the transaction's value in a "merchant service fee" to their bank when the payment goes through the credit card network. But if it goes through the eftpos (CHQ or SAV) system, this drops to 0.15 per cent.

From The hidden cost of the tap-and-go boom

xxx

Arab driver filmed himself in his Porsche going 180mph | Daily Mail Online

xxx

Officers initially confiscated his passport before Ali changed his name by deed poll and applied for a new one, flying to Dubai two days before he was to be tried for possessing a quantity of bullets.

From Arab driver filmed himself in his Porsche going 180mph | Daily Mail Online

xxx

Sunday, 8 October 2017

Australian police sting brings down paedophile forum on dark web | Society | The Guardian

snippet

To maintain their cover, undercover detectives were posting and sharing abuse material on Childs Play. Other users continued to post and view images while the site was under police control.

[From

Australian police sting brings down paedophile forum on dark web | Society | The Guardian

]

snippet

Friday, 6 October 2017

India's Failed Demonetization Program and Its Retreating Economic Defenders - Alt-M

xxx

The accumulating evidence on economic growth, meanwhile, has become damning. Between July and September 2016, India’s GDP grew 7.53 percent. Between January and March 2017 it grew 5.72 percent. Former head of the Reserve Bank of India Raghuram Rajan, now returned to the University of Chicago, links the drop to demonetization: “Let us not mince words about it — GDP has suffered. The estimates I have seen range from 1 to 2 percentage points, and that's a lot of money — over Rs2 lakh crore [i.e. trillion] and maybe approaching Rs2.5 lakh crore." Kaul adds that GDP does not well capture the size of the informal cash sector, where the losses from demonetization were greatest.

From India's Failed Demonetization Program and Its Retreating Economic Defenders - Alt-M

So why does the Bank of England think that getting rid of paper cash will boost the economy when the figures from India clearly show it didn’t. The answer, of course, relates to the stage of development of the economy. In England, there are ready alternatives to cash that almost everyone already uses. Contactless cards and mobile phones mean that if all the ATMs in England gave up the ghost tomorrow, it wouldn’t really matter. Yes, there are some unbanked people and, as I have long argued, we should be providing digital financial services that are appropriate to them (not forcing them to use bank accounts) so that they can use electronic alternatives. Having been involved in projects to do just this (e.g., mobile money accounts for “universal credit” recipients and services delivered via digital TV to the housebound) I can honestly say that I do not find insurmountable problems.

While the India has taken great strides (the introduction of “payment banks”) 

xxx

"‘There were a lot of people who came and clicked photos (of the sign) but apart from that no transactions,’"

Bitcoin accepted here: The tiny family restaurant in India that's embraced virtual currency — Quartz

xxx

Chancellor announces £23bn Productivity Investment Fund - ITV News

xxx

Chancellor Philip Hammond has announced a new National Productivity Investment Fund of £23 billion to be spent on innovation and infrastructure over next five years.

From Chancellor announces £23bn Productivity Investment Fund - ITV News

Since this announcement productivity has collapsed still further.

BOE's Victoria Cleland: UK Pound Usage Grows | PYMNTS.com

xxx

Bank of England’s (BOE) Chief Cashier Victoria Cleland adamantly stating that “cash is not in decline.”

Cleland made the remarks at the Future of Cash Conference in Vienna, Austria, on Oct. 5, continuing the argument that, despite the fact that non-cash purchases and transactions are on the rise in the U.K., the amount of currency being circulated in England’s economy is also increasing.

“Very notable in the U.K. is the rise in the use of contactless cards, which tripled in 2016, accounting for 7 percent of payments. The shift in consumer preferences is also evident in online spending, where average weekly online shopping in the U.K. was £1.1 billion in August 2017; an increase of 16 percent compared with August 2016. Such developments have led many commentators to predict the demise of cash,” she said.

“But the numbers show a different story,” Cleland continued. “In 2016, the value of Bank of England notes in circulation increased by 10 percent, reaching over £70 billion in the run-up to Christmas: the fastest growth in a decade. Cash remains the most widely used payment method in the U.K. It accounted for 40 percent of all payments and 44 percent of payments made by consumers in 2016.”  

From BOE's Victoria Cleland: UK Pound Usage Grows | PYMNTS.com

xxx