Sunday, 19 November 2017

POST It's going to get worse before it gets better

Identity fraud is absolutely out of control in the UK and there is, so far as I can see, no prospect of any form of infrastructure coming into place to deal with the problem. Whether we look at scammers going through Facebook to perpetrate dating fraud or going through LinkedIn to perpetrate corporate fraud or going through the Land Registry to perpetrate property fraud or going through Companies House to perpetrate corporate fraud, we can draw only one conclusion: identity is broken. Until we fix identity, we can’t attack fraud. And since it’s going to take a while to fix identity, even if we start now, that means that fraud is going to carry on getting worse. Don’t believe me? Then listen to a bank:

[Barclays] is predicting that online festive fraud will be at its highest ever levels in December 2017 and could cost shoppers more than £1.3bn.

From Barclays warns of unprecedented online fraud this Christmas

Merry Christmas one and all. The truth is that we are under attack. It isn’t script kiddies and casual card counterfeiters any more, it’s organised crime. The Callcredit Annual Fraud & Risk Report surveyed over a hundred fraud professionals and found that more than three-quarters of them rated organised cybercrime as the biggest fraud threat to their organisations in the coming year. Given that current projections are that the damage from cybercrime with double from $3 trillion last year to $6 trillion in 2021, their fears are well-founded.

Yet when those same fraud professionals were asked what their priorities were for the coming year, nearly nine in ten put regulatory compliance at the top of their list.

 

Is there any cause for optimism? Well, I think the answer to that is yes. Remember Callcredit’s white paper on “Credit, Fraud and Risk in the Age of Machines” in which their data scientists explored the use of machine learning. I think they are right to be optimistic about these new technologies. The answer seems to be that they are, and that there may be light at the end of the tunnel. If we look at what kinds of AI are being deployed in the banking sector and what they are being used for, we see this optimism reinforced. It’s time for a change: if we are going to defend ourselves against the next generation of criminals, we need the next generation of technology to do it.

Friday, 17 November 2017

Art and science in Bristol

Well, that was fun. I had the great honour of being invited on to a panel at the Festival of Economics, part of the Bristol Festival of Ideas. Professor Steve Keen, Daniela Gabor, Tatiana Cutts and stand-in chair Romesh Vaitilingam who did a great job moving things along. We had a great audience and they gave us a wide variety of topics to deal with in the Q&A. All in all, an excellent event.

One of the topics that came up, naturally, was whether Bitcoin was a form of cash or not. Remember that US IRS Ruling about Bitcoins being a commodity, so that traders would have to track the buying and selling price of each individual Bitcoin in order to assess their tax liability? No? Here’s a reminder…

the real lesson from the IRS Bitcoin ruling is that for a currency--or any payment system--to work, its units must be completely fungible.

[From Bitcoin Tax Ruling - Credit Slips]

Fungible (from the Latin “to enjoy”) is a great word. One of my favourites, in fact. In this context, money, it means that all tokens are the same and can be substituted one for another. You owe me a pound. It doesn’t matter _which_ pound coin that you give me. Any will do. Any pound coin can substitute for any other pound coin because they are all the same: no-one can distinguish one pound coin from another. This isn’t true of Bitcoins. They are all different. and because they are all different, their history can be tracked through the blockchain.

The digital currency Bitcoin has a reputation for providing privacy. But a new analysis of the public log of all bitcoin transactions suggests it could be surprisingly easy for a law enforcement agency to identify many users of the currency.

[From Tracing Bitcoins May be Easier Than Criminals Think | MIT Technology Review]

The idea of money that isn’t fungible but that can be tracked, traced and monitored reminded me of Nitipak Samsen’s winning entry in the Consult Hyperion 2011 Future of Money Design Award, an example that I include in my book. I mentioned this on stage and a couple of people came up afterwards to ask more about this entry and the competition nin general, so if you are one of them and you’d like to learn more, check it out here.

Have you ever wondered where the money in your pocket had come from? Who was the previous owner? Who was the owner before that? Might it be a famous celebrity?…

[From Money Trailer – Future of Money]

It is interesting to me to see these different perspectives (Nitipak's artistic imagination about the bastard child of Facebook and Bitcoin, and the more technical ideas about fungibility) coming together and, to my mind, again illustrates just why the FOM Design Award became such a popular session in the Tomorrow’s Transactions Forum. We (technologists) need artists to help us to imagine alternative futures.

So. TL:DR…

Bitcoin isn’t cash, because cash is fungible. If we want something to be cash, we need to make it fungible. But do we want cash? I’m always ready to listen to informed views, but right now my general feeling is that the costs outweigh the benefits.

Tuesday, 14 November 2017

Central banks should embrace digital currencies, Axel Weber says

xxx

Less clear cut, however, are likely to be arguments over digital currencies issued by central banks. Like cash, which they could eventually replace — but unlike bitcoin — they would be backed by monetary authorities, so they would also act as a store of value as well as widely accepted means of payment.

From Central banks should embrace digital currencies, Axel Weber says

xxx

Sunday, 12 November 2017

net.wars: Regulatory disruption

xxx

The financial revolution due to hit Britain in mid-January has had surprisingly little publicity and has little to do with the money-related things making news headlines over the last few years. In other words, it's not a new technology, not even a cryptocurrency. Instead, this revolution is regulatory: banks will be required to open up access to their accounts to third parties.

From net.wars: Regulatory disruption

xxx

Tuesday, 7 November 2017

Apple plans to share some iPhone X Face ID data. Uh oh.

xxx

Police can’t force you to turn over your passcode, but they can, theoretically, force you to unlock the phone with your face.

From Apple plans to share some iPhone X Face ID data. Uh oh.

xxx

Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica

xxx

On Friday, Estonia's Police and Border Guard suspended an estimated 760,000 ID cards known to be affected by the crypto vulnerability.

From Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica

xxx

xxx

The country is now issuing cards that use elliptic curve cryptography instead of the vulnerable RSA keys, which are generated by a code library developed and sold by German chipmaker Infineon.

From Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica

xxx

Monday, 6 November 2017

Shanghai shops refusing cash are illegal: authority - Global Times

xxx

Reporters found that, in Shanghai, some shops even ask consumers to apply for a membership card if consumers want to use cash, and others hang "no cash" signs on their doors, Laodong Daily reported Thursday.

From Shanghai shops refusing cash are illegal: authority - Global Times

xxx

NFC drivers | Consult Hyperion

xxx

modesty forbids me from noting Consult Hyperion’s role in the project, so I’ll let Finextra do it instead

From NFC drivers | Consult Hyperion

xxx

Authoritarian Cryptocurrencies Are Coming - Bloomberg

xxx

To those who believe bitcoin's main innovation is the exclusion of a central authority -- a peer-to-peer system in which transactions are validated by "miners" -- the interest of China and Russia is baffling. But those governments aren't looking to give up control to the blockchain. On the contrary, they are trying to figure out how to lower the cost for a centralized issuer to control everything that's going on in the financial system. 

From Authoritarian Cryptocurrencies Are Coming - Bloomberg

xxx

RBC CEO Dave McKay: Battleground for banks is data - Article - BNN

xxx

Royal Bank of Canada's chief executive says data is the battleground for banks that will determine the future success of financial institutions.

From RBC CEO Dave McKay: Battleground for banks is data - Article - BNN

xxx

Nationwide customers 'bank cards suddenly stopped working' after technical glitch

xxx

FURIOUS Nationwide customers had their payments declined and were locked out of their accounts when the bank's system went down yesterday.

From Nationwide customers 'bank cards suddenly stopped working' after technical glitch

The system went down. But what if there was no system to go down? Imagine that each ATM is a node in a shared ledger. Suppose a bank has a million customers, and each customer’s transaction record is 1Kb. A balance, last few transactions, that sort of thing. No need to store the whole transaction history in the ledger. That’s 1Gb. Maybe 10Gb for all of the bank customers in the UK. I have a flash drive in my bag with 128Gb on it and it cost like $50. Now, when someone draws money from an ATM the ledger is updated over a few minutes at all of the other ATMs (remember, ATMs are doing nothing most of the time). If an ATM goes down, so what? Just go to another one. When an ATM comes back, the ledger will update.

Sunday, 5 November 2017

Why the CDC Wants in on Blockchain - MIT Technology Review

xxx

While individual organizations in the public health network share the same overall mission, a complex mishmash of data usage agreements and government privacy rules dictate which members can access information and which ones can modify it.

From Why the CDC Wants in on Blockchain - MIT Technology Review

A blockchain, I guarantee, won’t make any difference to this. Those privacy rules don’t depend on whether you store the data in a spreadsheet or a database and they don’t depend on whether the data is in a shared ledger of some form either.

How should identities, not only patient IDs but also the IDs of public health organizations, be managed on the blockchain?

From Why the CDC Wants in on Blockchain - MIT Technology Review

If Open Banking is a success, then banks are going to fail. One viable picture of the future is of a few giant megabucks sitting in the background, like PG&E or British Gas, while other banks go to the wall and consumers obtain their financial services from Amazon and Facebook.

POST Really breaking banks

I can’t stress enough just how big a deal the UK’s transition to Open Banking is. The writer Wendy Grossman posted an excellent piece about this in her “net.wars” series recently. She says…

The financial revolution due to hit Britain in mid-January has had surprisingly little publicity and has little to do with the money-related things making news headlines over the last few years. In other words, it's not a new technology, not even a cryptocurrency. Instead, this revolution is regulatory: banks will be required to open up access to their accounts to third parties.

From net.wars: Regulatory disruption

As Wendy notes, Wired had an absolutely excellent article about this (written by Rowland Manthorpe) in October. Having talked to some of the key players and explain some of the key concepts, he draws an important conclusion, which is that Open Banking is not “just a technical fix, or even a solution specific to banking, but a new way of dealing with the twenty-first century’s most sought-after resource, personal data".

He is spot on. Identity, as some people maintain, the new money. Banks are about to be transformed from places that store Sterling (which they really don’t anyway, since the proportion of household wealth held in the form of demand deposits has already fallen to minuscule levels) into places that store Digital Identities. Now, this is hardly a new idea and it isn’t only techno-crackpots like me who keep going on about it. Banks know this to be the case, they just haven’t done anything about it. Back in 2014, the Financial Times was reporting that “Britain’s high street banks believe their future role will be as repositories of more than just money: they want to be the safe place where customers store their digital identities”. This makes complete sense as a strategy and as the European Banking Association (EBA) white paper of the time puts it, “banks are well positioned” to be a crucial, supporting, positive part of their customers online lives.

Some others (uncharitable persons, of whom I am not one) also suggested that banks would pratt about and muck it all up and hand digital identity to Apple, Facebook, Google, Amazon and Microsoft on a plate. Well, we’re going to start finding out in January, because I can’t help but feel that the major beneficiaries of the regulators pressure to open up the banks will not be nimble fintech startups but the internet giants who already have the customer relationships. Rowland speculates that Open Banking may expose some institutions to change and competition that they simply cannot respond to and that banks may well fail because of it. This is the sort of thing that they must have been mulling over down at Open Banking Limited, the entity set up to implement open banking in the UK.

[Implementation Trustee at Open Banking Limited, Imran Gulamhuseinwala] doesn’t have much sympathy for failing banks

From To change how you use money, Open Banking must break banks | WIRED UK

Now, having sat next to Imran at dinner (with the Russian Ambassador, as it happens) I can confirm that he is one smart cookie (and a very nice guy too). He’s got a point about the competition that open banking should unleash, but when RBS goes under because all of its customers have shifted to Facebook and the bank becomes a low-margin heavily-regulated pipe that is not operationally-efficient enough to compete only on price and service levels, I suspect others may have a different perspective.

Wendy’s words are well chosen. Open Banking is a revolution, and all we can say for sure is that there is going to be change. But as to who the winners and losers are… well, the UK is about to become an interesting, exciting and unpredictable laboratory experiment in banking regulation. In a year or two, we may at least have a signpost to the future of retail banking in place.

One Year After Rollout, Banks Are Bullish on Zelle | Bank Innovation | Bank Innovation

xxx

The banks’ response to the growth of the Zelle network follows positive statistics from the service itself, which reported 100 million transactions in September 2017 totaling $33.6 billion.

From One Year After Rollout, Banks Are Bullish on Zelle | Bank Innovation | Bank Innovation

xxx

Saturday, 4 November 2017

The bitcoin bubble - Greater fool theory

xxx

The [crime] factor makes Bitcoin appealing to criminals (although this is even more true of cash) creating this ingenious valuation method for the currency of around $570.

From The bitcoin bubble - Greater fool theory

I think this is a highly spurious calculation, for two reasons. First of all, I have yet to see any evidence that criminals are adopting Bitcoin at scale. And the reason for this is obvious: it’s not anonymous enough. Wallet addresses are pseudonyms, and once any of these pseudonyms has been linked to a mundane identity in anyway, the identities can be connected, monitored, tracked and traced. This is why ransomware rogues convert their Bitcoins out 

Three months after WannaCry impacted more than 300,000 computers in over 150 countries, the bitcoins paid by victims have been exchanged for Monero, a privacy-focused cryptocurrency that’s seen a spike in popularity and price over the last year

From WannaCry's bitcoins were converted to Monero, researchers say

The second reason why I think it is spurious is that it is based the value of the global market in illegal drugs.

POST Mystic Dave on the blockchain use case that may actually make sense

When I was kindly invited to be part of the panel at Scotchain 17 in Edinburgh, I have to say I did not anticipate such a big, interesting and stimulating event. So, once again, well done to all of those involved. 

Now, the panel session was recorded, so you can relax and enjoy it here, but I just want to pick up on one particularly interesting point that came up. During the panel, we were asked where blockchain might gain traction in a mass market. I said that I was sceptical about financial services being the first, for two reasons: most “blockchain” efforts I have seen involve shoehorning some form of shared ledger solution into the shape created by an existing (optimised) system and second because it is, thankfully, a heavily regulated sector and therefore marketplace participants will be naturally wary about betting the house on a radical new technology. Instead, I chose e-sports on the basis that it is a big business where the trading of virtual assets is core to the attraction. I wonder if that sounded a little outlandish to the audience. I hope not, because now I read that…

Now, there’s a whole new type of sports memorabilia about to become available – in-game assets won by elite esports athletes. One company is paving the way for what could be an incredibly lucrative in-game esports memorabilia marketplace – and it has investors both inside and outside the gaming industry paying close attention.

From The esports memorabilia scene is big -- and blockchain may make it huge | VentureBeat

xxx

The system will utilize smart contracts and blockchain technology to provide a unique signature and history of any virtual item in-game item earned. For example, when elite esports athlete Michael “Flamesword” Chavez earns a flaming sword of mega-death in his latest league battle, that item will have the ability to become a valuable – and easily tradable – asset. In other words, you could be using the unique item your favorite player had equipped in their biggest matches.

From The esports memorabilia scene is big -- and blockchain may make it huge | VentureBeat

IS_A_PERSON and IS_A_LEGAL_PERSON

xxx

Alt-right blogger Jenna Abrams (@Jenn_Abrams) enjoyed a large following in Twitter, and her tweets were cited by Buzzfeed, the NY Times, and other news agencies. It turned out "she" was another creation of the Internet Research Agency, the Russian government-funded troll farm in St. Petersburg.

From An alt-right Tweeter with 80k followers is a fictional entity created by Russian troll farm / Boing Boing

xxx

Thursday, 2 November 2017

The evolution of gift card fraud » PaymentEye

xxx

Criminals are exploiting the gift card loophole to commit financial fraud for a myriad of reasons, including money laundering, and as a way of moving illicit funds by drug cartels and terrorists.

From The evolution of gift card fraud » PaymentEye

xxx

Wednesday, 1 November 2017

One in five ATMs set to close over next four years

xxx

One in five cash points will disappear from Britain's high streets within four years, according to the ATM industry body. 

From One in five ATMs set to close over next four years

xxx

Monday, 30 October 2017

Horizon scanning in good company

My favourite think tank, the Centre for the Study of Financial Information (CSFI), where I am honoured to be the Technology Fellow, has been asked by the law firm Dentons to put together a series of “horizon scanning” events, each looking at major factors that will determine the shape of the financial services sector over the next 10-15 years. As part of this series they held a fintech breakfast to look at the world of tech-based challenger banks, P2P lenders, crowd-funding, new payments methodologies, AI, crypto-currencies, blockchain and so forth. I was flattered to be invited to take part, along with my old friends Clara DurodiĆ© (founder and managing partner of AI outfit Cognitive Finance Group) and Nick Ogden (the founder of ClearBank and, some years ago, the founder of WorldPay).

Nick Ogden has set up Clear Bank to provide building societies, credit unions, other banks and fintech companies with access to all the major payment and card schemes, including Faster Payments, which allows people to send and receive money instantly online or through mobile.

From Worldpay founder to shake up UK clearing bank market

In my opinion, Nick is at the heart of the current fintech revolution, the UK-centric whirlwind around open banking and the “platformisation” of financial services, whereas Clara is at the heart of the current regtech revolution, using AI to change the markets themselves. We may be a long way from Terminators and HAL 9000, but the massive AI investments pouring into financial services around the world mean that the technology is going to change the sector soon. In September, the analysts at Forrester predicted that quarter of financial sector jobs will be “impacted” by AI before 2020 and John Cryan, the Deutsche Bank CEO, was quoted in the Financial Times saying that the bank is going to shift from employing people to act like robots to employing robots to act like people. The impact on employment is obvious, but we cannot hold back the tide so we must take advantage of the changes and begin to explore for new opportunities that can be built around a more productive financial services sector.  

For what it’s worth, my three main horizon-scanning observations were that:

 

Open Banking starts in January and I remain convinced it will be far more disruptive than many people think. It is not far-fetched, as Wired magazine observed, that banks might go under because of this. At the risk of sounding like a broken record, this about identity, trust and reputation not money. Obviously, I left it to Nick to talk turkey on this one.

Token/ICO

AI is an event horizon and it is impossible to see what is the other side of it. However, it does seem to me that  

During the discussion that followed

Monday, 23 October 2017

Identity in the UK is a gas

From time to time, when making presentations about identity and related topics, I have to stop to explain to baffled foreigners that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. I understand that these are notoriously difficult to forge and that the skilled artisans behind the North Korean $100 bill “supernote” threw down their tools in frustration when faced with the multiple layers of security that are part of the British Gas quarterly statement for residential users. Hence our gas bill is a uniquely trusted document, and the obvious choice of platform for anyone concerned about fraud.

(By the way, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here for theatrical or novelty use only.)

No wonder identity fraud is an epidemic in the UK. Fraudsters are ruthless about exploiting the gaps in identification, authentication and authorisation infrastructure and as I’ve been saying for time, the UK has only gaps and no actual infrastructure. I am very sorry to say it, but our system based on the gold standard of gas bills is no longer fit for purpose.

Police later discovered Ghani and Mahmood carried out the fraud after stealing three utility bills from Mr To's mailbox.

From Stockport identity fraud victim's £500k home put on market - BBC News

"Having forged his signature, they then transferred the deeds to his house into Ghani's name". Yes, I know I know, I'm sure the blockchain will put a stop to this, but in the meantime... should a homewoner whose house is stolen in this way be entitled to compensation from the utility company for sending the bills? Or from whoever it is that transferred the deeds based on a forged signature? If I can steal your house just by getting information from gas bills and forging your signature, shouldn’t you be within your rights to expect the powers-that-be to do something?

But what?

Well, for a start, we can stop using sort codes and account numbers and choose more meaningful identifiers when it comes to money. You shouldn’t be sending money to me at XX-XX-XX 99999999, you should be sending it to @dgwbirch. I defy anybody to carry around the six digit sort code and nine digit account number of their correspondents in their heads or to be able to spot their solicitor's real payment details from some fake payee details when reading an email. If you are expecting to send money to $dgwbirch (please go ahead, but the way, as, it’s my Square Cash name) and then get an email asking you to send instead to $davidovichbirchski then you might be a little suspicious, but if you get an e-mail using to switch from sort code 12-34-56 to 34-56-78 its less obviously a fraud.

 And which actual payment account I choose to associate with that identifier should be up to me: it’s none of your business whether I’m with Barclays, Amazon or my brother-in-law. Personal information should be kept of transactions where it is not needed. You send the money to @dgwbirch and that’s it.

(In fact, it’s not all obvious to me that you should know my “real” name at all, since that’s just an invitation to identity theft.)

xxx

Lloyds, which took eight hours to make the payment, did not carry out any checks to ensure the name of the firm to which the payment was to be made matched the account numbers,

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

Neither Lloyds, nor any other bank do this. That’s just how the system works: the account name is an attribute, not an identifier.

The UK’s new payment architecture includes a directory service to map a variety of identifiers to bank accounts.

Chinese Government rolls out trust ratings to combat corruption | World Finance

xxx

According to research published in the Journal of the European Economic Association, the level of trust in cultures today can be informed by events that occurred hundreds of years ago. The research shows that Italian states that became free cities in the Middle Ages – a process that required mass cooperation – exhibit higher levels of trust today than those that didn’t.

From Chinese Government rolls out trust ratings to combat corruption | World Finance

xxx

Chinese Government rolls out trust ratings to combat corruption | World Finance

xxx

The Chinese Government’s new tool to generate trust is known as ‘social credit’, and is currently in the process of being rolled out. The plan is to generate a score for every citizen based on how trustworthy they are. The system will aim to instil trust by combining carrot and stick: those with a good score will reap rewards, while a bad score will lead to punishments, such as public blacklisting and restrictions.

From Chinese Government rolls out trust ratings to combat corruption | World Finance

Now, in one way, this is a back to the future thing. When we all lived in clans and roamed the savannah, the social credit score of each and every one of us was stored in the “shared ledger” of the memories of the clan members.

Sunday, 22 October 2017

‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

xxx

the regulations that govern this area. These state that a bank has to “have made clear to their customer how a Chaps payment will be processed” and that the bank “will make a payment solely on the basis of a unique identifier and will not execute it on the basis of the intended recipient’s name”.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

xxx

‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

xxx

Lloyds, which took eight hours to make the payment, did not carry out any checks to ensure the name of the firm to which the payment was to be made matched the account numbers,

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

Neither Lloyds, nor any other bank do this. That’s just how the system works: the account name is an attribute, not an identifier.

POST Payments are the not problem, identity is

There's a huge amount of payment fraud going on in the UK at the moment. The fraudsters intercept legitimate requests to transfer money from one account to another, often from solicitors in relation to house purchases but also from tradespersons such as builders) and they change the details so that the payer sends the money to an account under the control of the fraudsters rather than the intended destination. So, typically, the fraudsters will monitor e-mails coming from a solicitor and when that solicitor sends an email to a customer asking for money (e.g., for a house purchase), the fraudsters replace solicitor's legitimate account details with details of another account that they control. I wrote about this ages ago and put forward the obvious solution, which is to stop using e-mail for important transactions, but nobody paid any attention, and the problem continued to grow. In the first half of this year there were about 20,000 such frauds with some £100m lost (and only £25m subsequently recovered). This is the second largest category of payment fraud behind card fraud (which is about six time larger) because the numbers are low but the average values involved are high.

Now, for someone like me who is reasonably savvy about the operations of the UK domestic interbank payment networks, instant payment fraud isn’t a problem. Whenever I have to set up a new payee for instant payments, I always send an initial payment of a fiver and wait for confirmation that it has arrived before I go ahead and transfer any larger amount. But a great many people, and a great many people who are intelligent and sophisticated customers, do not. They enter the incorrect payee details and hit send. The impact of this is significant as the number of frauds continues to increase. As Hannah Nixon, head of the UK’s Payment System Regulator (PSR), put it toward the end of last year, “tens of thousands of people have, combined, lost hundreds of millions of pounds to these scams”. Indeed they have. And, in fact, still are. 

An Essex couple have lost £120,000 after sending the money to what they thought was their solicitor’s bank account, but which instead went to an account in Kent that was systematically emptied of £20,000 in cash every day for the next six days.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

This isn’t a payments problem, it’s an identity problem. So just whose fault is it when someone gets scammed in a sector with no effective identity infrastructure? The couple at the centre of this story sent the money via the Clearing House Automated Payments System (CHAPS) and the CHAPS regulations are unequivocal.

the bank “will make a payment solely on the basis of a unique identifier and will not execute it on the basis of the intended recipient’s name”.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

I’ll sure the couple have an e-mail or a piece of paper pointing this, but it clearly didn’t help. As I wrote earlier in the year, fraudsters are ruthless about exploiting the gaps in identification, authentication and authorisation infrastructure and as far as I can tell, right now there are only gaps and no actual infrastructure.

Meanwhile, the security or otherwise of Steed & Steed’s email system is also likely to be investigated. In December 2016, regulatory body the Solicitors Regulation Authority warned that email hacks of conveyancing transactions had become the most common cybercrime in the legal sector.

From ‘We lost £120,000 in an email scam but the banks won’t help get it back’ | Money | The Guardian

This reinforces my theory that solicitors who use e-mail to send important information to customers are, essentially, negligent. They should be using WhatsApp or Signal for this sort of thing. If it was the solicitor’s e-mail server that got hacked, then they should be responsible for compensating the customers, shouldn’t they. If I tell my bank to send £10,000 to the Nat West in Barnsley by mistake - whether I was scammed or typed in the wrong sort code or was using an out-of-date account reference or whatever - and I go through all of the security hoops to do so, why is it my bank’s fault that the money went to the wrong place? It is not obvious at all that it is my bank that should be compensating me for my mistake. If scammer gets me to send my house deposit to the wrong account, then my claim is against the scammers or the destination bank if it was negligent in some way (e.g., if it didn’t do KYC) isn’t it?

Anyway, my reason for going over this old ground again is that the PSR has just published its response to the “super complaint” about this type of fraud. In addition o education, guidelines and that sort of thing, they are talking about three substantial initiatives to do something about what they called Authorised Push Payment (APP) fraud, but that I call Authorised Credit Transfer (ACT) fraud because I think “app” is a confusing sobriquet. These are:

  • KYC Sharing, to try to prevent fraudsters from opening accounts. The PSF's earlier consultation document on the "Blueprint for the Future of UK Payments" includes a detail discussion of this issue and also highlighted one of my pet peeves, which is the "poor customer experience for good actors". In other words, the UK’s stringent and expensive KYC procedures don’t stop criminals from opening accounts but do massively inconvenience honest working folk, your author included. The PSR has handed the baton over to the trade association on this one, so we’ll have to wait and see what they come up with.

    The Forum handed over to UK Finance the development of best practice guidelines for PSPs when verifying a user’s identity. The guidelines will also cover how identity verification is managed across different types of payments.

    My guess is what they won’t come up with is a comprehensive and cost-effective solution using some sort of “financial services passport”, much discussed here and elsewhere. (I was part of the techUK working group on this three years ago.)

  • Payee Confirmation, to try to prevent malicious redirection scams by matching the name as well as the sort code and account number. So the idea here is that when you set up David G.W. Birch as a payee, the destination bank will match the name against the name of the destination account (which is what they don’t currently do) and will reject the payment is they do not correspond. I have mixed feelings about this, because I would rather just scrap the use of sort codes and account numbers and use the directory services in the new National Payments Architecture (NPA) to replace them with e-maill addresses, mobile phone numbers or (my preferred solution) “paynames”. Instead of typing in meaningless numbers, you would just tell your bank to send the money to £dgwbirch or accounts@dgwbirch.com or whatever.

  • Contingent Reimbursement (this is what got the media attention) which would require PSPs to reimburse victims when they could not have reasonably prevented an APP scam but either the customer's PSP or the destination PSP "has not met the required standards". The consultation notes that "there was very limited support from PSPs for a full chargeback-like process" (apart from anything else, this would cost a fair amount to run) so you can see why it's important to find an alternative. The proposed solution rather hinges on whether the victims of fraud took the "appropriate" level of care. For me, this would be sending a quid and checking it went to the right place before I send the other £499,999 of the house purchase.

xxx

7 Thoughts On Blockchain, Cryptocurrency & Decentralization After Another Three Months Down The…

xxx

"While most of the ICOs to date have been Utility Tokens, because of the massive advantages that Security Tokens have over traditional capital raising, I think the total market cap of all security tokens will be much larger than the total market cap of all utility tokens."

From "7 Thoughts On Blockchain, Cryptocurrency & Decentralization After Another Three Months Down The…".

xxx

Wednesday, 18 October 2017

POST Risk

xxx

NEW YORK, NY--(Marketwired - May 03, 2016) - SmartMetric, Inc. (OTCQB: SMME) -- According to a research report conducted by the research organization The Nilson Report, for 2015 through 2020, card fraud worldwide is expected to total $183.29 billion. In 2020, global card fraud is projected to exceed $35.54 billion. Fraud, grew by 19%, and outpaced volume, which grew by 15%. Fraud losses by banks and merchants on all cards issued worldwide reached $16.31 billion in 2014 when global card volume for the same period totaled $28.844 trillion.

From Annual Global Card Fraud to More Than Double Reaching Over $35 Billion in Four Years

My general sense of the industry, without giving away anyone’s figures, is that not only is fraud growing faster than volume, but that merchants are annoyed because declines are growing faster than fraud. We need a sea change in tackling fraud and I think there are two parts to this: changing the security vs. convenience model at the front end and changing the transaction validations model at the back end.

POST Open banking, breaking banks and

As the former governor of the Bank of England, Meryvn King, has eloquently pointed out, banks are institutions that pre-date modern capitalism and “owe much to the technologies of an earlier age” (The End of Alchemy, 2016). There is no reason to expect them to continue in this form under the technological, regulatory, social and business pressures for change that are about to overwhelm them. If that sounds like waffle futurism that does not need to be taken seriously, you could not be more wrong. In the UK, those changes are going to begin in January when the world of “open banking” is created by the implementation of the Competition and Markets Authority (CMA) “remedies”. That is, the nine largest banks are compelled to provide Application Programming Interfaces (APIs) for third-party applications to access bank accounts, a milestone in a long journey to bring a revolutionary degree of competition to the sector.

This all rooted in the frustration of the regulators to see more competition. They tried forcing the banks to spend a billion or so quid on an account switching services and that didn’t work, so they decided that they had to look to more radical solutions.

The CMA reports a study by one of the very few new entrants, Tesco Bank, which found that a clear majority of account holders agreed with the statement “I cannot be bothered to switch accounts as I do not believe I would get better service/value for money elsewhere”.

[From John Kay - Competition in banking does not necessarily benefit consumers]

In the UK, the regulators’ determination to change this situations means that we are about to see major disruption in the space. I called this before a “crossing of the streams” (in an hommage to Ghostbusters!) because there are three different initiatives coming together.

The first stream is the PSD2 provisions for access to payment accounts. As you may recall, these include a set of proposals that are due to come into force in 2018. A group of those proposals are what we in the business call “XS2A”, the proposals which force banks to open up to permit the initiation of credit transfer (“push payments”) and account information queries. Even at a pure compliance level these PSD2 regulations pose significant questions for the structure of the existing payments industry. While PSD2 does not mandate APIs (I think - it’s all gotten a bit complicated but as far as I know the screen-scrapers have fought d a decent rearguard action) an open banking API is the obvious way to implement the PSD2 provisions.

The second stream is Her Majesty’s Treasury’s push for more competition in retail banking. This led to the creation of the Open Banking Working Group (OBWG), which published its report in 2016.  It set out was a four part framework, comprising:

  • A data model (so that everyone knows what “account", "amount", "account holder" etc means);
  • An API standard.
  • A security standard.
  • A governance model. 

The third stream is the CMA report that triggered the remedies mentioned above. This envisages APIs to improve competition in retail banking by focusing on the use of APIs to obtain access to personal data that can be shared with third-parties to obtain better, more cost-effective services.  These streams are coming together to create an environment of what is now called Open Banking. And it’s a big deal.

Open Banking makes it possible to pay with lightning speed directly from a bank account – in effect, creating an Amazon “One Click” for the entire internet.

From To change how you use money, Open Banking must break banks | WIRED UK

I think the use of Amazon in this example is far more disruptive than the author may have intended. Amazon Payments is, in my opinion, precisely the kind of business that will benefit from open banking. It won’t be fintech startups who eviscerate the existing payments industry, it will be the heavy hitters who are able to gain access to the bank account and merge that ability with their colossal resources and gigantic data reservoirs to create a new customer experience. Indeed, in that Wired article, Rowland Manthorpe says plainly that open banking is a new way of dealing with the twenty-first century’s most sought-after resource, personal data. This point was recently echoed by the Dave McKey, the CEO of RBC, who said “data is the battleground for banks that will determine the future success of financial institutions”.

All of which reinforces my opinion that banks need get into the business of identity, reputation and trust pretty quickly.

Tuesday, 17 October 2017

In a Cashless World, You'd Better Pray the Power Never Goes Out - Slashdot

Puerto Rico

"Cash only," said Abraham Lebron, the store manager standing guard at Supermax, a supermarket in San Juan's Plaza de las Armas. He was in a well-policed area, but admitted feeling like a sitting duck with so many bills on hand. "The system is down, so we can't process the cards. It's tough, but one finds a way to make it work."

From In a Cashless World, You'd Better Pray the Power Never Goes Out - Slashdot

xxx

xxx

If I was the manager of Waitrose after the Woking earthquake, then I would simply accept payment by writing down card numbers, or photocopying driving licences, or taking pictures of customers, or whatever. The core of the issue is identification and trust, not the payment instrument. As many media commentators noted, society in Japan did not collapse. My conclusion: natural disasters are not a convincing argument for cash.

From The disaster in Japan has lessons for payments | Consult Hyperion

xxx

Monday, 16 October 2017

Jewelers Rally After India Anti-Money-Laundering Rule Reversal - Bloomberg

xxx

Shares of jewelers climbed in India after the government withdrew an order that brought the industry under anti money-laundering legislation, a move that comes just as gold buying improves before the Hindu festival of Diwali, the peak season for demand.

Jewelers were included in the Prevention of Money-Laundering Act in August, increasing compliance requirements. Buyers have been shying away from making purchases as they had to provide their income tax identity for transactions above 50,000 rupees ($766), hindering high-value deals.

From Jewelers Rally After India Anti-Money-Laundering Rule Reversal - Bloomberg

xxx

POST Identity at the sharp end

A few years ago, I appeared on a programme about internet dating on one of the more obscure satellite TV channels. They wanted a security expert to comment on the topic and since no-one else would do it, eventually the TV company called me. I agreed immediately and set off for, if memory serves, somewhere off the M4 in West London. The show turned out to be pretty interesting. I didn’t have much to say (I was there to comment on internet security), and I can’t remember much of what was said, but I do remember very clearly that the psychologist at the heart of the show made a couple of predictions. While interviewing a couple who had met online, she said (and I am paraphrasing greatly through the imperfect prism of my recollections) that in the future people would think that choosing a partner when drunk in bar is the most ludicrous way of finding a soulmate, and that internet dating was a better mechanism for selecting soulmates. Now it seems that this prediction is being confirmed by the data.

“Our model also predicts that marriages created in a society with online dating tend to be stronger,”

From First Evidence That Online Dating Is Changing the Nature of Society - MIT Technology Review

Her other prediction was that internet dating gave women a much wider range of potential mates to choose from and allowed them to review them in more detail before developing relationships. Of course, internet dating also increases the size of the pool for men, but her point was that men don’t seem to make as much use of this a women do. Anyway, the general point about the wider pool now seems to be showing up in the data, assuming that interracial marriages are a reasonable proxy for the pool size.

Researchers from the National Academy of Sciences looked at marriage stats spanning from 1967 to 2013, and found that the spikes of interracial dating coincided with the launch of online matchmaking sites

From Dating apps could be leading to more interracial marriages | New York Post

My point is that internet dating is mainstream and that is it having a measurable impact on society. Why am I talking about this? Well, because internet dating is a use case at the sharp end of identity. It is rife with fraud, it is a test case for issues around anonymity and pseudonymity, it is a mass market for identity providers and it is a better test of scale for an identity solution that logging on to do taxes once every year. Now, I am not the only person who thinks this and there are already companies exploring solutions. And you can see why they want to: online dating is a huge business.

App Annie says that dating apps made up one-third of the top 15 apps by iOS revenue yesterday, along with video and music streaming apps.

From Tinder hits top grossing app in the App Store on heels of Tinder Gold launch | TechCrunch

So. How to bring identity to this world. To my mind, the issue isn’t names, it’s reputation. Knowing that I’m a real person is probably the most important element of the reputational calculus is central to online introductions, but after that? A name is just an attribute.

That’s the world in which Blue, the new Twitter-verified-users-only offering from dating app Loveflutter, is claiming to operate in. “In an era of catfishing and fake identities, authenticity is key,” says the accompanying press release, “which is why we’re leveraging Twitter’s world-class verification system to make dating safer.”

From In the online dating jungle, unverified by Twitter doesn’t mean undesirable | Sam Diss | Opinion | The Guardian

I don’t think this is a solution, because if I were to be on an internet dating site, I would want the choice of whether to share my name, or twitter identity, or anything else with a potential partner. I certainly would not want to log in with my “real” name or anything information that might identify me. In fact, this is an interesting example of a market that does not need “real” names at all. And make no mistake about it, it is a pretty big market.

App Annie says that dating apps made up one-third of the top 15 apps by iOS revenue yesterday, along with video and music streaming apps.

From Tinder hits top grossing app in the App Store on heels of Tinder Gold launch | TechCrunch

My point is that 

In the contactless payment era, why is cash making a comeback? | Business | The Guardian

xxx

Mass cash stashing might signal a widespread fear of a looming apocalypse – or, more prosaically, it could signal rampant illegality.

From In the contactless payment era, why is cash making a comeback? | Business | The Guardian

xxx

Friday, 13 October 2017

Our live five for 2018

It’s that time of year again. I’ve had a chat with my colleagues, gone back over my notes from events, taken a look at the most interesting Consult Hyperion projects around the world and come up with my “live five” for 2018. Now, as in previous years, I don’t expect you to pay any attention to my prognostications without first reviewing my previous attempts, otherwise you won’t have any basis for taking me seriously! So…

Goodbye 2017

Here we go then. As for the last few years, I’ve put together a “live five” of technology-driven changes in the secure transactions field that will have a real business impact over the coming year. But first, in the spirit of openness and honesty and disclosure that we are known for, I think it’s not right to bother you with this kind of thing without first assessing how we did last time so that you can judge whether to pay any attention to this year’s list or not! So let’s see how our live five for 2017 did…

  1. RegTech. I think we did pretty well with this prediction. Interest in regtech has grown throughout the year and the ability of regtech to make real differences in major markets is established.

  2. Digital Identity. As we noted, one of the key regtechs, if not the key regtech, is digital identity. I did shoot up the agenda over the year and some interesting initiatives opened up.

  3. PSD2 (still). No commentary is needed!.

  4. Paying on the Go. We thought that a key use of open APIs will be payments, and very likely mobile payments. MasterCard’s purchase of VocaLink would tend to support this view! 

  5. Invisible POS.  The shift from “check out to check in” paradigms in underway but it is fair to observe that we did not see the number of launches we were expecting as many of the projects remain in beta.

OK, so that’s how we did. Not bad. In fact, pretty good. So now let’s take a look at where we think the action will be in the coming year in our corner of the transactions treehouse. My guess is that you’ll agree with four out of the five - if not… let us know!

Hello 2018

xxx…

  1. Open Banking. In the UK, the regulators’ determination to bring real competition to the financial services world means that we are about to see major disruption in the space. Lat year I called this before a “crossing of the streams” (in an hommage to Ghostbusters!) because there are three different initiatives coming together.

    The first stream is the PSD2 provisions for access to payment accounts. As you may recall, these include a set of proposals that are due to come into force in 2018. A group of those proposals are what we in the business call “XS2A”, the proposals which force banks to open up to permit the initiation of credit transfer (“push payments”) and account information queries. Even at a pure compliance level these PSD2 regulations pose significant questions for the structure of the existing payments industry. While PSD2 does not mandate APIs (I think - it’s all gotten a bit complicated but as far as I know the screen-scrapers have fought d a decent rearguard action) an open banking API is the obvious way to implement the PSD2 provisions.

    The second stream is Her Majesty’s Treasury’s push for more competition in retail banking. This led to the creation of the Open Banking Working Group (OBWG), which published its report in 2016.  It set out was a four part framework, comprising:

    • A data model (so that everyone knows what “account", "amount", "account holder" etc means);
    • An API standard.
    • A security standard.
    • A governance model. 

    The third stream is the CMA report that triggered the remedies mentioned above. This envisages APIs to improve competition in retail banking by focusing on the use of APIs to obtain access to personal data that can be shared with third-parties to obtain better, more cost-effective services. 

    These streams are coming together to create an environment of what is now called Open Banking. And it’s a big deal. And it begins in January 2018 when the nine biggest banks open up their APIs and the UK becomes a fascinating and exciting laboratory for new services. Payments will be up for disruption from the very beginning.

  2. Recalibration of Challengers. In this open banking environment, the real challengers to the incumbents can begin to execute serious strategies. Who are these challengers? Well, in our opinion, it’s not the fintechs. And we are not the only ones who think this.

    Much has been made of the rise of fintech [but] according to a report by the World Economic Forum (WEF), traditional banks are more vulnerable to competition from another source: tech giants like Amazon, Facebook, and Google.

    From Tech firms like Amazon (AMZN), Facebook (FB), and Google (GOOGL) are the biggest competitive threats to the banking industry — Quartz

    As I have said for some time, it is not all obvious to me that what we refer to as the “challenger” banks in the UK (i.e., the new banks who have obtained licences in recent years) are not really challengers at all. The era of the “challenger banks” is coming to an end as the internet giants compete to be the front end to the customers transactional financial services. This has particular ramifications for the card businesses, as there are projections out there saying that somewhere between a third and a half of current card volumes shift to these new channels

  3. Conversational Transactions. One class of application that will exploit integration with banking and payment systems is chat, whether through standard messaging applications or “chatbot” interfaces. This is hardly a wild prediction, but we think that the early steps (e.g., Facebook) indicate a major shift in 2018. Right now, when my sons at University ask me for money on WhatsApp, I have to switch to Barclays Pingit to send the money. Not for much longer.

  4. Tokens/ICOs.  Talking about money, we fully expect to see a new kind of money emerge in the coming year.  When the current craziness is past and tokens become a regulated but wholly new kind of digital asset, a cross between corporate paper and a loyalty scheme, they will present an opportunity to remake markets in a new and better way. One might imagine a new version of London Alternative Investment Market (AIM) where start-ups launch but instead of issuing money they create claims on their future in the form of tokens. The trading of these tokens is indistinguishable from the trading of electronic cash (because they are bearer instruments with no clearing or settlement) but there will be an additional transparency in corporate affairs because aspects of the transactions are public.  The transparency obtained from using modern cryptography (e.g. homomorphic encryption and zero-knowledge proofs) in interesting ways, as an aside, is one of the reasons why we tend to think of the blockchain as a regtech, not a fintech.

  5. Artificial Intelligence. There is no doubt that AI will be the most disruptive technology of our generation. We may be a long way from Terminators and HAL 9000, but the massive AI investments pouring into financial services around the world mean that the technology is going to our business, and soon. If you examine where banks are spending their AI budgets right now, machine learning is the main focus. An Infosys poll earlier in the year showed that two-thirds of banks were already spending in this area and this is no surprise. Banks have large quantities of data that in the past they have found difficult to extract wisdom from and they have large transactional flows that they find it difficult to manage in the context of increasing regulatory burdens. Machine learning systems excel at finding patterns and exceptions in such data, provided that they can be fed the voracious quantities of raw material, so the main use of the machine learning systems is currently fraud detection and prevention. This throws up an interesting strategic challenge for banks in the new Open Banking world, because there is a threat to risk management, information analysis and sales/marketing processes in the new environment where they may not get to see the data held by third-party providers but those providers have access to bank accounts.).

All in all, the coming year 

Salad Days

I’m not sure if you’re supposed to have a favourite supply chain fraud or not but I do, and it is the famous case of the vegetable oil that almost bankrupted American Express (and went some way toward making Warren Buffet a multi-billionaire). The essence of the story is that a conman, Anthony “Tino” De Angelis, discovered that people would lend him money on the basis of commodities in the supply chain. His chosen commodity was vegetable oil (see How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE). Amex had a division that made loans to businesses using inventories as collateral. They gave De Angelis financing for vegetable oil and he took the Amex receipts to a broker who discounted them for cash. So he had tanks of vegetable oil and Amex had loaned him money against the value of the oil in those tanks, the idea being that they would get the money back with a bit extra when the oil was sold on. Now as it happened, the tanks didn’t much contain oil at all. They were mostly water with a layer of oil on top so that when the inspectors opened the tanks and looked inside they saw oil and signed off whatever documentation was required. Eventually the whole scam blew up and nearly took Amex down, enabling the sage of Omaha to buy up their stock and make a fortune.

Fortunately for us and unfortunately for conmen like Tino, the supply chain is one of the many industries that the blockchain is going to disrupt. As my good friend Michael Casey and his co-author Pindar Wong explain in their recent Harvard Business Review piece on the topic (Global Supply Chains are about to get Better, Thanks to Blockchain in HBR, 13th March 2017), blockchain technology allows computers from different organisations to collaborate and validate entries in a blockchain. This removes the need for error prone reconciliation between the different organisation’s internal records and therefore allows stakeholders better and timelier visibility of overall activity. The idea discussed in this HBR piece (and elsewhere) is that some combination of “smart contracts” and tagging and tracing will mean that supply chains become somehow more efficient and more cost-effective.

An aside. I put “smart contracts” in quotes because, of course, they are not actually contracts. Or smart. Bill Maurer and DuPont nailed this in their superb King’s Review article on Ledgers and Law in the Blockchain (22nd June 2015), where they note that smart contracts are not contracts at all but computer programs and so strictly speaking just an “automaticity” on the ledger. (Indeed, they go on to quote Ethereum architect Vitalik Buterin saying that “I now regret calling the objects in Ethereum ‘contracts’ as you’re meant to think of them as arbitrary programs and not smart contracts specifically”.)

Using the blockchain and “smart contracts” sounds like an excellent idea and there’s no doubt that supply chain participants are taking this line of thinking pretty seriously. Foxconn (best known as the makers of the iPhone) are a recent case study. In March 2017 they demonstrated a blockchain prototype that they used to loan more than six million dollars to suppliers. I should note in passing that the article didn’t make it clear why they were using a blockchain (as opposed to any other form of shared ledger) or why they were using a shared ledger rather than a database but, like Merck and Walmart and many others, Foxconn is a serious business that sees promise in the technology so we should take the case study seriously.
 
While I was reading about Foxconn, and a couple of other related articles in connection with a project for a client, I started to wonder just how exactly would the supply chain industry be disrupted? How would the blockchain have fixed the salad oil problem? It’s very easy to think of a fancy fintech setup whereby smart contracts took care of passing money from the lender to the conman when the tanks were certified by the inspectors but as sceptical commentators (e.g., the redoubtable Steve Wilson of Lockstep) frequently point out, transactions using blockchain technology are only “trustless” insofar as they relate to assets on the blockchain itself. As soon as the blockchain has to be connected to some real-world asset, like vegetable oil, then it is inevitable that someone has to trust a third-party to make that connection.

Trusting these third parties can be a risk. Another of my favourite scandals (I have quite a few, I should have mentioned that) is the horsemeat scandal that swept Europe on the 50th anniversary of the salad oil scandal. Basically horsemeat was being mixed with beef in the supply chain and then sold on to the suppliers of major supermarkets in, for example, the UK. One of the traders involved was sentenced to jail for forging labels on 330 tonnes of meat as being 100% beef when they were not. Once again, I am curious to know how a blockchain would have helped the situation since the enterprising Eastern European equine entrepreneur would simply have digitally-signed that the consignment of donkey dongs were Polish dogs and no-one would have been any the wiser. It is not clear how a fintech solution based on blockchains and smart contracts would have helped, other than to make the frauds propagate more quickly.

The reason that I am interested in scandals like this one is that the tracking of food features as a one of the main supply chain problems that advocates hope the blockchain will solve for us. Work is already under way in a number of areas. I understand that Walmart have carried out some sort of pilot with IBM to try to track pork from China to the US and another pilot was used to track tuna from Indonesia all the way to the US. But if someone has signed a certificate to say that the ethically-reared pork is actually tuna, or whatever, how is the shared ledger going to know any different? A smart contract that pays the Chinese supplier when the refrigerated pork arrives in a US warehouse, as detected by RFID tags and such like, has no idea whether the slabs in the freezer are pork or platypus.

If you do discover platypus in your chow mein, then I suppose you could argue that the blockchain provides an immutable record that will enable you to track back along the supply chain to find out where it came from. But how will you know when or where the switcheroo took place? Some of the representations of the blockchain’s powers are frankly incredible, but it isn’t magic. It’s a data structure that recapitulates the consensus of its construction, not a Chain of True Seeing with +2 save against poison. So is there any point in considering a form of shared ledger technology (whether a blockchain or anything else) for this kind of supply chain application? Well, yes. We think there is.

Let’s go back to the first example, the great vegetable oil swindle. Had American Express and other stakeholders had access to a shared ledger that recorded the volumes of vegetable oil being used as collateral, the fraud would have been easily discovered.

“If American Express had done their homework, they would have realized that De Angelis’s reported vegetable oil ‘holdings’ were greater than the inventories of the entire United States as reported by the Department of Agriculture. “

via How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE

Interesting. So if the amounts of vegetable oil had been gathered together in one place, the fraud would have been noticed. What could that one place be? A federation of credit provider’s databases? A shared service operated by the regulator? Some utility funded by industry stakeholders? How would they work? What if the stakeholders instead of paying some third party to run such a utility used a shared ledger for their own use? It would be as if each market participant and regulator had a gateway computer to a central utility except that there would be no central utility. The gateways would talk to each other and if one of them failed for any reason it would have no impact on the others. That sounds like an idea to explore further.

How might such a ledger might operate? Would American Express want a rival to know how much vegetable oil it had on its books? Would it want anyone to know? The Bank of Canada, in their discussion of lessons learned from their first blockchain project, said that “in an actual production system, trade-offs will need to be resolved between how widely data and transactions are verified by members of the system, and how widely information is shared”. In other words, we have to think very carefully about what information we put in a shared ledger and who is allowed to say whether that information is valid or not. Luckily, there are cryptographic techniques known as “Zero Knowledge Proofs” (ZKPs) that can deliver the apparently paradoxical functionality of allowing observers to check that ledger entries are correct without revealing their contents and these, together with other well-known cryptographic techniques, are what allow us to create a whole new and surprising solution to the problem of the integrity of private information in a public space.

It is clear from this description that a workable solution rests on what Casey and Wong call “partial transparency”. At Consult Hyperion we agree, and we borrowed the term translucency from Peter Wagner for the concept. For the past couple of years we have used a narrative built around this to help senior management to understand the potential of shared ledger technology and form strategies to exploit it. Indeed, in some contexts we focus on translucent transactions as the most important property of shared ledgers and as a platform for new kinds of marketplaces that will be cheaper and safer, a position that you can find explored in more detail in the paper that I co-authored with my colleague Salome Parulava and Richard Brown, CTO of R3CEV. See Towards ambient accountability in financial services: shared ledgers, translucent transactions and the legacy of the great financial crisis.Journal of Payment Strategy and Systems 10(2): 118-131 (2016).

As you might deduce from the title, in this paper we co-opt the architectural term “ambient accountability” to describe the combination of practical Byazantine fault tolerance consensus protocols and replicated incorruptible data structures (together forming “shared ledger” technology) to deliver a transactional environment with translucency. As Anthony Lewis from R3CEV describes in an insightful piece on this new environment, it is much simpler to operate and regulate markets that are built from such structures.

The reconciliation comes as part of the fact recording; not after. Organisations can “confirm as they go“, rather than recording something, then checking externally afterwards.

From Distributed ledgers: “Confirm-as-you-go” | Bits on blocks

In this way the traditional disciplines of accounting and auditing are dissolved, re-combined and embedded in the environment. Smart contracts wouldn’t have disrupted Tino’s business, but ambient accountability would have uncovered his plot at a much earlier stage, when the near real-time computation of vegetable oil inventories would delivered data on his dastardly plot. You’d hardly need Watson to spot that inventories greater than the United States entire annual production ought to be looked into in more detail.

Perhaps we need to shift perspective. It is the industry-wide perspective of the shared ledger, the shared ledger as a regtech, that makes the disruptive difference to supply chains, just as it is the shared ledger as a regtech that will reshape financial markets by creating environments for faster, cheaper and less opaque transactions between intermediaries that have to add value to earn their fees rather than rely on information asymmetries to extract their rent. As the World Economic Forum’s report on the Future of Financial Services says, “New financial services infrastructure built on [shared ledgers] will redraw processes and call into question orthodoxies that are foundational to today’s business models”. We agree, and if you want to make this a reality for your organisation, give me or my colleagues at Consult Hyperion a call. We will provide help, not hype.

Incidentally, the brilliant Maya Zahavi from QED-it will be explaining how ZKPs can transform supply chains at the 20th annual Consult Hyperion Tomorrow’s Transactions Forum on April 26th and 27th in London. Run, don’t walk, over to that link and sign up now for one of the few remaining delegate places and to be kept up-to-date in the future, sign up for our mailing list as well.

[Sincere thanks to my colleague Tim Richards and to my former colleague Salome Parulava for their helpful comments on an earlier draft of this post.]

Tuesday, 10 October 2017

Making Britain the safest place in the world to be online - GOV.UK

xxx

‘found worrying or nasty in some way’

From Making Britain the safest place in the world to be online - GOV.UK

Yes, well I find things like this every single day on the internet. For example, I am very worried about 

Making Britain the safest place in the world to be online - GOV.UK

xxx

A new social media code of practice…

From Making Britain the safest place in the world to be online - GOV.UK

And so forth. There’s no point elucidating, because the strategy is, broadly speaking, to do nothing. A voluntary programme to ask people not to bully each other on Facebook. Publishing advertisements to tell people to be nice to each other is pointless. 

Fake news: Dow Jones blames technical error for headlines claiming...

xxx

While the implausible nature of the $9 billion price tag may have been a red flag to human traders, Apple did briefly see its stock rise to $158 before settling back down to around $156, raising the possibility that some algos were fooled.

From Fake news: Dow Jones blames technical error for headlines claiming...

xxx

Book review: Big Mind

Perhaps the universe was telling me something, because it seems to me beyond coincidence that I don’t remember hearing the word “homophily” before and yet I’ve just come across it twice in the same day: once when listening to historian Niall Ferguson on the BBC’s Today programme while in the shower and then again a couple of hours later while reading Geoff Mulgan’s new book “Big Mind” on the couch. Homophily means the tendency of people (e.g., me) to tend to congregate online with people who think the same as they do (e.g., the Chancellor of the Exchequer is very probably insane) but worse still in the new online world, also view only “news” (fake or real) that reinforces their position.

We will come back to homophily in a moment.

Geoff’s thesis is that the "collective intelligence” formed from groups of people connected together online functions according to new dynamics. Now, while he notes early on that a more networked world does not automatically means a higher IQ world (in fact, as far as I can see, the general level of idiocy has increased substantially since the early days of the the telegraph and the bulletin board), and that "shared thought is not only knowledge but delusions, illusions and fantasies”, I’m not sure that Snapchat boosts either individual or collective IQs.

Hence I began with caution, and about two thirds of the way through the book I was caught in a terrible English dilemma. I’ve known the author for a long time and admired his work with Demos and NESTA. But I wasn’t enjoying the book and didn’t feel I was getting anything from it. So how could I say that politely?

Luckily I carried on reading and I realised that the first two-thirds of the book is not for people like me who spend their entire lives on LinkedIn and Twitter but for politicians and policymakers who have only the vaguest idea of what these new technologies are and just how different these new dynamics of the collective that they have created is from the collection of individuals that they are used to dealing with.

It’s the last third of the book where Geoff gets into the tough questions. I’d not heard of the “folk theory of democracy” (i.e., that the people are wise and come to the right answer) before but I can say with certainty that it is doomed with the masses so easily subverted through Facebook adverts and clickbait headlines. While it is appealing to hope that new technology is the answer, a means to rejuvenate democracy, I’m not sure. As the author notes, crowds are good at ideas, not judgements.

Do we then give decision making to an elite? Maybe, but the experts aren’t always right even when they are more connected than ever before. I strongly agree with the author’s view that “expertise can entrap”, or to put it another way, foxes make better predictions than hedgehogs, but we don’t seem to be rummaging through the dustbins of knowledge to pick out the good stuff at all. The example the author uses illustrates this rather well: we have more data about health and diet and nutrition than ever before, yet we have an epidemic of obesity. More data does not mean wisdom.

Which leads me to my suspicion is that it isn’t networking people together that is going to help, but networking people with artificial intelligences. As Geoff himself points out, technologies can effectively perform many of the elements of collective intelligence. He references a a Hong Kong investment firm has already invited an AI to join its board and given it the same vote as human board member.

A cabinet of ZX Spectrums could hardly do worse than the flesh and blood version. I laughed out loud when I saw “government is collective intelligence” since there’s precious little evidence of such (“government is muddling through” is more the British way). Geoff has had access to government decision-making process that I have not, so how accurate his characterisation is I can’t say. He certainly right when he says that companies pretend to operate with collective intelligence but actually go by gut feeling rules of thumb (as memorably described in one of my favourite books from last year “Chaos Monkeys”).

Geoff puts forward an interesting thesis but doesn’t completely convince with it. At the end of the book, I was left unsure whether he thinks that the online collective multi-intelligence of the connected crowd is something to be harnessed, managed or avoided at all costs.

Monday, 9 October 2017

‘Mind-Boggling’ Math Could Make Blockchain Work for Wall Street - Bloomberg

xxx

“Zero-knowledge proofs are one of the biggest inventions in the last two decades in cryptography,” said Emin Gun Sirer, an associate professor of computer science at Cornell University. It “will allow a slew of applications we can’t even imagine right now.”

From ‘Mind-Boggling’ Math Could Make Blockchain Work for Wall Street - Bloomberg

xxx

POST Machines learning about fraud

As I’ve written many times (e.g., here), it is difficult to overestimate the impact of artificial intelligence (AI) on the financial services industry. As Wired magazine said, "it is no surprise that AI tops the list of potentially disruptive technologies”. With Forrester further forecasting that a quarter of financial sector jobs will be “impacted” by AI before 2020, there’s an urgent need to develop strategies in this. It is because the need is so urgent that I was delighted to be asked to give a keynote at the Digital Jersey AI Retreat in September, an event was put together by my good friends at Digital Jersey (where I am advisor to the board) working with Cognitive Finance. They did a great job of bringing together a spectrum of both subject matter experts and informed commentators to cover a wide variety of issues and provide a great platform for learning.

In “Radical Technologies”, Adam Greenfield wrote of the advance of automation that many of us (me included, by the way) cling to the hope that “there are some creative tasks that computers will simply never be able to peform”. I have no evidence that financial services regulation will be one of those tasks, so in my talk I suggested AI will be the most important “regtech” of all and made a few suggestions as to how regulators can plan to use the technology to create a better (that is faster, cheaper and more transparent) financial services sector.

AI as Regtech

Regulation, however, was only one the topics discussed in a fascinating couple of days of talks, discussions and case studies. The surprise for me was that there was a lot of discussion about ethics, and how to incorporate ethics into the decision-making processes of AI systems so that they can be audible and accountable. I hadn’t spent too much time thinking about this before, but I was certainly left with the impression that this might be one of the more difficult problems to address and talking with very well-informed experts. Although I must say that the most surprising discussion of the event that I was personally involved in took a very different tack: whether AIs employed in the service of financial institutions should come under the HR department or the IT department!

OK. So banks are going to be disrupted by AI. But where to start? I happened to be reading Call Credit’s interesting white paper “Credit, Fraud and Risk in the Age of Machines”. Their data scientists explore the use of machine learning in credit risk and fraud prevention. It’s that latter category that interests me most at the moment simply because fraud is so out of control, so I began to wonder whether this new technology is having any impact. Are Call Credit right to be optimistic about machine learning? The answer seems to be that they are, and that there may be light at the end of the tunnel. If we look at what AI is being deployed in the banking sector and what is it being used for, we see this optimistic reinforced.

Let’s look in more detail. First of all, AI is an umbrella term so we need to be a little more specific. The most recent figures seem to indicate that the technology of machine learning is the main area of investment in banking. This is not surprising, because machine learning thrives when fed wast quantities of structured data. Banks have this in spades but have historically found it difficult to extract wisdom from it. 

Bank use of AI by technology  

What are they using these machine learning systems for? Well, fraud does indeed seem to be the main business case with identification and authentication (including the use of biometrics) the highest priorities. Chatbots, robo-advisors and digital assistants are all fun, but in terms of making an impact on the bottom line, doing something about fraud beats everything else.

AI for what?

Hence my optimistic interpretation. Identity is a mess, but we may be able to use AI to begin to mitigate some of the effects of this in the banking sector. Dave Webber, Director of Concept Management at Call Credit, sums it up nicely in their white paper by saying that “machine learning can help businesses make decisions by looking at data patterns… then looking for anomalies that indicate something isn’t right”. AI is good at this sort of pattern recognition and, I think, so much better at it than we are that it might even outsmart the fraudsters.

The hidden cost of the tap-and-go boom

xxx

According to RBA estimates, the merchant will pay an average of about 0.55 per cent of the transaction's value in a "merchant service fee" to their bank when the payment goes through the credit card network. But if it goes through the eftpos (CHQ or SAV) system, this drops to 0.15 per cent.

From The hidden cost of the tap-and-go boom

xxx

Arab driver filmed himself in his Porsche going 180mph | Daily Mail Online

xxx

Officers initially confiscated his passport before Ali changed his name by deed poll and applied for a new one, flying to Dubai two days before he was to be tried for possessing a quantity of bullets.

From Arab driver filmed himself in his Porsche going 180mph | Daily Mail Online

xxx

Sunday, 8 October 2017

Australian police sting brings down paedophile forum on dark web | Society | The Guardian

snippet

To maintain their cover, undercover detectives were posting and sharing abuse material on Childs Play. Other users continued to post and view images while the site was under police control.

[From

Australian police sting brings down paedophile forum on dark web | Society | The Guardian

]

snippet

Friday, 6 October 2017

India's Failed Demonetization Program and Its Retreating Economic Defenders - Alt-M

xxx

The accumulating evidence on economic growth, meanwhile, has become damning. Between July and September 2016, India’s GDP grew 7.53 percent. Between January and March 2017 it grew 5.72 percent. Former head of the Reserve Bank of India Raghuram Rajan, now returned to the University of Chicago, links the drop to demonetization: “Let us not mince words about it — GDP has suffered. The estimates I have seen range from 1 to 2 percentage points, and that's a lot of money — over Rs2 lakh crore [i.e. trillion] and maybe approaching Rs2.5 lakh crore." Kaul adds that GDP does not well capture the size of the informal cash sector, where the losses from demonetization were greatest.

From India's Failed Demonetization Program and Its Retreating Economic Defenders - Alt-M

So why does the Bank of England think that getting rid of paper cash will boost the economy when the figures from India clearly show it didn’t. The answer, of course, relates to the stage of development of the economy. In England, there are ready alternatives to cash that almost everyone already uses. Contactless cards and mobile phones mean that if all the ATMs in England gave up the ghost tomorrow, it wouldn’t really matter. Yes, there are some unbanked people and, as I have long argued, we should be providing digital financial services that are appropriate to them (not forcing them to use bank accounts) so that they can use electronic alternatives. Having been involved in projects to do just this (e.g., mobile money accounts for “universal credit” recipients and services delivered via digital TV to the housebound) I can honestly say that I do not find insurmountable problems.

While the India has taken great strides (the introduction of “payment banks”) 

xxx

"‘There were a lot of people who came and clicked photos (of the sign) but apart from that no transactions,’"

Bitcoin accepted here: The tiny family restaurant in India that's embraced virtual currency — Quartz

xxx