Sunday, 30 July 2017

Shayne Elliott's revolution at ANZ | afr.com

xxx

The long overdue migration of intangible financial services, which are purpose-built for digital distribution, away from pens and paper will be facilitated by digital ID verification

From Shayne Elliott's revolution at ANZ | afr.com

xxx

Shayne Elliott's revolution at ANZ | afr.com

xxx

Within a year or so, the rangy New Zealander hopes to introduce what could be the most profound change in modern Australian banking – a move away from conventional fixed pricing of deposits and loans (in which most people pay or receive the same interest rate) towards granular “risk-based pricing” in which everyone can in theory capture a unique interest rate depending on their propensities… Risk-based pricing requires massive amounts of historical data coupled with outstanding predictive modelling capabilities

From Shayne Elliott's revolution at ANZ | afr.com

xxx

In the online dating jungle, unverified by Twitter doesn’t mean undesirable | Sam Diss | Opinion | The Guardian

xxx

That’s the world in which Blue, the new Twitter-verified-users-only offering from dating app Loveflutter, is claiming to operate in. “In an era of catfishing and fake identities, authenticity is key,” says the accompanying press release, “which is why we’re leveraging Twitter’s world-class verification system to make dating safer.”

From In the online dating jungle, unverified by Twitter doesn’t mean undesirable | Sam Diss | Opinion | The Guardian

xxx

The sharing economy is failing for one simple reason – people can’t be trusted | The Independent

xxx

The sharing economy is gargantuan. A recent research report published by Bank of America Merrill Lynch estimates the value of it is about $250bn (£190bn) and it’s growing rapidly.

From The sharing economy is failing for one simple reason – people can’t be trusted | The Independent

xxx

Blueprint for KYC data sharing in the UK

xxx

The UK's Payment Strategy Forum has delivered a blueprint for the future of the nation's payment system, setting out design and implementation approaches for the construction of a new 'National Payments Architecture'.

From PSF lays down blueprint for new UK payments architecture

xxx

Since publishing our Strategy, we have reviewed the approach and agreed on the following detriments as focus areas for the proposed data sharing framework:

  1. Inclusion of bad actors: Obtaining sufficient KYC information to identify bad actors requires the use of multiple external data sources and systems during on-boarding and ongoing due diligence. Incomplete, in-accurate or out-of-date SME customer data hinders the detection of bad actors.

  2. Poor customer experience for good actors: Limited data sharing among the PSPs and other sectors such as utilities and telecommunication providers lead to significant duplication of effort if a customer moves to another provider or extends their products. data hinders the detection of bad actors.

  3. Barrier for small PSPs: Privileged access to SME data can be viewed as a barrier for small and new entrants, narrowing access and weakening competition. data hinders the detection of bad actors.

  4. Inefficiency in the SME KYC process: Customer identification processes can be complex, protracted, and expensive, despite not being a key competitive differentiator for PSPs and providers in other sectors. data hinders the detection of bad actors.

  5. Lack of trust: The fear of fraudulent actors potentially being able to penetrate the digital environment and get access to customer data leads to an erosion of trust in society.data hinders the detection of bad actors.

The plan is to start with SMEs. 

End user needs

xxx

In our Strategy, we prioritised the collaborative development of requirements and rules for 3 EUN solutions. These are:

  1. ‘Request to Pay’ which addresses detriments arising from a lack of sufficient control, flexibility and transparency in the current payment mechanisms to meet the evolving needs of some end-users. Apart from anything else, this is why there's no need for "pull" payments in NPA.
  2. ‘Assurance Data’ which addresses the lack of adequate assurance to the payer that they have sufficient funds to make a payment; that they are making the payment to the intended payee’s account and status of the payment once they make the payment. Right now, the assurance services envisaged are confirmation of available funds, payment tracking and the slightly more complex confirmation of payee.
  3. ‘Enhanced Data’ which addresses the limited capacity, in current payment systems, to carry more structured data alongside the payment.

The reason why I call the payee confirmation service more complex is… well… it’s more complex. As I said in connection with this last year:

There’s a long way to go with this though, because there are privacy and other issues. Is it any of my business what the name on your account is?

From Are the banks telling you that you may as well use bitcoin? | Consult Hyperion

The CoP will be a real-time 24/7 services and the response provided to the payer will be as clear and unequivocal as possible to allow the payer to make a decision that he or she is making the payment to the intended payee. All to the well and good. But you can see the problems lurking in the shadows of this apparently reasonable requirement. An obvious issue is that data protection regulations must be considered to ensure that payer data is handled lawfully especially in the case where the account information is played back. If you send a payment to your dentist, for example, should be provided with your dentist's real name, address and other personally-identifiable information (PII). I would have thought not. Then there's also the issue of accuracy and liability for incorrect information. And consider also that is some cases the system must not return the "correct" information (as part of law enforcement operationa, for example).

This isn’t just about bank accounts and instant payments, of course. If it was, I wouldn’t be blogging about it. I hate to say it, but the problem and the solution are all about identity.

From Super-complaints but no super-solutions | Consult Hyperion

One safeguard that the PSF puts forward is that the payee confirmation service can only be utilised for the purposes of making a payment and it assumes that PSPs will ensure relevant safeguards are put in place to ensure prudent use (e.g., to guard against phishing, profiling etc.). OK, so I may sound like a broken record on this, but without a working digital identity infrastructure in place, we will end up with something incomplete and expensive getting hacked up to support NPA implementation alone.

 

I wrote last year that

I imagine that an outcome of Payment UK’s deliberations on payee confirmation may well be the creation of a database of “paynames” (i.e., £dgwbirch) to make casual instant payments even easier.

From There you go bringing class into it again | Consult Hyperion

xxx

MUles

xxx

 

xxx

Cifas, which aims at reducing financial crime in the UK, said that the number of “misuse of facility” frauds involving those under 21 years of age, has risen sharply.

From Gangs force thousands of teens to become 'money mules' | The Independent

xxx

Payment Strategy Forum’s “Blueprint for the Future of UK Payments” (July 2017) says that “tactical solution work has been progressed to provide early benefit in the fight against financial crime in the detection of money mule accounts, and piloting methods for funds repatriation. The tactical solution was handed over in June, and implementation is expected by the end of 2017”. I’m not privy to the work of the Forum

POST Push! Push! Push!

Many years ago, I worked on a couple of projects looking at the future of payments. My conclusion, and that of my colleagues, was that the payment systems of the future would very likely be push rather than pull. The reasoning is quite straightforward: push payments are simpler and cheaper (pull payments, such as Direct Debit in the UK, are a hack to get around a lack of connectivity) and if there is a need for more complex instrument or services then they should be a layer on top of a cheap, fast and transparent push infrastructure. Earlier this year, the UK’s new payments infrastructure was set out

The UK's Payment Strategy Forum has delivered a blueprint for the future of the nation's payment system, setting out design and implementation approaches for the construction of a new 'National Payments Architecture'.

From PSF lays down blueprint for new UK payments architecture

I was naturally very excited to see what this new architecture would be, and one of the key phrases that I was looking out for was “push payments”. This is because many years ago I worked on a couple of projects looking at the future of payments that featured these exclusively. My conclusion, and that of my colleagues, was that the mass-market payment systems of the future would very likely be push-only rather than push and pull. The reasoning is quite straightforward: push payments are simpler and cheaper (pull payments, such as Direct Debit in the UK, are a hack to get around a lack of connectivity) and if there is a need for more complex instrument or services then they should be a layer on top of a cheap, fast and transparent push infrastructure. As I wrote back in 2014…

pull payments are a relic from the bygone past when consumers did not have devices and there was no network to connect them to

From Push payments are a win-win (and a lose) | Consult Hyperion

Therefore, I have made the transition to push (or “the push for push”) an input to the process of creating payment organisation strategies for some time. Hence I was very interested to read in the blueprint referred to above, the Payment Strategy Forum’s “Blueprint for the Future of UK Payments” (July 2017), that…

In summary, we concluded that a push only model offers many advantages but recognise that for some in the industry, changes will be required to enable them to deliver existing pull based payments products, such as Direct Debits.

This is as it should be. The era of III (instant, invisible and irrevocable) payments is here and not only in the UK. Countries around the world are firing up their faster payment networks and in Europe the SEPA Instant Payments scheme goes live in November. 

The EPC’s SCT Inst scheme will enable interoperable euro credit transfers in SEPA for transactions of up to €15,000 initially to be available on the payee’s account within ten seconds.

From SEPA INSTANT CREDIT TRANSFERS ARRIVE - Payments Cards & Mobile

There is a big picture here: the steady transition to ubiquitous, low-cost, account-to-account credit transfers as a platform for other payment services (if they are required). As this infrastructure becomes more sophisticated (because of, for example, the shift to ISO 20022 XML and the exploitation of enhanced data transport)

Saturday, 29 July 2017

Tax breaks for farmers causing 'subsidy addiction', government adviser warns

Some years hence at a party of some kind in the West Country, I found myself chatting to a farmer. He was telling me about sheep farming, and making the point that it would be wholly uneconomic without massive taxpayer subsidies. Naturally I asked why these subsidies were provided. After all, if management consulting were to become uneconomic, because of the 

xxx

"Farmers receive not just the £3 billion of subsidy, they receive a whole range of other benefits that nobody else in the economy gets."

From Tax breaks for farmers causing 'subsidy addiction', government adviser warns

xxx

xxx

“If you’re producing 0.7% of output, receiving £3 billion of subsidies for that output of about £9 billion and being exempted on rates, and being exempted on diesel and being exempted on inheritance tax… it’s kind of a subsidy addiction in the end.

From Tax breaks for farmers causing 'subsidy addiction', government adviser warns

Land Value Tax Now! 

Gangs pay teenagers to launder crime cash | News | The Times & The Sunday Times

xxx

According to Cifas, the fraud prevention service, there has been a huge rise in the number of young people involved in “misuse of facility fraud”, where an account, policy or product is misused by the genuine account holder. There were 4,222 cases involving a person under 21 in the first six months of this year, compared with 2,143 cases during the same period last year.

From Gangs pay teenagers to launder crime cash | News | The Times & The Sunday Times

xxx

Friday, 28 July 2017

What's wrong with finance

xxx

What is the finance sector supposed to do? Essentially, it needs to perform a number of basic economic functions. First and foremost, it operates the payments system without which most transactions could not occur. Secondly, it channels funds from individual savers to the corporate sector so the latter can finance its expansion. In doing so, it does the highly useful service of maturity transformation; allowing households to have short-term assets (deposits) while making long-term loans. It also creates diversified products (such as mutual funds) that help to reduce the risk to savers of catastrophic loss. Thirdly, it provides liquidity to the market by buying and selling assets. The prices established in the course of this process are a useful signal of which companies offer the most attractive use for capital and which governments are the most profligate. Fourthly, the sector helps individuals and companies to manage risks, whether physical (fire and theft) or financial (sudden currency movements).

From What's wrong with finance

xxx

Tap-and-go threatens cash economy - Convenience & Impulse Retailing

xxx

“Around one-third of all point-of-sale transactions were conducted using contactless cards in 2016… As a share of card payments only, nearly two-thirds of all point-of-sale payments were contactless in 2016.”

From Tap-and-go threatens cash economy - Convenience & Impulse Retailing

xxx

Cards overtake cash for consumer payments in Australia

xxx

In 2013, cash was used in 47% of payments, compared to 43% for cards. Three years on, this outcome has now flipped so that 52% of payments are now via card, compared to just 37% by cash.

From Cards overtake cash for consumer payments in Australia

xxx

From Liverpool to east London: Local currencies are making a comeback

xxx

Millennials' distrust of British banks, and a growing interest in supporting local communities, has helped spawn a new crop of local digital currencies, with the Liverpool pound launching earlier in the year, and the east London pound debuting last month.

From From Liverpool to east London: Local currencies are making a comeback

xxx

Wednesday, 26 July 2017

Email hacking fraud hits home renovators: 'I paid £10,800 to a bogus builder'

xxx

Fraudsters tricked lawyer Mr Mullinger into paying £10,800 into their Lloyds account after posing as the tradesman working on his third floor extension.

From Email hacking fraud hits home renovators: 'I paid £10,800 to a bogus builder'

xxx

Tuesday, 25 July 2017

Credit and debit card surcharges to be banned - BBC News

xxx

From January next year, businesses will not be allowed to add any surcharges for card payments. The worst offenders currently are airlines and food delivery apps, and small businesses which typically add a fee for cards. In 2010 alone consumers spent £473m on such charges, according to estimates by the Treasury.

From Credit and debit card surcharges to be banned - BBC News

This is just plain dumb. If you are going to interfere in a market

Sunday, 23 July 2017

Expectations on PSD2 interactions between banks and fintechs clarified by UK Treasury

xxx

Though there are differences in scope between the two regimes, consideration is being given to how open application program interfaces (APIs) being developed under the open banking initiative could be used to support access to payment accounts and data by PISPs and AISPs under PSD2.

From Expectations on PSD2 interactions between banks and fintechs clarified by UK Treasury

xxx

Families left stranded after £10,000 villas did not exist | Daily Mail Online

xxx

When you search on Google, it orders results by what it believes to be the most useful and relevant. A website’s rank has become a common barometer for how high-quality or trustworthy a company is.

From Families left stranded after £10,000 villas did not exist | Daily Mail Online

Oh dear. A website’s rank has absolutely nothing to do with either quality or trustworthiness. It’s no wonder people get taken in like this, but since we have no trust infrastructure and no way of connecting people to it via the user interface even if we did, it’s hard to see how things will improve.

What would have to be in place to fix this sort of problem. Well, first of all, when you go to a website offering holiday villas you should be able to tell whether someone knows who it is that is behind the site. 

Families left stranded after £10,000 villas did not exist | Daily Mail Online

xxx

‘We’ve booked online before and the website looked genuine. It came up as the number one search on Google,’

From Families left stranded after £10,000 villas did not exist | Daily Mail Online

Oh dear.

 

xxx

after an email exchange with the website’s staff, Ann, a 39-year-old PR director, felt content as she transferred £6,000 via BACS direct to the villa owners for her two-week holiday.

From Families left stranded after £10,000 villas did not exist | Daily Mail Online

It was a scam, of course. But you’d think that as the money could only have been sent via BACS to a UK bank account, and since that UK bank account was opened and maintained in accordance with our strict KYC and AML regulations, it should have been easy for the police to simply pop round and arrest the perps.

Thursday, 20 July 2017

POST The government is completely and utterly wrong about surcharging

When I was in sunnier climes earlier this month, I was asked a couple of times about a particularly bonkers British government policy announcement concerning card payments. More than one person from overseas regulators asked me about it, in fact. They asked me if I could explain our government’s reasoning behind their policy announcement about card payment surcharges. Which was:

From January next year, businesses will not be allowed to add any surcharges for card payments. The worst offenders currently are airlines and food delivery apps, and small businesses which typically add a fee for cards. In 2010 alone consumers spent £473m on such charges, according to estimates by the Treasury.

From Credit and debit card surcharges to be banned - BBC News

Unfortunately, I cannot. This is just plain dumb. If you are going to interfere in a market and start price-fixing, then you should do it to increase the net welfare, not to provide a hidden subsidy to the well-off. I imagine what happened is that the partner of a government minister went online to book a mini-break to Dubrovnik, searched for the cheapest flights, went to pay with their black Amex card and got upset about being charged a surcharge that they could well afford to pay. Next thing you know, it’s government policy that rich users of rewards cards must be subsidised by everyone else. Baffling.

The move will save British consumers hundreds of millions of dollars

From U.K. Bans Credit Card Surcharges, Calling Them A 'Rip-Off' : The Two-Way : NPR

Really? How? The credit card system (and all the legal protections that come with it) do not suddenly become fee. British Airways still has to pay a merchant service charge (MSC) to their acquirer and the acquirer still has to pay an interchange fee (already capped by the EU). If British Airways can’t charge me an extra £2.50 for using my credit card so that I can get extra Avios, then they will simply add £1 “booking fee” or whatever to all tickets. Now, people who pay with their debit cards (who used to pay nothing extra) are paying an extra £1 and I’m paying £1.50 less and still getting my Avios.

There are two issues here: should merchants be allowed to surcharge (hint: yes) and should the government interfere in the surcharging (more on this later).

 Surcharging in Melbourne

xxx 

xxx 

Wednesday, 19 July 2017

Ed Sheeran takes on ticket touts and cancels 10,000 gig tickets sold by unofficial resale sites

xxx

Fans who purchased tickets when they went on sale will have to arrive at their gig venue with the booking confirmation, a valid form of ID and the credit card used for the purchase (or a photocopy).

From Ed Sheeran takes on ticket touts and cancels 10,000 gig tickets sold by unofficial resale sites

How are the bouncers on the door at an Ed Sheeran concert supposed to tell a real Portuguese fishing licence from a fake one? And what happens if I use my credit card to buy a ticket as a present for someone?

There is a solution, of course: put the tickets on a shared ledger and then sell them on eBay so that the market clears. If Ed wants fans to have tickets for £10 instead of £100, then he can buy the £100 tickets in the auction and re-sell them himself using whatever identification and authentication system he wants. Ticket “scalping” is a natural response to a broken market.

POST The non-banks are in

You might remember that last year I wrote about giving non-banks access to the UK payment infrastructure.

There are plenty of non-bank players out there who want to have access to the infrastructure and the UK’s Emerging Payments Association recently presented a report to arguing that, under the appropriate licence conditions, non-banks should be allowed access to instant payments infrastructure through the use of a new kind of limited pre-funded settlement account at the Bank of England.

From Access | Consult Hyperion

Well, this is exactly what is going to happen.`

The widely-trailed move is expected to open up a competitive space which has long been the preserve of the UK's biggest incumbents, providing non-bank PSPs with direct access to the UK’s sterling payment systems that settle in central bank money, including Faster Payments, Bacs, Chaps, Link, Visa, and, once live, the new digital cheque imaging system.

From Bank of England comes good on promise to provide non-banks with dir...

xxx

Monday, 17 July 2017

Child Safety Online: Age Verification for Pornography - GOV.UK

The government’s consultation process on blocking children from accessing porn has completed and they have published the results and the way forward.

Child Safety Online: Age Verification for Pornography

From Child Safety Online: Age Verification for Pornography - GOV.UK

I was listening to reports of this on the BBC and I heard at least two mad schemes being suggested. One was to use credit card details as a mechanism for proving that someone is over 18 and the other was to have people send their passport details to porn sites. What I didn’t hear being suggested was the development of a sane digital identity infrastructure capable of actually solving the problem. Since I’ve written about this topic several times in recent years, I thought I’d bring together a couple of old posts and update them with some new thinking to try to explain why the ideas I heard on the radio are not only wrong but dangerous and to make a sensible suggestion as to how the problem should be fixed.

So let’s start by going back a few years. For me, my serious interest in this topic began a few years ago when I was finishing up my book “Identity in the New Money”.  I went along to the seminar on “Childhood and the Internet – Safety, Education and Regulation” in London in January 2014. I was there for three main reasons:

  1. I am interested in the evolution of identification and authentication in an online environment, and protecting children is one of the cases that brings the mass market practicalities into sharp relief.
  2. Consult Hyperion had clients who are developing recognition services, and it seems to me that if these services can contribute to a safer environment for children then we may have something of a win-win for encouraging adoption. Note that “recognition” is the term I use her for the combination of identification and authentication that is appropriate for the authorisation of the transaction at hand.
  3. Protecting children is an emotional topic, and as responsible member of society it concerns me that emotional responses may not be society’s best responses. This is a difficult subject. If, as technologists, we make any comment about initiatives to protect children being pointless or even counterproductive we may be accused of being sympathetic to criminals and perverts hence we need to learn to engage effectively. I’m not interest in childhood e-safety theatre, but childhood e-safety.

That seminar was kicked-off by Simon Milner, the Policy Director (UK and Ireland) for Facebook. He started off by noting that Facebook has a “real” names policy. Given my fascination with the topic, I found his comments were quite interesting as they were made on the same day that the head of Facebook, Mark Zuckerberg, was interviewed in Business Week saying that the “real” names policy was being amended.

One thing about some of the new apps that will come as a shock to anyone familiar with Facebook: Users will be able to log in anonymously.

[From Facebook Turns 10: The Mark Zuckerberg Interview – Businessweek]

Simon went on to say that the “real” names policy, setting to one side whether it means anything or not, is a good thing (he didn’t really explain why and I didn’t get a chance to ask) and then talked about how children who are being bullied on Facebook can report the problem and so on. I know nothing about this topic, other than as a parent, so I can’t comment on how effective or otherwise these measures might be although I have heard anecdotally from many sources that they are of limited impact.  I found some of the talks by the subject matter experts extremely thought-provoking and I’m glad I heard them.

The main discussion that I was interested in was led by Helen Goodman MP (the Shadow Minister for Culture, Media and Sport) and Claire Perry MP, who is the Prime Minister’s special advisor on preventing the sexualisation and commercialisation of childhood. The ex-McKinsey Ms. Perry attracted a certain amount of fame in web circles last year (just search on “#PornoPerry”) when she made some public statements that seemed to indicate that she didn’t completely understand how the internet worked, despite being behind the government’s “porn filter”. (I am not picking on her. I should explain for foreign readers that most MPs are lawyers, management consultants, property developers, PR flacks and such like and they don’t really understand how anything actually works, least of all the interweb tubes. Only one out of the 635 MPs in the British Parliament is scientist.)

Now, let me be completely honest and point out that I have previously criticised not only the “real” names movement in general but Ms. Goodman’s views on anonymity in particular. I think she is wrong to demand “real” names. However, as I said a couple of years ago,

I’m not for one moment suggesting that Ms. Goodman’s concerns are not wholly real and heart felt. I’m sure they are.

[From The battle of the internet security experts – Tomorrow’s Transactions]

This does not make her right about what to do though. Forcing people to interact online using their mundane identity is a bad idea on so many levels.

But that was the same month that the Communist party struck its first major blow against Weibo, requiring users to register their real names with the service. From that point, those wishing to criticise the Party had to do so without the comforting blanket of anonymity and users started to rein themselves in.

[From China kills off discussion on Weibo after internet crackdown – Telegraph]

I’m not suggesting that Ms. Perry represents a government intent on creating a totalitarian corporatist state that reduces us wage-slaves to the level of serfs to be monitored at all times. I’m sure her good intentions are to block only those communications that challenge basic human decency and serve to undermine the foundations of our society, such as MTV, but the end of public online space seems a drastic step. What has been the result of the Chinese campaign to end anonymity? What is the practical impact of a real names policy?

Once an incalculably important public space for news and opinion – a fast-flowing river of information that censors struggled to contain – it has arguably now been reduced to a wasteland of celebrity endorsements, government propaganda and corporate jingles.

[From China kills off discussion on Weibo after internet crackdown – Telegraph]

None of us, I’m sure, would like to see pillars of our society such as the Daily Mail reduced to the level of “celebrity endorsements, government propaganda and corporate jingles”. Perhaps there is now less crime in China too, but I have yet to discover any statistics that would prove that. I don’t want this to happen to Twitter, Facebook and The Telegraph web site (where it is my right as Englishman to post abuse about the Chancellor of the Exchequer should I so choose). So here is a practical and positive suggestion. At the seminar Helen said the “The gap between real-world identity and online identity is at the root of [the problem of cyberbullying]”. So let’s close that gap. Not by requiring (and policing) “real” names, but by implementing pseudonymity correctly. I wrote an extended piece on this for Total Payments magazine recently.

Now imagine that I get a death threat from an authenticated account. I report the abuse. Twitter can (automatically) tell the police who authenticated the transaction (i.e., Barclays). The police can then obtain a warrant and ask Barclays who I am. Barclays will tell them my name and address and where I last used my debit card. If it was, say, Vodafone who had authenticated me rather than Barclays, then Vodafone could even tell the police where I am (or at least, where my phone is).

[From Dave Birch’s Guest Post: Anonymity – privilege or right? – Total Payments : Total Payments]

As I said, I don’t just want to talk about doing something about cyberbullying and the like, I actually want to do something about it. “Real” names are a soundbite, not a solution. What we need is a working identity infrastructure that allows for strongly-authenticated pseudonyms so that bullies can be blocked and revealed but public space can remain open for discussion and debate. Then you can default Facebook and Twitter and whatever to block unauthenticated pseudonyms without insisting the kid looking for help on coming out, the woman looking at double-glazing options or the dreary middle-aged businessman railing against suicidal economic policies from revealing their identities unless they want to

 

We’d all, I’m sure, prefer a world in which children did not have access to corrosive and nauseating material that undermines our civilised society. But how can we stop children from seeing MTV and the Daily Mail? The government has given up on this, I’m afraid, and has instead decided to try to stop them from seeing porn.

 

Porn is a problem. Let’s not beat about the bush. None of us want kids watching inappropriate sexual content on the web, not even the stuff they’ve created themselves. And I would like to practical ways to achieve this goal, which is why I’ve been along to a couple of events about safety on the internet and such like, looking for a win-win whereby our clients can use their technology to help.

The main discussion that I was interested in was led by Helen Goodman MP (the Shadow Minister for Culture, Media and Sport) and Claire Perry MP, who is the Prime Minister’s special advisor on preventing the sexualisation and commercialisation of childhood.

[From Identity and authentication technologies can make the Internet safer]

Ms. Perry, a former McKinsey consultant, attracted a certain amount of notoriety in web circles last year when she made some public statements that seemed to indicate that she didn’t completely understand how the internet worked, despite being Prime Minister’s advisor on such things. As I said at the time, I don’t understand why government doesn’t ask people who understand how things work (e.g., me) for advice and instead seem to evolve policy by listening to PR flacks, mates in the City, management experts and political lifers who have never had a real job of any kind. But let’s put that to one side.

The British Government’s Department of Culture, Media and Sport (DCMS) is reportedly drawing up plans to force porn sites to verify the age of visitors. Since the UK has no identity infrastructure (the government scrapped the controversial identity card scheme years ago and has yet to commission a study from Consult Hyperion on the viable alternative, the National Entitlement Scheme, NES) there is no way of doing this properly, so they are casting around for proxies.

As reported by the Sunday Times, this includes bank-approved software and credit cards, which can only be issued to those 18-years-old or above.

[From Porn and weapons websites may need to verify age of those using services – Gadgets and Tech – Life and Style – The Independent]

I liked this credit card example, because it shows how little the politicians understand about identity. Forcing people to give their credit card details out willy-nilly will inevitably leading to an explosion in card fraud, since there is no way that the punter can tell whether they are looking at the real “Honourable Members” or an Eastern European rid-off created solely for the purpose of harvesting valuable personal information. The example also feeds one of my pet bugbears, which is trying to use the payment system as a policeman instead of using real policeman.

The payments systems, which will be overseen by Economic Secretary to the Treasury and MP for South Northamptonshire Andrea Leadsom, will utilise UK-approved companies such as PayPal and Visa.

[From Porn and weapons websites may need to verify age of those using services – Gadgets and Tech – Life and Style – The Independent]

Andrea Leadsom read Political Science and comes from the investment banking and hedge fund world so I imagine she is very familiar with know-your-customer legislation, multi-factor authentication and such like. However, I would like to point out that there is a crucial difference between logging in to a hedge fund account and logging in to a porn account. I want the hedge fund to know who I am, but I don’t want the porn account to know who I am. Which is not to say I want to be (or should be allowed to be) anonymous, just that there is no reason for the operators of the web site “Ministers without Portfolios” to know who I really am.

What we need is a working identity infrastructure that allows for strongly-authenticated pseudonyms

[From Identity and authentication technologies can make the Internet safer]

We have to come up with something that will work for the porn sites so that they want to implement it because it makes their lives easier. But it has to be something that will protect the privacy of individuals who are doing nothing illegal by checking out the Black Rod’s Garden Gate. Oh wait, that’s real…

Better choose another example. It has to be something that will protect the privacy of individuals who are doing nothing illegal by snapchatting their junk to attractive  opposite persons of the contradictory gender (who may or may not be real).

Brooks Newmark quit as the minister for civil society after he apparently sent a picture of his genitals, taken while he was wearing paisley pyjamas, to an undercover reporter who was posing as a “Tory PR girl”.

[From Brooks Newmark Quits As MP: ‘Sexting’ Scandal Places ‘Intolerable Burden’ On Family]

Actually, my idea wouldn’t have helped the Minister in this instance, because it’s not about identifying people, it’s about protecting their identities. (That’s enough examples, Ed.)

The protection of privacy must be by a trusted intermediary. A bank, for example. Here’s a free idea for the DCMS to consider. I go to log in to “Home Secretaries in Heels” or whatever my favourite fetish site of the day is. It asks me to create an account. As part of the account creation process it asks for my bank. I tell it Barclays. At that point, I am bounced to the Barclays web site and asked to log in. I do this using my dongle (**). Once I am authenticated, Barclays generates a one-off service provider ID (maybe by hashing my account number and the DNS name of the requesting site). I am then bounced back to the porn site to continue browsing, logged in using the bank-provided pseudonym. The porn site gets a digitally-signed message from Barclays that says “this person is over 18 and known to us” together with the service provider ID. Now they have a unique identifier for me that cannot be traced back to me because it is the output of a cryptographic one-way function. What’s more, the service provider ID will be different for each site where I create an account: “Bigger Ben” cannot collude with “Dispatch Fox” to determine that I am the same person.

Now, you may think that I am being slightly flippant about this serious topic, but I am not. Taking active steps to create digital identity services that have privacy as an integral element of the customer proposition means that banks can establish a clear, responsible, customer-centric position in the emerging value network. The payment system isn’t a policeman, but banks might be privacy providers.

(*) Sincere apologies for appalling but irresistible puns throughout.

(**) The two-factor authentication device that I use to access my Barclays bank account.

 

IBM upgrades mainframe to encrypt data at high speeds | American Banker

xxx

Banks have had to hash personally identifiable customer information, such as address, date of birth and Social Security number, since 2003,

From IBM upgrades mainframe to encrypt data at high speeds | American Banker

xxx

Saturday, 15 July 2017

Films for planes review of "Life"

Life ☀️☀️

In the mood for some sci-fi I punched this up on a transatlantic flight. At first I thought I’d made a reasonable choice. Nice start, interesting idea even if you sort of knew what the plot would be, good special effects to get the story moving.

Lots of it was too dark to see properly so I couldn't entirely tell what was going on.

Rating System

In case you’d forgotten, I use a five sun rating system. It works like this:

  1. Movie gets one sun for interesting story with good acting

  2. Movie gets one sun for not having an English villain

  3. Movie gets one sun for not being too dark or having lots of special effects, so you can enjoy it properly on an airplane screen

  4. Movie gets one sun if I watched all the way to the end without falling asleep or turning over because I was bored

  5. Movie gets one sun if it doesn’t have Kate Winslet in it

So any movie I watch on a place gets at least one sun, and if they pull out all the stops they can get five.

Friday, 14 July 2017

Platform currencies may soon be obsolete – The Blockchain Investments Blog

xxx

"As frictions to holding and exchanging multiple cryptotokens decrease any payment system and any financial flow whatsoever can easily extend to all existing cryptocurrencies. "

Platform currencies may soon be obsolete – The Blockchain Investments Blog

xxx

Tuesday, 11 July 2017

Real Estate Fraud | Bar Works | Ponzi Schemes

xxx

Robert paid the first half of the $2,000 fee up-front — in Bitcoin. That’s when the consultant grew suspicious.

From Real Estate Fraud | Bar Works | Ponzi Schemes

xxx

Mobile payments taking off for contactless commuting

xxx

one-in-ten contactless journeys on London's buses and tubes now paid for by the likes of Apple Pay and Samsung Pay. The latest figures from Transport for London detail over one billion journeys on the transit network using contactless cards, with almost £2 billion spent by commuters since the cards were first accepted in 2012.

In total, 40% of all pay as you go journeys are now made using contactless. This is up from 25% in early 2016.

From Mobile payments taking off for contactless commuting

xxx

Sunday, 9 July 2017

Blockchain Technology Could Reduce Investment Banks’ Infrastructure Costs by 30 Percent, According to Accenture Report | Accenture Newsroom

xxx

Blockchain technology could reduce infrastructure costs for eight of the world’s 10 largest investment banks by an average of 30 percent, translating to $8 billion to $12 billion in annual cost savings for those banks, according to a new report by Accenture

From Blockchain Technology Could Reduce Investment Banks’ Infrastructure Costs by 30 Percent, According to Accenture Report | Accenture Newsroom

xxx

Using Blockchain to Solve Regulatory and Compliance Requirements

xxx

Distributed ledger technology (DLT) or blockchain has the potential to take away several pain points for financial institutions and regulators.

From Using Blockchain to Solve Regulatory and Compliance Requirements

xxx

Worldpay emerges as a winner in the war on cash

xxx

Mr Jansen says Worldpay can respond by selling extra services to its customers based on analysing all the data from the 41m transactions it handles on an average day.

From Worldpay emerges as a winner in the war on cash

xxx

Guru

Alan Woodward, one of the security-wallahs that I take very seriously, pointed me to a new paper from the University of Luxembourg: "Guru: Universal Reputation Module for Distributed Consensus Protocols".

We introduce reputation module Guru, which can be laid on top of various consensus protocols such as PBFT or HoneyBadger. It ranks nodes based on the outcomes of consensus rounds run by a small committee, and adaptively selects the committee based on the current reputation. The protocol can also take external reputation ranking as input.

Persistent reputation of pseudonyms is one of the key mechanisms that I think

Saturday, 8 July 2017

Bitcoin can be an asset but not currency - China central bank adviser | Reuters

xxx

Virtual currencies like bitcoin are assets but bitcoin in itself does not have the fundamental attributes needed to be a currency that could meet modern economic development needs, a Chinese central bank adviser said.

From Bitcoin can be an asset but not currency - China central bank adviser | Reuters

xxx

Monday, 3 July 2017

PSD2 impact on payments - Icon Solutions

xxx

PSD2 and Instant Payments to drive a 37% decline in online card volumes by 2027 Boosted by increased consumer convenience, Instant Payments will overtake cards by 2025 Retail Instant Payments in Europe will hit €725bn in transactions by the end of 2027 Single card payments set to decline from 40% to 11% market share by 2027 Instant Payments will become one of the main online payment tools in Europe, accounting for roughly €338bn of direct online expenditure

From PSD2 impact on payments - Icon Solutions

xxx