Snippets

Thanks to Richard van Arnholt for pointing out to me that NIST now states that if authentication is used via sms (out-of-band), ‘the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. […] Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.’ xxx

xxx Blockchain could become the future of the passport. It is a transparent and tamper-proof ledger, which can be used to verify a person’s identity. From Blockchain: the future of the passport? | Reform This sounds like typical magical thinking, but if you look at the diagram in their report, what it actually shows is something not entirely crazy. The idea would be to have some form of government shared ledger (let’s call it the UKLegder) that is validated by a number of public bodies.

xxx Instead, du Toit predicts, banks will partner with Amazon and others. Lenders would manufacture financial products, and tech giants would serve as distribution and servicing channels. In other words, what Amazon already does with consumer goods. Yet because distribution accounts for two-thirds of banking profits, according to a McKinsey & Co. report, banks may not love being relegated to mere factories for mortgages and credit cards. And because Amazon wouldn’t have to pay to lure customers -- it already has millions of them -- it could afford to set up digital accounts without “all the nuisance fees and relatively high minimum balances” that lenders impose From Consumers Want Tech Firms to Take On the Banks - Bloomberg xxx

The “meme” that banks are, essentially, a special kind of technology company (special because they are granted special privileges that other companies do not have, such as the ability to create money) is common. Here's what Christian Edelmann and Patrick Hunt  said in the Harvard Business Review : "Technology specialists will play a greater role in allocating investments, working alongside senior management from a more traditional background". From my early experiences as an advisors to boards, I can see the dynamics at work here. To pick an obvious topic, some financial organisations' early response to open banking was to see Application Programming Interfaces (APIs) as something to do with technology and therefore not strategic. This left them on the back as   xxx Instead, du Toit predicts, banks will partner with Amazon and others. Lenders would manufacture financial products, and tech giants would serve as distribution and servicing channels. In other words,

xxx Facebook’s new “proactive detection” artificial intelligence technology will scan all posts for patterns of suicidal thoughts, and when necessary send mental health resources to the user at risk or their friends, or contact local first-responders. From Facebook rolls out AI to detect suicidal posts before they’re reported | TechCrunch This is admirable, of course. No-one would say otherwise. But it must be transparently obvious that the same technology could detect all sorts of other patterns as well.

xxx The advancements made in social media analytics empower deciphering social media data to forecast impending life events… The ability to discern such events in advance can certainly help retail banks in targeting customers – current and future, with personalized products and offerings that are most relevant to them. From Banks need to swipe their 'social media' cards to pay up for Person... xxx

xxx The number of young people caught acting as "money mules" has doubled in the past four years, according to the UK's fraud prevention service, Cifas From Number of young people acting as 'money mules' doubles - BBC News xxx

xxx The group in Shaoguan is accused of moving money illegally using 148 bank accounts opened in 20 provinces with stolen identity cards, according to Xinhua. From China Reports Breaking Up Gang That Moved $3 Billion Abroad - Bloomberg xxx

Identity fraud is absolutely out of control in the UK and there is, so far as I can see, no prospect of any form of infrastructure coming into place to deal with the problem. Whether we look at scammers going through Facebook to perpetrate dating fraud or going through LinkedIn to perpetrate invoice fraud or going through the Land Registry to perpetrate property fraud or going through Companies House to perpetrate corporate fraud, we can draw only one conclusion:  identity is broken . Until we fix identity, we can’t attack fraud. And since it’s going to take a while to fix identity, even if we start now, that means that fraud is going to carry on getting worse. Don’t believe me? Then listen to a bank: [Barclays] is predicting that online festive fraud will be at its highest ever levels in December 2017 and could cost shoppers more than £1.3bn. From Barclays warns of unprecedented online fraud this Christmas Well, here’s wishing you a Happy New Year! The truth is that we are under

xxx Less clear cut, however, are likely to be arguments over digital currencies issued by central banks. Like cash, which they could eventually replace — but unlike bitcoin — they would be backed by monetary authorities, so they would also act as a store of value as well as widely accepted means of payment. From Central banks should embrace digital currencies, Axel Weber says xxx

xxx The financial revolution due to hit Britain in mid-January has had surprisingly little publicity and has little to do with the money-related things making news headlines over the last few years. In other words, it's not a new technology, not even a cryptocurrency. Instead, this revolution is regulatory: banks will be required to open up access to their accounts to third parties. From net.wars: Regulatory disruption xxx

xxx Police can’t force you to turn over your passcode, but they can, theoretically, force you to unlock the phone with your face. From Apple plans to share some iPhone X Face ID data. Uh oh. xxx

xxx On Friday, Estonia's Police and Border Guard suspended an estimated 760,000 ID cards known to be affected by the crypto vulnerability. From Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica xxx xxx The country is now issuing cards that use elliptic curve cryptography instead of the vulnerable RSA keys, which are generated by a code library developed and sold by German chipmaker Infineon. From  Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica xxx

xxx Reporters found that, in Shanghai, some shops even ask consumers to apply for a membership card if consumers want to use cash, and others hang "no cash" signs on their doors, Laodong Daily reported Thursday. From Shanghai shops refusing cash are illegal: authority - Global Times xxx

xxx modesty forbids me from noting Consult Hyperion’s role in the project, so I’ll let Finextra do it instead From NFC drivers | Consult Hyperion xxx

xxx To those who believe bitcoin's main innovation is the exclusion of a central authority -- a peer-to-peer system in which transactions are validated by "miners" -- the interest of China and Russia is baffling. But those governments aren't looking to give up control to the blockchain. On the contrary, they are trying to figure out how to lower the cost for a centralized issuer to control everything that's going on in the financial system.  From Authoritarian Cryptocurrencies Are Coming - Bloomberg xxx

xxx Royal Bank of Canada's chief executive says data is the battleground for banks that will determine the future success of financial institutions. From RBC CEO Dave McKay: Battleground for banks is data - Article - BNN xxx

xxx FURIOUS Nationwide customers had their payments declined and were locked out of their accounts when the bank's system went down yesterday. From Nationwide customers 'bank cards suddenly stopped working' after technical glitch The system went down. But what if there was no system to go down? Imagine that each ATM is a node in a shared ledger. Suppose a bank has a million customers, and each customer’s transaction record is 1Kb. A balance, last few transactions, that sort of thing. No need to store the whole transaction history in the ledger. That’s 1Gb. Maybe 10Gb for all of the bank customers in the UK. I have a flash drive in my bag with 128Gb on it and it cost like $50. Now, when someone draws money from an ATM the ledger is updated over a few minutes at all of the other ATMs (remember, ATMs are doing nothing most of the time). If an ATM goes down, so what? Just go to another one. When an ATM comes back, the ledger will update.

xxx While individual organizations in the public health network share the same overall mission, a complex mishmash of data usage agreements and government privacy rules dictate which members can access information and which ones can modify it. From Why the CDC Wants in on Blockchain - MIT Technology Review A blockchain, I guarantee, won’t make any difference to this. Those privacy rules don’t depend on whether you store the data in a spreadsheet or a database and they don’t depend on whether the data is in a shared ledger of some form either. How should identities, not only patient IDs but also the IDs of public health organizations, be managed on the blockchain? From  Why the CDC Wants in on Blockchain - MIT Technology Review If Open Banking is a success, then banks are going to fail. One viable picture of the future is of a few giant megabucks sitting in the background, like PG&E or British Gas, while other banks go to the wall and consumers obtain their financial servi

xxx The banks’ response to the growth of the Zelle network follows positive statistics from the service itself, which reported 100 million transactions in September 2017 totaling $33.6 billion. From One Year After Rollout, Banks Are Bullish on Zelle | Bank Innovation | Bank Innovation xxx

According to the Daily Mail, the police have seen an " explosion in the use of digital currency by criminals who are strolling into cafes, newsagents and corner shops to dump their ill-gotten gains in virtual currency ATMs ". Well, let’s hope so because Bitcoin isn’t fungible (unlike the £50 notes so helpfully provided to the criminal fraternity by the - yes, couldn’t make this up - Bank of England) which means that the money can be traced from wallet to wallet so that should make it easier for these detectives to get a handle on where the ill-gotten gains are heading. While I remain concerned about the rise of Bitcoin for reasons of consumer protection, I am much less concerned about its use in crime. First of all, if the demand for Bitcoin were about crime (and not speculation) is would actually be worth far less than it is today. There just isn’t enough crime. Calculations based on the use of Bitcoin in this sector of the economy put its value at something like one-twenti

xxx Alt-right blogger Jenna Abrams (@Jenn_Abrams) enjoyed a large following in Twitter, and her tweets were cited by Buzzfeed, the NY Times, and other news agencies. It turned out "she" was another creation of the Internet Research Agency, the Russian government-funded troll farm in St. Petersburg. From An alt-right Tweeter with 80k followers is a fictional entity created by Russian troll farm / Boing Boing xxx

xxx Criminals are exploiting the gift card loophole to commit financial fraud for a myriad of reasons, including money laundering, and as a way of moving illicit funds by drug cartels and terrorists. From The evolution of gift card fraud » PaymentEye xxx

xxx One in five cash points will disappear from Britain's high streets within four years, according to the ATM industry body.  From One in five ATMs set to close over next four years xxx