Snippets

xxx "The security incident stemmed from cybercriminals breaching Checkers’ systems and installing malware on point of sale systems across more than 100 of its stores. The malware is designed to collect data stored on the magnetic stripe of payment cards, including cardholder name, payment card number, card verification code and expiration date… The incident impacted 102 stores Checkers across 20 states – which were all exposed at varying dates, including as early as December 2015 to as recently as April 2019" From "POS Malware Found at 102 Checkers Restaurant Locations | Threatpost" . xxx

xxx "NDI is a digital credential for users to transact with Government and businesses using a single trusted digital identity. Industry can make use of the NDI to build new services and improve the security and user experience of existing services. By the third quarter of FY19, the Government will launch ‘SG-Verify’, a facility for businesses to perform secure identity verification and data transfer through QR scanning. This will provide businesses an alternative for visitor registration and access, customer acquisition at roadshows, or any other use cases that require identification;" From "More Citizens and Businesses Satisfied with Government Digital Services" . xxx

xxx "In an initial trial conducted with Carphone Warehouse, more than half of customers chose to use the new NatWest service rather than using their card," From "NatWest leverages open banking to cut transaction fees by 25% • NFC World" . xxx

xxx The system could also read the serial number on the banknotes accepted, and allow casinos to “track every single transaction to an individual piece of paper or currency,” he added. From GGRAsia – JCM Global promotes its casino banknote tracking tech . xxx

xxx A Chinese woman in Cangzhou, Hebei, bought a 190,000 yuan ($27,500) car with 66 bags of coins. Workers spent three days counting the coins, estimated to amount to around 130,000 yuan ($18,800). The remainder was paid electronically. From Buying a car with coins - Inkstone . xxx

When Facebucks were first announced, the FT Lex column asksed why, if Facebook launched a “cryptocurrency” (let’s not get into whether it is a cryptocurrency or not again), "why would anyone want to use it?”. The column says that since purchases can be done "safely and easily with credit cards in stable, government-backed currencies” there is no market for a Zuckbuck. This is wrong, for three main reasons. First, not all of Facebook’s two billion plus users have credit cards or bank accounts, and even if they do, it’s a pfaff tohave to come out of Facebook, log in to some web site somewhere and type in card details etc. Especially when you personal information is none of the business of the person you are buying from. Second, a credit card works if you are paying a shop but it’s not that much use if you are paying a person, or you’re one of a group of kids trying reconcile and settle money for a party or something. There are many reasons why Libra won’t work - We’ll have

xxx "Close to 60 per cent of WeChat revenue comes from payments. Less than a third is from advertising. If Facebook could create a digital currency that ties together multiple payments services it would also gain access to a wealth of new information that would make its advertising business more valuable." From "Facebook: coining it | Financial Times" . xxx

xxx "In 1954, UK-based technology company Pye Radio came up with a neat little cost-cutting innovation. In order to avoid the expense that came with collecting cash from the bank, guarding it, checking it and sorting it into individual wage packets, they decided they would pay their (mostly very skilled) workers by cheque. It did not go well. Employees weren’t keen on having to do the extra work of collecting the cash themselves. Protests were made on the basis that the system contravened the Truck Act of 1831, which forced employers to pay wages in the ‘current coin of the realm’ (rather than in scrip). The labour market was tight at the time; unemployment in the UK was under 2 per cent. Pye went back to cash. It was another six years until they could try again: the 1960 Payment of Wages Act finally allowed employers to pay wages by cheque, something the banks had long been pushing for (people with cheques often like to have bank accounts)." From "Workers will be p

xxx "Businesses exempted from the [Philadelphia] law include parking garages and lots, wholesalers like Costco that have memberships, and those that typically need large deposits unlikely to be paid in cash like hotels, the Journal wrote. It also has a carve-out for ‘retail stores selling consumer goods exclusively through a membership model that requires payment by means of an affiliated mobile device application’" From "Philadelphia Just Banned Most Cashless Stores" . xxx

xxx "Cities with immigrant communities also tend to have higher rates of unbanked residents, like Los Angeles, where 8.6 percent of the population doesn’t have bank accounts. People avoid financial institutions for numerous reasons, including in order to stay away from monthly charge fees, overdraft penalties, or minimum balance requirements. Some people also don’t have credit cards if they aren’t documented or don’t have a strong enough line of credit." From "Philadelphia bans cashless stores, moving against a cashless society - Vox" . xxx

xxx According to the complaint, in October 2017, Edwards downloaded thousands of FinCEN files containing highly sensitive information relating to Russia, Iran and terrorist groups such as ISIS, to a flash drive. Edwards does not appear to have been involved in any official projects or tasks relating to these files. Throughout the course of 2018, Edwards unlawfully disclosed numerous SARs — and emails and investigative memoranda related to the SARs — to a reporter by taking photos of the SARs and texting them to the reporter through an encrypted application. From Arrest of FinCEN Employee for Unlawful Disclosure of SARs and SAR Information - Lexology . xxx

While flicking through British Vogue magazine for some moisturising tips, I came across a mention of digital identity! I was surprised and delighted that (just as has happened another of my obsessions, Dungeons and Dragons) what was once the province of nerds and outsiders has become fashionable and cool. Hurrah! Vogue says that secure digital identities for luxury goods are crucial , which is great! I could not agree more. Digital identities are not only for people! I have been writing about the need for digital identities for things for many years, and not only for high fashion (a field where, oddly, I have some experience of adding NFC tags to the fashion show experience, but that’s another story).   Some years ago I asked if “the blockchain” (put to one side what this might mean for a moment) might be a way to tackle the issue of "ID for the Internet of Things" (#IDIoT). I said at the the time that I had a suspicion that despite some of the nonsense going on, there m

The British approach to creating a national digital identity scheme is, to say the least, unusual. Sky News recently summarised the situation well by saying “thanks to its ill-conceived porn block, the government has quietly blundered into the creation of a digital passport - then outsourced its development to private firms”. One of these private firms is Mindgeek, who run the world’s biggest porn site, Pornhub. I make no comment on them or any of the other companies that has stepping to provide digital identity and the same time that the government has stopped funding its own digital identity scheme (gov.verify) which was, in any case, not being used for the important and obvious use of age verification for adult services. But why does Sky called the mandatory age verification for adult services “ill-conceived”? Let’s pop over to the New York Times for a quick lesson in the history of what uncharitable persons call the “Hancock Wall” because it was pushed into law by Matt Hancock w

xxx I lost north of $100,000 last Wednesday. It evaporated over a 24-hour time span in a “SIM port attack” that drained my Coinbase account. From The Most Expensive Lesson Of My Life: Details of SIM port hack . xxx

xxx Venture capitalists have all aligned on the best solution: kitchens that only serve delivery customers, known as “cloud”, “ghost” or “dark” kitchens, that use a combination of advanced food preparation, underused real estate and algorithm-driven optimisation to lower overheads and increase output. From The start-ups building ‘dark kitchens’ for Uber Eats and Deliveroo | Financial Times . xxx

A few years ago, along with colleagues at Consult Hyperion, I was looking at the potential for the blockchain in the identity space. (Put to one side what is meant by blockchain and what is meant by identity.) One of the ideas that came out at that time was to record the create, read, update and delete (CRUD) operations on the virtual identities (personas, if you like, each containing an identifier and credentials) in a virtual shared ledger (VSL, aka the “CRUDchain") and then anchor the VSL in one or more actual shared ledgers, including one or more public blockchains. As it turned out, no-one was much interested in this idea. Three years ago I took it to the Dutch Blockchain Innovation Conference in Amsterdam. Here are a couple of diagrams from that presentation. First here’s the CRUDchain... And here is the idea of gathering the CRUDchain transactions and putting them on the blockchain.  Of course, what I envisaged those CRUD transactions operating on were public key certi

xxx "Where does an alleged war criminal accused of torture and directing mass executions look for work while living in the United States? For Yusuf Abdi Ali, there was an easy answer: Uber and Lyft. Within a couple of days of applying to be a ride-share driver, Ali said he was approved to shuttle passengers from place to place. He's been doing it for more than 18 months, according to his Uber profile. When CNN reporters recently caught a ride from Ali, the former Somali military commander was listed on Uber's app as an 'Uber Pro Diamond' driver with a 4.89 rating." From "Accused war criminal is an Uber driver - CNN" . xxx

xxx "One critical difference with a traditional bank run is that, in a digital run, the money presumably stays within the banking system, but is moved to another bank." From "Bank runs in the digital era | FT Alphaville" . I hadn’t really thought much about this. In an old-fashioned bank run where panicked customers storm bank branches to demand to demand their cash and the contents of their safety deposit boxes — as happened last week in west London, for example, when rumours about the stability of Metro Bank spread from an anonymous source in Slough to depositors who had apparently never heard of the Financial Services Compensation Scheme (FSCS) — the money may re-enter the banking system, it may end up under mattresses or re-invested into Bitcoin or something. But a digital bank run is different. (If I heard from someone in Slough that Barclays was about to go down, taking my overdraft and mortgage with them, I might well log in and transfer the £47.23 in

xxx The first known case of humans going to court over investment losses triggered by autonomous machines will test the limits of liability. From Who to Sue When a Robot Loses Your Fortune - Bloomberg . xxx

xxx The RBI plans to reach people who have yet to adopt electronic payments and says it expects a “revolutionary shift” towards digital means of payment over the coming decade. It warns cash “entails a significant cost” to the economy From RBI unveils vision for e-payments overhaul - Central Banking . xxx

xxx "A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said." From "WhatsApp voice calls used to inject Israeli spyware on phones | Financial Times" . xxx

The Mexican government wants to provide citizens (only a third of whom have bank accounts) with a service along the lines of M-PESA (M-PESO?). The service, called CoDi, will allow consumers to make P2P payments and pay in-store an online using QR codes. There is an issue, however, in trying to reach the unbanked by requiring them to open accounts with banks that they already have access to but don’t use.

As Larry White, someone who I always take very seriously in any such discussion, said in the Cato Journal “Some other writers and officials… do seek a cashless society. They want to drive all transactions into forms that leave an audit trail for the law enforcement and tax authorities”. I think I’m probably in this category. While I appreciate the arguments of Larry and others about anonymity, I do not agree with them. This is because I do not see that the only two options as being anonymous physical cash or unconditionally traceable digital money. We have a wide variety of tools available to us to construct the next generation of digital money and some form of pseudonymous alternative is probably best for society as a whole. In this article, Larry notes that the Swiss National Bank (SNB) is "the most important central bank still bucking the trend". It has said that it has no plans to withdraw its 1,000 Swiss Franc (CHF)  note.  The highest-denomination banknote in the world

xxx Ninety percent of blockchain-based supply chain projects are faltering because they cannot figure out important uses for the technology, research firm Gartner said on May 7. From Gartner Survey: 90% of blockchain-based supply chain projects are in trouble | Modern Consensus | Cryptocurrency and blockchain news and opinions . xxx

xxx Germany, one of Europe's last bastions of cash, has seen card payments eclipse traditional cash-based payments for the first time according to a new study. Research from the Cologne-based EHI Retail Institute showed that in 2018, consumers' card payments accounted for 48.6% of total retail sales, narrowly overtaking the 48.3% of cash payments. From Germany sees card payments overtake cash . xxx

xxx "Microsoft will promote JPMorgan Chase’s Quorum blockchain to the global tech giant’s business customers, the companies announced Thursday. The Redmond, Washington-based software firm will support Quorum, JPM’s private enterprise version of ethereum, through Microsoft’s Azure cloud platform, the firms said. They will look to support adoption of the network through their new partnership, after signing a memorandum of understanding. As a result, Quorum ‘will become the first distributed ledger platform available through [the] Azure Blockchain Service, enabling J.P. Morgan and Microsoft customers to build and scale blockchain networks in the cloud,’ the companies said in a press release." From "Microsoft Makes JPMorgan's Quorum the Preferred Blockchain for Azure Cloud - CoinDesk" . xxx

xxx Authentication solutions provider Payfone recently collaborated with credit agency TransUnion in an effort to crack down on fraudulent activities. Under the partnership, Payfone’s Trust Platform and Trust Score will be integrated into TransUnion’s IDVision and iovation suites, enabling users to instantly verify customers and thwart potential fraudsters in real time. From Citi Uses Biometrics For 'Security Perimeter' | PYMNTS.com . xxx

While I was reading something about  big data ethics I came across a fascinating comparison between the National Funeral Directors Association code of ethics and what might appear in a code of ethics for data scientists: specifically, a prohibition against "withholding services (like delaying the embalming process) or the body of a loved one (from release to a family or other legally recognised party) until payment for services has been received". The comparison suggests that a code of ethics for data scientists might be careful to not make certain kinds of data or informational transparency "contingent on an ability to pay or by coercing users to give up more personal data in the process".

In fact, as the Wall St. Journal noted recently, face recognition for animals is actually pretty difficult. As they put it, " It’s not like you can tell a donkey to stand still ". Quite. Nevertheless it can be done. I was privileged to have Dr. X X from JD Digits, a subsidiary of JD (China’s largest e-commerce business) on my panel about AI ethics and governance at the Innovate Finance Global Summit (IFGS) 2019. This was a great panel, by the way, largely because the well-informed panellists took the discussion in interesting directions. Anyway JD Digits, amongst other things, runs face recognition services for farmyard animals such as cows and pigs. It turns out that pig face recognition is a big business, There are 700m pigs in China, the productivity gains that farmers can obtain from ensuring that each pig is fed optimally, that sick pigs are kept away from the herd (and so on) are very significant. (Apparently the face recognition system also goes some way to reigning i

It’s kind of interesting to see RBS become a challenger. Tyl is obviously going to compete with their former acquiring business WorldPay, and in a sector that is consolidating and pushing for scale, but they do have one obvious means to obtain traction: as the FT noted , RBS is the biggest SME lender so they have the connections and the data needed to get some traction.

Gillian Tett, writing in the Financial Times Magazine , points out that the early evidence is not promising. Researchers who were tracking half a dozen DEXes over 18 months found that they were infested with bots that enable unscrupulous traders to cream off gazillions (basically by front running).

At the excellent CSFI round table to discuss Simon Gleeson’s book “ The Legal Concept of Money ”, Charles Goodhart and I were invited on to the panel to discuss the subject (particularly in relation to cryptocurrencies). Simon is a respected (to say the least) expert on banking law kso as you can imagine his opinions were of great interest and very valuable. One topic that naturally occupied some of the discussion was “legal tender”. Simon was quite clear: the concept of legal tender is tangential to the debate and of almost complete irrelevance. The reason it keeps cropping up 

xxx Option A: Mandate retailers to only sell consumer IoT products that have the IoT security label, with manufacturers to self assess and implement a security label on their customer IoT products. From Secure By Design: All You Need To Know Consumer IoT Security | Security | Computerworld UK . xxx

xxx lmost 800,000 account holders on porn site Brazzers have had their details breached thanks to a vulnerability in the vBulletin forum software, potentially exposing some to online extortion attempts. Some 790,724 unique email addresses, as well as user names and plain text passwords, were exposed in the data dump From Brazzers Porn Site Users Caught Out in Data Breach - Infosecurity Magazine . xxx

xxx The age verification rule grew from a Conservative party campaign promise in 2015, and ended up tucked into what would become the Digital Economy Act 2017, a wide-ranging bundle of internet rules and regulations. Among the bill’s consequential but stultifying provisions about telecommunications infrastructure, copyright enforcement and government data sharing, the porn rule remained not only intact but grew stronger over time (thanks in part to copious media coverage). The bill was hastily rubber-stamped before Britain’s 2017 general election, and questions about how exactly it would be enforced, as well as concerns about user privacy, were set aside to be dealt with later. From How the U.K. Won’t Keep Porn Away From Teens - The New York Times . xxx

We’ve just had some more elections in the UK and the push for voter ID continues. It’s not all gone completely smoothly. I read in the Daily Mirror of the sad tale of woman in her eighties turned away from the polling booths because she misunderstood the instructions and "brought a photograph of herself, rather than a photo ID” to vote. An easy mistake to make. But why is there a push for voter ID in the first place? There is no problem with voter ID in the UK. It is a non issue. I live in a constituency where there is actual electoral fraud ( people were jailed for it ) and it was (as it always is) because of problems with postal ballots. The amount of what is known as “personation” (pretending to be someone else) at the polling station is utterly insignificant.