Snippets

xxx A digital identity is a collection of features and characteristics associated with a uniquely identifiable individual — stored and authenticated in the digital sphere — and used for transactions, interactions, and representations online. From The Digital Identity: What It Is, How It's Created, and How to Benefit from It . xxx

xxx Banga said “we are making good progress” on SRC and testing the system with card issuers and merchants. “We are actively working on Masterpass upgrades to SRC with partners like Tickets.com, Expedia Group, Saks Fifth Avenue, and Norwegian Cruise Lines, and we expect to launch in the United States in the next few months,” he said. From Mastercard’s Transaction Volume Jumps 18%; Secure Remote Commerce and Contactless Payments Gain – Digital Transactions . xxx

xxx "In the case of Capital One, the hacker largely tapped the personal information of consumers and small businesses that applied for credit card products between 2005 and 2019, collecting names, addresses and phone numbers, self-reported income, credit scores and payment history, among other personal information. About 1.1m Social Security Numbers and 80,000 linked bank account numbers were also accessed, Capital One said." From "Capital One reports massive data breach after hacking | Financial Times" . xxx

xxx "Outside the financial sector, I particularly enjoyed the keynote on the third day from Colleen Manaher from the US Customs and Border Control. She was talking about the use of biometrics and spent some of the time talking about the specific use of biometrics in airports as an interesting example of how to use biometric technologies for security but at the same time deliver convenience into the mass market. The point of her talk, was partnerships around identity. In this case, she was talking about quite complex public-private partnerships in travel. The investments made in biometrics to allow paperless travel have obvious benefits in terms of security but, as we have found in our other work about the cross-sector exploitation of digital identity, intelligent use of these new capabilities can also transform the customer experience. The same biometric system that scans your passport picture on entry to the airport and then checks you in for your flight can also be used to di

xxx "Facial recognition technology used by London’s Metropolitan Police incorrectly identified members of the public in 96 per cent of matches made between 2016 and 2018." From "Met police's facial recognition technology '96% inaccurate' - inews.co.uk" . xxx

xxx "First, as we saw above, it’s easy to attain high confidence in the incorrect classification of an adversarial example — recall that in the first ‘panda’ example we looked at, the network is less sure of an actual image looking like a panda (57.7%) than our adversarial example on the right looking like a gibbon (99.3%). Another intriguing point is how imperceptibly little noise we needed to add to fool the system — after all, clearly, the added noise is not enough to fool us, the humans." From "Breaking neural networks with adversarial attacks - Towards Data Science" . xxx

xxx "Switch a few pixels here or there, or add a little noise to what is actually an image of, say, a gray tabby cat, and Google's Tensorflow-powered open-source Inception model will think it’s a bowl of guacamole. This is not a hypothetical example: it's something the MIT students, working together as an independent team dubbed LabSix, claim they have achieved." From "How we fooled Google's AI into thinking a 3D-printed turtle was a gun: MIT bods talk to El Reg • The Register" . xxx

xxx "SMS has well-known security weaknesses and SMS codes are susceptible to interception by the likes of malware or weaknesses in the SS7 networking protocol. To avoid this, organisations should move to more secure push-based or app-based mobile authentication technology" From "Leading UK networks team up to defeat SMS-based phishing scams" . xxx

xxx "The SMS Phishguard initiative from EE, O2, Three and Vodafone aims to stamp out text message based phishing scams, where fraudsters are able to ‘spoof’ numbers so bogus texts appear to be sent from a bank." From "Mobile networks aim to stamp out banking text frauds | Financial Times" . xxx

We’re seeing a lot about strong customer authentication ( SCA ) at the moment because of the requirement of the Second Payment Services Directive (PSD2) that comes into force in September. That’s because there’s a lot of fraud online, it’s getting worse and the strong authentication of people (in this case, online customers) is seen as being a way to tackle it. PSD2 demands SCA, and this means that European banks and Payment Service Providers (PSPs) have had to up their game. Strong authentication, in this context, means “two factor authentication” (2FA). What 2FA means is that you must present two “factors” to demonstrate you are who you say you are. The three factors you can choose from are something you have, something you are and something you know (or, in my case, something I had, something I was and something I’ve forgotten). When you buy something in a shop, for example, you present a credit card (something you have) and put in a PIN (something you know). When you enter the co

xxx "While the American Bankers Association remains a strong proponent of charter choice and generally does not comment on individual charter applications, the association expressed serious concerns about the implications of a large technology company obtaining a banking charter. ‘As Japan’s largest e-commerce site, Rakuten is a major technology firm engaged primarily in non-financial activities,’ said ABA President and CEO Rob Nichols." From "Japanese Retail Giant Applies for Banking Charter | ABA Banking Journal" . If Rakuten get a licence, then why not Amazon?

xxx "Available evidence suggests that even if ‘teething’ issues are resolved, if policy implementation is true to policy design, people will still, very likely be where they were before the integration of Aadhaar with welfare began. This is because of the over-centralized architecture of the technology, combined with the weak accountability of intervening administrative links. These are a crucial part of the design problem in the Aadhaar project. In that sense, Aadhaar is 'pain without gain.'" From "Aadhaar Failures: A Tragedy of Errors | Economic and Political Weekly" . xxx

xxx "The FBR had sought the cooperation from the central bank after it found out that hardly 10% of over 50 million bank account holders were income tax filers. ‘The existing legal framework provides constraints on procuring and sharing of privilege/confidential information relating to the affairs of the banks’ customers,’ the SBP wrote to the FBR." From "Pakistani Regulators Use Credit Card Data to Find Tax Fraud | PaymentsJournal" . xxx

xxx The results of the case could have implications for financial institutions which use SMS as a means of verifying account holders. From Cryptocurrency investor who lost $24 million in SIM swap attack to... . xxx

xxx "The Bretton Woods arrangements also seemed highly unlikely until they were in place. They involved a complicated system of exchange rate pegs, capital controls and a ‘gold pool’ (and other methods) to control gold prices and redemption ratios. What’s more, the whole thing was dependent on America’s role as global hegemon, both politically and economically. The dollar still was tied to gold, and the other major currencies tied to the dollar, but as the system evolved it required that no one was too keen to redeem dollars for gold (the French unwillingness to abide by this stricture was one proximate cause of the collapse of Bretton Woods). I don’t think a monetary economist from, say, 1890 could have imagined that such an arrangement would prove possible, much less successful." From "Bretton Woods 75th Anniversary: Expect the Unexpected - Bloomberg" . xxx

xxx "Enter local currencies. From BerkShares in western Massachusetts in the US to the Brixton Pound in the UK and the Chiemgauer in Germany, these currencies are designed to be spent in a specific community. There are more than 100 operating worldwide, and they’re all fuelled by a common sentiment: They want to support local businesses and the people who frequent them." From "Why your city should have its own currency |" . xxx

xxx "For bargoers, however, these systems create an uncomfortable new paradigm for partying, one in which data-sharing is a norm and technological tools can multiply the consequences of a single bad night. And once a bar adopts an ID scanning system, even innocent patrons may never know where their ID data will end up, or how it will be used." From "This ID Scanner Company is Collecting Sensitive Data on Millions of Bargoers" . xxx

xxx "Recent figures show that last year the fraud prevention service Cifas reported 189,000 incidents of identity theft in the UK. As well as reducing the need to upload copies of passports online, the scheme aims to stop people having to take passports into bank branches. Government figures estimate that around 400,000 UK passports are lost or stolen every year." From "Warning over uploading copies of passport online as Government launches trial scheme to reduce identify theft" . xxx

xxx "Digital ID could be a solution to the gig economy’s marketplace problems. Unlike a paper-based IDs such as most driver’s licenses and passports, a digital ID can be authenticated remotely over digital channels. That means platforms like Uber, Task Rabbit, and Fiverr could verify their drivers, handymen, and independent workers with one click—and both you and the platform could trust them." From "How digital ID could fix Uber, Lyft, and Fiverr — Quartz" . xxx

Online trust is a pretty serious issue, but it’s not alway easy to quantify. I mean, we all understand that it is important, but what exactly is the value in pounds, shillings and pence (or whatever we will be using after Brexit) and how can we use that value to bound some business cases? It’s one thing to say (as I often hear at conferences) that some technology or other can increase trust, but how do I know whether that means it is worth spending the money on it? At Consult Hyperion we have a very well-developed methodology, known as Structured Risk Analysis (SRA), for managing risk and directing countermeasure expenditures, but we need reasonable, informed estimates to make it work. The specific case of online reviews might be one area where trust technologies can be assessed in a practical way. In the UK, the Competition and Markets Authority (CMA) estimates that a staggering £23bn a year of UK consumer spending is now influenced by online customer reviews and the consumer organis

The acting Managing Director at the International Monetary Fund (IMF) and therefore the man in charge of money, David Lipton,  gave a recent speech in which he touched on digital currencies and noted that while he saw benefits (ease of use, lower costs and global reach) there are also a wide range of risks to be considered. He listed "the potential emergence of new monopolies, with implications for how personal data is monetized; the impact on weaker currencies and the expansion of dollarization; the opportunities for illicit activities; threats to financial stability” and went to specifically mention "the challenges of corporates issuing and thus earning large sums of money — previously the realm of central banks". This is a reference to seigniorage

xxx Facebook has rejected US lawmaker demands to halt its plans to launch a digital currency, despite two days of bruising hearings in Washington where the scheme was attacked as a threat to users’ privacy, the banking system and national security. David Marcus, the co-creator of the Libra cryptocurrency, told members of the House financial services committee on Wednesday that Facebook would not launch the project until it had sign-off from the necessary regulators. But he would not agree to stop working on the plans, as demanded by several senior members of Congress, or to launch it in a limited pilot project first. From Facebook rejects lawmaker demands to halt cryptocurrency | Financial Times . xxx

The leader of the Facebook initiative, David Marcus, said in his testimony to Congress that "if America does not lead innovation in the digital currency and payments area, others will. If we fail to act, we could soon see a digital currency controlled by others whose values are dramatically different”. When he says “others” he does not mean Amazon or Google. This might actually be Facebook’s strongest card. They are saying, I paraphrase, that you (ie, the US government) can allow people’s money to be controlled by us or by the Chinese Communisty Party.

xxx "In response, the OBIE is planning to create ‘Premium APIs’ that sit above the mandatory ‘Regulatory APIs’, providing a commercial incentive for banks to up their game and address some of the gaps in implementation." From "PSD2's narrow focus limiting the potential of Open Banking - report" . xxx

xxx “Marcus said… Facebook will not integrate third-party wallet software into its own apps, just Calibra" From "Libra: Senators ask why Facebook can be trusted to make cryptocurrency - Business Insider" . xxx

xxx "Marcus also repeatedly leaned on an assertion that plays into concerns about American geopolitical power: If an America company doesn't build this, someone else might, to the detriment of the US." From "Libra: Senators ask why Facebook can be trusted to make cryptocurrency - Business Insider" . xxx

xxx "First, it is unclear how parties will ensure that the user or beneficial owner of a currency or wallet is accurately identified – especially forthose without verifiable identity – and that transactions can be tied to that individual or entity." From "Washington insiders and Waters' memo: Here's what Congress wants to know about Facebook's Libra next week - The Block" . xxx

xxx "A poker-playing bot called Pluribus recently crushed a dozen top poker professionals at six-player, no-limit Texas Hold ’em over a 12-day marathon of 10,000 poker hands. Pluribus was created by Noam Brown, an A.I. researcher who now works at Facebook, and Tuomas Sandholm, a computer science professor at Carnegie Mellon University in Pittsburgh." From "Facebook’s Poker Bot Shows How A.I. Can Adapt to Liars" . xxx

xxx "Blockchain sanctions resistance is a long-term strategy for U.S. adversaries. None of the blockchain platforms currently operational could support the volume and speed of financial transactions moving through the conventional banking system. And most importantly, because blockchain ventures currently depend on real-world fiat currency and conventional bank accounts, U.S. sanctions pressure for now can reach businesses in the cryptocurrency and blockchain tech space. However, the U.S. position of influence is not necessarily permanent." From "FDD | Crypto Rogues" . xxx

xxx When a manufacturer builds a new product that plugs into an existing one despite the latter's manufacturer's hostility, that's called "adversarial interoperability" and it has been around for about as long as the tech industry itself, from the mainframe days to the PC revolution to the operating system wars to the browser wars. From Interoperability: Fix the Internet, Not the Tech Companies | Electronic Frontier Foundation . xxx

xxx The reason why German banks are dropping support for SMS OTP is because of legislation that the EU passed in 2015, set to enter into effect on September 14, this year. From German banks are moving away from SMS one-time passcodes | ZDNet . xxx

xxx "Staff will develop a procedure for issuing and using market SDRs following currency board rules and backed 100% by official SDRs or by an appropriate mix of sovereign debt of the five basket currencies." From "Proposal for an IMF Staff Executive Board Paper on Promoting Market SDRs | The Bretton Woods Committee" . xxx

xxx "As the papers describe it, the Reserve portfolio sounds like a government-bond money-market mutual fund. It is to hold only short-term government bonds and cash equivalents. The bonds are all to be low in default risk, highly liquid, and low in duration risk." From "Libra's Unresolved Puzzles - Alt-M" . xxx

Science and Technology Select Committee report on “Digital Government" 10th July   xxx "Rt Hon Norman Lamb MP, Chair of the Science and Technology Committee, said: ‘The potential that digital Government can bring is huge: transforming the relationship between the citizen and the State, saving money and making public services more efficient and agile. However, it is clear that the current digital service offered by the Government has lost momentum and is not transforming the citizen-State relationship as it could. ‘Single unique identifiers can transform the efficiency and transparency of Government services. The Government should ensure there is a national debate on single unique identifiers for citizens to use when accessing public services along with the right of the citizen to know exactly what the Government is doing with their data. In the UK, we have no idea when and how Government departments are accessing and using our data. We could learn from the very differen

xxx Facebook itself does not have access to any payment credentials information, though it does collect other information affiliated with a transaction, such as the merchant, the transaction amount, the date and time and the purchased good. From Facebook to Senators: Libra Crypto Will Respect Consumer Privacy - CoinDesk . xxx

xxx The blockchain addresses in a transaction, a timestamp and the transaction amount will be public, but any know-your-customer (KYC) or anti-money-laundering (AML) information would have to be stored by the wallet providers. As a caveat, Marcus noted that Libra will be an open-source platform, any third party developer will be able to build their own digital wallet. From Facebook to Senators: Libra Crypto Will Respect Consumer Privacy - CoinDesk . xxx

A couple of years ago, John Cryan (then CEO of Deutsche Bank) said that that the bank was going to shift from employing people to act like robots to employing robots to act like people. Now they have announced  Deutsche Bank has announced swingeing job cuts as part of a radical overhaul of its operations that will also see it spend €13bn on new technology over the next four years. From Deutsche Bank to spend €13bn on tech amid massive job cuts . I told a journalist who asked me about this that for Deutsche Bank to achieve real transformation, they cannot spend their way out of the legacy infrastructure trap. They must partner with the FinTech players who redefining products and services for an online age, which means “Amazonisation” (ie, a shift to API-centric production and consumption of financial services).

xxx Wang Xin, director of the People’s Bank of China research bureau, warns the new digital currency could have major impact on monetary policy and financial stability From Facebook’s Libra forcing China to step up plans for its own cryptocurrency, says central bank official | South China Morning Post . xxx

xxx Facebook said that they assumed the FTC (Federal Trade Commission) or the CFPB (Consumer Financial Protection Bureau) would regulate Libra. From Inside the Congressional Staff Meeting About Libra . xxx

xxx In the absence of any detail on what might comprise a decentralized identity standard from Libra’s perspective, some dots can be joined by examining the recent work of George Danezis and his co-founders at Chainspace, a startup acquired by Facebook in May. A paper introducing a “selective disclosure credential scheme” called Coconut explains how a system of smart contracts (computer programs that run on top of blockchains) could “issue user credentials depending on the state of the blockchain, or attest some claim about a user operating through the contract – such as their identity, attributes, or even the balance of their wallet.” The Coconut protocol goes on to describe how credentials can be jointly issued in a decentralized manner by a group of “mutually distrusting authorities.” These credentials cannot be forged by users or a group of corrupt authorities, and are also “re-randomized” prior to being presented for verification to further protect user privacy. Unlike some co

xxx "‘In a lot of ways, Facebook is more like a government than a traditional company,’ said Mr. Zuckerberg." From "Opinion | Launching a Global Currency Is a Bold, Bad Move for Facebook - The New York Times" . xxx

xxx "Identity fraud significantly increased in 2018, with 189,108 cases recorded an 8% increase on 2017’s figures. Plastic cards were hit the hardest with 82,608 reports of fraud, up 41% from 2017. More fraud means more victims – 19 out of 20 frauds involved a victim left to pick up the pieces. ." From "New annual figures show UK fraud continues to rise" . xxx

xxx "Delegated Account Recovery lets people use their Facebook account to recover access to your service if they forget their password." From "Delegated Account Recovery" . xxx

This is what the governor of the Bank of England, Mark Carney, said about Libra in his speech on June 20th. "The Bank of England approaches Libra with an open mind but not an open door. Unlike social media for which standards and regulations are being debated well after they have been adopted by billions of users, the terms of engagement for innovations such as Libra must be adopted in advance of any launch Libra, if it achieves its ambitions, would be systemically important. As such it would have to meet the highest standards of prudential regulation and consumer protection. It must address issues ranging from anti-money laundering to data protection to operational resilience. Libra must also be a pro-competitive, open platform that new users can join on equal terms. In addition, authorities will need to consider carefully the implications of Libra for monetary and financial stability. Our citizens deserve no less." From "" . xxx

xxx In practice, “coordinated inauthentic behavior” has become a sort of catchall label for untoward meddling on Facebook, snagging everyone from Burmese military officers to Russian meme spammers. From Project Veritas Admits It’s Violating Facebook Policies . xxx

xxx One of the things we are learning about digital technology is that in almost every area of its deployment it has become an amplifier of inequality. From The robots are definitely coming and will make the world a more unequal place | John Naughton | Opinion | The Guardian . xxx

xxx Global central banks may have to issue their own digital currencies sooner than expected, the general manager of the Bank for International Settlements has said, after Facebook recently unveiled plans to create its own stablecoin. Agustín Carstens, who heads the BIS, known as the central bankers’ bank, told the Financial Times that the organisation supported the efforts of the world’s central banks in creating digital versions of state currencies. From Central bank plans to create digital currencies receive backing | Financial Times . xxx

xxx So when I find, buried in Libra’s whitepaper, two sentences that imply Facebook’s real aim in creating Libra is to set the standard for global digital identities, my hair stands on end. From The Real Threat From Facebook's Libra Coin . xxx