Snippings

xxx

In one of the largest cash heists in Los Angeles history, thieves made off with as much as $30 million in an Easter Sunday burglary at a San Fernando Valley money storage facility, an L.A. police official revealed Wednesday.

From: In one of L.A.’s largest cash heists, burglars steal $30 million on Easter. Mystery shrouds case – Los Angeles Times.

xxx

Anna Wiener, writing for the New Yorker back in 2022, quite accurately observed that the metaverse will reflect its cultural and technological moment, which (given the current tech ecosystem) will probably be “privatized, centralized, and financialized, with rampant artificial scarcity”.

xxx

But here’s the easy way to evaluate the settlement:  are merchants better off than before the litigation? It’s hard to conclude that they are.

When the litigation began in 2005, American merchants paid the highest interchange fees in the developed world. After the settlement, American merchants will still pay the highest interchange fees in the developed world.

When the litigation began in 2005, average interchange fees were 1.75%.  After the settlement, they will be at 2.19% and only held at that level for five years.

From: The Proposed Credit Card Interchange Settlement – Credit Slips.

xxx

The UK was the first into instant payments, with the Faster Payment System (FPS). Launched in May 2008, the system allows for near real-time transactions among participating financial institutions. In contrast to traditional bank transfers that could take up to three working days, FPS aims to processes payments within seconds for 24 hours a day, seven days per week including weekends and bank holidays. Now, because the sheer volume of fraud on FPS, the goverment is proposing to allow participants to delay outbound payment transactions for up to four business days. Welcome to the Slower Payment  System (SPS). Colour me sceptical.

BlackRock, the world’s largest asset manager, aims to tokenize $10 trillion of its assets in partnership with Securitize. I agree with Natalia Karayaneva that this move signals a broader trend that could redefine investment strategies fundamentally, which the rise of Real World Assets (RWA) tokenization.

I had the pleasure of chairing Dwayne Gefferie at Merchant Payments Ecosystem in Berlin this year. He’s a very thoughtful, and very knowledgeable, guy so I always pay attention to his perspectives. When it comes to the issues around the Visa/MasterCard settlement in the USA, he makes some interesting observations that goes on to say that as a former Adyen man “if I were still working for an Acquirer, I would develop a Surcharging API, integrate it directly into the gateway or terminal”. He then goes on to hit the nail on the head by saying that “I would even try to see if I could prompt the customer to use a cheaper card and pass the savings back to them”.

 

“If you use a debit card, I’ll give you an X% discount or extra points. Your choice.”

A report by Lloyds Bank found that romance scams rose by 22% in 2023, with an average of £6,937 stolen. A single fraudster who was found guilty of romance scamming Americans out of more than $2 billion used Bitcoin to move funds co-conspirators in Nigeria, but it’s not all about crypto. While the biggest monetary losses were via cryptocurrency or bank transfers, the scammers were rather fond of gift cards too.

When it comes to thinking about the intersection of money and identity, security and privacy, fintech and Big Tech, romance scams are an interesting case study and while they are not new — scammers have found ways to take advantage of basic human nature from the dawn of time — with the rise in virtual relationships and online dating these scams have proliferated, evolving into sophisticated long cons to win the trust of victims and then “butcher” them. 

These scams are not all about money, of course. You may have read the somewhat surprising story of the British Member of Parliament who was lured into some inappropriate behaviour (including the disclosure of personal details about fellow politicians) via a dating app. He was ensnared via unsolicited instant messages that were sent to a number of politicians (both gay and straight, from a sender posing as ‘Abi’ or ‘Charlie’) that soon escalted into the exchange of initimate images. William Wragg, the unfortunate politician in question (who wa vice chairman of the influential 1922 committee of Conservative Party backbenchers) said that “I got chatting to a guy on an app and we exchanged pictures”, which is how a great many of these scams begin, I suppose.

(While you might consider it injudicious of a politically-exposed person to be some profligate with inappropriate selfies, he is hardly the first person to be caught in a honeytrap and cetainly won’t be the last. Indeed, early on my career when I was working at NATO I was given a stern induction lecture by a senior officer who urged me to remain vigiliant when approached by beautiful women in bars in Amsterdam and explained the nature of honeytraps. I was so excited by this possibility that I developed an entirely convincing but fake narrative around my work on secure communications ready to deploy in the bedroom at the right time. Needless to say, this never happened. Well, not quite: I was eventually approached by a beautiful woman in a bar in Amsterdam, but it was Conny Dorestjin and she wanted to know about digital identity.)

Not all bad behaviour on dating apps is down to agents of foreign powers intent on subverting our democracy. Most of it, I am sure, is money scamming although some of the behaviour is malicious indeed, such as that the London corporate lawyer who stalked his ex-girlfriend with fictitious online dating profiles and used them to track her movements.

Now, you would think that internet dating would be a rather obvious place to introduce credentials-based interactions. Indeed adult services of all kinds would benefit greatly from the use of privacy-enhancing credentials-based reputational calculus around transactions. So why aren’t they in the vanguard for digital identity infrastructure?

Looking at the interesting case study of OnlyFans, The Information notes that in order to sign up as a creator, you must prove your identity with a full KYC process which means that there is something “deeply ironic” about the fact a platform for risqué fantasy is the least likely among social networks to have a problem with fake accounts! So why don’t other social media platforms do the same? According to a recent FTC report, the most popular way scammers reached out to their victims last year was through Instagram (29%) and Facebook (28%). Social media is turbocharging the love racketeers and leading to widespread misery. If OnlyFans can do KYC, why can’t Meta? There appear to be three key problems:

First, the friction of going through the validation process for new accounts prevents people from signing up.

Second, it is expensive and time-consuming for services to validate identities.

Third, requiring proof of real-world identity is can be exclusionary, as many people can’t easily make that proof.

Well, in each of these areas incentives may be shifting. Many states are introducing mandatory age verification for adult services. Florida, for example, has enacted a law requiring social media platforms to prevent kids under 14 from creating accounts, and to delete existing accounts belonging to minors on request. For adult content sites requiring users to be over 18, the law also requires that apps and websites offer the option of “anonymous age verification”, verification by a third party that cannot retain identifying information.

Privacy campaigners are rightly concerned that such laws might infringe individual freedoms and create a massive honeypot that will immediately become a target for well-funded adversaries.I agree with them, but I think that it is relatively straightforward to use well-estabilished cryptographic techniques to prevent such attacks. It is one thing for PornHub to ask to see governor De Santis drivers license, quite another to demand a strongly-autheticated vertifiable IS-OVER-18 credential that contains no personally-identifiable information at all.

Never mind internet dating, gambling and porn, as far as I am concerned we should be shifting to an environment based on reputation, not identity, for the overhwlming majority of online transactions on the internet, in the Metaverse and beyond. Generally speaking, it is no-one’s business who you are or what you are doing unless and until you break the law.

xxx

Since the UK left the EU, travellers heading to all countries within the zone – and including Iceland, Norway, Lichtenstein and Switzerland, but not Ireland – must have a passport which was issued less than 10 years before their departure date.
It must also be valid for three months after their planned return date.
However, if a UK passport was issued before September 2018, it could in fact be valid for up to 10 years and nine months.

From: Holidaymakers going to EU caught out by 10-year-passport rule – BBC News.

xxx

In fact, as I said back in 2018 in Wired, the big change in financial services will come when customers use AI to assess offers from financial institutions.

xxx

Civic, an identity and access management solutions company, introduced a new physical ID card that Civic Pass holders can use to prove their identity and minimize the threat of AI driven identity fraud.

From: Civic now has a physical ID card system to prevent AI identity fraud – Blockworks.

xxx