A library of snippets
xxx
The key asset in all of this is data. Payments generate roughly 90% of banks’ useful customer data — information about who is buying what, how much, and when. This is creating new revenue streams for payments businesses that can monetise that data, yet also exposes them to issues and risks related to data privacy.
xxx
xxx
Signal has adopted a new key agreement protocol in an effort to keep encrypted Signal chat messages protected from any future quantum computers.
From: Signal moves to protect chats from quantum computers • The Register.
xxx
xxx
The global decentralized finance market was valued at $13.8 billion in 2022, and is projected to reach $497.9 billion by 2032, growing at a CAGR of 43.4% from 2023 to 2032.
From: Decentralized Finance market to reach $497.9 billion by 2032.
xxx
A decade ago I remember writing that one of the problems with QR codes is that there is no security. Some years later I wrote an article pointing out that NFC ought to be safer than QR codes because NFC included a standard for digitally-signing tags (although I did also note that no-one used it) whereas anyone could easily create bogus QR codes.
Well, I might not go so far as to call [QR codes] evil, but they certainly have the potential to enable person or persons unknown to act with evil intent.
From A quick response to the problem | Consult Hyperion
I suggested, in connection with a couple of projects we were working on at the time, that the mobile operators do something about this by creating a digital signature standard for QR codes so that phones could be set by default to ignore unsigned codes. None of this happened, as I’m sure you are aware and QR codes became popular precisely because any app could read any code anywhere.
xxx
The good news is that we (consumers) end up with something that is simple and quick and secure.
Osama Bedier, VP of Wallet & Payments… believes that [NFC is] a better technical solution than the QR codes that Apple uses on Passbook, calling them one of “many bridge technologies between now and what is a destination solution.” He pointed out that “you still have to futz” with QR codes.
[From
Google still believes in NFC for mobile payments, doesn’t see ‘eye to eye’ with Verizon | The Verge
]
As far as transactional applications go, though, I think it fair to observe that there will be developments beyond the initial conflation of NFC with payments at the EMV nexus.
xxx
xxx
QR codes are everywhere because anyone can read them, anyone can use them, anyone can write them. This is in part because there is no security infrastructure. The result in China, where there was little card infrastructure in place beforehand, was the near-ubiquity of QR in the world’s biggest mobile payments market.
“Ogilvy & Mather and Ipsos concluded in a survey of China’s mobile payment market that ‘[Chinese] mobile payment has permeated all aspects of life and changed basic, everyday habits.’”
From “How Chinese Mobile Payments Are Quietly Conquering the World“.
It seemed to us that fraud would be an inevitable consequence of this QR-centric approach, that is indeed what happened. Last year, for example, the South China Morning Post reported that in March 2017 some 90m Yuan were stolen via QR code scams in Guangdong alone (a suspect in one case was found to have replaced merchants legitimate bar codes with fake ones that embedded a virus to steal personal information) and that in China as a whole, a quarter of viruses and trojans were coming in via QR.Now, while even the man who invented QR codes says that they are an interim technology, there’s no denying that they are here to stay.
xxx
xxx
In China, scammers have been caught placing fake parking tickets — complete with QR codes for easy mobile fine payment — on parked cars. In the Netherlands, a QR code scam exploited a legitimate feature within a mobile banking application to swindle the bank’s customers, while in Germany, phony emails containing QR codes have lured eBanking customers to malicious websites under the guise of reviewing privacy policy updates to their accounts. And in Texas, criminals hit the streets, pasting stickers of malicious QR codes on to city parking meters and tricking residents into entering credit card details into a fake phishing site.
From: Step Away From the QR Code and Read These 7 Safety Tips.
xxx
xxx
The posters and stickers masquerade as ads for genuine parking apps, but anyone who scans the square bar code on their mobile phone or visits the website address is instead directed to an internet site or app run by scammers.
From Fake parking QR codes trick drivers into paying conmen.
xxx
My sister almost got caught by one of these QR code scams recently.
xxx
QR codes come with some security risks as well, according to Allan Liska, a senior threat analyst at cybersecurity firm Recorded Future. Like any other link, the codes can be the first step in a malware or phishing attack.
xxx
Top tip
1. Don’t scan it! If anything feels off, don’t scan the QR code. Just go to the actual website directly. Any legitimate QR code should have an associated URL under it, giving users the option to navigate there directly. If it’s missing, beware.
From: Step Away From the QR Code and Read These 7 Safety Tips.
xxx
xxx
CitiGroup has developed a permissioned blockchain for institutional customers to interact with digital assets.
The new product, called Citi Token Services, intends to provide clients access to tokenized deposits, cross-border payments and automated trade finance solutions 24 hours a day.
Citi’s head of global services Shahmir Khaliq said this development advances the goals of the Regulated Liability Network, a whitepaper published in November 2022 professing the desire to get the world’s financial system to a place where on-chain, 24/7 programmable, final settlement in sovereign currencies is possible.
From: Citi to pilot private blockchain services for institutional clients – Blockworks.
xxx
xxx
The compromised data includes essential personal details such as first and last names, internal TransUnion identifiers, sex, passport information, place of birth, date of birth, civil status, age, current employer, employer information, summaries of financial transactions, credit scores, loans in their name, remaining loan balances, loan origins, and the initiation date of TransUnion’s monitoring of their information.
From TransUnion Breach Compromises User Information Again – Dataconomy.
xxx
xxx
In the face of rising financial crime, the FCA is working with the government and others to clamp down on the misuse of financial services. There is a risk, however, that as parliament introduces measures such as a new offence of failing to prevent fraud, banks err on the side of caution.
From FCA chief: Many questions remain around ‘debanking’ | Financial Times.
xxx
xxx
JPMorgan Chase, Bank of America, Wells Fargo, and others, next year plan to launch Paze: a mobile wallet that will connect directly to the credit and debit card accounts of 150mn customers. The app will be operated by Early Warning Services, a bank consortium group that already runs payments app Zelle.
From Rival banks unite to take on Big Tech | Financial Times.
xxx
The banks are hoping to replicate their huge success with Zelle, which has quickly become the largest peer-to-peer payment app since its 2017 launch. Payments over Zelle rose nearly 30 per cent last year, to $629bn. That compares with just $244mn last year for Venmo, launched in 2009 and owned by PayPal since 2013.
xxx
An alleged aircraft parts supplier, AOG Technics, for example, created an entirely fabricated history and employee base online to fool its buyers, including fake LinkedIn accounts and other bogus digital identities with pictures stolen from other sources including academic textbooks, Bloomberg reported Friday (Sep. 8).
From Unmasking Digital Imposters Is Rising Priority for Industrial Economy.
xxx
xxx
Most banks right now are more focused on achieving regulatory compliance with the standard than deriving value from it. Recent Accenture research on commercial payments reveals that 60% of banks agree that keeping up with changes like ISO 20022 boosts their commercial payments innovation, while 29% said it limits their abilities in this regard.
When viewed in the context of initial ISO20022 message format adoption, this makes sense as a significant portion of the value of ISO 20022 compliance will only be unlocked when key categories of rich data are exchanged across players in the payments ecosystem.
We expect the purpose code, legal entity identifier, remittance data, structured address and extended character set categories to make the biggest difference, and their use will be mandated over the next few months and years. Taking the example of recent CHAPS migration, purpose codes will not be mandated until November 2024. Structured addresses, which are expected to significantly improve anti-fraud efforts, financial crime management and straight-through processing, will be optional until late 2025.
From Shifting from compliance to value with ISO20022 | Accenture Banking Blog.
xxx
Snippings