Snippings

xxx

An outage at JPMorgan Chase disrupted Zelle transactions Tuesday, inciting user complaints that spilled over into the following day. The fallout for Zelle and its banks could last much longer.

It was the second Zelle glitch in six months that involved a bank tied to Early Warning Services, the P2P app’s owner. The JPMorgan Chase interruption follows an outage at Bank of America that disrupted Zelle payments in January. Both banks are among the seven co-owners of Early Warning.

From Zelle outage at JPMorgan Chase is red flag for banks | American Banker.

xxx

The noted investor Paul Graham recently commented “I don’t understand why KYC documents ever have to be updated. My identity doesn’t change if my driver’s license expires”. He has a point. A friend of mine was turned down for a savings account with a UK bank last year because her driving license had expired. I did wonder at the time what her ability to drive had to do with her ability to save.

In the world of financial services, know-your-customer (KYC) is a form of security theatre, an expensive charade that interrupts law abiding customers with pointless obstacles at every turn yet allows the very worst criminals to act with impunity. Take for example the recent story of the woman arrested by the UK police with more than $3 billion in stolen Bitcoin. In the finest tradition of British digital identity infrastructure, the envy of less fortunate lands and famed around the world as a bulwark against chaos, the court was told that she obtained “a fake gas bill” that her criminal boss could use as proof of address on a bank application

(I should explain for foreign readers that a gas bill is a gold standard identity document over here. It doesn’t even has to be yours. The now ex-Russian warlord Yevgeny Prigozhin passed his UK money laundering checks with his mother’s gas bill from St Petersburg.)

As it happens, the British Gas quarterly bill may well be more secure than the alternatives. Jimmy Su, the chief security officer for cryptocurrency exchange Binance, says that deepfakes are already goodf enough to defeat biometric liveness checks (even those that tell you to move your head around ans so on), which means that KYC could soon become totally useless.

If that is true, does the sky fall? Well, yes, if we keep pretending that the existing paradigm is fit for the world that Minecraft is building. Therefore we need change, and over at Marginal Revolution there is an interesting suggestion about reforming financial market infrastructure to make it deliver more cost-effective services to the rest of the economy. It may seem a trifle radical, but in my view it should be discussed.

The suggestion is this: Scrap know-your-customer (KYC) and anti-money laundering (AML) laws. Interesting idea. The KYC/AML laws cost something in the region of $300 billion per annum and recover perhaps $3 billion per annum in illicit money (an insignificant fraction of the amount of illicit funds flowing around the globe).

 

 

I have long thought that we need new KYC/AML structures for the digital world. At the risk of sounding repetivite, we need digtial identity, not digtised identity. I rather like David Kelts framing of the imperative, likening scanning ID documents to ‘ripping CDs’ (there’s one for the teenagers!) and says “Remember endless hours ripping your CD collection to digital… why are we spending endless hours scanning analog ID documents over and over again? Alternatives exist”.

Quit right. As he points out, every fake ID already has working PDF417 barcodes and is resistant to physical inspection without multi-spectral light and magnification.

Aside from the issue of cost, the laws themselves may well have increased crime because they require so many companies to store personal identifiable information (PII), turning themselves into a honeypot for hackers. Back to David Kelts again. He points out that he has to identify himself repeatedly with each new service that wants (he is very careful not to says “needs”!) ID and since each KYC process differs, it makes consumers vulnerable to errors at best and fraud at worst.

David suggest the Mobile Driver’s License (mDL) as a smart option. For one thing it’s already available to nearly one in five Americans who carry some form of identity card.

[Aaron]

xxx

xxx

Banks have often been some of the first businesses to embrace new technology, whether it was computer networks or mass surveillance. But one idea for banks in the early 1930s was a little out there. One architect proposed that banks be designed with see-through glass so that everything could be seen at all times.

The idea, of course, was that literal transparency would stop crooks from being able to pull off heists.

From Glass Banks Were the Future of Security in 1931 — Paleofuture.

xxx

xxx

42% of respondents believe that central banks should launch CBDCs, 34% disagreed, while only 13% said they had a strong understanding of CBDCs.

From: Posts from Kiffmeister Chronicles for 07/27/2023.

If only 13% of the people you are asking understand what it is that you are asking about, what to the opinions of the people who do not understand what you are asking about matter? I couldn’t care less what the general public thinks about quantum mechanics, and they in turn are right to ignore my opinions on which is the best Kardashian.

xxx

That points to the real problem with AI content at present: it’s leaking into our world, drip by drip, and identification is difficult.

From (3) How’s that AI tsunami looking, a year on?.

xxx

Amazon has announced that its palm recognition biometric authentication service, Amazon One, will be used for payment, identification, loyalty and entry and more than 500 Whole Foods and Amazon Fresh locations across America by the end of this year. They are not alone. J.P. Morgan also intends to pilot biometrics-based payments using both palm and face identification with select retailers in the U.S. What is particularly appealing about this type of rapid biometric authentication is that it enables a retailer to combine both an authenticated payment transaction and an authenticated loyalty transaction in one “identity ceremony” so that the customer can complete both transactions without needing to present cards, a phone or anything else.

Now, some people (me, for example) might prefer the choice of presenting different credentials in different circumstances. On my phone I have both my work credit card and my personal credit card and might want to choose one or the other depending on what I am buying and where. Similarly, I have a ring that is linked to a prepaid card that I use when I am out and about in London and want to pay for the bus, subway or coffee without presenting my iPhone or reaching for the cards in my back pocket. But for a great many people who shop at Whole Foods every week and always pay using the same card and always present their loaylty card, the AmazonOne approach is simple, safe and speedy.

In-store biometric payments are not new, by the way. One of the first blog posts I ever wrote, back in 2007, was about trials with fingerprint payments at a number of stores including Piggly Wiggly. I wrote at the time that driver for such payments would be convenience, not security, and that the mass market use would be delayed because of the arrival of contactless payments! My reasoning, reinforced with the launch of Apple’s TouchID authentication, is that consumers may well say that they care about security, but their revealed preference is convenience. Since biometrics, once the false reject rate reaches a high enough threshold, are more convenient that anything else, consumers will opt for them.

We know this is the case in travel. Last year’s International Air Transport Association (IATA) Global Passenger Survey showed that three-quarters of passengers want to use biometrics instead of a passport and boarding pass and of the third who have already used it, nine in ten profess satisfaction. IATA also found that almost half of all passengers remain rightly concerned about data protection, a figured echoed in another survey of 1,000 global consumers earlier this year which found that 48%  have concerns about fraud protections, privacy, and security.

These concerns are real: The industry must ensure that people’s biometric data is handled appropriately (this is where new technology can help significantly, by the way) to give both consumers and businesses confidence. Assuming that this is done, then I expect to see the use of biometrics in this mode to spread. At Coors Field in Denver, a brewery allows customers enrolled in Amazon One to wave their palm to verify their age instead of presenting a driver’s licence or whatever and there are already other players beyond Amazon in this space. An example is CLEAR, familiar to U.S. travellers at airports. Some sports stadia (eg, Las Vegas Raider’s Allegiant Stadium) already use CLEAR’s ID to allow fans to order alcoholic beverages from their seats using face recognition on their phones. These and other applications are why the global biometric industry is expected to grow from almost $43 billion last year to something like $83 billion by 2027.

Global biometric payments are expected to reach $5.8 trillion in value with three billion users by 2026, according to Goode Intelligence. There is no doubt then that the use of biometrics to replace devices seems assured and many customers will find it very convenient: The ability to execute both payments and loyalty transactions in a single action makes for an appealing end to the shopping experience. But I think it may have another interesting impact on the world of payments downstream. When you scan your palm, Amazon knows that you are you. And you, of course, know that you are in Whole Foods. So why bother with routing the transaction through card networks with their roots in the post-war, pre-internet boomer interval? Why not just give Amazon permission to push the money from your bank account into their bank account, via open banking interfaces over instant payment rails such as the UK’s Faster Payments, Pix in Brazil or FedNow in the US? Then Amazon can award you Amazon loyalty points instead of paying your card issuer to reward you with their loyalty points. 

xxx

Last week, Meta released the second version of its unexpectedly popular model, Llama 2. This time, it is open source and free for commercial use from the start. The new version was made using 40 percent more data than the original, and a chatbot built with the model is capable of generating results on par with OpenAI’s ChatGPT, Meta claims.

Just like ChatGPT, Google’s Bard, and other generative AI models released recently, Llama 2 likely cost millions to create. But only Meta’s system is available for free to developers, startups, and others interested in creating custom variations of the model

From: Meta’s Open Source Llama Upsets the AI Horse Race | WIRED.

xxx

xxx

In the eight months since Musk bought Twitter in October 2022, the platform has increasingly been home to fraudulent accounts.

From: Twitter Scammers Stole $1,000 From My Friend—So I Hunted Them Down | WIRED.

xxx

xxx

There are more than 300 bars, breweries, and eateries using iPourIt technology throughout the U.S., says CEO Chris Braun, and the majority of operators are serving food. iPourIt, based in Lake Forest, California, touts itself as the first self-pour tap wall system to be designed and installed, thus beginning the rise of the self-pour revolution. Though similar in theory to self-serve frozen yogurt since guests can pour as much or as little as they please, iPourIt is more sophisticated and uses RFID technology to limit access to the taps to customers verified to be 21 years or older, plus tracks the ounces poured to create a cumulative bill for each guest throughout the visit.

Operators report an average increase in alcohol sales by 39 percent after installing a self-pour wall,

From: Self-Pour Walls Spike Alcohol Sales and Boost Guest Experiences, Operators Say | FSR magazine.

xxx

xxx

This new generation of real-time retail payments systems is a big part of why Wise can move 55% of its customers cross-border payments instantly. Here’s how it works.
Say a Wise customer in Ireland wants to send 500 euros to a family member in India. First, the money must be moved from the customer’s Irish bank account to Wise’s account at another Irish bank. In the old days of batch processing, this leg of the remittance would have taken a day or two. Thanks to the European Central Bank’s TARGET instant payment settlement (TIPS) system, introduced in 2018, a flow like this can now occur in just a few moments.
Having received its customer’s 500 euros, Wise can now proceed to the next stage: paying out 44,000 rupees to the recipient in India. To do so it will have to transfer funds from its account at an Indian bank to the recipient’s bank. In the days of batch processing, that meant adding another day or two of waiting. Nowadays, courtesy of India’s Immediate Payment Service (IMPS), when Wise sends 44,000 rupees to the family member’s bank account the payment can be processed in a second or two.

From Elon, You Don’t Need Crypto to Do Twitter Payments:

xxx