Snippings

xxx

Financial institutions want law enforcement agencies to commit more time and resources to helping combat fraud in real-time payments even as the Consumer Financial Protection Bureau is looking into holding banks and payment processors liable for errors made by consumers.

Amid a massive increase in fraud, banks and payment processors claim they cannot be held liable when a consumer is tricked into sending a payment that later turns out to be a scam.

From Banks point to law enforcement for solutions in combating P2P fraud | American Banker.

xxx

 

It is certainly an interesting debate. If you tell you bank to send money to a scammer, why is that your bank’s problem? If anyone should be held to account it should be the destination institution.

 

The consultants McKinsey have just published a “Technology Trends Outlook for 2022” which identifies trust architectures and digital trust as one of their key area of focus. I rather like their use of the phrase “privacy engineering” to encompass the techniques used to enable oversight, implementation, operation, and maintenance of privacy in order to deal with reduce risks to data privacy, improve resource allocation and embed privacy enablement into existing systems. As long time advocate of the use of priavacy-enhancing technologies (PETs) in the infrastructure for the digital economy, I am very happy to see mainstream management consulting take up the cudgel for change in this area.

xxx

n obsessive ex-boyfriend has been ordered to pay his former lover £100 compensation for causing her ‘distress’ after he repeatedly paid money into her online bank account with abusive messages as the payment reference.

Jack Roach, 29, made 41 different payments into 24-year old Rachel Thomas-Tear’s Monzo account when she blocked him on social media following the collapse of their three-month romance.

From Ex-boyfriend repeatedly put cash in former lover’s account with ‘s**g’ and ‘tramp’ as references | Daily Mail Online.

xxx

The NPP launched in 2018 and offers a 280-character description field that, in some cases, is being laced with serious abuse. The perpetrators of abuse were making low value transactions – often as little as one cent – as a means to reach their victims.

xxx

Australian politician Andrew Bragg wants to prepare the country for the widespread use of China’s central bank digital currency, the digital yuan, according to a draft digital assets bill introduced on Monday.

From Australian Senator Proposes Crypto Bill Targeting China’s Digital Yuan.

xxx

In their White Paper on the eAUD pilot, the Reserve Bank of Australia (RBA) and the Digital Finance Co-operative Research Center (DFCRC) in the Australian Government’s Department of Industry, Science and Resources set out an environment based on a private, permission Ethereum ledger. This platform will allow the third-party providers of end user services a variety of privacy options in which transactions and balances are or are not visible to other users depending on the use cases, although the RBA will in all instances have visibility over transaction values and account balances (though not the underlying identity of eAUD holders, which is held by the use case provider and/or KYC provider.)

xxx

Consumer acceptance and use of online and digital banking alternatives has increased since the coronavirus crisis began. New research indicates that the long-term beneficiaries of this trend will be the largest financial institutions that had already committed to digital transformation.

From Big Banks Benefiting Most From COVID-19 Digital Shifts.

xxx

Between March 2020 and April 2022, American rapscallions made off with (latest estimate) $46 billion in fraudulent unemployment insurance claims by filing claims in more than one state (in one case, 29 states paid unemployment benefits to the same person), using the Social Security numbers of dead people, claiming on behalf of prison inmates and so on. This is on top of the money stolen from the Paycheck Protection Program and the Economic Injury Disaster Loan program. In these schemes the government trusted businesses to self-certify that they met key requirements, with predictable results including a Postal Service employee getting an $82,900 loan for a business called “U.S. Postal Services” and an enterprising individual who got 10 loans for 10 nonexistent bathroom-renovation businesses (using the email address of a burrito shop.)

Testifying before Congress earlier this year, a Labor Department expert said that there could have been “at least” $163 billion in wrongly paid unemployment benefits as well as “significant” benefits obtained by malicious actors. A watchdog found that $58 billion the Economic Injury Disaster Loan program had been paid to companies that shared the same addresses, phone numbers, bank accounts or other data as other applicants, which ought to have been a red flag, to say the least. The losses are eye-watering and are an order of magnitude higher than what would have been the cost of putting in place a functional digital identity system for individuals and for businesses.

xxx

Testifying at a little-noticed congressional hearing this spring, a top watchdog for the Labor Department estimated there could have been “at least” $163 billion in unemployment-related “overpayments,” a projection that includes wrongly paid sums as well as “significant” benefits obtained by malicious actors.

From An estimated $163 billion from pandemic unemployment benefits were misspent or stolen – The Washington Post.

xxx

xxx

Vinath Oudomsine bought a $57,000 Pokémon card after receiving a pandemic loan from the Small Business Administration for a nonexistent business.Credit…U.S. Attorney’s Office for the Southern District of Georgia

Vinath Oudomsine bought the Pokémon card in January 2021, after receiving a loan from the Small Business Administration for a nonexistent business. He pleaded guilty in October to defrauding the loan program, leaving the U.S. government responsible for selling the card.

From Prosecutors Struggle to Catch Up to a Tidal Wave of Pandemic Fraud – The New York Times.

xxx

xxx

No financial data was accessed and no passwords, nor any images of any customers’ documents were stolen in the cyberattack, said Bayer Rosmarin. What Optus believes to have been accessed at this point includes names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.

From A third of Australian population likely affected in Optus cyberattack | CSO Online.

No financial data was stolen. Phew. Thank goodness the fraudsters only have name, date of birth, phone numbers, email addresses,  addresses and “ID document numbers” because I doubt they’ll be able to get up much mischief with those.

The key question to ask, as indeed it was asked by my good friend Victoria Richardson (COO of Meeco), is why Optus had all of this personal data in the first place. I can understand why Optus might need to know whether I am over 18 or not, but not why it needs to know my date of birth. I can understand why Optus might need to know whether I am Australian or not, but not why it needs to know my passport number. I can understand why Optus might need to know whether I’m a real person or not, but not why it needs my driving licence.