Snippings

In an impersonation scam, a criminal pretends to be from a trusted organisation such as a bank, the police, a government department or a service provider in order to trick their victim into transferring money using a range of cover stories. The latest figures from UK Finance show the number of impersonation scam cases and the money lost to them more than doubled in the first half of 2021 to 33,115.

Way back in March 2005 at the Consult Hyperion Digital Money Forum (which Ian Grigg kindly called “an engaging show for financial cryptographers”) we had talks from Fred Piper on crypto and the potential impact of quantum computing, the Qinetiq talk on quantum cryptography and (the reason why I mention it) Richard Bartle’s wonderful presentation on virtual worlds and their economies. Rather memorably, he described these economies as being based on “people buying things that don’t exist from people who don’t own them”.

That’s the difference between the virtual worlds that we know and love and the metaverse that is about to envelop us, thanks to the evolution of the blockchain and other shared ledger technologies. The metaverse is as a collection of shared virtual worlds which are interoperable in the sense that people can navigate them while taking with them, as the Financial Times succinctly notes their digital identity and digital money.

Interesting. But how is that different from the virtual worlds that we have now? Well, think about that money point. Mark Zukerberg famously said that he wants to make sending money over the internet as easy as sending pictures of cats over the internet. But when you send a picture of a cat you are not really sending the picture: you are sending a copy. Someone gets a picture of your cat, but you still have the picture. That’s great for sending pictures of cats but not very good for sending money.

The blockchain doesn’t work that way. If I send a Bitcoin from my wallet to your wallet, I’m not sending you a copy. The blockchain makes the virtual world more like the physical world, in that it contains objects that cannot be cloned.

Now you can see why I refer back to Richard’s memorable comments. When you bring shared ledger technologies into virtual worlds, you now have virtual objects that are unique. And these objects are linked to digital identities: they cannot be sold by people who don’t own them (whether they “exist” or not is in the realm of metaphysics and I defer to the philosophers on this point).

Interesting Properties

Matthew Ball identifies a fully functioning economy – individuals and businesses will be able to create, own, invest, sell, and be rewarded for an incredibly wide range of “work” that produces “value” that is recognized by other – as a defining characteristic of a metaverse. This is spot on, and I have long been fascinated by the economic of virtual worlds. I wrote a column called “Opening a Branch in Narnia” in Financial World magazine in July 2006 in which I said that:

Some of these ideas might sound bizarre, but virtual worlds adumbrate change
beyond the world of financial services. The attraction the virtual sphere of
interaction, to communicating and earning a living in the virtual world, are
obvious once the virtual personae become economic agents.

So, how do these personae become economic agent and, more importantly, why are they becoming them now?  Well, one way to look at this is that an economy, as we know it, depends on property rights. If everything belongs to the State (or Blizzard or Electronic Arts or Sony or whoever) then you don’t have an economy: you have serfs tilling the fields for the Dear Leader. But once you have secure property rights, you have a modern society. As Richard Pipes wrote in one of my favourite books, his superb Property and Freedom (Vintage, New York: 2000), which interestingly contrasts the evolution of property rights in England and in Russia:

While property in some form is possible without liberty, the contrary is inconceivable.

As The Economist summarised nicely, property rights classically entail three elements: usus, fructus, abusus—that is, the rights to use, profit from and dispose of property. The reason why people are getting excited about the metaverse is precisely this: in virtual worlds you have a command economy run by dictators who can take your stuff away at the press of a button. In the metaverse delivers usus, fructus and abusus which is why I agree with Kayvon Tehranian, a founder of NFT marketplace “Foundation” who said in the New York Times that “Property ownership is a tool. It works. It brings financial incentives.”

There are some observers who see the metaverse as the next “epoch”, following on from the PC epoch, the internet epoch and the current mobile epoch. John Naughton, whose opinions on just about everything I take very seriously, call this wishful thinking for psychotics, but I am not so sure. The transformation of these 

Right now, the economies of these virtual worlds seem to be founded on people selling pointless JPGs of chimpanzees to each other, but I think it’s wrong to dismiss them as worthless because of this. 

Generations

Twenty years ago, Edward Castronova wrote in “Virtual Worlds: A first–hand account of market and society on the cyberian frontier” that the GNP per capita of Norrath, the imaginary world at the centre of Sony’s Everquest multiplayer online game, was somewhere between Bulgaria and Russia.

While the COVID catastrophe has taken all of the headlines and the impact on public health has rightly been the focus, it has not gone unnoticed by some of us money movement mavens that there has been a payments pandemic running alongside it. Cash has been flowing to criminal enterprises of all kinds throughout the crisis and as of now shows no sign of abating. According to Experian, fraudulent opening of savings accounts has quadrupled in the most recent quarter and is up five times on the last year! Account takeovers and fraudulent loans have “soared” here in the UK with global criminals targeting British businesses and consumers throughout the lockdown. A particular problem has been, as elsewhere, exploitation government support schemes of one form or another. This led to, as memorably phrased in the Financial Times, a bonfire of taxpayers’ money with the banks handing out the matches.

A particular problem has been Authorized Push Payment (APP) fraud, where fraudsters trick people into sending instant payments to bank accounts controlled by criminals. This advanced form of social engineering has been on the rise globally but in countries where the instant payment network is well-established and widely-used (eg, the UK) it is reaching epidemic proportions. Losses to APP fraud (now, for the first time ever, greater than card fraud) rose 71% in the first half of this year.

What, then, is the payments pandemic? Well, Debbie Crosbie (CEO of the TSB, one of Britain’s biggest banks) was quoted recently saying that “fraud is the next pandemic” and it’s hard to argue with her. She blames social media platforms — including Facebook, Twitter, LinkedIn, Google Hangouts and Instagram — for their role in allowing victims to be duped and making money from them through advertisements. There is evidence to support her view in America too. Javelin Strategy found that individuals who have an active social media presence had one-third higher risk of being a fraud victim than those who do not. What’s more, they are almost 50% more likely to be a victim of account takeovers and payments frauds than those not active on any social media networks.

Instant Payments, Instant Fraud

In the UK, the banks were forced to introduce a code of conduct to compensate customers who send money to fraudsters. It has never been entirely clear to me what the point of this is or what it is expected to achieve. If people are tricked by fraudsters and tell their bank to transmit money to criminals, it is hard to see why this is the fault of their bank. There was a court case around this matter earlier in the year, when a customer who had sent several hundred thousand pounds to crooks attempted to recover the sums. The bank had asked her if she wanted to confirm the transactions, and she told them to proceed. The judge ruled in favour of the bank.

Jeremy Light commented on the situation earlier in the year saying that “much of the emphasis is on the victim’s bank, the sending bank, whereas it is the receiving bank, the fraudster’s bank that is at fault”. Indeed. The money is being transferred via the Faster Payments Service (FPS) to UK bank accounts. Hence if a fraud has occurred, it would seem relatively simple to make an arrest: if the receiving bank has carried out the necessary know-your-customer (KYC) checks then they will know who the customers is and the police can arrest him or her. If the bank does not know who the account holder is, then the police can arrest the bank’s compliance officer instead.

In the UK, various retail lobby groups including the British Retail Consortium (BRC), British Independent Retailers Association (BIRA), Association of Convenience Stores (ACS), Federation of Small Businesses (FSB) and UKHospitality have been complaining about the cost of accepting card payments. They want a more aggressive strategy from the Payment System Regulator (PSR) to tackle this issue. The PSR have responded by pointing out that their strategy focuses on promoting competition, which I have always thought better than interchange caps and other regulation as a way to reduce costs. Specifically, the PSR noted that “ in future people may  choose to  use account to account payments” to pay for goods and services.

Open banking “write access” (ie, the ability for third parties to ask a bank to transfer money from a customer’s account, with that customer’s consent, of course!) is 

xxx

Two things are abundantly clear from these developments: the American government strongly supports the competition that open banking is designed to spark, and it’s starting to take a more active role in fostering this. But, while it seems like the dream is coming into focus, reality is more complicated. The U.S. financial landscape is tangled, and the regulatory push that now seems hopeful may take years to achieve amid the nation’s intense economic and political divisions.

From What’s Behind Open Banking’s Slow Burn in the U.S.? – PaymentsJournal:

xxx

Bojana Bellamy, president of the global privacy and data policy think tank, the Centre for Information Policy Leadership (CIPL).

“Focusing more on a risk-based approach and accountability will actually help individuals long-term because companies will be forced to do something that really protects people as opposed to just bureaucratic ticking the box exercise,”

From Interview: Bojana Bellamy Discusses GDPR Reform Post-Brexit – Infosecurity Magazine:

xxx

xxx

El Salvador’s move seems odd because the country suffers none of the currency turbulence cited by crypto fans as a reason for jettisoning fiat money. Quite the opposite: the central American nation has enjoyed low inflation and economic stability since adopting the US dollar 20 years ago.

From El Salvador’s dangerous gamble on bitcoin | Financial Times.

xxx

xxx

Those who use social media are among the most likely to experience fraud. Javelin Strategy found that individuals who have an active social media presence had a 30 percent higher risk of being a fraud victim than those who weren’t active.

People who use Facebook, Instagram, and Snapchat were particularly vulnerable. Users on these sites have a 46 percent higher risk of account takeovers and fraud than those not active on any social media networks.

From 30+ Identity Theft Facts & Statistics for 2021 | Comparitech.

xxx

xxx

According to the Aite Group, 47 percent of Americans experienced financial identity theft in 2020. The group’s report, U.S. Identity Theft: The Stark Reality, found that losses from identity theft cases cost $502.5 billion in 2019 and increased 42 percent to $712.4 billion in 2020. The group explains that the huge increase was fueled by the high rate of unemployment identity theft during the pandemic, as increased and extended unemployment benefits made the sector an attractive target for fraudsters.
Losses are forecast to increase again in 2021 to $721.3 billion.

From Facts + Statistics: Identity theft and cybercrime | III.

xxx

Hardly surprising, when you note that over 70% of COVID scams include identity theft or fraud.