A library of snippets
xxx
“New Jersey state Sen. Nellie Pou… added that she had asked Amazon, which is operating five pop-up stores and one bookstore in New Jersey, to come up with ideas for how they could serve those without a bank account, but that she did not hear back. Amazon declined to comment.”
From “Legislation could force stores to take your cash – SFGate”.
If I was Amazon, I’d have sent her $10 in Amazon Cash together with recommendations for books about payments.
xxx
“Business onboarding, it concluded, is predominantly a manual, paper-based process, which is costly for the bank and slow for the customer, with new regulations, such as AMLD5, only adding complexity. The average time to onboard a business banking customer has increased to 32 days, with the total cost of KYC processes forecasted to increase by nearly 20%.”
From “Customer onboarding is too costly and slow, concludes report – IBS Intelligence”.
xxx
At the end of 2018 we put together our “live five” areas where we think our customers should be focusing on over the coming year. I think some people were surprised to see us put digital wallets on the list but we were sure, based on projects that we were already involved in, that wallets are set for a resurgence.We are hardly the only set of industry observers to think this (in fact Accenture made a similar prediction in February of this year, saying that “wallets for both e-commerce and in-store payments will start appearing in sectors such as supermarkets, fuel and quick-service restaurants, emulating the success of Starbucks and Walmart”.
(Accenture also post , and focused on a slick checkout process using biometric authentication.)
From Payments predictions for 2019 | Accenture Banking Blog.
xxx
xxx
But his manager was able to checked an app which tracked the driver’s steps and showed that contrary to his claims he had walked around the outside of the house and garden.
From Amazon driver stole customer’s puppy while making a delivery, court hears.
xxx
Here’s an absolutely typical fraud that we see in the UK on a daily basis. A Mr Pibworth instructed a firm of solicitors to pay money out of his client account at midday on January 25th of this year. It was a Friday (as is typical for these frauds). He asked for the money to be paid into a joint account that he and his brother have. However, a few hours later the solicitors received an email purporting to be from Mr Pibworth (but which was actually from a fraudster) with new instructions saying the money should be paid into a different account. Which they then did.
And £60,000 was sent off to the fraudsters.
(The same firm of solicitors, incidentally, lost £100K to a similar fraud in 2016.)
Still, no harm done. The compo will kick in, won’t it?
Yes, there’s a compensation scheme. Under a new code of conduct for this sort of thing, you don’t have to bother checking that you are sending to the correct account any more because the banks have to pay up if you transfer cash to fraudsters. According to the code, these solicitors would only have to demonstrate that they had taken “the requisite level of care” and then bank customers would have to cough up and compensate them.
But what is a “requisite level of care”?
If you ask me, Mr. Pibworth was negligent for sending sensitive financial details by unencrypted e-mail, since everyone knows that e-mail has absolutely no security associated with it at all and you should generally assume that any unencrypted e-mail without a digital signature with financial details is fraudulent.
xxx
The intention is that retailers will soon be able to offer cashback without the need for a purchase.
xxx
xxx
British man flew from the Czech Republic to Newcastle on the wrong passport after accidentally taking his friend’s and leaving him stranded.
Allan Poole, 43, from Whitley Bay, travelled from Prague to Newcastle via Amsterdam on a KLM flight.
The passport was checked at least four times during the journey, but the mistake was not picked up.
From Whitley Bay man stranded in Prague after friend flew home on his passport – BBC News.
xxx
Our new and hopefully to be regular window cleaner was due twenty quid. They asked for cash, which of course I do not have, or a cheque, which of course I could not be bothered to deal with as it would have meant finding the cheque book and I have no idea where it is. Instead, I asked them to get their office to call me with their bank details. The office phoned to give me a sort code and account number, so I went online and used the Faster Payment Service (FPS) to send them a quid. When they phoned a day or two later to tell me that they had the quid, then I sent the other nineteen. Now, every time I come home and find a compliment slip from them on the mat because they have cleaned the windows, it takes me about 10 seconds to use my Barclays mobile banking app to send them the twenty pounds that I owe them.
I bought a new car last month. Well, it was an old car. But new to me. I went to look at the car and paid a deposit by credit card. Since it was going to take a couple of days to make a small repair and get a new vehicle test/emissions certificate, I arranged to pick it up at the end of the week. The dealer gave me a piece of paper with his bank details in it. I set the dealer up as a payee for online banking and sent him a fiver. When I went pick the car up, the salesman confirmed to me that they had received the tenner so then I transferred the balance of a few thousand pounds.
The last time I had any building work done on my house, a few years back now, the builder sent me a letter with their bank details in it. I went online and set them up as payee on my bank account. I used my Barclays dongle thingy for the two-factor authentication (2FA) and sent them a tenner. When the builder called to tell me that the ten pounds had been received, I transferred the balance of a few tens of thousands of pounds to the same account.
Here’s something I’ve never done: got a sort code and account number by phone call, letter or e-mail and then transfer loads of money to it. I’d naturally assumed that this is what everyone did with our interbank immediate credit transfer system. First use the clapped-out 1950s nonsense about sort codes and account numbers to set up a path for the money to follow, then send a tiny amount of money to check that the route works, then use the route to send money as and when required.
Here are a few things other I would not do…
Tomorrow if I get a phone call from Barclays telling me that there is a police investigation into fraud going on, and that I need to move money from my current account to another safe account at Barclays, then I would ask them to send me a message to this effect via secure e-mail encrypted using my public key and digitally-signed using their public key that I can easily obtain from their web site. I’m just joking of course, Barclays cannot do this (although, interestingly, Facebook do). I’d tell them to message me using the Barclays mobile app that they already know is on my phone. If they couldn’t do that, then I’d hang up. I would not transfer the money to an account that they ask me to use.
Next year, if I am in the process of moving house and I get an e-mail from my solicitor asking me to send the money for the house purchase to a new bank account with a new sort code and account number, then I will call them back and tell them that sending request for money using insecure e-mail channels is a prima facie case of professional negligence and that they will be fired unless they restrict all future sensitive communications to Signal, or at worst WhatsApp. Then, assuming that they do this, I will send them a fiver and ask them to call me to confirm it has arrived.
According to the consumer magazine people at “Which?”, the “major banks have agreed to refund blameless victims of bank transfer scams.”
But what does “blameless” mean?
Giving out your 2FA code over the phone when the bank has told you a hundred times that they will never ask for your 2FA code? Is that blameless?
It seems to me that if I send money to an account without taking reasonable steps to determine that I’m sending money to a legitimate destination then it’s kind of my fault. Am I blameless? How am I supposed to know what sort code and account number belongs to Bloggs the Builders and what sort code and account number belongs to Fred the Fraudster?
(And is it any of my business, under GDPR, what the real name of an account holder is anyway?)
How can people determine whether they are sending money to a legitimate account in the absence of a functioning digital identity infrastructure? Well, I suppose that in the absence of a working digital identity infrastructure for people or companies they could use some bank system to check that they name on the account that they are sending money to vaguely approximates the name that they may or may not know to be the correct payee name.
This is what has been proposed in the UK. The “payee confirmation” scheme was, according to the Payment System Regulator, supposed to launch in July 2019 although it now looks as if it will not be in place until later in 2020. Under this scheme, when setting up a new payment or amending an existing one, banks will be able to check the name that you enter into your online banking against the name on the account of payee person or organisation. What will happen is:
If you use the correct account name, you will receive confirmation that the details match, so you can proceed with the payment.
If you use a “similar” name to the account holder, you will be provided with the actual name of the account holder to check.
If you enter the wrong name for the account holder, you will be told the details do not match.
Bearing in mind that no such system exists, it’s not surprising that it’s taking banks time to put it together. It’s also plain as to what will happen: I set up a transfer to Bloggs the Builder and it gets rejected because the account is actually in the name of F.A. & S.F.A. Fauntleroy-Bloggs. This will of course result in endless calls to bank call centres.
Suppose dad’s name was Edward Antony Birch, but everyone in the family always called him Tony. Every transfer to Tony Birch would fail the payee confirmation
What would be better, of course, since everyone in the family and the builder knows that my dad’s e-mail address is tony@birches.org, would be to send the money to tony@birches.org and not 77-00-11 19134428.
xxx
“Tech-savvy churches are bringing in 97 percent more donations as they turn to contactless technology for their collection plates.
The Church of England has been rolling out contactless collection plates across the UK since last September with churches in London, Greater Manchester, Merseyside and Peterborough at the front of the queue to try it out.”
xxx
So here’s a really interesting problem that perhaps new technology might be able to help with. The problem is this: how do you have a fair lottery that allows the winner to remain anonymous?
This is a genuine problem. Look at the lucky chap who just won $160 MILLION DOLLARS in a Jamaican lottery. He turned up to collect his CHEQUE (hardly the best way to keep his identity secret – I really doubt it was made out to “cash”) dressed in a cloak and a “Scream” mask for fear of being identified.
Snippings