A library of snippets
xxx
n a letter written to the committee and published today, the chairman of the Financial Conduct Authority, John Griffith-Jones, said the regulator is already working with banks to provide more protection for customers.
He said measures being looked at include ‘removing any onus on customers to identify fraudulent transactions’
From Don’t force people to use tap and go cards, banks are told | Daily Mail Online
xxx
The new card fraud figures for the UK have just been released. Basically things can only get worse.
Losses due to payment card fraud were £618.0 million, an increase of nine per cent from £567.5 million in 2015.
From Financial fraud data for 2016 published : Financial Fraud Action UK
Card spending only increased six per cent in comparison. In other words, fraud is growing 50% faster than spending. That doesn’t sound an acceptable state of affairs to me. Something should be done.
It isn’t only card fraud that’s worrying.
Remote banking fraud losses totalled £137.1 million, a 19 per cent decrease from £168.6 million in 2015.
From Financial fraud data for 2016 published : Financial Fraud Action UK
You have to be careful with this figure because it is giving the losses to banks
xxx
“Nets is using HCE technology from Japanese card issuer JCB as the foundation for the mobile payment system. The firm says Danish supermarkets are among the first merchants to accept Dankort mobile payments, via a Bluetooth acceptance device that sits next to their conventional payment terminals. “
xxx
xxx
“Whatsapp must allow security services to access users’ messages in the wake of the Westminster terror attack, Home Secretary Amber Rudd has demanded.
Ms Rudd said it was ‘unacceptable’ that the security services were unable to see messages sent by terrorists.”
The flaw with this argument is, of course, that if there is a backdoor in WhatsApp so that police can read terrorists messages, then the terrorists will be able to use the same backdoor to read the message between law enforcement, MPs and everybody else.
xxx
“A police officer has been jailed today after she accessed the police national computer database to help a friend who was once suspected of involvement in Britain’s biggest ever cash robbery. “
xxx
xxx
“Her Majesty’s Inspectorate of Constabulary (HMIC), which inspects Britain’s police forces, has reported on several cases of misuse of the Police National Computer (PNC) by non-police organisations.”
Non-police orgs merrily accessed PNC without authority, says HMIC • The Register
xxx
xxx
“A woman who got a job at Hammersmith Police station so she could track a witness whose evidence helped convict her gangster boyfriend of murder has been jailed.”
xxx
If you been in a British Airways boarding queue recently, you’ll know how convenient it is to board using the QR code on your phone and how inconvenient it is to fumble around getting your passport out to show at the gate and how annoying it is to be in the line behind people who put the phone down to rummage around in a bag to find the passport and then have to mess around unlocking the phone again because it locked while they were rummaging. So: if BA can do the passport scan and face capture away from the boarding gate they can make for a much smoother boarding process.
(It helps if the boarding pass is real, of course. I remember watching an episode of “Britain on the Fiddle” about boarding cards. The program, which was excellent by the way, included reports of ID fraud that I found fascinating, but also featured Mickey Pitt, an engaging cigarette smuggler who masterminded an operation that used fake boarding passes to get in and out of airports undetected. Perhaps we can fix that problem with the same technology.)
It seem like quite a while since I first read that British Airways (BA) was going to introduce facial biometrics for boarding international flights at Heathrow, although I don’t remember going through such gates (they have them for domestic flights). I wish they would hurry up, because this is a great example of biometrics as a convenience technology. According to International Airport Review, a scan of the customer’s face is recorded when they travel through security, and when they arrive at the gate, their face is matched with this representation when they present their boarding pass. Thus you can get on the plane just using the boarding pass in your Apple Wallet and you can leave your passport in your bag.
I hope Terminal 5 will go even further move to remote capture for all flights. Surely as an Executive Club member I should be able to have them capture a picture of my passport at home using Au10tix or similar and store it with my account so that next time I go to the airport I can breeze through the boarding process: they should get rid of the “priority” boarding line (which on many BA flights seems to include almost all passengers) and replace it with a mobile/biometric line instead.
Let’s analyse the problem. Breaking it down using my favourite identity model, the three-domain model (3DID), we can see there are three separate problems that need to be solved using the technologically effectively:
identifying the person travelling (we need to bind a passport);
authenticating that the boarding pass is in the hand of the correct person; and
authorising the person with the boarding pass to go through the gate on to the plane.
The way to do this is, in my opinion, is to create a digital identity for the purposes of travelling (the travel ID) and to bind this identity to a mundane identity by linking it to a specific passport. Then British Airways can bind this identity to my Executive Club by creating a BA virtual identity, Delta can create a Delta identity and so on. Now, when I make a booking, the booking is connected to my BA ID. That BA ID could, of course, be linked with either my face (in the form of a biometric template) or it could be authenticated using some other biometric that is optimised for speed and convenience at the airport.
(The point is, however, that in the airport the biometric would be used to authenticate against the travel ID, not the underlying passport. This may seem pointless at first glance, but if you think about the edge cases for travel it makes sense. You don’t want an undercover James Bond, masquerading as Dave Birch, to wander into Terminal 5 to be greeted with a cheery “welcome back Mr. Bond, your flight will be at gate B63 and it running 20 minutes behind schedule” on a big screen.)
That way, we could restructure the airport experience around technology instead of electronic simulations of paper. In this way, I can check in for the flight on my phone and then put my phone away. When I get to the airport, I go through security (at which point my face is checked against the passport photo in my BA ID) and then go to experience the Terminal 5 shopping experience. When it is time to board the plane, I put my finger into a scanner at the gate and off I go.
xxx
The EU needs to avoid any laws that allow people to pay for digital content with their personal information instead of money, the European Data Protection Supervisor warned.
From Using Personal Information Like Money? Not So Fast, the EU Privacy Adviser Warns | Bloomberg BNA
xxx
You can’t say that London isn’t a fintech powerhouse and epicentre of the revolution that is forging a new financial services industry in the white heat of old technology. Wait, what?
“The UK is to roll out an image-based cheque clearing system in October that will slash processing times from six ‘weekdays’ to one day”
I’d forgotten that some people still use cheques. I haven’t seen one for ages and haven’t the slightest idea where my chequebook is. I can’t even think what I might need a cheque for. In the last couple of weeks I’ve paid our gardener, window cleaner, a building contractor and my youngest son using my mobile phone. I have absolutely no need for cheques. Still, they are important to the powers that be.
“These changes will put cheques firmly in the 21st century”
Actually, it will put cheques firmly in the 18th century, which is when they used to clear in one day because the clerks of the London banks had set up their own informal clearing system down the pub.
“Daily cheque clearing began around 1770 when the bank clerks met at the Five Bells, a tavern in Lombard Street in the City of London, to exchange all their cheques in one place and settle the balances in cash.”
Why waste money supporting the declining cheque business (cheque use fell another 15% in the UK last year) when we should be spending the money on identity infrastructure that is need to support the transition to open banking. It could all have been so different!
xxx
“A clear lesson from the early days of bitcoin is that regular users suck at managing private keys.”
They do indeed. And speaking as user, I don’t want to get better and managing private keys. I want someone else to do it, preferably someone who has some experience of this sort of thing, someone who has issued millions of keys and had to manage them, and ideally someone who is heavily regulated so that I have some expectation of redress in the event of a problem. Such would be a significant “incentive function” of banks if they can get their act together to do it.
xxx
“A dashboard helps create separate card numbers and one-time-use numbers or merchant-specific ones. In this manner, a user can set up a ‘Netflix card or a Geico card’ that attends to payments for each of those relationships,”
via For Credit Cards, Canceling The Need To Cancel | PYMNTS.com
This is certainly an interesting proposition and good luck to Aaron and his team with taking it forward. But I don’t want a Netflix card or a Geico card, I want a Netflix identity and a Geico identity. Not just a card number, but a name and address and e-mail and… reputation. If I use a different card number at Ashley Madison and William Hill, then hackers (or, worse still, marketers) can still see that the name and address is the same and then reasonably conclude the same person is behind both usernames.
We need to make it hard for attackers of any kind to do this kind of thing.
xxx
“Combined with state data on things like temperature, motion or chemical composition collected from sensors on equipment (aka the internet of things) blockchain could cost-effectively confirm everything that has ever happened to the food someone is about to eat.”
via Blockchain For Supply Chain: Enormous Potential Down The Road
That sounds appealing, but it’s not the straightforward. As I explained in a Tomorrow’s Transactions blog post on this subject, the blockchain may be amazing but it isn’t magic. I share this authors suspicion that there may be a very fundamental and very disruptive connection between shared ledger technologies and thingternet technologies, but how would this help in practice?
Let’s look at a specific supply chain failure. The example I used before was that of the famous Amex salad oil scandal.
“The Great Salad Oil Swindle was carried out by Anthony ‘Tino’ De Angelis, who traded vegetable oil (soybean oil) futures which was an important ingredient in salad oil. “
via How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE
The swindle involved falsifying records of the amount of vegetable oil that was being held in the supply chain. At one level, it was a simple and old-fashioned scam.
“American Express had recently created a new division that specialized in field warehousing, which made loans to businesses using inventories as collateral. American Express wrote De Angelis warehouse receipts for millions of pounds of vegetable oil, which he took to a broker and discounted the receipts for cash. This proved to be an easy way to get money, so De Angelis began falsifying warehouse receipts for vegetable oil he didn’t have. “
via How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE
The execution of the scam was, though, rather sophisticated.
“American Express sent out inspectors to make sure that De Angelis had the vegetable oil that acted as collateral, but what they didn’t know is that many of the tanks were filled mostly with water with a minimum of oil floating on the top to fool the inspectors, or that some of the tanks were connected with pipes to other tanks so the oil could be transferred between tanks when the inspectors went from one tank to the other.”
via How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE
xxx
So where could shared ledgers help, if not as a supply chain guarantor. Well…
“If American Express had done their homework, they would have realized that De Angelis’s reported vegetable oil ‘holdings’ were greater than the inventories of the entire United States as reported by the Department of Agriculture. “
via How The Salad Oil Swindle Of 1963 Nearly Crippled The NYSE
So if there had been some sort of salad oil blockchain, and every entry in the ledger was encrypted so that only American Express could read entries relating to their holdings and only Company X could read entries relating to their holdings but that actual amounts of the holdings in litres were in the clear then everyone, including the regulators, would have been able to easily calculate that the total amount of oil was greater than the total amount being produced. It’s the partial transparency that’s the key point here, which is why we refer to “translucent transactions” on shared ledgers as the platform for new kinds of financial marketplaces that will be cheaper and safer. It’s the shared ledger as a regtech again.
Snippings