Snippings

Some good news arrives from our friend at Financial Fraud Action (FFA), the body tasked with reducing financial fraud in the UK.

Remote banking fraud losses totalled £137.1 million, a 19 per cent decrease from £168.6 million in 2015.

From Financial fraud data for 2016 published : Financial Fraud Action UK

Great news. Except… 

“But the report failed to include any reference to one form of crime that is on the rise and blighting victims’ lives: bank transfer fraud.”

‘I was robbed of £19k, and Barclays just stood by’

Oh dear. Having made it easier to transfer money between bank accounts, criminals have t

“After it was realised this was a scam, your bank contacted the Italian post office where the funds had gone but the money could not be retrieved.”

‘I was scammed for £1,300 and Amazon told me to buy again’

xxx

 

xxx

“It was only on closer inspection that they saw underneath the displayed name that the email address was not his own.”

‘I was robbed of £19k, and Barclays just stood by’

I must sound awfully harsh but I do not see what the bank has done wrong here. They were instructed to transfer money and that instruction was properly authenticated. It is not there fault that they were asked to transfer money to a fraudsters account.

The real problem here is using e-mail to instruct bank transfers. That’s negligence, since we all know that e-mail has no security. I would suggest that for accountancy firms and all others, all messages containing financial information be sent by Signal or for that matter WhatsApp (which has our Home Secretary’s enthusiastic endorsement as a platform for secure communications).

There was (yet another) discussion about these frauds on the BBC’s MoneyBox recently and I made a passing comment about how easy it would be to find out who the fraudsters are an arrest them. My point was that instant payments go to a bank account and since we have famously strict and well-observed Know-Your-Customer (KYC) laws maintained at great expense by the British bank industry, so it should be easy to send the police the details of who to arrest.

“TSB said… In this instance the scammer used valid ID”

‘I was robbed of £19k, and Barclays just stood by’

Well if it was a valid ID then bob’s your uncle. Should be easy to round up the perps. But not so…

“In some cases the original account is opened by a student or temporary British resident who is later – perhaps when they are leaving the country – persuaded to ‘sell’ the account to a fraudster for cash.”

‘I was robbed of £19k, and Barclays just stood by’

Interesting. And it’s not, a first glance, obvious what to do about this other than to make it a criminal offence to let someone else log in to your bank account.

xxx

“But did paying for everything with a card mean he spent more? ‘It’s certainly less tangible, you don’t see the money flowing in and out but I don’t think I’ve spent more or less than I would otherwise have,’ he says, adding that it can be even easier to keep a track on mobile payments with your phone, as you get the detail immediately on how much you’ve just spent – and on what. ‘It certainly makes expenditure on small transactions much more visible,’ he says. So, if you’re spending an excessive amount on regular coffees for example, you’ll learn soon enough once you start using the app.”

Cash free for a month: an experiment in new ways to pay

xxx

xxx

RegTech has been supplying some of the best use cases in banking. From the early customer engagement stages like KYC and Identity to compliance management, risk and reporting, the potential to reduce costs and create new customer engagement opportunities is tremendous for RegTech. Banks are also actively looking for solutions to better interfaces with regulators.

From How do you define RegTech?

xxx

xxx

n a letter written to the committee and published today, the chairman of the Financial Conduct Authority, John Griffith-Jones, said the regulator is already working with banks to provide more protection for customers.

He said measures being looked at include ‘removing any onus on customers to identify fraudulent transactions’

From Don’t force people to use tap and go cards, banks are told | Daily Mail Online

xxx

The new card fraud figures for the UK have just been released. Basically things can only get worse.

Losses due to payment card fraud were £618.0 million, an increase of nine per cent from £567.5 million in 2015.

From Financial fraud data for 2016 published : Financial Fraud Action UK

Card spending only increased six per cent in comparison. In other words, fraud is growing 50% faster than spending. That doesn’t sound an acceptable state of affairs to me. Something should be done.

It isn’t only card fraud that’s worrying.

Remote banking fraud losses totalled £137.1 million, a 19 per cent decrease from £168.6 million in 2015.

From Financial fraud data for 2016 published : Financial Fraud Action UK

You have to be careful with this figure because it is giving the losses to banks

xxx

“Nets is using HCE technology from Japanese card issuer JCB as the foundation for the mobile payment system. The firm says Danish supermarkets are among the first merchants to accept Dankort mobile payments, via a Bluetooth acceptance device that sits next to their conventional payment terminals. “

Danish banks add Dankort payments to mobile wallets

xxx

xxx

“Whatsapp must allow security services to access users’ messages in the wake of the Westminster terror attack, Home Secretary Amber Rudd has demanded.

Ms Rudd said it was ‘unacceptable’ that the security services were unable to see messages sent by terrorists.”

Government must have power to spy on Whatsapp users’ messages, Home Secretary Amber Rudd demands | The Independent

The flaw with this argument is, of course, that if there is a backdoor in WhatsApp so that police can read terrorists messages, then the terrorists will be able to use the same backdoor to read the message between law enforcement, MPs and everybody else.

xxx

“A police officer has been jailed today after she accessed the police national computer database to help a friend who was once suspected of involvement in Britain’s biggest ever cash robbery. “

Police officer jailed after using her force computer to help a criminal suspect in Britain’s biggest cash robbery | Daily Mail Online

xxx

xxx

“Her Majesty’s Inspectorate of Constabulary (HMIC), which inspects Britain’s police forces, has reported on several cases of misuse of the Police National Computer (PNC) by non-police organisations.”

Non-police orgs merrily accessed PNC without authority, says HMIC • The Register

xxx

xxx

“A woman who got a job at Hammersmith Police station so she could track a witness whose evidence helped convict her gangster boyfriend of murder has been jailed.”

Murderer’s girlfriend who got job at Hammersmith Police Station to access secret files on key witness is jailed – Get West London

xxx

If you been in a British Airways boarding queue recently, you’ll know how convenient it is to board using the QR code on your phone and how inconvenient it is to fumble around getting your passport out to show at the gate and how annoying it is to be in the line behind people who put the phone down to rummage around in a bag to find the passport and then have to mess around unlocking the phone again because it locked while they were rummaging. So: if BA can do the passport scan and face capture away from the boarding gate they can make for a much smoother boarding process.

(It helps if the boarding pass is real, of course. I remember watching an episode of “Britain on the Fiddle” about boarding cards. The program, which was excellent by the way, included reports of ID fraud that I found fascinating, but also featured Mickey Pitt, an engaging cigarette smuggler who masterminded an operation that used fake boarding passes to get in and out of airports undetected. Perhaps we can fix that problem with the same technology.)

It seem like quite a while since I first read that British Airways (BA) was going to introduce facial biometrics for boarding international flights at Heathrow, although I don’t remember going through such gates (they have them for domestic flights). I wish they would hurry up, because this is a great example of biometrics as a convenience technology. According to International Airport Review, a scan of the customer’s face is recorded when they travel through security, and when they arrive at the gate, their face is matched with this representation when they present their boarding pass. Thus you can get on the plane just using the boarding pass in your Apple Wallet and you can leave your passport in your bag.

I hope Terminal 5 will go even further move to remote capture for all flights. Surely as an Executive Club member I should be able to have them capture a picture of my passport at home using Au10tix or similar and store it with my account so that next time I go to the airport I can breeze through the boarding process: they should get rid of the “priority” boarding line (which on many BA flights seems to include almost all passengers) and replace it with a mobile/biometric line instead.

Let’s analyse the problem. Breaking it down using my favourite identity model, the three-domain model (3DID), we can see there are three separate problems that need to be solved using the technologically effectively:

• identifying the person travelling (we need to bind a passport);

• authenticating that the boarding pass is in the hand of the correct person; and

• authorising the person with the boarding pass to go through the gate on to the plane.

The way to do this is, in my opinion, is to create a digital identity for the purposes of travelling (the travel ID) and to bind this identity to a mundane identity by linking it to a specific passport. Then British Airways can bind this identity to my Executive Club by creating a BA virtual identity, Delta can create a Delta identity and so on. Now, when I make a booking, the booking is connected to my BA ID. That BA ID could, of course, be linked with either my face (in the form of a biometric template) or it could be authenticated using some other biometric that is optimised for speed and convenience at the airport.

(The point is, however, that in the airport the biometric would be used to authenticate against the travel ID, not the underlying passport. This may seem pointless at first glance, but if you think about the edge cases for travel it makes sense. You don’t want an undercover James Bond, masquerading as Dave Birch, to wander into Terminal 5 to be greeted with a cheery “welcome back Mr. Bond, your flight will be at gate B63 and it running 20 minutes behind schedule” on a big screen.)

That way, we could restructure the airport experience around technology instead of electronic simulations of paper. In this way, I can check in for the flight on my phone and then put my phone away. When I get to the airport, I go through security (at which point my face is checked against the passport photo in my BA ID) and then go to experience the Terminal 5 shopping experience. When it is time to board the plane, I put my finger into a scanner at the gate and off I go.

xxx

The EU needs to avoid any laws that allow people to pay for digital content with their personal information instead of money, the European Data Protection Supervisor warned.

From Using Personal Information Like Money? Not So Fast, the EU Privacy Adviser Warns | Bloomberg BNA

xxx

You can’t say that London isn’t a fintech powerhouse and epicentre of the revolution that is forging a new financial services industry in the white heat of old technology. Wait, what?

“The UK is to roll out an image-based cheque clearing system in October that will slash processing times from six ‘weekdays’ to one day”

UK to roll out image-based cheque clearing system

I’d forgotten that some people still use cheques. I haven’t seen one for ages and haven’t the slightest idea where my chequebook is. I can’t even think what I might need a cheque for. In the last couple of weeks I’ve paid our gardener, window cleaner, a building contractor and my youngest son using my mobile phone. I have absolutely no need for cheques. Still, they are important to the powers that be.

“These changes will put cheques firmly in the 21st century”

UK to roll out image-based cheque clearing system

Actually, it will put cheques firmly in the 18th century, which is when they used to clear in one day because the clerks of the London banks had set up their own informal clearing system down the pub.

“Daily cheque clearing began around 1770 when the bank clerks met at the Five Bells, a tavern in Lombard Street in the City of London, to exchange all their cheques in one place and settle the balances in cash.”

Cheque clearing – Wikipedia

Why waste money supporting the declining cheque business (cheque use fell another 15% in the UK last year) when we should be spending the money on identity infrastructure that is need to support the transition to open banking. It could all have been so different!