Snippings

xxx

MCP as described by Anthropic is the open standard that allows AI models to connect to many different apps and data sources in a consistent way.

From: Agentic Commerce and the Payment Networks.

xxx

xxx

So the fight for domination of the future payments system is on — and the US wants to win. The broader European public may be blissfully unaware. But those in charge of the Eurozone are also determined that this battle for technological control over the economy is one that the EU must not lose. This is the fundamental motivation for the digital euro — a central bank-issued official digital currency that, if done well and fast enough, will rival or outperform the attractiveness of dollar stablecoins.

From: The battle for the global payments system is under way.

xxx

xxx

I hear from a relative in admin in a lettings agency that utility companies get 90% of landlord utility bills wrong, endlessly, and even with photographic evidence it can take 6 months to get a right bill – all wasted cost and time

From: Your call is important to us . . . please hold.

xxx

xxx

Fears of a plot by Russia to sabotage Britain’s energy pipelines means families should pack a 72-hour ‘survival kit’, security advisers have warned.

From: Brits should prepare a 72 hour ‘survival kit’ as Putin plots to sabotage gas pipelines and cause mass blackouts, warn spies | Daily Mail Online.

I can’t help but notice that the survival kit shown includes identity, but not money.

xxx

Authentication 
MCP does not currently define a standard authentication mechanism for how clients authenticate with servers, nor does it provide a framework for how MCP servers should securely manage and delegate authentication when interacting with third-party APIs. Authentication is currently left up to individual implementations and deployment scenarios. In practice, MCP’s adoption so far seems to be on local integrations where explicit authentication isn’t always needed.

A better authentication paradigm could be one of the big unlocks when it comes to remote MCP adoption. From a developer’s perspective, a unified approach should cover:

Client authentication: standards methods like OAuth or API tokens for client-server interactions
Tool authentication: helper functions or wrappers for authenticating with third-party APIs
Multi-user authentication: tenant-aware authentication for enterprise deployments
Authorization 
Even if a tool is authenticated, who should be allowed to use it and how granular should their permissions be? MCP lacks a built-in permissions model, so access control is at the session level — meaning a tool is either accessible or completely restricted. While future authorization mechanisms could shape finer-grained controls, the current approach relies on OAuth 2.1-based authorization flows that grant session-wide access once authenticated. This creates additional complexity as more agents and tools are introduced — each agent typically requires its own session with unique authorization credentials, leading to a growing web of session-based access management.

From: A Deep Dive Into MCP and the Future of AI Tooling | Andreessen Horowitz.

xxx

xxx

Malta’s illegal identity card scandal, linked to government agency Identità, continues to stir political uproar in the country.
The oppositional Nationalist Party (PN), one of the two major political parties in Malta, has accused the Labour Party-led government of playing down the scale of the ID racket which allowed ineligible individuals to obtain Maltese IDs in return for bribes.

From: Malta’s ID card racket stirs political strife | Biometric Update.

xxx

xxx

Britain’s biggest banks, technology and telecoms companies have pledged to step up efforts to share live fraud data, as calls grow for the government to take stronger leadership in coordinating the fight against online scammers.

From: Banks and tech groups commit to live data-sharing in UK fraud clampdown.

xxx

April 8th is an interesting day in the world of computer security because OpenSSL 3.5 is released today. It is a big deal because it use post-quantum cryptography methods:

ML-KEM (FIPS 203) — Module Lattice-Based Key Encapsulation Mechanism (FIPS 203). This is a PQC standard for Key Exchange.

ML-DSA (FIPS 204) — Module Lattice-Based Digital Signature Algorithm. This is a PQC standard for digital signatures, and it uses the Dilithium signature method.

SLH-DSA (FIPS 205) — Stateless Hash-Based Digital Signature Algorithm. This is a PQC standard for digital signatures and uses the SPHINCS+ signature method.

As Professor Bill Buchanan points out, this means that web servers and other applications will be able to protect themselves against quantum computin. As OpenSSL is the most widely used library for cryptography this release will support the replacement with ECDH with ML-KEM, and RSA and ECDSA with ML-DSA.

xxx

The UK must recognise payments as part of its strategic infrastructure, similar to energy or food security. Ensuring resilience against geopolitical disruptions requires coordinated efforts between the public and private sectors.

Open banking has made significant strides, but considerable work remains to establish it as a standalone payments ecosystem. Addressing commercial incentives, consumer protections, product ubiquity, and cross-border acceptance will be essential to build a resilient, self-sufficient infrastructure capable of withstanding external pressures.

If successful, open banking could emerge as a resilient backbone for the UK’s financial ecosystem, reducing dependency on US-dominated networks and creating a robust, homegrown payments infrastructure.

From: Can open banking stand alone as the UK’s payment infrastructure?.

xxx

xxx

The banking industry’s effort to fight check fraud is likely to benefit from President Donald Trump’s order to the Treasury Department to stop issuing paper checks for federal disbursements and to transition to digital payments.

From: Treasury’s halt of paper checks likely to reduce fraud | American Banker.

xxx