Stripe’s Stablecoin Startup Tangles With Sanctions and Scammers — The Information

xxx

While Stripe foresees Bridge’s tech “turbocharging cross-border commerce” and boosting payments volume, its contribution to Stripe’s bottom line is so far unclear. Margins in stablecoin transactions are typically wafer-thin due to the number of counterparties involved in each stablecoin transaction, according to market participants.

From: Stripe’s Stablecoin Startup Tangles With Sanctions and Scammers — The Information.

xxx

Visa’s 2026 Strategy: Evolving from Processing Transactions to Orchestrating Commerce

xxx

Visa isn’t waiting for markets to mature. They’re positioning in advance of agentic commerce going mainstream in 2027-2028, stablecoin regulatory clarity enabling institutional adoption in 2026, guest checkout extinction happening right now, and A2A and RTP reaching scale in developed markets over the next five years.

From: Visa’s 2026 Strategy: Evolving from Processing Transactions to Orchestrating Commerce.

xxx

Will new year bring jump in demand for jumbo rabbits? | The Japan Agri News

xxx

Growing rabbits for food started in the Meiji Era to improve diet in rural parts of Japan. During wartime, production increased throughout the region to meet the growing needs for food and fur. Farmers improved the breed repeatedly to what it is today, a big rabbit with a white coat, which is easy to dye.

From: Will new year bring jump in demand for jumbo rabbits? | The Japan Agri News.

xxx

‘AI swarms’ are mass-producing credible misinformation. D…

xxx

The next escalation in this process of manufacturing “reality” is now upon us, courtesy of AI. A recently published paper by a large group of scholars in the prestigious journal Science lays out the scenario. ChatGPT et al offer the prospect of manipulating beliefs and behaviours on “a population-wide level”. The combination of large language models (LLMs) and autonomous agents will enable what the researchers call “AI swarms” to reach “unprecedented scale and precision” . They will expand propaganda output without sacrificing credibility and inexpensively create “falsehoods that are rated as more human like than those written by humans”.

From: ‘AI swarms’ are mass-producing credible misinformation. D….

xxx

‘AI swarms’ are mass-producing credible misinformation. D…

John Naughton summarised the situation very well indeed in a recent Observer column. As he wrote, much of what goes on in social media is real (by which he means genuine conversations between humans) but nobody really knows how much. This matters because the erosion of trust between what’s real and what’s manufactured is making democracies ungovernable.

FW I Call it APP Britain

Figures just released by the UK’s Payment Systems Regulator (PSR) put authorised push payment (APP) fraud losses at £258 million in the year to September 2025 with 88% (£173m) of the money lost being reimbursed to victims. So criminals are walking away with the cash and bank shareholders are covering the losses.  

APP fraud is where a customer is tricked into instructing their bank to send money to an account controlled by a criminal. Thus the transaction is “authorised” by the customer even though the underlying instruction is the result of deception.There is no technical compromise of the the system: the fraudster wins by persuading the victim to act. The typical (and I think, well-known) typologies  and examples chosen at random include romance scams, investment scams, bank impersation scams (in particular, the “safe account” scams) and business email compromise scams. The Financial Ombudsman Service (FOS) data  shows fraud and scam complaints at their highest recorded quarterly level, with a notable increase in cases involving social‑media investment scams.

Investment scams are now the main driver of APP fraud losses, with romance scams not far behind. Here is a typical example. A woman in her 60s from Warrington (“Lyn”) met a man calling himself “Derek” in a Facebook group for widows after the death of her partner. Around four months into the “relationship”, he told her there had been a serious accident at his company and that he needed money to pay employees’ hospital bills, promising to repay her with interest. She ultimately transferred over £50,000 (her entire pension pot). This is a classic romance scam pattern: emotional grooming via social media, migration to private channels, a fabricated emergency, and high‑value transfers funded from savings rather than credit. Precisely the patterm that led an intelligent, articulate successful person in their 50s to remortgage a house to send a fraudster £120,000 and then fly to Antwerp with £10,000 in cash in a suitcase to hand over to people that they had never met.

(By the way, as Becky Holmes says, if you think you are too smart to fall for any of these scams, then you’re a fool.)

Fortunately for our UK readers, we have a thing called the Reimbursement Requirement (RR), which came into effect in October 2024, replacing the old voluntary Contingent Reimbursement Model (CRM) introduced in 2019. In summary, it mandates reimbursement for victims of APP fraud payments made via Faster Payments and CHAPS; and applies to consumers, micro-businesses and charities.

I should say here that this isn’t all about people getting snared on social media (although that is a large part of the problem). APP fraud affects corporates as well as vulnerable consumers. We’ve all read stories about companies getting tricked into paying fake invoices, or paying real invoices but into bogus accounts. not to mention stories of hapless employees buying gift cards for their “boss” who reaches out on WhatApp or transferring large sums because an AI-generated version of the CFO shows up in a Teams meeting. These are not covered by the RR, but the losses are still huge.

Anyway, under the RR the cost of reimbursement is shared equally between the sending and receiving payment service providers (PSPs), with refunds to be issued generally within five working days. The maximum reimbursement per claim is £85,000 and PSPs are permitted to apply a £100 excess. Exceptions to reimbursement include cases where the customer knowingly participated in fraud or acted with gross negligence. What constitutes gross negligence is, I have to say, not clear to me. As I understand things, not being a lawyer, reimbursement is not required where a sending PSP can demonstrate that a consumer has, as an actual lawyer puts it, not complied with one or more of certain listed standards, including having regard to any intervention made by the sending PSP (such as a warning given to the consumer prior to the payment being made).

The FOS has, it has to be said, tended to interpret this exception rather narrowly, so I will be interested to see in the Payment System Regulators’ independent review on RR effectiveness (due to be published in the next quarter) just where the dial is going to be set. For exmaple, if the bank warns you “it’s a scam” and you ignore them, is that gross negligence or not?

Well, no. British banks say that not only is the RR expensive and messy but is unfair in cases where customers the the banks’ warnings but still get their money back. Given that both the PSR and FCA apply such a high bar to gross negligence, banks argue that there is the potential more moral hazard because the effectively automatic reimbursement weakens consumer incentives to be cautious. Thus, banks feel they are carrying the can but seeing no changes in consumer behaviour. For example: in FOS case, HSBC argued that its online prompts were “effective warnings” and that the customer ignored them. They lost the case and had to reimburse the custoner.The Ombudsman examined the wording and presentation and concluded these warnings did not adequately spell out that investments advertised on social media could be scams (whereas as an informed consumer such as myself assumes that all investments advertised on social media are scams) and that the bank would not call to ask a customer to move funds (whereas an informed consumer such as myself, called by Barclays to warn me that my money was at rish, would remind the bank that it is their money and if it goes missing I couldn’t care less).

Other FOS rulings have tended to the same result. Customers making multiple high‑value payments to crypto or investment platforms who got generic “be aware of fraud” messages and clicked through them got full or near‑full reimbursement because the FOS though that the warnings were too generic, the scams wwre too sophisticated for consumers to detect (eg, fake websites) or the customers were vulnerable perhaps because of grief, illness or financial distress. On the last point, the regulators’ view is that many victims are vulnerable, and their vulnerability trumps the gross‑negligence standards. They have a point, of course, but if I was running a bank then their would simply encourage me to dump these vulnerable customers as soon as possible, which I am sure cannot be what society wants.

I am sympathetic with the banks, to be honest. They are carrying an asymmetric liability for a crime often initiated elsewhere. Banks argue that most APP scams originate on platforms they do not control (eg, social media, online marketplaces, messaging apps and telco channels) yet reimbursement rules place near‑total financial liability on PSPs, especially sending banks. In short, banks see themselves as being turned into de facto “insurers of last resort” for scams that are often initiated and amplified by weaknesses in other sectors’ controls.

The Payments Association reckon that something like two-thirds of APP fraud comes from social media platforms and most of the rest comes from insecure telecommunications channels where SMS (a security-free zone), robocalls and number‑spoofing that make messages appear to come from a bank, HMRC or some other trusted entity. In my view, the communications channels should share liability with banks. This is how things work in Singapore.

 

Singapore’s regime is a formal “Shared Responsibility Framework” (SRF) for phishing / APP-style scams, where banks and telcos have defined preventive duties and bear losses if they breach them, using a waterfall (banks first, then telcos, then the consumer). [hsfkramer](https://www.hsfkramer.com/notes/data/2024-posts/financial-institutions-and-telcos-required-to-share-responsibility-for-phishing-scams-in-singapore)

## What the framework covers

– It applies to **digitally‑enabled phishing scams** where a victim is tricked into disclosing credentials on a fake digital channel (site/app), leading to unauthorised transactions (i.e. typical APP‑style account‑draining scams). [reedsmith](https://www.reedsmith.com/en/perspectives/2024/11/singapore-to-implement-shared-responsibility-framework-for-phishing-scams)
– It covers **full banks and relevant PSPs** (e‑wallet issuers) and **mobile network operators** (telcos) in Singapore. [insightplus.bakermckenzie](https://insightplus.bakermckenzie.com/bm/financial-institutions_1/singapore-shared-responsibility-framework-to-be-implemented-from-16-december-2024)
– It does not currently cover **malware scams, non‑digital phishing or “authorised” scams** where the user knowingly initiates a payment to a mule account without credential compromise. [channelnewsasia](https://www.channelnewsasia.com/singapore/phishing-scams-banks-telcos-shared-responsibility-framework-dec-16-responsibilities-duties-4699236)

## Core duties on banks

Examples of key SRF duties for financial institutions (FIs):

– Implement **real‑time fraud surveillance** aimed at detecting rapid account‑draining transactions linked to phishing. [rajahtannasia](https://www.rajahtannasia.com/viewpoints/mas-and-imda-set-out-duties-and-liability-of-financial-institutions-and-telcos-in-mitigating-digital-scams/)
– Send **outgoing transaction alerts** (e.g. SMS/app alerts) with sufficient information and timely delivery. [rajahtannasia](https://www.rajahtannasia.com/viewpoints/mas-and-imda-set-out-duties-and-liability-of-financial-institutions-and-telcos-in-mitigating-digital-scams/)
– Maintain **strong authentication**, secure customer onboarding, and robust processes to block and investigate reported scams. [reedsmith](https://www.reedsmith.com/en/perspectives/2024/11/singapore-to-implement-shared-responsibility-framework-for-phishing-scams)
– Comply with enhanced **E‑Payments User Protection Guidelines** (e.g. helping to facilitate prompt reporting, dispute handling, and investigation). [rajahtannasia](https://www.rajahtannasia.com/viewpoints/mas-and-imda-set-out-duties-and-liability-of-financial-institutions-and-telcos-in-mitigating-digital-scams/)

If an FI breaches any of its defined duties in a covered case, it must **reimburse the victim’s scam loss in full** under the SRF. [reedsmith](https://www.reedsmith.com/articles/singapore-to-implement-shared-responsibility-framework-for-phishing-scams/)

## Core duties on telcos

Examples of SRF duties for telcos (mobile network operators):

– Implement **SMS scam filters** and other network‑level measures to block or flag suspicious phishing SMSes. [hsfkramer](https://www.hsfkramer.com/notes/data/2024-posts/financial-institutions-and-telcos-required-to-share-responsibility-for-phishing-scams-in-singapore)
– Enforce **stringent SIM registration and replacement controls**, to reduce SIM‑swap and related fraud vectors. [gasa](https://www.gasa.org/post/singapore-s-shared-responsibility-framework-a-global-model-for-combating-phishing-scams)
– Cooperate on **blocking scam links / sender IDs** and supporting investigations. [imda.gov](https://www.imda.gov.sg/-/media/imda/files/regulations-and-licensing/regulations/consultations/2024/shared-responsibility-framework-for-phishing-scams/guidelines-on-shared-responsibility-framework.pdf)

If a telco breaches its duties and the FI has **not** breached any of its own, the telco is then expected to **bear the full consumer loss** for that covered phishing case. [channelnewsasia](https://www.channelnewsasia.com/singapore/phishing-scams-banks-telcos-shared-responsibility-framework-dec-16-responsibilities-duties-4699236)

## How the “waterfall” liability works

The SRF uses a **waterfall** approach for allocating losses in covered phishing scams: [insightplus.bakermckenzie](https://insightplus.bakermckenzie.com/bm/financial-institutions_1/singapore-shared-responsibility-framework-to-be-implemented-from-16-december-2024)

| Step in waterfall | Condition | Who bears the loss? |
| — | — | — |
| 1. Bank/FI | FI breached any SRF duty | FI reimburses full loss to victim. [hsfkramer](https://www.hsfkramer.com/notes/data/2024-posts/financial-institutions-and-telcos-required-to-share-responsibility-for-phishing-scams-in-singapore) |
| 2. Telco | FI complied; telco breached any duty | Telco reimburses full loss to victim. [hsfkramer](https://www.hsfkramer.com/notes/data/2024-posts/financial-institutions-and-telcos-required-to-share-responsibility-for-phishing-scams-in-singapore) |
| 3. Consumer | Both FI and telco complied with all duties | Consumer bears loss; no SRF payout. [channelnewsasia](https://www.channelnewsasia.com/singapore/phishing-scams-banks-telcos-shared-responsibility-framework-dec-16-responsibilities-duties-4699236) |

So it is **shared liability in principle**, but not pro‑rata: responsibility is assigned by identifying which party (if any) failed its defined preventive duties in that case. [reedsmith](https://www.reedsmith.com/articles/singapore-to-implement-shared-responsibility-framework-for-phishing-scams/)

## Timeline, scope and interaction with customers

– The SRF is implemented via **Guidelines** issued jointly by MAS and IMDA and took effect on **16 December 2024**, with a transition period for some surveillance obligations. [hsfkramer](https://www.hsfkramer.com/notes/data/2024-posts/financial-institutions-and-telcos-required-to-share-responsibility-for-phishing-scams-in-singapore)
– It sits alongside the **Online Criminal Harms Act**, which lets the government direct online services to block scam content, reinforcing upstream controls. [gasa](https://www.gasa.org/post/singapore-s-shared-responsibility-framework-a-global-model-for-combating-phishing-scams)
– Consumers remain responsible for **basic vigilance** (e.g. not ignoring obvious warnings), and if both FI and telco have met their duties, **no reimbursement** is due under SRF. [channelnewsasia](https://www.channelnewsasia.com/singapore/phishing-scams-banks-telcos-shared-responsibility-framework-dec-16-responsibilities-duties-4699236)

For APP‑style fraud you can think of SRF as a codified negligence‑based allocation: if the bank’s controls fail, the bank pays; if the bank’s were adequate but the telco’s weren’t, the telco pays; only when both sets of controls are judged reasonable does the victim ultimately wear the loss. [reedsmith](https://www.reedsmith.com/articles/singapore-to-implement-shared-responsibility-framework-for-phishing-scams/)

 

 

financial liability – for APP fraud.
The rationale can be framed in three linked ways:
1. Polluter pays principle.
If a majority of scams begin on a specific type of platform, the platform’s business model and controls are part of the causal chain. Social media companies and telcos monetise reach and engagement but have historically under‑invested in robust fraud controls relative to the externalities imposed on consumers and banks. Sharing liability would better align incentives: if a platform faces real cost when fraud proliferates, its board has a hard financial reason to tighten ad vetting, identity verification, bot detection and takedown processes.thepaymentsassociation+1
2. System‑level risk management.
Fraudsters exploit the weakest link across the end‑to‑end digital ecosystem: a scam might start with a dodgy online ad, move to an encrypted messaging channel, then culminate in a Faster Payment. A regime that concentrates liability on the final payment step encourages banks to add friction at the point of payment, but does less to harden upstream attack surfaces. Spreading cost across banks, telcos and platforms makes it more rational for each sector to invest in preventative controls in proportion to its role in the attack chain.kpmg+1
3. Fairness and political optics.
From a public policy perspective, it is increasingly difficult to justify why regulated banks – which are already investing heavily in controls and are subject to prudential supervision – should shoulder most of the loss, while highly profitable tech and telecoms firms that are central to scam origination face little direct liability. A cost‑sharing model could take various forms: mandatory contributions to a cross‑sector fraud fund, joint reimbursement pools, or direct liability where a scam can be linked to specific platform failings (e.g. paid ads that fail to meet due‑diligence standards).thepaymentsassociation+1
For business leaders, the direction of travel is towards cross‑sector accountability. Payments firms will still carry frontline liability under PSR rules, but lobbying and regulatory debate are now focused on bringing social media, online marketplaces and telcos into a shared‑cost framework and imposing higher standards for identity, advertising and communications security. That shift, if implemented, would rebalance incentives from “pay out after the event” to “prevent fraud at source”, which is ultimately the only sustainable solution at current APP fraud volumes.kpmg+2

Signal: Can Fintechs Out-AI Banks?

xxx

There were some pockets of fintech innovation (lending to the underbanked, SMEs, and corporate credit cards), but banks managed to hold their ground in the segments they care about. Could disruption in lending finally come from agentic commerce? Credit card issuers built defensible moats through decades of investment in brand loyalty. An AI agent has no loyalty.

From: Signal: Can Fintechs Out-AI Banks?.

xxx

POST Right but Wrong

You’ve probably heard about this social media site where bots pretending to be people post AI-generated slop to each other, regurgitate nonsensible propaganda, make up inflammatory stories and engage with cryptocurrency scammers ramping worthless digital “assets”. It’s called “X”.

Meanwhile, there’s another social media site called “Moltbook” where people pretending to be bots post AI-generated slop to each other, regurgitate nonsensible propaganda, make up inflammatory stories and engage with cryptocurrency scammers ramping worthless digital “assets”. That’s progress for you. Only a few days in and the Moltbook “leaderboard” was already largely given over to cryptoscams of one form or another with the occassional bot swarm coming up the ranks.

The Information said that other than being incredibly entertaining and slightly worrying for those concerned about AI gaining sentience, OpenClaw and Moltbook “offer a glimpse of where AI is going”. Actually, that wasn’t the lesson I took away from my first look at what was going on over there. The lesson that I took away from (you will not be surprised to hear) is that without a working digital identity infrastructure, we can’t have nice things.

(Anyway bot swarms and other forms of what I think I remember Mark Zuckerberg once describe as “co-ordinated inauthentic behaviour” are not amusing. They are insidious.)

John Naughton summarised the situation very well indeed in a recent Observer column. As he wrote, much of what goes on in social media is real (by which he means genuine conversations between humans) but nobody really knows how much. This matters because the erosion of trust between what’s real and what’s manufactured is making democracies ungovernable.

(Incidentally, last year John drew my attention to an excellent rant from Dave Winer about the infuriating tendency of chatbots to pretend that they’re your friend.

“Can we have a rule,” Dave wrote, “that AI bots must by default behave like a computer?

We could adopt the conventions of Paranoia, the dystopian science-fiction tabletop role-playing game (first published in 1984), and require all posts by bots to end with “the computer is your friend”. But if that doesn’t work, it might be time to start using some actual cryptography.)

You know what I am going to say here, of course: without digital identity, verifiable credentials and immutable reputation, there is no good outcome. I don’t think that is controversial. But how?

xxx

The recent rapid acceleration of generative AI and the imminent prospect of more ubiquitous agentic AI systems—artificial intelligence software capable of autonomously performing complex tasks, making decisions, and interacting convincingly—has renewed interest in digital identity writ large. Agentic AI is projected to become more prevalent in the immediate future, as human users proactively delegate tasks to credentialed agents.

From: Lessons from National Digital ID Systems for Privacy, Security, and Trust in the AI Age | TechPolicy.Press.

xxx

xxx

Digital identity is the missing layer of the internet. Without it, everything we build rests on sand.

From: Digital identity is the infrastructure crisis no one admits.

xxx

older people are very susceptible to fraud! what are telecom and social media…

xxx

Make a simple rule: they never move money or share codes and passwords based on a phone call, text, email, or social message without first checking with a trusted family member. Younger family “intervention” like this is shown to reduce losses.

From: older people are very susceptible to fraud! what are telecom and social media….

xxx

Design a site like this with WordPress.com
Get started