What a funny old week it’s been. Having blogged a lot about identity in the past, the week began with two peak time TV viewing programs about identity on Monday: Who do you think you are? on the BBC and Identity on ITV.
These programs are all about finding out about you and then keeping your you-ness your own.In the case of the Beeb, celebrities trace their family history and find out what skeletons, heroes and rogues they have hiding in the cupboard.
In the case of ITV's Identity, these descriptions give away the idea:
Identity is a new series following an elite police unit working on identity crime. In the first episode, a man arrested for shooting a police officer claims he has been set up by an identity thief. In episode two, the team are brought in on a murder investigation when a young British woman is killed abroad - and her passport used by another woman after her death. And in last Monday’s episode, a woman is in the witness protection scheme when her name is leaked online.
Why am I blogging about this?
Because identity is now entertainment.
Take the new exhibition being advertised all over London at the Science Museum with the theme: Who am I?
Who am I? invites you to explore the science of who you are through intriguing objects, provocative artworks and hands-on exhibits.Discover what your voice sounds like as a member of the opposite sex, morph your face to see what you’ll look like as you age, or collect DNA to catch a criminal in our brand-new interactive exhibits. Investigate some of the characteristics that make humans such a successful species, such as personality, intelligence and language. Reflect on the big questions that new techniques in science are raising, and explore how your genetics and brain combine to create your unique identity.
This exhibition is on every billboard on the London train network ...
... right next to this one from Experian ...
What all of this tells us is that our uniqueness is important. Our identity is our key to unlocking the riches of the world or losing them. Our identity is so intrinsic to access and ownership, that it is our most important asset.
Our identity is us.
You are you and me is me thanks to this unique code.
In other words, we are all individuals. We are all different ...
And there are a number of blogs dedicated to identity management issues, such as Dave Birch’s Digital Identity Blog and Kim Cameron’s Identity Blog. There’s even a film called Identity, although it has nothing to do with identity management and is far more related to being schizophrenic.So what is the problem with identity?Maybe it is related to the latter – not being schizophrenic but certainly having multiple identities. That’s the issue.We need a way to uniquely identify people for governmental purposes and for financial matters.From a government perspective, it’s all to do with taxation and benefits, with far too many people being able to buck the benefits systems and claim multiple benefits for multiple identities when all the money is flowing to a single claimant.The same is true in finance, where it is too easy to create multiple accounts with multiple names and addresses. We may say, with all the AML rules about account opening, that this is not true today ... not true.Students learn the benefit of multiple overdrafts early in life. For example, a comment from Sam Sam in the Student Room:Re: Opening multiple student accounts “In the blurb that you have to agree to, the banks often want to know that the account with them will be either your 'only' or your 'main' student account. loads of people have several different accounts though, people just tell porkies. If you need to provide a previous bank statement or something, you could just take a statement from a regular/solo account. just don't tell them.”But do they do this with different names and addresses ... probably not. For example, I have multiple bank accounts – business and personal – but they all come back to a single, unique person and address.And what happens to that single, unique person and address?They give it away on Facebook:"The days of you having a different image for your … co-workers and for the other people you know are probably coming to an end pretty quickly … Having two identities for yourself is an example of a lack of integrity." Mark Zuckerberg, founder and CEO of Facebook
Yea right.
So here’s my lack of integrity: I’ve got two Facebook accounts, three bank accounts, four Twitter accounts, five credit cards, several land addresses and many more email addresses and yes, you’ve guessed it, about ten different personalities.
Shucks!All of the above makes it clear how it is possible to defraud or disappear, if you know how.Case in point: Jason Bourne.In the excellent series of films about Bourne, which began with the Bourne Identity (there's that word again), we learn that he’s a lost man. What is his identity? Who is he? How can he find out? How can he prove he is Jason Bourne?Living under a pseudonym with memory loss means the original person has been lost.Good film ... but it is all fiction isn’t it?Nope.The proof reader of Neil Strauss’s latest book, Emergency (March 2009), talks about how to be a Jason Bourne in real life, through the creation of multiple bank accounts and holding several passports. “If you wanted to withdraw your entire life savings and move it to a bank in Switzerland, what would you do? Now that I’d decided to hide my assets offshore, the information from the Sovereign Society conference about the government tracking withdrawals and transfers of more than $10,000 applied to me. It seemed impossible to get the money from my American bank to the Swiss bank Spencer recommended without ringing alarm bells. Even if I moved it in small increments, there would still be a paper trail detailing exactly how much money I’d transferred. So I did what any resourceful American would do: I bought a book on money laundering.”Oh, so simple ... if you want to do this. I'm not advising that btw, but the potential and possibilities are clear and, whilst we have these gaps in the system for those who want or need to leverage and crack them open, identity management will always be an issue for governments and banks.So what’s the solution?An identity card with biometric recognition? A DNA database of all citizens?Nah. The UK has tried both and the first thing the new UK government has shut down is the biometric identity card programme, because it’s too expensive, and their efforts to keep a DNA database are severely challenged.So what is the solution?I personally don’t think there is one. A bit like fraud, there will always be an ‘acceptable level’ of fraudulent identity usage.The question then is what is that ‘acceptable’ level and how do you minimise money laundering, fraud and other underhand activity?Probably through some sort of government and bank shared identity tracking system.That would be my best guess anyway.
Meanwhile, must disappear now as I need to put some money into my very private Swiss bank account.
Some years ago, I delivered a presentation as a keynote with the title: “All Bankers are Criminals”.
I actually didn’t mean “all”.
The chicken feed, battery farmed, commercial, transactional and retail bankers are pin-stripe suited, humble pie, nice guys.
I was talking about the evil animals of Wall Street and the City.
These jungle animals hunt you down, rip out your wallet and tear your money apart note-by-note.
OK, I exaggerate a little, but you get the idea.
The first time I gave this presentation was back in Summer 2005 at a European Conference, and repeated it again in Spring 2006, as an Associate Director of TowerGroup.
The theme of the presentation mainly came from Frank Partnoy’s excellent book Infectious Greed, which traces the growth of weapons of financial destruction: derivatives, as named by Warren Buffett in his 2002 shareholder letter.
It is quite clear from this book that unchecked investment markets will run free of scruples and morals. This is what happened with Frank Quattrone of Credit Suisse and the dotcom boom and bust, along with many other examples through history.
It is not necessarily as true when we talk about arbitrage strategies and the John Meriwether’s of this world. However, these people are far more dangerous because they create financial markets systemic risk that can bring down companies and countries.
For example, in case you are wondering who John Meriwether is, he was one of the first arbitrage players and built Salomon Brothers into the big swinging dick master of the universe world so brilliantly depicted in Michael Lewis’s book Liar’s Poker.
With his colleagues, the use of arbitrage instruments led to the downfall of Salomon Brothers – they were subsequently merged into Citigroup – and Meriwether went on to create Long Term Capital Management (LTCM).
In 1998 LTCM lost $4.6 billion in less than four months and became the leading case study for how systemic risk created by derivatives products, combined with massive leverage
and arbitrage risk-models, creates a financial deck of cards. A deck that can rise and fall in the blink of an eye, with the latter potentially ruining companies, markets, countries and governments, as happened in the most recent crisis.
Anyways, not to be dissuaded from his cause, Meriwether went on to found JWM Partners, another highly leveraged "relative value arbitrage" firm. Yet again, he built leverage through this hedge fund from its opening with $250 million under management in 1999 to a massive $3 billion firm by 2007. Of course, it was all just on paper as the latest crisis battered the fund, losing almost half of its value between September 2007 and February 2009. The deck of cards strikes again. It closed in late 2009 and guess what? Meriwether’s about to launch yet another hedge fund, based upon just the same concepts.To me, this is the criminality of the financial system in action. Firms that build highly leveraged derivatives instruments for short-term arbitrage, with unproven skills and massive risk.Not that I’m calling Meriwether a criminal, as it’s all perfectly legitimate under SEC and FSA Rules.Or it was.It may be that the Goldman Sachs furore will change all this.You see, Goldman Sachs, like Meriwether, is very good at taking leverage and risk and managing the markets to gain short-term profit. Like Meriwether, Goldman Sachs succeeded in using these tools and instruments to generate massive profits. They achieved a record 131 trading days last year, in which the bank made at least $100 million net trading revenue each day.
Unlike Meriwether, Goldman Sachs managed to offload and hedge their risks back to others, such as AIG and IKB, such that when the markets collapsed their clients, suppliers and partners got burnt, but not them.Nothing wrong with that, as it’s all perfectly legitimate under SEC and FSA Rules. Unless the SEC and FSA find Goldman Sachs guilty of fraud.But how can they be guilty of a crime that was not a crime at the time it was committed?There’s the rub.I’m sure the SEC will aim to build a bulletproof case, and their cause is a worthy one: clean up the financial system. Is it worthy to do this so publicly?Not sure.Is it worthy to name the defendant up front, when the burden of proof has yet to be proven?Not sure.The Goldman Sachs case is actually more like watching a rape trial in action, where the defendant is a shifty looking guy who probably seems guilty whether guilty or not.For example, if you name someone like Jack Tweed in the UK, you might still associate him with being a rapist even though he was found not guilty.The guilt sits there, and that’s what will happen with Goldman Sachs.Whether guilty or not – and they’ve hired the best team possible to defend themselves, including “Master of Disaster” Mark Fabiani – we will always associate Goldman Sachs with something smelly for the foreseeable years to come.Ho-hum.At least all of this seems to inspire some humour. For example, in an April episode of hit comedy US TV series This American Life (TAL), they tell the story of a hedge fund that comes up with an elaborate plan to make money. It sponsors the creation of complicated and ultimately toxic financial securities while, at the same time, betting against the very securities it helped create. TAL commissioned a Broadway song to go along with the story:
The only thing that really gets me, in finishing this blog entry, is Warren Buffett.The Sage of Omaha has made his billions through prudent focus upon ‘value investing’. That means investing in strong and robust businesses like Coca-Cola, American Express, Gillette and the Washington Post. So when he referred to derivatives as ‘weapons of financial destruction’ in his shareholder letter of 2002, I respected the man and his integrity of thought.Now, having found Goldman Sachs under attack, he has stepped up to their defence, and I wondered why.Warren Buffett is an intriguing character, as we all know. The friend of kings and kingmakers, he walks a path separate to most.He knows the dangers of arbitrage, derivatives and leverage, because he had to step into Salomon Brothers in 1991 to clean up Meriwether and his colleagues mess.An extract from Carol Loomis’s in-depth review of Buffett’s experience at Salomon’s:
“You may reasonably ask what was going on in Salomon's stock while all of this was transpiring. It was emphatically down, from above $36 per share on Friday to under $27 on Thursday, when the second press release rocked the market. But the stock was only the facade for a much graver matter, a corporate financial structure that by Thursday was beginning to crack because confidence in Salomon was eroding. It is not good for any securities firm to lose the world's confidence. But if the firm is "credit dependent," as Salomon was to an extreme, it cannot tolerate a negative change in perceptions. Buffett likens Salomon's need for confidence to a mortal's need for air: When the required good is present, it's never noticed. When it's missing, that's all that's noticed.
“Unfortunately, the erosion of confidence was occurring in a company grown enormous. Salomon in August of 1991 had bulged up to $150 billion in assets (not counting, of course, huge off-balance-sheet items) and was among the five largest financial institutions in the U.S. Propping the company on the right-hand side of the balance sheet was--are you ready?--only $4 billion in equity capital, and above that was about $16 billion in medium-term notes, bank debt, and commercial paper. This total of about $20 billion was the capital base that supported the remaining $130 billion in liabilities, most of these short-term, due to run off in one day to six months.”
The result meant that Warren Buffett had to actually take over physically as manager of Salomon Brothers for a nine-month period, and it was emotionally exhausting for him.
Switch to 2010.
Warren Buffett invested heavily in Goldman Sachs in September 2008 – when Lehman Brothers, Merrill Lynch and Morgan Stanley were all imploding – buying $5 billion of preferred stock at a 10 percent dividend. These investments earn him $950 a minute, or $500 million a year today. No wonder he claims to be in love with that investment.
Trouble is that the alleged fraud at Goldman Sachs has really hit their share price. For example, Standard & Poor's downgraded Goldman
shares to "Sell" and lowered their target price by $40 to
$140 the other day.
Thinking back to Salomon's - if the firm is "credit dependent," as Salomon was to an extreme,
it cannot tolerate a negative change in perceptions - Buffett must be seriously worried about Goldman Sachs losing its credit worthiness, especially as it depends on good credit.
Oh yes, and having called derivatives ‘weapons of financial destruction’, guess what? Berkshire Hathway, Warren Buffett’s investment firm, has a massive portfolio of derivatives investments. From the Wall Street Journal last week: “Democrats took a step toward their goal of overhauling financial regulation, reaching a tentative deal to set restrictions on trading in exotic financial instruments known as derivatives. Among the considerations still in the balance: A big provision being sought by Warren Buffett in recent weeks ... the provision, sought by Berkshire and pushed by Nebraska Senator Ben Nelson in the Senate Agriculture Committee, would largely exempt existing derivatives contracts from the proposed rules. Previously, the legislation could have allowed regulators to require that companies such as Nebraska-based Berkshire put aside large sums to cover potential losses. The change thus would aid Berkshire, which has a $63 billion derivatives portfolio, according to Barclays Capital.”
Hmmm ... maybe that greed is infectious, although Morningstar Analyst Bill Bergman supports Mr. Buffett's exemption by stating that: "claiming Berkshire poses a risk to the financial system is a difficult
case to make."
Either way, the US movement towards an approval of a Financial Reform Bill to handle the issues of banks that are 'too big to fail' yesterday, takes it one step nearer to the American system taking a lead role towards a new financial architecture.
Derivatives are next ... and Warren Buffett, like Lloyd Blankfiend at Goldman Sachs and all of those current and former bankers and brokers who dealt in toxic derivatives across the world, must be worried.
Postnote: here is Berkshire Hathaway’s full commentary on derivatives from that shareholder letter back in 2002:
Charlie and I are of one mind in how we feel about derivatives and the trading activities that go with them: We view them as time bombs, both for the parties that deal in them and the economic system.Having delivered that thought, which I’ll get back to, let me retreat to explaining derivatives, though the explanation must be general because the word covers an extraordinarily wide range of financial contracts.Essentially, these instruments call for money to change hands at some future date, with the amount to be determined by one or more reference items, such as interest rates, stock prices or currency values. If, for example, you are either long or short an S&P 500 futures contract, you are a party to a very simple derivatives transaction – with your gain or loss derived from movements in the index. Derivatives contracts are of varying duration (running sometimes to 20 or more years) and their value is often tied to several variables.Unless derivatives contracts are collateralized or guaranteed, their ultimate value also depends on the creditworthiness of the counterparties to them. In the meantime, though, before a contract is settled, the counterparties record profits and losses – often huge in amount – in their current earnings statements without so much as a penny changing hands.The range of derivatives contracts is limited only by the imagination of man (or sometimes, so it seems, madmen). At Enron, for example, newsprint and broadband derivatives, due to be settled many years in the future, were put on the books. Or say you want to write a contract speculating on the number of twins to be born in Nebraska in 2020. No problem – at a price, you will easily find an obliging counterparty.When we purchased Gen Re, it came with General Re Securities, a derivatives dealer that Charlie and I didn’t want, judging it to be dangerous. We failed in our attempts to sell the operation, however, and are now terminating it.But closing down a derivatives business is easier said than done. It will be a great many years before we are totally out of this operation (though we reduce our exposure daily). In fact, the reinsurance and derivatives businesses are similar: Like Hell, both are easy to enter and almost impossible to exit. In either industry, once you write a contract – which may require a large payment decades later – you are usually stuck with it. True, there are methods by which the risk can be laid off with others. But most strategies of that kind leave you with residual liability.Another commonality of reinsurance and derivatives is that both generate reported earnings that are often wildly overstated. That’s true because today’s earnings are in a significant way based on estimates whose inaccuracy may not be exposed for many years.Errors will usually be honest, reflecting only the human tendency to take an optimistic view of one’s commitments. But the parties to derivatives also have enormous incentives to cheat in accounting for them.Those who trade derivatives are usually paid (in whole or part) on “earnings” calculated by mark-to-market accounting. But often there is no real market (think about our contract involving twins) and “mark-to-model” is utilized. This substitution can bring on large-scale mischief. As a general rule, contracts involving multiple reference items and distant settlement dates increase the opportunities for counterparties to use fanciful assumptions. In the twins scenario, for example, the two parties to the contract might well use differing models allowing both to show substantial profits for many years. In extreme cases, mark-to-model degenerates into what I would call mark-to-myth.Of course, both internal and outside auditors review the numbers, but that’s no easy job. For example, General Re Securities at yearend (after ten months of winding down its operation) had 14,384 contracts outstanding, involving 672 counterparties around the world. Each contract had a plus or minus value derived from one or more reference items, including some of mind-boggling complexity. Valuing a portfolio like that, expert auditors could easily and honestly have widely varying opinions.The valuation problem is far from academic: In recent years, some huge-scale frauds and near-frauds have been facilitated by derivatives trades. In the energy and electric utility sectors, for example, companies used derivatives and trading activities to report great “earnings” – until the roof fell in when they actually tried to convert the derivatives-related receivables on their balance sheets into cash. “Mark-to-market” then turned out to be truly “mark-to-myth.”I can assure you that the marking errors in the derivatives business have not been symmetrical.Almost invariably, they have favored either the trader who was eyeing a multi-million dollar bonus or the CEO who wanted to report impressive “earnings” (or both). The bonuses were paid, and the CEO profited from his options. Only much later did shareholders learn that the reported earnings were a sham.Another problem about derivatives is that they can exacerbate trouble that a corporation has run into for completely unrelated reasons. This pile-on effect occurs because many derivatives contracts require that a company suffering a credit downgrade immediately supply collateral to counterparties. Imagine, then, that a company is downgraded because of general adversity and that its derivatives instantly kick in with their requirement, imposing an unexpected and enormous demand for cash collateral on the company. The need to meet this demand can then throw the company into a liquidity crisis that may, in some cases, trigger still more downgrades. It all becomes a spiral that can lead to a corporate meltdown.Derivatives also create a daisy-chain risk that is akin to the risk run by insurers or reinsurers that lay off much of their business with others. In both cases, huge receivables from many counterparties tend to build up over time. (At Gen Re Securities, we still have $6.5 billion of receivables, though we’ve been in a liquidation mode for nearly a year.) A participant may see himself as prudent, believing his large credit exposures to be diversified and therefore not dangerous. Under certain circumstances, though, an exogenous event that causes the receivable from Company A to go bad will also affect those from Companies B through Z. History teaches us that a crisis often causes problems to correlate in a manner undreamed of in more tranquil times.In banking, the recognition of a “linkage” problem was one of the reasons for the formation of the Federal Reserve System. Before the Fed was established, the failure of weak banks would sometimes put sudden and unanticipated liquidity demands on previously-strong banks, causing them to fail in turn. The Fed now insulates the strong from the troubles of the weak. But there is no central bank assigned to the job of preventing the dominoes toppling in insurance or derivatives. In these industries, firms that are fundamentally solid can become troubled simply because of the travails of other firms further down the chain.When a “chain reaction” threat exists within an industry, it pays to minimize links of any kind. That’s how we conduct our reinsurance business, and it’s one reason we are exiting derivatives.Many people argue that derivatives reduce systemic problems, in that participants who can’t bear certain risks are able to transfer them to stronger hands. These people believe that derivatives act to stabilize the economy, facilitate trade, and eliminate bumps for individual participants. And, on a micro level, what they say is often true. Indeed, at Berkshire, I sometimes engage in large-scale derivatives transactions in order to facilitate certain investment strategies.Charlie and I believe, however, that the macro picture is dangerous and getting more so. Large amounts of risk, particularly credit risk, have become concentrated in the hands of relatively few derivatives dealers, who in addition trade extensively with one other. The troubles of one could quickly infect the others.On top of that, these dealers are owed huge amounts by non-dealer counterparties. Some of these counterparties, as I’ve mentioned, are linked in ways that could cause them to contemporaneously run into a problem because of a single event (such as the implosion of the telecom industry or the precipitous decline in the value of merchant power projects). Linkage, when it suddenly surfaces, can trigger serious systemic problems.Indeed, in 1998, the leveraged and derivatives-heavy activities of a single hedge fund, Long-TermCapital Management, caused the Federal Reserve anxieties so severe that it hastily orchestrated a rescue effort. In later Congressional testimony, Fed officials acknowledged that, had they not intervened, the outstanding trades of LTCM – a firm unknown to the general public and employing only a few hundred people – could well have posed a serious threat to the stability of American markets. In other words, the Fed acted because its leaders were fearful of what might have happened to other financial institutions had the LTCM domino toppled. And this affair, though it paralyzed many parts of the fixed-income market for weeks, was far from a worst-case scenario.One of the derivatives instruments that LTCM used was total-return swaps, contracts that facilitate100% leverage in various markets, including stocks. For example, Party A to a contract, usually a bank, puts up all of the money for the purchase of a stock while Party B, without putting up any capital, agrees that at a future date it will receive any gain or pay any loss that the bank realizes.Total-return swaps of this type make a joke of margin requirements. Beyond that, other types of derivatives severely curtail the ability of regulators to curb leverage and generally get their arms around the risk profiles of banks, insurers and other financial institutions. Similarly, even experienced investors and analysts encounter major problems in analyzing the financial condition of firms that are heavily involved with derivatives contracts. When Charlie and I finish reading the long footnotes detailing the derivatives activities of major banks, the only thing we understand is that we don’t understand how much risk the institution is running.The derivatives genie is now well out of the bottle, and these instruments will almost certainly multiply in variety and number until some event makes their toxicity clear. Knowledge of how dangerous they are has already permeated the electricity and gas businesses, in which the eruption of major troubles caused the use of derivatives to diminish dramatically. Elsewhere, however, the derivatives business continues to expand unchecked. Central banks and governments have so far found no effective way to control, or even monitor, the risks posed by these contracts.
Charlie and I believe Berkshire should be a fortress of financial strength – for the sake of our owners, creditors, policyholders and employees. We try to be alert to any sort of megacatastrophe risk, and that posture may make us unduly apprehensive about the burgeoning quantities of long-term derivatives contracts and the massive amount of uncollateralized receivables that are growing alongside. In our view, however, derivatives are financial weapons of mass destruction, carrying dangers that, while now latent, are potentially lethal.
It fascinates me when we talk about ‘identity’ that we always seem to think of identity management as being a single thing ... but it’s not.
First, there’s the use of identity for identification; second for authentication; third, for verification; and fourth for fulfilment. Then there are the many instances of providing and proving identification: at a bank, at an airport or border control, at a vehicle hire firm or other high cost rental, when opening a telephone account or similar service, when picking up tickets for a concert, etc. Finally, there are the many reasons for needing identity checks, from tracking money laundering and politically exposed persons (PEPs) to fraud and identity theft issues to just checking that you are who you say you are.Although these all sound the same, they have distinct differences and is the reason why there are so many identity solutions out there. Generally, such solutions fall into a catchment of being for an anti-fraud focus or for a verification process, with the process being based upon:
Something you know, such as a PIN, Password or Personal Fact
Something you have, such as Card, Token or Telephone
Something you are, such as a Fingerprint, Voice or other Biometric
Somewhere you are, based upon GPS location or similar proximity analysis
Some way you behave, such as your general activities, channel usage and location
Obviously the five areas above are also inter-connected, as you could use a PIN, Biometric and Telephone along with location services to verify a user based upon five-factor authentication rather than two. But we don’t do that today, and some banks struggle with even one factor authentication.You cannot be serious I hear you cry, but no, it’s true.Ring your bank and pretend to be someone else.I’ve done it.I had to pretend to be my father-in-law and it was easy once you got the bravado together to claim to be someone you’re not.So the question of identity for authentication and verification is still not good enough.What are the potential solutions out there?Generally, further variations on the above.For example, I recently went to a presentation by a number of firms that use the words identity in their company name. Both firms were focused upon improving password security by offering easier password access and control.I then got a call from another firm with identity in their name, and they wanted to talk to me about biometrics.A third firm offered to provide mobile-based authentication services.So let’s look at these variations in a little more depth.First, the something we have.This is the most basic form of identification – a document, validated by an authority, that says: “yes, it’s you”.
Often a card and sometimes a card with your photograph on it, this identification has been around since the war.
The trouble with this form of identity is that it can be forged, copied, stolen and easily used by another card holder.
Therefore, we introduced the something you know.The idea here is that there is a secret code that goes with the card to show that not only is the person presenting the card the owner, but they can prove it.The most common something you know is a Personal Identification Code, or PIN. PINs are generally allocated by the bank but can be changed to whatever you want.Although secure therefore, it’s easy to second guess or, due to Chip & PIN, shoulder-surf and steal.Equally, PINs can be hacked and compromised via intelligent machine-in-the-middle attacks and so banks introduced a four-digit PIN password enhancement by asking things like date of birth and mother’s maiden name.It soon became obvious that criminals could find out such information from public record and so we are now in a world of much more complex codes and secrets.For example, GrIDsure offer a pattern-based PIN so that criminals cannot predict your PIN numbers. Equally, RSA security offer lots of tokens and keys to generate one-time passwords on top of basic identity information, to ensure that a criminal is foiled.
Unfortunately, in the latter case, many of these efforts just add to the effort required for the customer every time they are trying to make a payment or access the bank service. For example, we have the Chip Authentication Program (CAP) and Personal Card Readers (PCR) in the UK for online payments processing.
The trouble is that you have to have the terminals with you and, even if you do, people use them so infrequently that they often forget the process. As a result, their use of online payments falls whilst PayPal goes from strength to strength.
The reason? PayPal is simple, easy and convenient, but PCRs are not.Equally, what is really interesting in the two instances above, is that these things are already being side-tracked by the mobile telephone, which offers something you have that is unique – your SIM card and telephone number – along with an interactive dialogue for access to PINs and One-Time Passwords.In addition, it offers an easy way to track where you are, and hence can be a good way of triangulating information for a bank. For example, if someone tries to withdraw cash or make a payment in New York when their mobile telephone GPS signal is being picked up in San Francisco, the bank could immediately question such transactions.Therefore, I wholly expect the mobile telephone to become the key to most forms of identification.
The mobile can even play directly into the biometrics field, thanks to fingerprint recognition and even apps under discussion that will use the mobile telephone’s camera for iris or face recognition. In particular, the work of Voice Commerce to create voice biometric payments is of interest here.
Voice Commerce is now a PSD-approved Payments Institution and Visa Partner, all based upon mobile voice biometric services.
So where does that take us?The mobile telephone becomes the unique identity management system for future financial services?Sure, it provides a clear capability to track behaviour and location, along with easy verification and validation of something you have and something you know and potentially something you are.But is that it?What happens if you lost the telephone? What happens if you forget the codes or passwords? Is Voice Biometrics really ready for prime time? What I am really asking is: what is the process on the other end of the telephone that’s required?This still therefore mandates a clear bank identity management system, shared across multiple institutions, which can allow the user to access finance with just a single sign-on rather than multiple sign-ons.That’s the thought for next generation financial services. A simple multibank, cross-border identity system that can work easily and simply and conveniently behind the mobile bank interface.Hmmmm ... I wonder what system that could be?Whichever system it is has to have a number of key features.First, it will not just be a technology solution, as there must be clear and recognised policy, legal and operational rules which allow the shceme to operate across bordres and banks.Second, an identity scheme cannot just be a “number”. Numbers are too easy to break, and you therefore must have a name specified and associated with the number in order for the identity management system to allow transactions to be truly non repudiable, as in legal.Third, solutions have to be massively scalable, which means cloud-based today.Fourth, it must be capable of supporting multiple applications across multiple geographies and multiple industry silo’s. And, whilst achieving all of the above, it needs to be simple to use but unbreakable.
Gamestation has discovered that more than 88% of the British public do not read the terms and conditions of a website before they make a purchase online.
As a result of the research, Gamestation has announced that on April 1st, in a test of its customers, it will include a clause in the terms and conditions stating that the customer grants the retailer the right to 'claim their immortal soul'. The online customer will be offered the opportunity to opt out of forgoing their soul by ticking a box in the small print. As a reward for their vigilance, they will receive a GBP5 discount voucher.
90% of customers agreed to the terms and conditions without reading them (either that or they were happy to surrender their souls). They then received an email stating: “Little did you realise that upon your last purchase from Gamestation.co.uk you also granted us a right to claim your humanity [...] To avoid future fatalities, always check the terms and conditions.”
A while ago, I talked about cover payments and the introduction of the changes to SWIFT MT202 message types. A wee bit technical for the blog, but worth it as the costs of implementation of the changes were, and are, a major concern for the banks I deal with.
Today, a press release landed in my inbox. Usually the "Delete" button is reached before I even notice the title of such releases, but this one intrigued me:
"SWIFT's MT202 COV Led to More Work, Data Quality Concerns - Dow Jones Survey"
Hmmm ... what's all this about then? On reading, it's all about a small - just over 50 - group of bankers saying: "yes, MT202 COV is a pain".
"The majority (60 percent) of compliance and payments industry executives believe the new SWIFT cover payments rule
MT202 COV raised the standard of sanctions compliance ...
... but many also credit it with increased workloads and costs as well as mounting concerns over duplicate alerts and data quality, according to surveys conducted by Dow Jones.
Roughly half (49 percent) of survey respondents experienced an increase in workload following the introduction of MT202 COV while 39 percent said their costs of compliance increased.
The rising costs come as 51 percent of respondents expect their budgets to be stagnant over the next year.
When respondents were asked to rank their level of concern regarding key issues when screening wire transfer messages, their concern rose across the board after MT202 COV took effect. Data quality saw the biggest jump as 41 percent were “very” or “extremely” concerned about this issue before MT202 COV, but 62 percent said the same after the rule took effect.
Concern about a high number of duplicate alerts also jumped significantly as 47 percent of respondents identified this as an issue after MT202 COV took effect, compared to 30 percent before the rule was implemented.
Dow Jones conducted two surveys to measure the impact of MT202 COV, which took effect in November 2009. The first survey, conducted from Aug. 31, 2009 to Sept. 9, 2009, received 52 responses and the second survey, conducted from March 23, 2010 to April 6, 2010, received 53 responses.
There are so many articles and analysis into Goldman Sachs practices at the moment ...
... that I’m not going to write a lengthy analysis to add to all of these, but have picked a few of the best articles at the end of this blog entry.
What I would like to say is that the Goldman Sachs area of this blog shows that the SEC’s actions announced last Friday could be easily anticipated. From their near admittance of market manipulation in July 2009, followed in August 2009 of talk about the SEC looking at their flash trading practices; to the comments I made in January about the fine line “between making markets and moving markets that Goldman walk. It will be interesting to see how Goldman and company make markets in the future, between the Obama tax and the new regulatory regime.”This was followed by the way they had to defend themselves recently, as evidenced by Chief Executive Lloyd Blankfiend’s letter to shareholders earlier this month.
Now the USA’s SEC has announced their formal investigation of Goldman Sachs, followed by the UK FSA's agreement to coordinate this investigation across borders.
There has to be a concern about their future.
Here’s my take on it.The case for Goldman Sachs
They are the world’s most successful investment bank
They are able to create incredible profits from complex instruments
They are the preferred choice of most clients for investment advice for these reasons, and this is why they maintain their success
The case against Goldman Sachs
They are the world’s most successful investment bank ... and most of their brethren – Bear Stearns, Lehman Brothers, Merrill Lynch have imploded through this crisis
They are purely driven by greed and pay massive bonuses
They manipulate markets in their own favour
Sure the list could be longer, and sure we can argue the toss over some of these points, but overall there could be a case of saying the investigations into the bank are all driven by schadenfreude and political motivations. For example, Barack Obama presents his financial reform bill to the Senate this week, so what better timing.Nevertheless, for the SEC to have “Pit Bull” Richard (Rick) Simpson in there litigating against the bank, means that there has to something in this and that must be a worry for them. Equally with the share price dropping 13 percent on Friday and further again today, even with their stunning results of $3.6 billion profits and $5.5 billion in bonuses for the last quarter, the reputation of the bank is taking a battering.The core of this debate is the question: does Goldman Sachs make stunning profits – over $100 million every day for 131 trading days last year – by betting against clients?If the answer is yes, then it’s more a case of Sack Goldmans rather than Goldman Sachs.Best of the media coverage from The Week, via the NY Times, Reuters, Naked CapitalismWhy the SEC is going after the Wall Street powerhouse, and what it means for the financial industryThe Securities and Exchange Commission took on Wall Street titan Goldman Sachs on Friday, filing a potentially explosive civil lawsuit accusing the investment bank and one of its mortgage traders, Fabrice Tourre, of fraud. (Watch a CBS report explaining the SEC's charges.) Here's a brief rundown of the charges, and what they could mean for Goldman, Wall Street, and financial reform legislation:
What is Goldman accused of?
The SEC says that Goldman created and sold a package of mortgage-backed securities to investors in 2007 without telling them that the person who picked or approved the securities, hedge fund manager John Paulson of Paulson & Co., was betting heavily that they would fail. Goldman brought in independent fund manager ACA Management to help pick the portfolio, allegedly to make the deal seem more trustworthy. But the SEC says Goldman misled ACA, too, not disclosing that deal "sponsor" Paulson was betting against, not on, the investments. Paulson's role was withheld from investors, too.
What's Goldman's defense?
That the investors who bought the securities were given "extensive information" about the securities they were investing in, and were "sophisticated" enough to know that somebody was going to take the opposite side of their bet. Also, Goldman says that while it earned $15 million in fees, it lost $90 million in the deal, although it didn't explain how.
Who else lost, and made, money on the deal?
The investors collectively lost $1 billion, with the primary losers being ACA Capital and German bank IKB. Paulson & Co. earned almost $1 billion in profit.
Is Paulson being charged?
No. Legal scholar Alan Dershowitz thinks that was a somewhat arbitrary choice by the SEC, though, saying in The Daily Beast that Paulson "could easily have been charged with conspiracy to defraud."
How damaging is this for Goldman?
Analysts say the hit to Goldman's "seemingly invincible" reputation could be much worse than any punitive damages. Given how important trust is on Wall Street, "it's very bad for business" if your clients think "you are doing shady things," says NYU law professor Marcel Kahan. And while any SEC fine would be "really small potatoes" for the firm, Goldman's stock price tumbled 13 percent on the news Friday, erasing more than $10 billion in market capitalization. Also, Britain and Germany are mulling their own investigations, based on the SEC allegations.
Are other Wall Street banks facing similar SEC charges?
It's certainly possible. SEC enforcement chief Robert Khuzami says the agency is stepping up its anti-fraud actions, and specifically looking at "similar deals" involving other Wall Street firms. Until Friday, Goldman employees were able to "sleep soundly after collecting their huge bonuses," says The New York Times in an editorial. Since Goldman wasn't the only bank betting against its own mortgage products, "others on Wall Street may have a harder time sleeping" now, too.
What are the politics of this case?
The SEC is an independent agency, but political strategists and banking lobbyists say the Goldman fraud allegations could help the Democrats pass a financial reform bill. The House passed its version last year, and the Senate finance committee recently sent its version to the full Senate (on a party-line vote) for debate this week. Some Republicans and TV pundits suggest that the announcement was timed to help secure the bill's passage. Business Insider's Henry Blodget says the SEC also might have rushed out the lawsuit to divert attention from a damning internal review of the agency's enforcement over the past few years.
After Brett's post the other day which posed the question: "what if the internet is your bank?", I was quite amused just now, as I loaded Citibank's homepage and nothing loaded.
Nothing at all.
Nowt.
Nada.
Zero.
Nothing.
Why so?
Because I use an add-on in Firefox called NoScript.
NoScript describes itself as the "best security you can get in a web browser! Allow active content to run only from sites you trust, and protect
yourself against XSS and Clickjacking attacks."
The only problem is that it results in screens like this:
No big deal, but made me laugh.
What is not so laughable is if you really do depend on internet access to get to your bank, and you can't access it. Hello Bank of America ...
January 29th 2010
The Bank of America website is down since morning. Bank of America's main page is still not accessible as of now. The Bank of America website could be down due to cyber-attack, but it might just be a technical glitch.
If you are trying to access your BofA online banking account, you can follow the Official Bank of America help account on Twtter (@BofA_Help) for updates.
The website is still functional if visitor enter through specific pages. For example, the Bank of America "About" page could be accessed without problem. Once in the website, you can navigate through the website normally.
UPDATE-1: The BoA website is back online.
UPDATE-2 (1:52 PST): The website seems unstable now, and have gone offline again.
UPDATE-3 (3:39 PST): BoA has ruled out a cyber attack but is still trying to identify the cause.
Hmmm ... cyberattacks work I guess. According to informed sources, this was a Denial of Service attack, but BoA aren't letting on. They haven't made any official statements about the cause ... and why would they as it either shows weakness of security or might encourage similar attacks in the future.
It’s a question I’ve asked before, but is becoming even more pertinent as I see new identity management programmes being rolled out that are fragmented, uncoordinated and, in some ways, nonsensical.
The point was brought home to me as I listened to the stream of discussion about identity management that took place as a workgroup at the EPCA conference in Paris last week.The work stream was titled: “e-identity: should banks take the lead?” and was moderated by Vincent Jansen of Innopay, the organisers of EPCA.
The presentation that caught my attention however came from Finansnæringens Fellesorganisasjon, which is Finance Norway (FNO) in English, a trade organisation for 180 banks, insurance companies and other financial institutions in Norway.
The presentation was a joint pitch by Eline Vedel of FNO and Semming Austin representing BankID Norge, a secure bank identity network established in partnership with FNO and the savings banks of Norway.
BankID is the result of a decade of collaboration in trying to create secure identities for the Norwegian markets, and now covers around half of the Norwegian population – 2.5 million people – as an eID and eSignature service.
The system uses a PKI as a shared service for the financial providers, with the main goal of BankID to provide security in digital services for online banking and shopping.
The scheme has four servicing firms who make it work:
FNO provide the overall scheme management;
Bankenes Standardiseringskontor (BSK), the banking standards office, provide the technical standards and security requirements;
BankID Norge provide management for all of the operational aspects of the scheme; and
I’m sure you’re with me so far, and it’s impressive that the service reaches so many people.
And it works.
Eline outlined FNO’s estimates for example of the growth of online banking and shopping in Norway, and its impressive:
Internet usage in Norway amongst citizens over 15 years old, according to FNO’s estimates:
In 2000, 48% of citizens have internet access, and 17% use internet banking;
By 2006, 79% have internet access, 68% are online banking and 26% are shopping regularly, defined as those who make more than five online purchases per annum; and
Today, FNO believe that 89% of Norwegians have internet access, 79% are online banking and 47% are shopping online regularly.
FNO put the doubling from 2006 to 2010 down to the success of BankID.
For example, BankID is used about 800,000 times per day on average. This is known because each time a secure interenet transaction is requested, the BankID downloads a Java identity to the user. In fact, they know more than this, as 60% of their 2.5 million users (2.2 million certificates, with a further 300,000 issued to users who have more than one banks account) use BankID for online banking, but 40% use it outside banking across 155 merchant websites representing about 5% of transactions. A third of the transactions are digital signatures by the way, rather than securing payments transactions.
Another innovatory point of the presentation talked about how BankID has moved beyond the internet as Norway’s largest mobile carrier, Telenor, funded the move of BankID onto mobile SIM chips in 2009. There are now over 9,500 mobile BankID certificates issued and many more expected.
Excellent.
So far, so good.
Then the pitch started to unravel as it struck me that every country has its own and sometimes multiple eID programs, as there are few unique programs and few co-operative programs across banking and government.
For example, Norway has several other eID programs.
Buypass AS was established in 2001. Jointly owned by Norway Post and the Norwegian Lottery, it is issued by the state lottery on chip cards to identify players and has over 13 million transactions per month among around 2 million users. It is also the major supplier to all of Norway’s key eGovernment projects. Hence, you now have a bank program – BankID – and a government identity program – Buypass.
This is quite common.
You then have other programs for identity in Norway such as MinID with 1.5 million users. As of October 2009, more than 1.5 million Norwegians are registered users of MinID for more than 50 services from mainly governmental and municipal sectors, such as the Norwegian state benefits system, the Nav, as well as the Tax Administration and Loan Fund.
Even more confusing is that there are very similar programs for identity management over the borders of Norway in Sweden, also called BankID.
BankID Sweden is the leading electronic identity in Sweden with around two million active customers, and 170 organizations providing 400 services for citizens from online banking to e-trade to tax declarations. The BankID is used government, municipalities, banks and companies for identification as well as signing.
Oh yes, I forgot to mention that not only does this BankID have no relationship with the Norwegian BankID, but its actually a completely different incompatible program.
Also, like Norway, Sweden has lots of other identity programs such as Nordea’s e-legitimation with 600,000 users, and the telco Telia’s elegitimation system with 500,000 users.
Meanwhile Denmark has a few of their own, such as NemID which aims to have 3.5 million users by the end of this year and NetID with 2.5 million Danish users. Meanwhile, Finland also has several programs, with TUPAS being the largest with four million users, and FinEID trailing some way behind.
The reason I’ve outlined all of these systems is, a little like my questioning of so many identities in the UK:
Why are the Nordics proliferating so many systems?
Where are the standards for interoperability and integration?
Why can’t governments and financial institutions co-operate?
Why can’t cross-border and pan-European schemes be agreed?
In fact, whole rafts of questions are begged by the systems the Nordics have introduced and the one that particularly bugged me related to the reasons why the Swedish BankID is incompatible with the Norwegian BankID? OK, the Swedes and Norwegians don’t like each other much, but is that really a good excuse?
Equally, why aren’t governments and banks co-operating on identity programs? The answer from the workstream is all related to liability – a government does not want to be liable for losses if someone uses a false identity. They’re fine with rescuing a lost citizen in a foreign land, but paying for those citizen’s false claims? Leave that to the banking system.
But if the banking system is liable for false identity claims, then surely a combined bank-government identity scheme has even more viability and appropriateness?
I just don’t get why, if my identity is meant to be unique, governments, financial institutions, merchants and municipalities want to give me so many different ones.
You always wondered why these sumo wrestlers gained all that weight
and became the size of an elephant. Why would they need to be that big?
Why would they need to be so strong? Why not create a lightweight
division? Well now we know.
In Moscow, an enormous man that is thought to be a
sumo wrestler yanked out an ATM cash machine that weighed 200 pounds,
put it up on his shoulders and took off with it on his shoulders. The
cash machine was said to have over 25,000 roubles in it.
But here's the kicker: the sumo wrestler and the machine were found
by police after they stopped a 'BMW with tinted windows' that didn't
even have license plates. What kind of BMW fits a sumo wrestler and a
cash machine? What kind of moron tries to pull off such a heist in a car
without license plates?
Then you have Kung Fool Sohn Kang-min of South Korea ...
A hapless bank robber was floored when he took a pensioner hostage
during a raid - an expert at deadly Taekwondo.
Black belt Park
Hyung-tae, 69, decked knife wielding Sohn Kang-min, 28, instantly at the
bank in Miryang, South Korea, and was then blasted with tear gas spray
by the teller.
As he staggered out the door, the branch manager
hit his head with a baseball bat sending him reeling into the arms of
delivery man who wrestled him to the ground until police arrived.
But surely, the St Patrick's Day gang win the Darwin Award ...
A leprechaun bank robber and his getaway driver were killed in a
shootout with
police after a St Patrick’s Day raid in Tennessee. Police said that the same man had held up a bank in Nashville three days
before Christmas — dressed as Santa Claus.
Bradley Webb, a witness to the leprechaun raid, said: “He had a long black cape or dress on, a fake black beard; probably a 2½
foot
leprechaun hat.” The robber then held up the First State Bank with a gun and ran out to
his
getaway car, a silver Toyota Corolla.
The police chased the suspects to a field outside town where the duo
ditched
their car and fled on foot, leaving the leprechaun hat on the back seat. As they ran, they turned and shot at pursuing officers, who returned
fire.
Last night police identified the leprechaun as David Cotton, 20,
and
his getaway driver as Jonathan Skinner, a student at Western Kentucky
University.
The preliminary investigation suggested that Mr Skinner was shot by
police but
that the leprechaun killed himself.
Oh yea, Skinner ... no relation ... but the leprechaun? That's another matter :-)
If you didn’t spot it, Facebook just reached 350 million users.
That’s a lot.
In fact, Facebook is now bigger than the USA (population: 307 million) and would be the third largest country on the planet if it was a country.
Not bad for a website launched on February 4th 2004.
To celebrate, founder Mark Zuckerberg wrote an Open Letter to the Facebook community today.
What is interesting is that, after the recent use of Facebook for criminal purposes, they are changing the privacy model completely.
Here is the letter in full, in case you missed it:
It has been a great year for making the world more open and connected. Thanks to your help, more than 350 million people around the world are using Facebook to share their lives online.To make this possible, we have focused on giving you the tools you need to share and control your information. Starting with the very first version of Facebook five years ago, we've built tools that help you control what you share with which individuals and groups of people. Our work to improve privacy continues today.Facebook's current privacy model revolves around "networks" — communities for your school, your company or your region. This worked well when Facebook was mostly used by students, since it made sense that a student might want to share content with their fellow students.Over time people also asked us to add networks for companies and regions as well. Today we even have networks for some entire countries, like India and China.However, as Facebook has grown, some of these regional networks now have millions of members and we've concluded that this is no longer the best way for you to control your privacy. Almost 50 percent of all Facebook users are members of regional networks, so this is an important issue for us. If we can build a better system, then more than 100 million people will have even more control of their information.The plan we've come up with is to remove regional networks completely and create a simpler model for privacy control where you can set content to be available to only your friends, friends of your friends, or everyone.We're adding something that many of you have asked for — the ability to control who sees each individual piece of content you create or upload. In addition, we'll also be fulfilling a request made by many of you to make the privacy settings page simpler by combining some settings. If you want to read more about this, we began discussing this plan back in July.Since this update will remove regional networks and create some new settings, in the next couple of weeks we'll ask you to review and update your privacy settings. You'll see a message that will explain the changes and take you to a page where you can update your settings. When you're finished, we'll show you a confirmation page so you can make sure you chose the right settings for you. As always, once you're done you'll still be able to change your settings whenever you want.We've worked hard to build controls that we think will be better for you, but we also understand that everyone's needs are different. We'll suggest settings for you based on your current level of privacy, but the best way for you to find the right settings is to read through all your options and customize them for yourself. I encourage you to do this and consider who you're sharing with online.Thanks for being a part of making Facebook what it is today, and for helping to make the world more open and connected.Mark Zuckerberg
I'm loving Robert Siciliano's latest blog entry on buying an ATM off Craig's list, and finding 150 feet long printout of card numbers because the bar owner who sold it to him forgot to delete the transaction history.
You can watch the story unfold on this FOX News clip:
Obviously, it couldn't happen here because we have Chip & PIN, with fraud losses at UK retailers down 35% between 2005
and 2008 following the introduction of compulsory chip and PIN in
2006 (I'm jokingof course).
For quite a while, I've been trying to find some real-world examples of mashup technologies in banking. I use these services extensively in other areas of my life - on this blog (the widget for search for example), my Facebook account (feeds and videos), my Twitter account and more.
However, I've never found a bank that is using these technologies in the real-world.
I have found some examples internally for services, and in some corporate to bank services but real-world with consumers? No, although I suspect there are a few out there such as BBVA.
But I have found an IT provider who gave me a great example as to how this might work.
Here is their mashup mockup.
OK, imagine you're looking through your bank statement online and you spot a dodgy transaction (double-click the image to enlarge) ...
Mmmm ... don't like the look of that cash transaction at an ATM, let's have a look at my last few card transactions.
Here's the real reason I'm posting this. Now we see the card transactions integrated with Google Maps, context based advertising and other services to make the card experience part of a mashup of my web experience.
In this case, I can now click to check that ATM transaction using Google maps:
and remind myself as to whether I was really there or not.
Fascinating wee blog called Bank Notes, dedicated to banks and the notes robbers use.
The notes range from the obvious: 'Give me all your money', to the sublime: '$250,000', to the ridiculous: 'Give me money or I will blow up a school'.
It also tracks which are successful and which are not and provides some interesting advice, such as:
"90% of bank robbers use the hats/hoods/sunglasses disguise. They like to blend in with other customers until they reach the teller window, where they display a robbery note or gun … 'If you see a guy (in a bank lobby) with a baseball cap, dark glasses and a mustache (or) beard, it’s probably a bank robber, not a customer', said Lt. Larry Faulkner of the Dayton Police Department ... The FBI and police nationwide are advising banks to adopt a policy of 'no hats, no hoods, no sunglasses, no cell phones' to head off robberies. More banks are doing so, but in some cases the idea is pitting police against bankers concerned about alienating law-abiding customers."
Now then Mr. Cameron, would you hug a hoodie in a bank?
The Finanser is sponsored by Vocalink
and Cisco: For details of sponsorship email us.
SEPA direct debits go live today and the PSD was transposed successfully across all of Europe to become law yesterday.
Apart from a few countries who missed the deadline.
Obviously, Sweden who have always said April because the chap who was meant to transpose it left.
But did I hear Poland, Estonia and Greece are late?
And who said Portugal, Spain and Italy?
And what's that about Belgium in February, Finland in May?
Oh yes, and even if the authorities are late in transposing in each nation, there's also a lot of cynicism amongst the institutions of course.
Many "banking and consumer associations say they have serious concerns that
SEPA will open the way for more fraud and unfair pricing on payments", and "only 2,600 of Europe's 8,000 banks will be ready for the launch of SEPA's direct debit scheme on 2 November" according to Euractiv.
Our own recent research found Europe to be a land of payments confusion, with 58% of the 350 survey respondents saying that the PSD is being transposed
inconsistently and 63% stating that this is because of different
interpretations at the country level; only 13% believe it is being
implemented correctly.
No wonder Elemer Tertak, director of financial institutionsat the European Commission, said: "SEPA is a slow burner, not a chain reaction."
Too right.
Meanwhile, in a conversation with Craig Ramsey of ACI Worldwide and Jonathan Williams of Experian Payments, we got into some idea of how this may play out.
Q: What does the launch of SEPA DD mean for the future of the Eurozone?
Craig: The launch of SEPA Direct Debits is a continuation of politicians’ desire for a single euro economy. It marks the next step of the SEPA initiative. However, in the greater scheme of things this introduction of SDD is unlikely to have a major impact on the way that people do business or who they bank with. Most of the customers that had a cross-border payment issue have already positioned themselves to reduce their costs.
Q: Why has there been such a delay and below-expected industry take up SEPA?
Jonathan:
The key challenge here is the lack of added-value which is preventing
corporate customers from migrating. At the recent Sibos conference in
Hong Kong, Andrew Long from HSBC stated that customers need SEPA to be
relevant to them to create demand and then migration. He suggested that
SEPA was driven only by politicians and that we as an industry should
find out what the market wants and then tailor the rules to fit. If
SEPA was perceived as a value-added alternative there might have been
less debate and no need for an enforced end date as customers would
want to migrate.
Disagreements around interchange fees have
also been a further setback for the European payments framework,
culminating in French Banking Federation (FBF) suspending work on SEPA
payment services.
For corporates who are already finding it
difficult to see the benefits of SEPA, the discussion around
interchange fees is likely to mean higher transaction costs, an
unappealing prospect in the current economic downturn.
The lack
of awareness around the SEPA migration requirements also stretches to
conversion from domestic account numbering systems to the European BIC
and IBAN system.
It is still clear that national legacy systems
will be a barrier to take-up which means that few banks and their
corporate customers are likely to be prepared for SEPA and some of the
obstacles associated with the conversion from the Basic Bank Account
Number (BBAN) to IBANs. However, by cleansing and validating BBAN
details before conversion into IBANs and by validating existing IBANs
on the database, both banks and corporates will be able to get around
some of the hurdles in migrating to SEPA and truly herald the arrival
of the scheme.
So what have we learnt from this? Who should take
responsibility for governance of the initiative? Who should be
responsible for developing and implementing the standards and systems
needed? The answers to these questions are not clear with the European
Commission proposing a new governance structure for SEPA and the
project not yet nearing completion.
Q: Do we need stricter deadlines for SEPA migration?
Jonathan:
The confusion
about the timeframes for an end-date of legacy payment systems added to the lack of interest and urgency regarding implementation of
the SEPA framework on the side of banks and corporates alike. Only
setting a fixed end-date can provide the impetus needed to force the
financial services industry into motion. While we can at least agree on
what we mean by an end-date - the time when all domestic clearing has
moved across to SEPA standards - there are still disagreements over how
to address the country variations, or "additional optional services",
perceived to be necessary to migrate domestic clearing harmoniously.
Q: How will it change the way we pay when it is here?
Craig: If you are a customer in the Eurozone, the launch could encourage the use of Direct Debits. However the trend towards electronic payments from traditional schemes will not be advanced by SEPA, as it is already happening regardless.
Q: What are the benefits and opportunities?
Jonathan:
SEPA is bringing markets closer
together and increasing cross-border opportunities for corporate
organisations and banks alike. SEPA Direct Debits in particular will
enable direct debit originators to collect pan-European direct debits
from any of the SEPA countries using a single direct debit service
instead of the country-specific services that currently exist.
For banks and corporates the SEPA initiative will provide opportunities
to improve end-to-end Straight Through Processing, reduce
processing and transaction costs and expand markets. Those planning to
make use of the initiative will benefit from greater efficiency in
terms of consolidating their systems and rationalising the number of
bank accounts they hold as well as having a common standard for direct
debit transactions in Euro countries. Those corporates which need to
make payments to and receive payments from the European Economic Area
will benefit from this more standardised approach to payment
transactions.
Q: What does it mean for banks?
Craig: Banks have had to spend a lot of money preparing for the
launch of SEPA Direct Debits without a strong business case and with no
guaranteed return on investment. However, the launch date itself will
not have a large effect while an end-date for migration to SEPA
products from legacy products will have a much greater impact. In the
short-term, they will have to support both SEPA products and legacy
products simultaneously, which will be an extra strain on profit
margins. At least once an end-date is set, banks will be able to plan
the move away from supporting multiple products.
Q: What does it mean for payment processors?
Craig: Certain aspects of SEPA Direct Debits are commodities that
banks could potentially buy in from payments processors. This could add
further business viability for banks to move towards outsourcing and
cloud computing business models.
The Finanser is sponsored by Vocalink
and Cisco: For details of sponsorship email us.
Great story in this month's Wired magazine about the Inkjet Counterfeiter.
"Counterfeiting is considered such a threat to the fabric of the United States that, along with treason, it is one of only two criminal offences named in the Constitution. Although now better known for its role in presidential security, the Secret Service was actually founded by the Treasury in 1865 to combat currency counterfeiting.
"Fake bills make up a tiny fraction of the cash in circulation at any time - the Service puts it at less than 0.1 per cent - but this still amounts to some $780 million in the US alone. And its impact can be significant: losses incurred by accepting counterfeit currency are not covered by insurance, and a run of fake bills will shake international confidence in the dollar. In the UK, where known fake notes made up approximately 0.03% of all sterling in circulation, £13.7 million worth of counterfeit notes were removed from circulation last year. The vast majority (98 per cent) were £20 notes."Almost every physical attribute of the money in your wallet was conceived with the intention of making it hard to duplicate. UK notes are printed on paper made from a mixture of cotton fibre and linen rag; euro notes are printed on 100 per cent cotton; and US notes are printed on paper composed of 75 per cent cotton and 25 per cent linen, giving it a feel that's easily distinguished from the smooth wood-pulp paper commonly used in copiers."In 1996, US currency underwent a significant redesign, specifically to combat the growing use of colour copiers and computer scanners by counterfeiters as the technology became more sophisticated and widespread. The US Treasury has since introduced three further series of notes, each employing more complex security features: the most recent of which includes coloured backgrounds, intricate patterns of microprinting, water-marks, embedded security threads visible when the bill is held to the light and ink that appears to change colour, depending on the viewing angle.
"Security features of UK notes are similar and include raised print (eg on the words 'Bank of England'); watermarks; embedded metallic thread; holograms; and fluorescent ink visible only under UV lamps. There are three printing processes involved (offset litho, intaglio and letterpress) using a total of 85 specialised inks. Euro notes incorporate many of these features too, including watermarks, raised print, a metallic security strip, holograms, and colour-changing ink. But even the latest technology cannot thwart every forger. 'The security features make it more difficult', says Special Agent Edwin Donovan, 'but there's no such thing as "uncounterfeitable".'"
The best bit however, was where the counterfeiter found a problem with the paper he was trying to print onto. Most of the paper, when you applied the marker pen to test if the notes were real or fake, found that the colour turned black (fake) instead of staying yellow (real).
"There was a problem, Talton says: 'It wouldn't take the mark'.
"Counterfeit-detection pens mark yellow on genuine currency but brown or black on fake. Talton didn't know why. At first he thought the Treasury treated the paper, so he experimented with chemicals he found at the garage and even tried dipping his notes in fabric softener. Nothing worked. Frustrated, he began to take a detection pen everywhere he went, trying it on any paper he came across. He was about to give up when one day, in the toilet, he found himself staring at the roll of tissue. He took out the pen: the mark showed up yellow. Talton discovered that toilet paper, Bibles, dictionaries and newsprint are all made from the same recycled paper pulp, and all take the yellow mark."
Oh yes, and if you're really into counterfeit schemes, Mint's Blog has a list of the nine greatest schemes of all time.
Talking with a Swedish colleague, he asked me if I'd heard about their massive and audacious robbery.
I said I had not. Britain's media tends to only covers British robberies, such as the great Securitas theft or the Northern Bank robbery.
It wasn't his robbery or his banks as it turned out, but it is a Swedish heist that has already become one of the top ten robberies of all time.
Here's what happened.
In the early hours of Wednesday 23rd September, a helicopter flew over the G4S Security Yard in Stockholm and bombed open the cash boxes stealing almost $150 million in cash.
“The helicopter landed on the roof. Then they entered the building by breaking some windows. Next, several explosions were heard from within the building, and then they were seen loading things into the helicopter and lifting off,” stated Ulrika Lönngren, Chief of Police.
An officer on the scene then said that the robbers rappelled down from the helicopter as it hovered above the roof and entered the building using sledgehammers to break through the roof.
The whole thing took about 20 minutes and then, after several loud explosions, the helicopter took off again and was later found near a lake in Arninge, north of Stockholm.
Police continue to search the area for clues and have since arrested three people.
A blow by blow account of the daring robbery can be found on the English-language Swedish website, the Local and I note that Bo Harald and Dave Birch
have added some insights to this, relating the idea that firms in
Sweden will now start saying that they will not accept cash as cash
fuels robberies such as this one.
I stumbled across Wikileaks this week, a website that leaks all sensitive information into public domain such as the leak of the UK's Ministry of Defence document on how to stop leaks.
There's tons of fascinating stuff in there, and one of the more recent leaked documents is the European Commission's Working Package 4 (WP4) which aims to crawl all over your Facebook status updates and Twittering tweets to see if you're a terrorist or anarchist.
EU social network spy system brief, INDECT Work Package 4, October 4, 2009
This file, marked "confidential", describes development of an EU-funded intelligence gathering system ("INDECT work package 4") designed to comb web blogs, chat sites, news reports, and social-networking sites to in order to build up automatic dossiers on individuals, organizations and their relationships.
"The aim of work package 4 (WP4) is the development of key technologies that facilitate the building of an intelligence gathering system by combining and extending the current-state-of-the- art methods in Natural Language Processing (NLP). One of the goals of WP4 is to propose NLP and machine learning methods that learn relationships between people and organizations through websites and social networks ...
"Given an XML data corpus extracted from forums and social networks related to specific threats (e.g. hooliganism, terrorism, vandalism, etc.); an annotation and knowledge representation scheme that should provide the following information:
• The different entity types according to the requirements of the project. • The grouping of all references to an entity together. • The relationships between different entities. • The events in which entities participate."
There's nothing that surprising about this development.
If anyone thought their Facebook and Twitters were private for example, then they are mad.
As soon as you record anything electronically it's in public domain and all government authorities will track and analyse your thoughts, comments, status updates and more.
On the other hand, the good news is that the idea we came up with in Hong Kong for SWIFT to be the secure owner of a trust score for individuals and businesses, based upon social network comments and rankings, has been short-circuited.
All SWIFT needs to do is work with the Asian, European and American governmental authorities and take their analysis of your tweets.
The UK Payments Administration released the latest fraud figures today (doubleclick to enlarge):
This shows general card fraud is down 23% to £232.8 million in the first half of 2009 although, of concern, will be the fact that online fraud is increasing at a rapid click (55%) year-on-year. This rise in cardholder not present activity is probably due to cardholder present fraud declining rapidly thanks to Chip & PIN.
Mind you, even the rise in internet fraud isn't too bad when you think that losses from phone, internet and mail order shopping fraud overall have fallen for the first time ever and now stand at £134 million.
According to the Payments Association, this is because of the increasing use of sophisticated fraud screening detection tools by retailers and banks, as well as the continuing growth in the use of MasterCard SecureCode and Verified by Visa by both online retailers and cardholders.
It all sounds rosy ... but for users of such services, it is still proving challenging as card readers and Chip & PIN are still called into question.
Just this week, consumer groups are telling banks that they must not always assume the customer is to blame if a payment is made with a PIN for example.
PINs can be compromised.
All in all, it seems to show that the anti-fraud measures are just about keeping ahead of the fraudsters however ... except when it comes to online.
Mind you, with most email accounts compromised this week, it just shows how difficult this battle will be ... after all, if Google, Microsoft and company can be phished, who's next?
The Finanser is sponsored by VocaLink and Cisco: For details of sponsorship email us.
Last week, I blogged about innovations in payments from a consumer's perspective, and followed it up yesterday with an ancillary note.
In this second part, I thought I would take a closer look at what is innovatory in the corporate world of payments.
Many of us would immediately start talking about e-invoicing, supply chains and working capital. Sure, there is some innovation in those areas but the picture is bigger than this.
First, a little clarity of definitions, as per my lingo.
Commercial payments are the domain of the large transaction banks and their multinational and global clients. These are the mega corporations of the world we refer to affectionately as corporates.
It is not exclusively owned by these banks, as there are many national companies with domestic banks providing commercial banking very nicely thank you ... it's just that my mind wanders off into global processors with global clients when I think about commercial payments.
This is because there is a big change taking place here.
Until recently, these corporates had been fairly undemanding of their banks.
They were happy to have the odd lunch with their banker, who would fine dine and ego-boost them for an hour or two every month.
Taking their treasury operations, charging solid fees for transactions and generally making a good mint out of cross-border payments was food and drink to the banker.
This is where the money was to be made without stretching too far or too hard.
In particular, get the corporate to do their dealings through the bank via a proprietary link and you had ‘em for life.
After all, once the corporates general ledgers were hard wired to the bank’s systems, it was all but suicide for the corporate engine to switch to anyone else. This was especially true as the savings made just would not be worth the effort involved. A few cents here and a few pence there, per transaction, goes hardly unnoticed in the global wheels of commerce.
That was until standards arrived.
Standards.
The bug-bear of some, the bane of many and the blessing for the few.
The few who can work out how to leverage scale and exploit standards for volume savings.
This is what SWIFT do well – exploit standards for volume savings – but, until recently, SWIFT’s volume savings were purely gifted to the banking community. The corporate was still waiting for the benefit.
This is the struggle that has been taking place within the SWIFT community for the past decade and, to a lesser extent, still rages today.
How do you give savings to the corporate and how do you allow corporates to exploit standards, when all it does is erode margins for their current payments provider and allows the corporate to become a rate tart with easy switching to any other bank.
Tough.
The days of proprietary lock-ins are over.
SWIFT has recognised this and are ever more embracing of the corporate community for this reason.
Forget payments, transaction and messaging ... SWIFT's future is all around secure information exchange between banks, between businesses and, you never know, but one day in the future maybe even between individuals.
And banks are now scrabbling harder and harder to keep their corporate clients happy and well served for this reason.
Some of us would say, “isn’t that how it’s supposed to be? Shouldn't banks always serve their customer well?” ...
... yeah, but it hasn't been that way in the past because once you got the sucker, they couldn't get away.
But now they can and so let's look at what the banks are doing to serve their corporate clients better.
This was a question posed by Gary Wright, Director for International Payments with Royal Bank of Scotland last week at the Financial Services Club.
The evening focused upon the opportunities and issues with real-time payments and this is the innovation in corporate banking and payments that is taking place today, as we speak.
Real-time.
Real-time money movements intra-corporate and inter-corporate, intra-bank and inter-bank.
Real-time payments across borders and continents.
Real-time trade flows of information and risk.
Real-time.
That’s where the corporate money is at.
For a bank, you see, the old world of reporting as the bank wanted, when the bank wanted, how the bank wanted and what the bank wanted to report, was how it worked.
There was no incentive to leverage the information flows the bank had access to, which was a privilege. Banks have access to masses of trade data you see, but where was the incentive to tap into that data?
For many, with customers locked in via proprietary network connections that were hard-wired into back office systems, the incentive just was not there.
But today, with open networking via cloud-based systems that plug and play into SAP and ORACLE Enterprise Resource Planning suites of software, there is a huge incentive for a bank to re-engineer itself back into the corporate value-chain.
And that’s exactly what banks are starting to deliver.
So Gary joined an esteemed panel of industry payments experts, including:
Chris Pickles, Head of Marketing for Financial Markets & Wholesale Banking with BT Global Services;
Jonathan Williams, Strategy Director for Experian Payments;
Martin Wilson, Chief Commercial Officer for VocaLink; and
Tom Buschman, Chairman of TWIST Standards and CEO of EDGE.
It was an interesting debate and Gary, as mentioned, began by posing what do corporates really, really want, a-zig a-zig ah!
Gary answered this with a great slide. Just one slide, but a real goodie.
Here it is:
What this slide shows is the range of drivers that corporates have towards real-time services and improved delivery of services from the payments provider.
The fact is that working capital is the issue.
Without good visibility and transparency of working capital, corporates are stymied into a vacuum of ignorance.
It reminded me of a debate I had about four years ago where we talked about cash pooling and netting. One software firm had created a system that provided a real-time view of every corporate client of the bank’s cash positions globally.
With the click of button, the bank’s risk managers could see which clients were exposed where and when, and manage the situation.
The problem the software vendor had is that no bank wanted their system.
Why would a bank spend millions on a system that told them their clients were possibly exposed in real-time?
Intra-day or end-of-day would do.
That’s why the system wasn’t selling.
But guess what.
Turn that on its head and start talking about real-time cash management for corporate treasury today as an information service and guess what? You’ve got a winner.
The corporate treasurer mindful of his global financial positioning loves the idea of real-time.
And this is what banks are now buying into as a value-add service that differentiates them from the pack.
The more real-time service, the more real-time information, the more real-time movement to decrease fraud and risks, the more real-time capability to see how to improve ROI and decrease losses, the more a corporate client will love ya’.
And that’s what banks want.
Not to be loved ... but to keep their corporate client.
The other guys on the panel reinforced this view, but you have to be a member of the Financial Services Club to find out what they said.
Just to give you a glimpse however, I asked each panellist to see how they saw the future of payments and real-time at the end of the one hour panel discussion and here is what they said:
As you can see, the audience were riveted!
Anyways, the net:net on innovations in transaction services for commercial banking is that if you aren’t enriching your clients with real-time information services about their use of your bank’s services ... then you’re missing a trick because the competition is doing just that.
And by the way, e-invoicing and related innovations in supply chain management play right into that space too.
p.s. Martin Wilson articulated much more detail on this panel about the research VocaLink released at SIBOS on Faster Payments. If you want a copy, just click here.
The Finanser is sponsored by Vocalink and Cisco: For details of sponsorship email us.
Recent Comments