I have written earlier about problems in banking security and credit card security issues. But what about some other banking issues?
Banking is Broken: A Financial Revolution is Coming article tells that a trio of startups are seeking to change the way we manage our money, by focusing on the customers traditional banks are ignoring. Banks have been slow to embrace new technology.
Finland’s Holvi, Sweden’s iZettle and Estonias TransferWise all took the stage at the Slush startup conference in Helsinki last week, and while they all offer completely different services, they are share a similar goal – to empower the customers that they believe traditional banks are ignoring.
Holvi offers customers an alternative type of current account, integrating bookkeeping and money management in a clean, simple online interface. TransferWise, founded by the first ever Skype employee Taavet Hinrikus, is looking to bring the essence of Skype’s ethos of offering cut rate international phone calls to the money exchange market. Speaking at Slush last week de Geer said that iZettle was “effectively about democratising card payments.”
Keep in mind that Holvi, TransferWise and iZettle are just three of the hundreds of companies looking to cash-in on the revolution that is coming to the banking industry.
What made the article really interesting to me is that I happen to know one of the Kristoffer Lawson, Founder and CEO of Holvi. I have personally heard the story of how the company was put up, that they were applying the needed license and when they got it. But the article includes some a bold new statement: traditional banks are ignoring 80% of their customers.
Lawson believes that Holvi’s new type of account is “the future of banking” and his company is rethinking what it means to be a bank: Holvi offers customers an alternative type of current account, integrating bookkeeping and money management in a clean, simple online interface. It is designed for use by groups and organisations so they can collaborate, making it ideal for events such as Slush, which used the Holvi system for all its budgeting and ticketing operations this year.
And I have also heard of some other events in Finland do the same. The reason why such events have actively started to use the system is that Lawson had been earlier active on organizing different computer events, so he knows the needs of this type of organizations.
593 Comments
Tomi Engdahl says:
Ryan Mac / Forbes:
PayPal beats expectations with Q1 net income of $452M, up from $353M last year, and net revenue of $2.54B, up 19% YoY — PayPal Grows Revenue 19% In Strong First Quarter — PayPal reported first quarter earnings for 2016 on Wednesday and continued to show growth in its core payments business.
PayPal Reports Sales Up 19%, CEO Calls It His ‘Best Quarter Ever’
http://www.forbes.com/sites/ryanmac/2016/04/27/paypal-grows-revenue-19-in-strong-first-quarter/#7313ad4c6c8f
Tomi Engdahl says:
Transfer techies at SWIFT tell Bangladesh Bank: Don’t shift blame for $81m cyberheist
Calls it out over ‘basic password protection’
http://www.theregister.co.uk/2016/05/10/swift_rejects_bangladeshi_criticism/
SWIFT has firmly rejected Bangladeshi claims that mistakes on its part are to blame after $81m was looted from Bangladesh’s central bank.
Bangladeshi officials claimed earlier this week that technicians from SWIFT had introduced vulnerabilities into the bank’s network when connecting a Real-Time Gross Settlement (RTGS) system to SWIFT’s inter-bank financial transaction messaging system.
A meeting between Bangladesh Bank and New York Federal Reserve Bank officials in Basel, Switzerland is due to take place later today. The bank’s security issues as well as attempts to recover looted security funds are expected to top the agenda.
As well as network infrastructure weaknesses, the hackers behind the heist used custom malware specifically created to target SWIFT. The code even adjusted the SWIFT system’s printed reports to hide fraudulent transfers from the Bangladesh central bank account at the New York Federal Reserve Bank.
Tomi Engdahl says:
Digital payment services aren’t delivering on their promises
http://www.edn.com/electronics-blogs/brians-brain/4442005/Digital-payment-services-aren-t-delivering-on-their-promises?_mc=NL_EDN_EDT_EDN_consumerelectronics_20160511&cid=NL_EDN_EDT_EDN_consumerelectronics_20160511&elqTrackId=d3c4685623e04010b8c14fb3308ce58f&elq=3d1104e54d68401580ba01d92284cd87&elqaid=32198&elqat=1&elqCampaignId=28116
One of the benefits of my recent migration to Android-based hardware is that it’s finally enabled me to try out smartphone-based digital payments, in the form of the Android Pay service. My iPhone 4s handsets hadn’t been Apple pay-compatible
After enabling NFC on my Moto X, I fired up the Android Pay app and began trying to enter credit cards. Since US Bank is listed as a supported financial institution, I tried my MasterCard supplied by them. Unfortunately, after entering the credit card number, PIN, expiration date and other details, I was told that my activation attempt was unsuccessful
Next, I tried my Citibank MasterCard, which was already active in my Google Play account profile as a valid payment method. But again, even though Citibank is supposedly an active Android Pay partner, my efforts to broaden the card’s payment reach to an additional Google service was nebulously for naught
Affiliate credit cards are apparently (in general, if at all) not yet supported by Android Pay (and potentially also by competitors’ services, I don’t know) because support for the post-purchase affiliate perks (a rebate percentage in the case of REI, or frequent flier miles for American Airlines) is not yet in place.
But after successfully entering my Amex data, I was informed that I’d need to password-protect the phone in order to continue using Android Pay
This makes sense, I suppose…you wouldn’t want to have your smartphone stolen and a bunch of invalid charges subsequently racked up on your account. However, I look forward to a time when an alternative validation approach, such as at-time-of-purchase biometric confirmation via fingerprint sensor or face recognition software is available.
Even if these implementation issues get solved, the market is (IMHO) currently too fragmented to achieve critical mass. There’s already-mentioned Apple Pay, of course. And, in typical Samsung fashion, the company “supplements” Android Pay with its own branded Samsung Pay service. This recent article compares the three approaches…Samsung Pay’s optional support for magnetic strip readers is admittedly pretty slick.
But that’s just the offerings from the hardware manufacturers
The perhaps-obvious tug-of-war here involves who gets (a cut, if not the entirety of) the traditional merchant processing fees incurred with conventional credit cards. And that’s too bad. It’s hard enough right now to find a merchant that will support ANY digital wallet service (not to mention support for EMV “chips” in conventional credit cards), far from the particular one that you’ve taken a chance on embracing.
Apple Pay vs Samsung Pay vs Android Pay: comparison
http://www.phonearena.com/news/Apple-Pay-vs-Samsung-Pay-vs-Android-Pay-comparison_id77632
Tomi Engdahl says:
Inter-bank system SWIFT on security? User manual needs ‘revamp’
Call for, er, tailored action
http://www.theregister.co.uk/2016/05/16/swift_security_control_need_revamp/
Inter-banking messaging systems SWIFT’s security guidelines are “outdated and incomplete”.
The criticism from security vendor Skyport Systems comes days after SWIFT revealed that a second bank had fallen victim to credential theft fraud, creating yet further concern already fuelled by February’s $81m Bangladesh reserve bank cyber-heist.
Vietnam’s Tien Phong Bank has come forward to identify itself as the victim of the second attempted attack, which involved a thwarted attempt to fraudulently transfer more than $1m, according to reports last weekend.
In both cases, the working theory is that hackers managed to get their hands on access credentials needed to send messages on the SWIFT secure financial messaging system after either successfully infecting terminals on the network of the targeted bank or by using a corrupt bank insider. SWIFT has repeatedly stated that in both cases the fraud arose because of a carefully planned attack against the targeted banks and shortcomings in their security controls rather than any weakness in the SWIFT financial messaging system as a whole.
Independent security experts are split on this point with some at least arguing that a major revamp of SWIFT’s systems is needed.
Update
We ran Skyhigh’s plan – outlined in a 1,800 word blog post – past SWIFT and an independent expert who has experience in installing SWIFT terminals at banks. We’ve not heard back from SWIFT yet, but the independent SWIFT terminal installer told us: “I think that everything in that blog is very sensible.
Five Necessary Improvements to the Swift (Not Taylor Swift) Security Model
https://skyportblog.com/2016/05/13/five-necessary-improvements-to-the-swift-security-model/
Tomi Engdahl says:
Reuters:
SEC: Cyber security is the biggest risk facing the financial system; some major exchanges, dark pools, clearing houses do not have adequate policies
SEC says cyber security biggest risk to financial system
http://www.reuters.com/article/us-finance-summit-sec-idUSKCN0Y82K4
Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.
Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.
The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.
“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.
“As we go out there now, we are pointing that out.”
“We can’t do enough in this sector,” she said.
Cyber security experts said her remarks represented the SEC’s strongest warning to date of the threat posed by hackers.
Tomi Engdahl says:
Google brings Android Pay to ATMs, Chrome and more apps
http://techcrunch.com/2016/05/18/google-brings-android-pay-to-atms-chrome-and-more-apps/
After announcing the expansion of Android Pay in the U.K. earlier today, Google also made a few additional announcements around its mobile payments service at its I/O developer conference today.
Pali Bhat, Google’s senior director of product management for Android Pay, told me that one and a half million users in the U.S. now set up Android Pay on their phones every month. “We’re very excited with all the momentum we’ve seen since we launched,” he said.
To push this momentum forward, though, the company knows it has to figure out how to make using mobile payments as easy and convenient as using a credit card or cash.
For users, maybe the most interesting update today is that Android Pay will now work at some ATMs. For now, the company is only working with Bank of America on this project, but others will likely follow in the future. Thanks to this, you will soon be able to roll up to a Bank of America ATM, tap your phone and make a withdrawal (which is good news in case you forgot your wallet at home but not your phone, I guess).
The company previously only worked with a select group of developers to test its Android Pay integrations (think Uber, Yelp, Eat24 and Ticketmaster), but the service is now live for any developer who wants to integrate it into apps that sell physical goods and services (only in markets where Android Pay is available, of course).
Tomi Engdahl says:
Gertrude Chavez-Dreyfuss / Reuters:
Bitcoin exchange Coinbase said it will add Ethereum’s ether to its trading platform on Tuesday
Bitcoin exchange Coinbase to add ether currency to trading platform
http://www.reuters.com/article/us-bitcoin-coinbase-ether-idUSKCN0YA2VF
Bitcoin exchange Coinbase said on Thursday it will add digital currency ether on its trading platform next Tuesday.
The addition of ether comes given the surge in interest in the digital asset among major financial institutions such as Barclays [BARCR.UL] and UBS [UBSAG.UL] as well as other enterprises worldwide like IBM, which are trying to explore the Ethereum network.
Ether is the digital currency for the Ethereum platform, a blockchain, or public ledger that can create decentralized applications. Ethereum, which uses ether to execute peer-to-peer contracts automatically without the need for intermediaries, was co-founded and invented by 22-year old Russian Canadian programer Vitalik Buterin.
“We’re very excited about Ethereum. There has been a ton of progress made in the last six to nine months,”
He added that bitcoin cannot mirror Ethereum’s “scripting language,” so both bitcoin and ether can co-exist and will not necessarily compete with each other.
Coinbase also plans to change the name of its platform to GDAX (Global Digital Asset Exchange)
Tomi Engdahl says:
SWIFT moves on security in wake of hacking attacks
’cause the hackers gonna hack, hack, hack
http://www.theregister.co.uk/2016/05/20/swift_moves_on_security_in_wake_of_hacking/
The team behind the SWIFT financial transaction network is taking another look at its security after several hacking attempts against its customers.
In February, hackers managed to siphon off $81m from Bangladesh’s central bank in a raid that – but for a spelling mistake that alerted an analyst – could have taken a lot more. Vietnam’s Tien Phong Bank has since admitted that it too has lost money in a similar attack, and now SWIFT (Society for Worldwide Interbank Financial Telecommunication) is taking another look at how to protect its customers.
“SWIFT has recently shared information regarding a number of fraudulent payment cases where affected customers suffered a breach in their local payment infrastructure,” the group said in a letter to customers.
“We would like to reassure you again that SWIFT’s network, services and software were not compromised. While customers are responsible for the security of their own environment, security is our top priority and as an industry-owned cooperative we are committed to helping our customers fight against cyber-attacks.”
SWIFT reminded its users that its terms and conditions require them to report security information to the company, and said it would also be asking for additional diagnostic data from them in some cases.
“Your organisation’s role in this effort is critical,” it said.
The changes come after some in the security industry have criticized the organization, saying its current security model is outdated and designed to protect against “types of attacks that were prevalent a decade ago.”
Tomi Engdahl says:
Charlie Warzel / BuzzFeed:
Reporter spends month paying only with digital wallet services, finds it burdensome and alienating
Satan’s Credit Card: What The Mark Of The Beast Taught Me About The Future Of Money
https://www.buzzfeed.com/charliewarzel/yes-we-scan?utm_term=.iaXzbgk7o#.bc5j7gyJb
Silicon Valley has sold us on a cashless, cardless, walletless, supposedly frictionless future — but as I learned living in it for a month, we’re not quite there yet.
My choice to get microchipped was not ceremonial. It was neither a transhumanist statement nor the fulfillment of a childhood dream born of afternoons reading science fiction. I was here in Stockholm, a city that’s supposedly left cash behind, to see out the extreme conclusion of a monthlong experiment to live without cash, physical credit cards, and, eventually, later in the month, state-backed currency altogether, in a bid to see for myself what the future of money — as is currently being written by Silicon Valley — might look like.
Some of most powerful corporations in the world — Apple, Facebook, and Google; the Goliaths, the big guys, the companies that make the safest bets and rarely lose — are pouring resources and muscle into the payments industry, historically a complicated, low-margin business. Meanwhile, companies like Uber and Airbnb have been forced to become payments giants themselves
The first thing you’ll notice if you ever decide to surrender your wallet is how damn many apps you’ll need in order to replace it. You’ll need a mobile credit card replacement — Apple Pay or Android Pay — for starters, but you’ll also need person-to-person payment apps like Venmo, PayPal, and Square Cash. Then don’t forget the lesser-knowns: Dwolla, Tilt, Tab, LevelUp, SEQR, Popmoney, P2P Payments, and Flint. Then you might as well embrace the cryptocurrency of the future, bitcoin, by downloading Circle, Breadwallet, Coinbase, Fold, Gliph, Xapo, and Blockchain. You’ll also want to cover your bases with individual retailer payment apps like Starbucks, Walmart, USPS Mobile, Exxon Speedpass, and Shell Motorist, to name but a few. Plus public and regular transit apps — Septa in Philadelphia, NJ Transit in New Jersey, Zipcar, Uber, Lyft. And because you have to eat and drink, Seamless, Drizly, Foodler, Saucey, Waitress, Munchery, and Sprig. The future is fractured.
This isn’t lost on Bryan Yeager, a senior analyst who covers payments for eMarketer. “This kind of piecemeal fragmentation is probably one of the biggest inhibitors out there,” he said. “I’ll be honest: It’s very confusing, not just to me, but to most customers. And it really erodes the value proposition that mobile payments are simpler.”
“The power of payments is in the data they generate.”
“Moving payments from plastic swipes to digital taps is going to change how companies influence your behavior. That’s what you’re asking, right? Well, that’s how we’re doing it.”
In this sense, the payments rush is, in no small part, a data rush. Creating a wallet that’s just a digital version of the one you keep in your pocket is not the endgame. But figuring out where you shop, when you shop, and exactly what products you have an affinity for, and then bundling all that information in digestible chunks to inform the marketers of the world? Being able to, as O’Dell puts it, “drive you to the outcome they want you to have like a rat in a maze by understanding, down to your personality, who you are”? That’s disruption worth investing in.
For all its complexity and bureaucracy and importance, money, at its core, is really just information.
Not only does 92% of the money in the world exist as a series of ones and zeroes, but now it’s being transferred from place to place by any number of digital intermediaries looking to take a cut.
That process is complicated, but the key issue is trust.
All this risk and all this friction, in the service of…what, exactly? “Plastic works really well,” Randy Reddig, an entrepreneur who was a part of Square’s founding team, told me, taking a shot at what he called “mobile wallet hysteria.”
Much as the true value of a retailer’s mobile payment app is in the metadata it gobbles up, the real power of digital payments lies in the largely invisible infrastructure that undergirds them. Fintech companies like Square aren’t exactly sexy, but they allow small businesses and individual merchants to process transactions without prohibitively expensive equipment or the fees that legacy credit companies charge.
“Millennials don’t trust banks, but they trust Apple and Google.”
“It’s about financial inclusion and serving real, normal people,” Reddig said. “There is a lot of opportunity to build very profitable businesses that operate better than incumbents in transparency, great design, great user experience. Millennials don’t trust banks, but they trust Apple and Google.”
This is already happening, just outside the U.S. If fintech’s true believers think it’ll fundamentally change the way we live, the developing world is where their vision is revealing itself most clearly. In Kenya, for example, the payment messaging service M-Pesa has attracted over 13 million monthly active users (out of a population of 44.3 million). As of last May, roughly 42% of Kenya’s GDP was transacted via M-Pesa, all without tying Kenyans to expensive, cumbersome bank accounts.
Tomi Engdahl says:
Fred Ehrsam / Coinbase:
Coinbase cofounder: Ethereum app development outpacing Bitcoin due to better programming languages, robust developer community, and a focused leadership
Ethereum is the Forefront of Digital Currency
https://medium.com/the-coinbase-blog/ethereum-is-the-forefront-of-digital-currency-5300298f6c75#.jnzlbrvz3
We have sat here for the last 3 years seeing only infrastructure apps like wallets and exchanges emerge on top of Bitcoin. Why is that?
My theory has been that the scripting language in Bitcoin — the piece of every Bitcoin transaction that lets you run a little software program along with it — is too restrictive.
Enter Ethereum. Ethereum has taken what was a four function calculator of a programming language in Bitcoin and turned it into a full fledged computer. We now stand only 9 months out from the beginning of the Ethereum network and the level of app development is already faster than Bitcoin’s. We are finally getting rapid iteration at the app layer.
First, some history. When the Bitcoin white paper emerged in 2008 it was completely revolutionary. The amount of concepts that had to come together in just the right way — computer science, cryptography, and economic incentives — was astonishing.
Tomi Engdahl says:
Anonymous Hackers Turned Stock Analysts Are Targeting US, Chinese Corporations
https://news.slashdot.org/story/16/05/26/2212249/anonymous-hackers-turned-stock-analysts-are-targeting-us-chinese-corporations
A smaller group of Anonymous, called Anonymous Analytics, reached the conclusion that DDoSing is stupid and never fixes anything, so they decided to use their hacking skills and stock market knowledge to make a difference in another way. For the past years, the group has been compiling market reports on U.S. and Chinese companies and publishing their results. Their reports have been noticed by the stock market, who recently started to react to their findings. The most obvious case was of Chinese lottery machine maker REXLot. The hackers discovered that REXLot inflated its revenue and the amount of cash on its balance sheet, based on the amount of interest earned.
Other companies on which the group published market reports include Qihoo 360 and Western Union.
Comment:
his is the inherent risk. Their ethical radars are somewhat wonky to say the least, how long before they use the tactic of releasing false information about a company they dislike simply to crash their share price or worse abuse it to make a small fortune themselves. If they stick to the truth fine, but I just don’t see them not being tempted to abuse trust.
http://www.anonanalytics.com/2016/04/rexlot-holdings-ii.html
Tomi Engdahl says:
Bank in the UK? Plans afoot to make YOU liable for bank fraud
Wonder whose idea that was…
http://www.theregister.co.uk/2016/05/26/bank_fraud_liability_shake_up/
Bank customers may be obliged to bear the bill for fraud against their accounts, under proposed changes under consideration between banks, the UK government and GCHQ.
Under the plans, individuals or companies with poor online security could be “frozen out of banking services or even excluded from the system whereby banks compensate customers whose accounts are hacked”, the Financial Times reports.
UK banks – unlike those in the US – routinely cover the costs of online fraud, at least in cases where customer negligence (such as sharing PIN codes or cards with third parties) is excluded. Pushing the burden of fraudulent losses towards customers is likely to be hugely controversial. Bankers’ bonuses in the wake of taxpayer-funded bailouts of several banks in 2008 have already caused a huge series of rows and radical changes in liability for online banking fraud through phishing and banking trojans is likely to be even more contentious.
The circumstances suggest that ministers are floating an idea they already know is controversial, even politically unpalatable. If anything comes to light it’s likely to be much diluted.
Some security vendors – normally cheerleaders for UK government security plans – have already expressed opposition to the possible banking liability shake-up.
Tomi Engdahl says:
12 more banks now being investigated over Bangladeshi SWIFT heist
Symantec becomes the second firm to link the hack to the Sony Pictures attack.
http://arstechnica.com/security/2016/05/12-more-banks-now-being-investigated-over-bangladeshi-swift-heist/
The investigation into the attempted $1 billion electronic heist at the Central Bank of Bangladesh has expanded to as many as 12 more banks that all use the SWIFT payment network.
Security firm FireEye, investigating the hack, has been contacted by numerous other banks, including some in New Zealand and the Philippines. While most of the attempted transfers in the original heist were canceled, some $81 million was sent to the Philippines and subsequently laundered through casinos. The SWIFT organization in a statement said that some of these reports may be false positives and that banks should rigorously review their computing environments to look for hackers.
Symantec, meanwhile, has corroborated earlier claims from BAE Systems that the hackers that stole from the Bangladesh Bank are linked to the hackers that have attacked targets in the US and South Korea since 2009 and that hacked Sony Pictures in 2014.
The continuing evidence of malicious access to the SWIFT network is putting increasing pressure on the industry-owned organization. SWIFT’s systems rely, fundamentally, on carefully controlled access to its network using air-gapped systems and other forms of isolation.
Tomi Engdahl says:
$1B Bangladesh heist: Officials say SWIFT technicians left bank vulnerable
Bank officials say it wasn’t their fault that sensitive systems were exposed to hackers.
http://arstechnica.com/security/2016/05/1b-bangladesh-heist-officials-say-swift-technicians-left-bank-vulnerable/
Technicians from the global payment network SWIFT left Bangladesh’s Central Bank vulnerable to an attack that saw attackers steal $81 million, according to Bangladeshi police and bank officials speaking to Reuters.
Tomi Engdahl says:
David Ovalle / Miami Herald:
Defense argues Bitcoin isn’t actually money under Florida law, in what is believed to be the first money-laundering case against someone for dealing in bitcoins
Miami money-laundering case may define whether Bitcoin is really money
http://www.miamiherald.com/news/local/crime/article80421072.html
Michell Espinoza is asking a judge to throw out criminal charges against him
He argues that the virtual currency is not actual money under Florida law
The case, believed to be the first of its kind, is being closely watched
In a Miami money-laundering case that is being closely watched around the world, an economics professor took to the witness stand Friday to offer a tutorial on the widely known, if poorly understood, virtual currency known as Bitcoin.
The takeaway: Bitcoin isn’t really money, professor Charles Evans said.
No central government or bank backs Bitcoin, like the United States does the dollar. Government regulation of Bitcoin remains a messy hodgepodge from state to state, country to country. The IRS considers Bitcoin deals no more than bartering, he said.
“Basically, it’s poker chips that people are willing to buy from you,”
“Is Bitcoin an actual coin?”
“In a sense of a physical piece of base metal?” Evans said. “No.”
Regulated services such as CoinBank, which operates similar to PayPal, allow people to buy, sell and use the Bitcoins.
Indeed, Bitcoin use is increasing in places such as Africa, where the “banking system is broken,” Evans said
Read more here: http://www.miamiherald.com/news/local/crime/article80421072.html#storylink=cpy
Tomi Engdahl says:
Samsung Pay enters Europe with launch in Spain
http://www.theverge.com/circuitbreaker/2016/6/3/11843408/samsung-pay-begins-european-rollout-spain
Samsung Pay continues to expand with a launch today in Spain. This marks the first country in Europe that’s able to use Samsung’s mobile payments platform, following launches in the US, South Korea, and recently China.
Samsung Pay has been relatively successful as a mobile payments system thanks to its ability to work with both NFC terminals and traditional magnetic terminals.
At launch, Samsung Pay will be available on Galaxy S6 and S7 variants
Tomi Engdahl says:
Reuters:
After report about 50+ breaches at the Federal Reserve from 2011 to 2015, Congressional committee asks for all breach-related documents since 2009 — A U.S. congressional committee has launched an investigation into the Federal Reserve’s cyber security practices after a Reuters report revealed …
U.S. lawmakers probe Fed cyber breaches, cite ‘serious concerns’
http://www.reuters.com/article/us-usa-fed-cyber-exclusive-idUSKCN0YP281
A U.S. congressional committee has launched an investigation into the Federal Reserve’s cyber security practices after a Reuters report revealed more than 50 cyber breaches at the U.S. central bank between 2011 and 2015.
The House Committee on Science, Space and Technology on Friday sent a letter to Federal Reserve Chair Janet Yellen to express “serious concerns” over the central bank’s ability to protect sensitive financial information.
Tomi Engdahl says:
Kris Naudus / Engadget:
Athletes will test Visa’s prototype NFC payment ring at the Olympics in Rio — For those making their way to this year’s Olympic games in Rio, Visa will be the only card accepted at official venues — a pretty sweet deal for the credit provider. But, rather than be satisfied with exclusive access …
Olympic athletes will sport Visa’s new payment ring in Rio
http://www.engadget.com/2016/06/02/visa-olympic-wearable/
It’s sleek and discreet, until you try paying for a Coke by waving your hands in the air (because you clearly just don’t care).
For those making their way to this year’s Olympic games in Rio this August, Visa will be the only card accepted at official venues — a pretty sweet deal for the payment provider. But, rather than be satisfied with exclusive access to the wallets of a half million tourists, the company is using the event to introduce a new ring that will let people pay with a wave of their hand: No phone, wallet or even battery needed.
Visa payment ring
The unnamed band is pretty simple in design. The interior contains a secure microchip from Gemalto and an embedded antenna; the exterior is simply a black or white ceramic loop.
20 sizes available during its trial run
It was discussions with those Olympians that inspired the creation of the payment ring; wallets and standard wearables can be a real annoyance when you’re constantly changing in and out of uniform.
the ring was designed not only to be inconspicuous, but also be water resistant to 50 meters and never need charging. Instead, the ring draws a tiny bit of power from the payment terminal, just enough to enable the transaction. It doesn’t exchange as much data as Apple Pay or Android Pay, but it’s on par with swiping your card. Visa actually provides a card with the ring, for those instances when contactless pay isn’t available.
Rings have an annoying tendency to go missing, but Visa prepared for that situation too. The payment band can be deactivated from a smartphone, and thieves who find one won’t be able to get anything useful out of it thanks to tokenization. That means sensitive data is replaced by a digital identifier that can be used to process payments, but doesn’t actually contain any personal information.
At this point the ring is merely a prototype and won’t be available to the general public in time for Rio. Instead, the Olympic Village will be a testing ground to find out how well it performs in the field.
The ring works best when the full ‘O’ of it is facing toward the terminal
Tomi Engdahl says:
Apple Pay competitor CurrentC is the disaster everyone thought it would be
Sometimes you can judge a book by its cover.
http://www.recode.net/2016/6/8/11888834/mcx-currentc-payments-app-shuts-down
Sometimes you can judge a book by its cover.
When Walmart and other big retailers said in 2012 that they were creating a consortium called MCX to build a payments app, a lot of people laughed. The idea of a bunch of retailers collaborating effectively on a joint venture seemed far-fetched, let alone one where technology would play a critical role.
Then there was the motivation for the venture, which seemed shortsighted: Get customers to pay with anything but traditional credit cards, since they cost Walmart and other retailers higher transaction fees than other forms of payment.
Turns out there was good reason for these red flags. On Tuesday, the company notified beta users of its payments app, CurrentC, that the test was ending and their accounts were being deleted.
In the meantime, some big MCX partners like Best Buy said they would start accepting Apple Pay. Finally, Walmart — perhaps MCX’s biggest initial backer — announced its own app, Walmart Pay.
Tomi Engdahl says:
Leena Rao / Fortune:
How PayPal is trying to catch up in digital payments space after losing ground under eBay
How PayPal Plans to Get Back on Top in Digital Payments
After a lost decade, the newly independent company is making big investments again.
http://fortune.com/paypal-fortune-500-digital-payments/
Tomi Engdahl says:
Morgen Peck / Backchannel:
Profile of Vitalik Buterin, inventor of Ethereum, the cryptocurrency rivaling Bitcoin and inspiring a movement — Vitalik Buterin invented the world’s hottest new cryptocurrency and inspired a movement—before he’d turned 20.
The Uncanny Mind That Built Ethereum
https://backchannel.com/the-uncanny-mind-that-built-ethereum-9b448dc9d14f#.bthlbd7ft
Vitalik Buterin invented the world’s hottest new cryptocurrency and inspired a movement — before he’d turned 20.
Tomi Engdahl says:
Matt Levine / Bloomberg:
The “theft” of Ethereum from the DAO violated the DAO’s intent, but not its smart contract, exposing tensions between blockchain idealism and real world systems
Blockchain Company’s Smart Contracts Were Dumb
http://www.bloomberg.com/view/articles/2016-06-17/blockchain-company-s-smart-contracts-were-dumb
We talked this morning about a hack at the DAO, the Distributed Autonomous Organization that lives on the Ethereum blockchain and that was supposed to take money from investors and invest it in projects voted on by the investors and administered through smart contracts. Instead — surprise! — the DAO was hacked, and about $60 million worth of Ether (Ethereum’s digital currency) was stolen. Or that is the terminology — “hacked,” “stolen” — that most people have used, and that I used this morning. But maybe it is wrong? The most interesting thing to read about the DAO hack is this Medium post:
By any usual interpretation (including those commonly used by Slock.it’s team in the past hours) the hacker has stolen money from other users and violated the intent of the DAO.
However, according to the DAO’s own legal contract, there is no such thing as theft and the intent is completely unimportant — the only important and relevant thing are the smart contracts themselves. Consequently, there is no real legal difference between a feature and an exploit. It is all a matter of perspective.
For example, one interpretation is that this unusual recursive splitting function is itself a feature and that a user simply used this feature to take funds into a sub-DAO.
That is: The DAO was advertised to users as, well, a Distributed Autonomous Organization that was supposed to take money from investors and put it in projects voted on by the investors and administered through smart contracts.
There were websites and forums explaining, in English, for humans, how the DAO would work, what its security features were, etc. (Some of the explaining was done by Slock.it, a blockchain company associated with the DAO.) But there was also this bit of boilerplate:
The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain.
Tomi Engdahl says:
Ethereum/TheDAO hack simplified
http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2WDVDXeI64
The news in the Bitcoin world is the Ethereum/DAO hack. I thought I’d write up a simplified explanation.
How can they recover the stolen money?
They can’t — at least not without destroying the entire principle of cryptocurrencies. It’s like trying to cure cancer with a Howitzer.
One solution is to roll-back the blockchain before the theft. Of course, that means screwing over everybody who made a transaction since then. You’d be screwing people out of $1 million in order to compensate the theft of $100 million. This is, of course, the type of corrupt thinking that gets us into banking failures in the real world, as we screw over everyone else in order to protect those banks who are too big to fail.
Another solution is to update the Ethereum code to blacklist this address, or better yet, insert a magic key that will give control over those funds back to TheDAO.
The problem with changing the code is that it forks the blockchain.
What does this all mean?
I’m a crypto-anarchist. The entire point of cryptocurrencies to get around corrupt humans. And that’s what trying to repair this problem is — corruption. It’s a violation of TheDAO’s own contract, which says the code is the contract, not to be superseded by human re-interpretation.
In any case, the original concept of TheDAO is useless utopian nonsense. The original Bitcoin was created by people who actually understood a lot about currency. TheDAO was created by people who are hopelessly naive about investing, who then put the system in the hands of trained monkeys. This isn’t “wisdom of the crowds”, as they proposed, but “ignorance of the mob”.
Tomi Engdahl says:
DAO Ether Trading Platform to Shut Down Following Ongoing Cyber-Heist
DAO creator says platform is shutting down
The price of Ether dropped substantially today after news broke of an ongoing cyber-attack on the DAO platform from where crooks managed to steal more than $50 million in Ether, a third of the platform’s total funds.
Read more: http://news.softpedia.com/news/dao-ether-trading-platform-to-shut-down-following-ongoing-cyber-heist-505381.shtml#ixzz4C7N01q62
Blockchain Company’s Smart Contracts Were Dumb
http://www.bloomberg.com/view/articles/2016-06-17/blockchain-company-s-smart-contracts-were-dumb
DAO, the Distributed Autonomous Organization that lives on the Ethereum blockchain and that was supposed to take money from investors and invest it in projects voted on by the investors and administered through smart contracts. Instead — surprise! — the DAO was hacked, and about $60 million worth of Ether (Ethereum’s digital currency) was stolen. Or that is the terminology — “hacked,” “stolen” — that most people have used, and that I used this morning. But maybe it is wrong?
That is: The DAO was advertised to users as, well, a Distributed Autonomous Organization that was supposed to take money from investors and put it in projects voted on by the investors and administered through smart contracts. (I mean, it was advertised in much more hyperbolic ways than that — “a new breed of human organization never before attempted,” etc. — but the gist was a vote-based venture fund. See here for more explanation.)
But there was also this bit of boilerplate:
The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain.
The descriptions didn’t matter; only the code did. The descriptions didn’t allow for today’s hack, but the code did. (By definition! If the code could be hacked, the code allowed for the hack.) Any vulnerabilities in the DAO’s code were not flaws in the code; they were flaws in the descriptions — which were purely for entertainment purposes. The DAO’s websites failed to explain to investors that the code allowed a hacker to take $60 million by using a “recursive splitting function.” But the recursive splitting function itself is part of the DAO’s code, and therefore part of the DAO. Using it isn’t a “hack,” and using it to take money isn’t a “theft”; it is just using the DAO as intended.
The words “hack” and “theft” make human, normative presumptions about how you’re supposed to use the DAO code. But the code doesn’t care. The code can’t be “hacked.” It can only be used; its use has no normative implications.
The DAO’s leaders, and the community at the Ethereum blockchain that created it, are now trying to fix the hack by freezing the hacker’s funds and discussing what to do next.
Tomi Engdahl says:
OneCoin – ManyQuestions
http://pjarvinen.blogspot.fi/2016/06/onecoin-open-questions.html
Nearly 18 months ago I heard for the first time of OneCoin, which was marketed as a new, easy to use cryptocurrency with frequent references to Bitcoin and its huge success. Company behind the currency was based in Bulgaria and lead by Dr. Ruja Ignatova. To my surprise several key persons and “ambassadors” were from Finland.
Since that I’ve been trying to find out whether this is legit or just a scam. My background is in computer sciences (M. Sc.) and I’m familiar with other cryptocurrencies including Bitcoin. Still, to date nobody has been able to give satisfactory answers to several basic questions.
Here we go:
- New coins are mined at constant speed of 10.000 coins every 10 minutes. However, it’s said that mining is very computing intensive and gets harder all the time. In that case mining should be slowing gradually. So, how (and why) mining speed is kept constant?
- Value of individual coin has increased more than ten times since mining began last summer. Since OneCoins cannot be freely traded, how is the value determined?
- When a split occurs, all tokens not yet mined into coins are doubled. What is the purpose of splitting?
- OneCoin claims to have a blockchain, as do all other cryptocurrencies. By definition, blockchain is made secure by distributing transaction records to numerous computers around the world and thus preventing tampering with them. In OneCoin, Company owns the blockchain and can manipulate it at will, which of course means it is neither a blockchain nor secure.
- In London event (June 11, 2016) it was announced that current blockchain will be “retired” and replaced with a new blockchain to allow 118 billion additional coins. This violates the basic principle of a blockchain. It can never be modified afterwards nor replaced with a new one
- System will switch onto new blockchain on October 1, 2016. At that point all old coins will double in number without halving the price.
- With 120 billion coins and current 6.25 euro value total market capitalization of OneCoin would be 750 billion euros. Is this realistic?
- Where are the merchants? More than 700 million coins have already mined (market cap 4.5 billion euros), but there is no way to spend them. If you want to buy ticket for London event or order terribly overpriced tablet, you must pay euros — if OneCoin as a company doesn’t accept its own currency, who else will?
- The only way to keep blockchain secure is to make it public from the very beginning.
- OneCoin claims to be immune against criminal activities, because company knows the owner of each coin and knows the parties of every transactions. What will happen when blockchain is opened
Tomi Engdahl says:
Who will win: Banks or fintech-startup? – “Banks are not fools”
Madrid – The Financial Technology that is fintech brings to traditional banks, new, nimble challengers. But the ability of Startups really destabilize the banks? No, the audience voted cynical fintech event MoneyConfissa in Madrid.
The two-day event fintech MoneyConf brought together challengers and traditional banks in Madrid
“People are tired of the traditional banks. What is essential is to understand the customer need, because everything associated with the user experience. One-click experience is very important and underestimated. People are also demanding transparency, “Stalf said.
“Now Startups are doing, because fintechin allows, guests can enjoy a lower cost, and can provide a good user experience,” Cross said.
Still, Cross believed that the Startups do not cause any earthquake. Startup is true, but it will be limited.
“In contrast to the imagined banks are not fools, they are smart. The banks have to buy startups and change the culture. Before long, the experience and the level of prices of banks and startups are neck and neck. Which customer then selects ten fintech-Firmaa or one big bank, whose comprehensive services cover the entire life of things? “Cross asked.
about half of the audience in front of the main stage represented the banks, the second half startups
Source: http://www.tivi.fi/Kaikki_uutiset/kumpi-voittaa-pankit-vai-fintech-startupit-pankit-eivat-ole-holmoja-6562261
Tomi Engdahl says:
Stephen Gandel / Fortune:
Behind Citigroup’s response to startup competition, Citi FinTech, a 40-person skunkworks team — The mega-bank needs to counter a new wave of financial technology startups. — What he needed was a SWAT team. The week after being put in charge of Citigroup’s c consumer banking business last year …
Here’s How Citigroup Is Embracing the ‘Fintech’ Revolution
http://fortune.com/citigroup-fintech/
The mega-bank needs to counter a new wave of financial technology startups.
What he needed was a SWAT team. The week after being put in charge of Citigroup’s C -4.52% consumer banking business last year, Stephen Bird went to Silicon Valley to meet with venture capitalist Marc Andreessen and other tech luminaries in hopes of gaining insight on how to counter the challenge from “fintech”—the rapidly proliferating class of technology startups bent on disrupting every facet of the traditional financial services business. Together they represent perhaps the No. 1 threat facing large banks today.
Tomi Engdahl says:
Second EU referendum petition investigated for fraud
http://www.bbc.com/news/uk-politics-eu-referendum-36634407
The House of Commons petitions committee is investigating allegations of fraud in connection with a petition calling for a second EU referendum.
Its inquiry is focused on the possibility that some names could be fraudulent – 77,000 signatures have already been removed.
More than 3.2 million signatures are on the petition, but PM David Cameron has said there will be no second vote.
The UK voted by 52% to 48% to leave the EU in Thursday’s referendum.
Helen Jones, who chairs the cross-party petitions committee, said in a statement posted on Twitter that it was taking the allegations “very seriously”.
‘A range of views’
“People adding fraudulent signatures to this petition should know that they undermine the cause they pretend to support,” she said.
BBC political correspondent Iain Watson says the petition has attracted a lot of attention but has no chance of being enacted, because it is asking for retrospective legislation.
Tomi Engdahl says:
Nordea will renew its entire IT system: such is the future of banking
Financial group Nordea’s vision is to be a pioneer in digitalisation in the banking sector. That is why it set up a new Group Digital business unit, which will start on 1 September.
The aim of the new unit is to promote digital services throughout the Group. Its leaders come from the former Group IT Director Poul Råholt and formerly Royal Bank of Scotland Retail Banking digital services in developing the program responded to Ewan MacLeod.
Nordea’s new digital unit director Poul Råholt, why such a unit is required?
“Digitalization changed all areas, including banking. It opens up possibilities, but at the same time it will also create threats and risks. Our company has taken steps in order to create more and better platform, which allows us to meet new challenges and exploit the opportunities. ”
“We want to be a pioneer. It is high on our agenda. Digitalization changed a lot of things, but in the end it is the customer experience, be it even through your smartphone. ”
“We will provide an increasing extent applications for digital channels. Customers are constantly civilized technology users and the expectations for us to grow. ”
“In addition to current offerings, we develop digital applications for the banking relationship will be more personal and we can understand our customers better.”
Source: http://www.tivi.fi/Kaikki_uutiset/nordea-uudistaa-koko-it-jarjestelmansa-tallainen-on-tulevaisuuden-pankki-6563567
Tomi Engdahl says:
Nathaniel Popper / New York Times:
How a handful of Chinese companies that control a majority of the Bitcoin network are playing a central role in the community’s civil wars
How China Took Center Stage in Bitcoin’s Civil War
http://www.nytimes.com/2016/07/03/business/dealbook/bitcoin-china.html?_r=0
A delegation of American executives flew to Beijing in April for a secret meeting just blocks from Tiananmen Square. They had come to court the new kingmakers in one of the strangest experiments in money the world has seen: the virtual currency known as Bitcoin.
Against long odds, and despite an abstruse structure, in which supercomputers “mine” the currency via mathematical formulas, Bitcoin has become a multibillion-dollar industry. It has attracted major investments from Silicon Valley and a significant following on Wall Street.
Yet Bitcoin, which is both a new kind of digital money and an unusual financial network, is having something of an identity crisis. Like so many technologies before it, the virtual currency is coming up against the inevitable push and pull between commercial growth and the purity of its original ambitions.
In its early conception, Bitcoin was to exist beyond the control of any single government or country. It would be based everywhere and nowhere.
Tomi Engdahl says:
Julian Chokkattu / Digital Trends:
Mastercard expands Masterpass to include in-store payments, first arriving on Android devices in the US this month, unveils API for banks and other partners
Mastercard issues first brand change in 20 years, and Masterpass is now contact-less
Read more: http://www.digitaltrends.com/mobile/mastercard-masterpass-rebrand/#ixzz4ET22o8AH
MasterCard is now Mastercard, or even mastercard in some cases. Sometimes you won’t even see the name at all — instead you’ll see the iconic red and yellow Venn diagram. But even that logo will look slightly different now. It’s all a part of the payment company’s push to make its brand digital-first and contemporary.
Masterpass gets the contact-less treatment
But the design change is far from the biggest announcement Mastercard is making — Masterpass is now a direct contact-less payment competitor to the likes of Android Pay, Apple Pay, and Samsung Pay. The company launched the service back in 2013, but until now it has only been available for use with select apps and through the we
With its new in-store contact-less solution, Mastercard says people can use Masterpass at more than 5 million merchants in 77 countries that accept contact-less payments, such as BJ’s Wholesale Club. The contact-less feature with Masterpass is first arriving to Android devices in the U.S. towards the end of July.
Masterpass is providing banks with its API so these financial institutions can directly integrate Masterpass into their own apps, or create a companion app for it.
The company demoed the ability to use Masterpass to pay in-store with tap-and-pay NFC
Tomi Engdahl says:
Bitcoin Sinks After Hackers Steal $65 Million From Exchange
http://www.bloomberg.com/news/articles/2016-08-03/bitcoin-plunges-after-hackers-breach-h-k-exchange-steal-coins
Hong Kong-based Bitfinex halts trading, deposits, withdrawals
Digital currency is down almost 20 percent this week
Bitcoin plunged after one of the largest exchanges halted trading because hackers stole about $65 million of the digital currency.
“Yes – it is a large breach,”
Bitfinex confirmed in a message to Bloomberg News on Wednesday that the hackers took 119,756 bitcoin, or about $65 million at current prices. More than $1.5 billion has been wiped out from bitcoin’s market capitalization this week, according to research from CoinDesk.
The Hong Kong exchange was the largest for U.S. dollar-denominated transactions over the past month
Tomi Engdahl says:
Charles Bovaird / CoinDesk:
Hong Kong-based Bitcoin exchange Bitfinex hacked, roughly 120K bitcoins worth $60M+ stolen; Bitcoin down almost 20%
Bitcoin Drops Nearly 20% as Exchange Hack Amplifies Price Decline
http://www.coindesk.com/bitcoin-drops-12-exchange-hack-amplifies-price-decline/
The price of bitcoin fell sharply today exacerbating an already ongoing decline as global market participants reacted to news that one of the largest digital currency exchanges had been hacked.
Earlier this afternoon, Hong Kong-based exchange Bitfinex halted trading after discovering a security breach
The halving’s impact
However, the price decline does not appear to be the sole result of the issues at Bitfinex.
Bitcoin prices experienced a gradual, downward movement over the course of several days, with market observers pointing to the halving of rewards on the bitcoin network as the cause. This event – which saw a 50% reduction in the mining subsidy on the network – generated significant visibility when it took place 9th July.
At the time, there was no major change in bitcoin prices, despite expectations that such a move may have been probable.
The drop below $600 may also indicate a change from the bullish sentiment that has so far characterized 2016.
For example, Joe Lee, founder of leveraged derivatives trading platform Magnr, stated that bitcoin’s drop below $600 could indicate that the currency’s long-term fundamentals are weak
While these analysts pointed to future weakness in the digital currency and potential declines, Demeester emphasized that not only did he not “see any sign why this bull market is over,” but he expected the price would “go a lot higher over the next 12 months”.
Tomi Engdahl says:
Joanna Stern / Wall Street Journal:
Hardware makers and credit card firms are speeding up checkout time for EMV cards, but mobile payments like Apple Pay and Android Pay are still the future
Chip Card Nightmares? Help Is on the Way
Chip cards, also known as EMV cards, are getting faster at the register, but mobile payments like Apple Pay are the real answer
http://www.wsj.com/articles/chip-card-nightmares-help-is-on-the-way-1470163865
Here’s what it’s like to buy something at a store these days:
1. Swipe card.
2. Get scolded by cashier to use the chip reader.
3. Insert chip and cancel all foreseeable plans.
4. Wait.
5. Wait some more.
6. Celebrate once you hear that joyless “Remove card” sound.
Next time you experience this, I want you to remember that it’s not you. It’s the banks, credit card companies, merchants, payment processors, terminal manufacturers and many others that have created this checkout catastrophe. But there’s a ray of hope: your smartphone.
it takes twice as long to pay with a chip card than with a card swipe or mobile payment—on average, 13 seconds versus 6 seconds.
It is completely understandable to think the U.S. transition to more secure chip-based credit cards
Yes, there are serious security benefits to chip cards, and the transactions will get drastically faster, from what I have seen. But the real payoff? The technology that supports chip cards is also laying the groundwork for the death of all plastic cards. Smartphones will replace our wallets once and for all.
Chips vs. Swipes
Paying with the magnetic strip on your card has been as secure as locking your front door with a piece of masking tape.
A swipe of the strip sends unchanging data to financial institutions to confirm your card account number, expiration date and other information. If criminals access that sensitive data, they can use it to make a counterfeit card and fraudulent purchases again and again and again—until the card is canceled.
Things are more secure with chip cards, aka EMV cards
the small, metallic square chip offers up a unique string of numbers—or a cryptogram—that goes to the financial institutions to verify account info. Since it’s different for each transaction, a criminal couldn’t steal it to use again.
stores need to purchase high-tech terminals which must be upgraded with software, then certified by various parties
Then there’s the transaction itself: Since it generates more data than just a swipe, it takes (a lot) longer.
any retailer that doesn’t take chip cards is responsible for paying back counterfeit transactions once paid by banks.
This “liability shift” stirred some to action.
Hardware makers and credit-card companies are owning up to their role in this card-pocalypse, and are working to speed up check-out times. With new, quicker chip options, instead of leaving the card in the terminal during the entire transaction, you can pull it out after two seconds and put it away.
Chips vs. Smartphones
Still, given the choice to use the fastest chip option or pay with my smartphone, I’ll pick smartphone every time.
Apple Pay, Samsung Pay and Android Pay were all twice as fast as current chip cards in my testing. Hold up your phone, press on the fingerprint sensor to confirm it’s you and six to seven seconds later, you’ll hear that pleasing ding that you’re done. In some cases, I even hit four seconds. Paying with a debit card was slower, since you still have to input your PIN.
These services can be faster because they use the same EMV process as chip cards, but with fewer steps. They’re also more secure, because they require a second form of authentication—a fingerprint or PIN—to confirm you are you
Paying with store-specific apps that use QR codes, like the ones from Starbucks, Chick-fil-A and Subway, is just as speedy.
Apple Pay and Android Pay, which rely solely on near-field communication (NFC) technology, are accepted at millions of stores—and counting.
“The huge benefit of upgrading to the new EMV terminals is that there is now the hardware in place to support mobile payments,”
The bad news? “Many merchants have had to get through chip-card EMV certification first, and that has taken priority over mobile implementation.”
Tomi Engdahl says:
Bitfinex Bitcoin exchange decides its customers should help pay for $65 million loss
http://www.geek.com/news/bitfinex-bitcoin-exchange-decides-its-customers-should-help-pay-for-65-million-loss-1665169/
Bitcoins
There are a plethora of financial rules in place the regulate how banks can handle your money, but an unregulated digital currency like Bitcoin or Litecoin is the wild west of personal finance. The popular cryptocurrency exchange Bitfinex was attacked on August 2, resulting in the loss of $65 million in Bitcoin. Bitfinex has decided to “generalize” the losses across all its users by taking 36% of their money. Seems a lot like stealing.
Bitfinex shut down last week following the hack, issuing a series of cryptic updates on its investigation. Now, the site is on the verge of re-launching with limited functionality. When users log into their Bitfinex accounts, they will see that a whopping 36.067% of their money is gone. That’s what Bitfinex is taking from every account to cover the losses, ensuring that everyone on the platform will have lost the same proportion of their money.
Many users are understandably enraged over this move. Many of them lost no Bitcoins in the initial hack when they checked their balance before the reshuffling. Now, they’re out a substantial sum.
In place of the 36% loss, Bitfinex is giving each user a BFX token with a value of their total loss. It’s essentially an IOU from Bitfinex that is tradable on the blockchain.
for now they’re completely worthless
Maybe, just maybe, Bitcoin was a bad idea.
Tomi Engdahl says:
Bitcoin drops 20% after $70M worth of bitcoin was stolen from Bitfinex exchange
https://techcrunch.com/2016/08/02/bitcoin-drops-20-after-70m-worth-of-bitcoin-was-stolen-from-bitfinex-exchange/
Bitfinex, one of the most popular cryptocurrency exchanges online, has suffered a major hack. The company has posted a note on its website detailing the security breach, and while it doesn’t mention a total amount, one of their employees confirmed on Reddit that the total amount stolen was 119,756 bitcoins.
After news of the hack spread, the price of bitcoin dropped almost 20 percent, settling in around the current price of $540 USD per bitcoin. It’s not exactly clear why the price dropped, but it’s likely bitcoin investors got nervous about potential hacks on other exchanges and decided to sell off their bitcoin holdings, which led to a rapid decrease in price.
So how exactly did the hack happen? It’s not really clear yet, and the exchange hasn’t released any additional information beyond saying they incurred a loss and are suspending operations, and that USD funds and other cryptocurrency balances haven’t been compromised.
This comes just weeks after hackers stole $50M worth of Ethereum, which caused the currency to complete a “hard fork” so they could reverse the transactions containing stolen currency.
Bitcoin Drops Nearly 20% as Exchange Hack Amplifies Price Decline
http://www.coindesk.com/bitcoin-drops-12-exchange-hack-amplifies-price-decline/
He told CoinDesk:
“A high profile hack is not good for sentiment and curtails the ability for market makers to keep an orderly market.”
“The big question will be how much was stolen and whether Bitfinex will make customers whole,”
The halving’s impact
However, the price decline does not appear to be the sole result of the issues at Bitfinex.
Bitcoin prices experienced a gradual, downward movement over the course of several days, with market observers pointing to the halving of rewards on the bitcoin network as the cause. This event – which saw a 50% reduction in the mining subsidy on the network – generated significant visibility when it took place 9th July.
At the time, there was no major change in bitcoin prices, despite expectations that such a move may have been probable.
Search for meaning
The drop below $600 may also indicate a change from the bullish sentiment that has so far characterized 2016.
For example, Joe Lee, founder of leveraged derivatives trading platform Magnr, stated that bitcoin’s drop below $600 could indicate that the currency’s long-term fundamentals are weak.
Tomi Engdahl says:
Nathaniel Popper / New York Times:
World Economic Forum report envisions blockchains as the “beating heart” of global finance, estimates 80% of banks will start using the technology in 2017 — A new report from the World Economic Forum predicts that the underlying technology introduced by the virtual currency Bitcoin …
Envisioning Bitcoin’s Technology at the Heart of Global Finance
http://www.nytimes.com/2016/08/13/business/dealbook/bitcoin-blockchain-banking-finance.html?_r=0
A new report from the World Economic Forum predicts that the underlying technology introduced by the virtual currency Bitcoin will come to occupy a central place in the global financial system.
A report released Friday morning by the forum, a convening organization for the global elite, is one of the strongest endorsements yet for a new technology — the blockchain — that has become the talk of the financial industry, despite the shadowy origins of Bitcoin.
“Rather than to stay at the margins of the finance industry blockchain will become the beating heart of it,” the head of financial services industries at the World Economic Forum, Giancarlo Bruno, said in a statement released with the report.
The blockchain originally referred to the database where all Bitcoin transactions are recorded and stored.
Unlike existing financial ledgers or databases used by banks and other institutions, the blockchain is updated and maintained not by a single company or government. Instead it is run by a network of users. It’s akin to the way Wikipedia is maintained by users around the globe.
Tomi Engdahl says:
Sarah Perez / TechCrunch:
CVS Health launches mobile payments app CVS Pay for iOS and Android, starting in New York, New Jersey, Pennsylvania, and Delaware, and nationwide by year end
CVS Pharmacy launches its own mobile payments and loyalty solution, CVS Pay
https://techcrunch.com/2016/08/11/cvs-pharmacy-launches-its-own-mobile-payments-and-loyalty-solution-cvs-pay/
CVS Health today is launching its own mobile payments solution that will allow customers to pay for products, pick up prescriptions, earn ExtraCare loyalty rewards, as well as pay – just by scanning the barcode in the CVS mobile app. The idea, the company explains, is to eliminate the number of steps it takes today to complete a checkout, which today is a very manual process.
Currently, customers have to either present their physical CVS rewards card at the register, or they have to say their name and birthday in order for the store associate to look up their account information. Then, after their purchases and prescriptions are run up, they have to pay. (And thanks to the slow-to-process chip cards, this, too, takes time.)
Now, all the verifications for the prescriptions and the payment – including name, birthdate, signature, and PIN – will take place in the app.
“What we’re trying to do is provide real utility and solve real problems for customers using digital,” explains Brian Tilzer, CVS Health’s Chief Digital Officer. “With one scan, we’re taking away three or four extra steps that customers have lived with for a long time.”
Tomi Engdahl says:
Banks digital services are lame
Finnish companies are hard tohinalla ideas for new digital services. Digitalization means not only web pages, but also to mobile services, and social media channels to be taken into account, to remind Nitor design team is headed by Timo-Pekka Viljamaa.
Grain Land annoying by the fact that many Finnish companies the border digital services only to their own customers. To commit, in particular banks.
“Although the monetary world is a revolution in the world and has published many new types of money transfer services, such as, say, Paypal and iZettle, Finnish banks hobbies even more customer locks. They still have access to digital services for their own customers only. Services should be open to all and reach wider groups of users. ”
According to him, banks should be prepared already in 2018, becoming the new EU Payment Services Directive, which will open up a bank systems to third parties.
Source: http://www.tivi.fi/Kaikki_uutiset/pankkien-digipalvelut-ontuvat-6574027
Tomi Engdahl says:
Bitcoin.org Warns of Possible State-Sponsored Attacks
http://www.securityweek.com/bitcoinorg-warns-possible-state-sponsored-attacks
Bitcoin.org, the organization that oversees the development of the Bitcoin software, has warned users that state-sponsored attackers will likely target the upcoming release.
Bitcoin Core, the open source client for Bitcoin, validates the blockchain and all transactions. Bitcoin Core 0.12.1 was released in April and developers will soon make available version 0.13.0.
In a security notice published on Wednesday, Bitcoin.org said it has reason to believe that the Bitcoin Core 0.13.0 binaries will be targeted by state-sponsored threat actors. Users have been provided an encryption key that can help verify the legitimacy of Bitcoin Core binaries.
“We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website,”
Tomi Engdahl says:
Brett Scott / The Long and Short:
Inside the war for cashless society, pushed by the likes of Visa and PayPal, which will leave many without bank accounts behind
The War on Cash
http://thelongandshort.org/society/war-on-cash
Banks, governments, credit card companies and fintech evangelists all want us to believe a cashless future is inevitable and good. But this isn’t a frictionless utopia says Brett Scott, and it’s time to fight back
Tomi Engdahl says:
Bloomberg:
How a Lending Club user mined the company’s data to uncover shady loans made to Lending Club insiders and repeat borrowers — Photographer: Don Emmert/AFP via Getty Images — “You ready to see some crazy s**t?”
How Lending Club’s Biggest Fanboy Uncovered Shady Loans
http://www.bloomberg.com/news/features/2016-08-18/how-lending-club-s-biggest-fanboy-uncovered-shady-loans
If you knew where to look inside the loan company, things were worse than anybody realized.
“You ready to see some crazy shit?”
A bulky home-built computer sat on the floor, with a handwritten warning taped on the side: “DO NOT TURN OFF. POST-APOCALYPTICAL FINANCIAL CRISIS WILL ENSUE.”
The sign was a joke, but with a hint of truth. It was early June, and for months, Sims’s computer had been churning through a database of loans made by Lending Club. The San Francisco-based marketplace lender is either the most important company in the booming financial technology sector or, if its many critics are to be believed, a Silicon Valley-tinged credit crisis waiting to happen.
Lending Club is a kind of EBay for loans. The company, which has made more than 1.6 million loans to date, worth about $20 billion, matches users who need money with investors willing to lend. The concept relies on both an innovative financial structure and an unprecedented level of transparency. Loans of up to $40,000 at a time are divided into $25 securities that anybody can buy
He knew that for all the information the company made public about its borrowers—incomes, employment histories, their reasons for borrowing—one thing it didn’t list was repeat customers.
Sims decided to take a look at the hundreds of loans he’d invested in
Two loans caught his eye.
It was one person with two active loans, and Lending Club was treating them as completely unrelated, charging wildly different interest rates.
Sims saw a business opportunity: a research service that would independently rate Lending Club loans the way Morningstar rates mutual funds.
The algorithm was still mining the Lending Club database when, on May 6, 2016, Laplanche was forced to resign amid alleged ethical breaches on his watch that involved misdated loans and conflicts of interest. Lending Club is facing shareholder lawsuits and investigations by the Department of Justice and the SEC.
Lending Club has lost 80 percent of its market value since its high point
These four people, it appeared, systematically borrowed almost a million dollars just before the end of the year and had gone to some length to obscure their activity.
“to help increase reported platform loan volume for December 2009.”
Lending Club had been known as the best, most reputable company in the industry.
“Just about every company does [this], when you have 20 employees and no customers,”
And yet evidence of lingering issues can be found in Lending Club’s database files, which are still available online. Sims has discovered dozens of other loans he suspects were made to company insiders, as well as lending practices that seem to have been designed to push growth above all else.
Lending Club didn’t disclose the extent of the business being done with company insiders, even as it touted the performance of those loans as proof that it could survive a recession.
This narrative was crucial to Lending Club’s success in attracting loan buyers.
In all, Sims’s model has identified about 30,000 loans that were likely taken out by repeat borrowers
the data files are so detailed
that it’s often possible, with the right software tools, to make an educated guess about a borrower’s identity.
Tomi Engdahl says:
This Mathematician Says Big Data Is Causing a ‘Silent Financial Crisis’
http://time.com/4471451/cathy-oneil-math-destruction/
Algorithms that we use daily actually thwart equality, says Cathy O’Neil
RECOMMENDED FOR YOU
Courtney Cox Says She Regrets Cosmetic Procedures
Courtney Cox Says She Regrets Cosmetic Procedures
Watch Robert De Niro Reveal the Only Actor Who Made Him Nervous
Watch Robert De Niro Reveal the Only Actor Who Made Him Nervous
Celebrities Pay Tribute to Gene Wilder After His Death
Celebrities Pay Tribute to Gene Wilder After His Death
Will 3D/4D printing change the way industries manufacture?
Promoted
Will 3D/4D printing change the way industries manufacture?
Recommended by
When there is wrongdoing in fields that are both complex and opaque, it often takes a whistle-blower to inform the public. That’s exactly what former quant trader turned social activist Cathy O’Neil has become for the world of Big Data.
Unlike the WMDs that were never found in Iraq, data driven algorithms are all around us. Already, many of our bosses use them to grade our performance. Our children’s teachers are hired and fired by them. They decide who gets access to credit and who pays higher insurance premiums, as well as who will receive online advertising for luxury handbags versus who’ll be targeted by predatory ads for for-profit universities.
O’Neil sees plenty of parallels between the usage of Big Data today and the predatory lending practices of the subprime crisis. In both cases, the effects are hard to track, even for insiders. Like the dark financial arts employed in the run up to the 2008 financial crisis, the Big Data algorithms that sort us into piles of “worthy” and “unworthy” are mostly opaque and unregulated, not to mention generated (and used) by large multinational firms with huge lobbying power to keep it that way. “The discriminatory and even predatory way in which algorithms are being used in everything from our school system to the criminal justice system is really a silent financial crisis,” says O’Neil.
The effects are just as pernicious. Using her deep technical understanding of modeling, she shows how the algorithms used to, say, rank teacher performance are based on exactly the sort of shallow and volatile type of data sets that informed those faulty mortgage models in the run up to 2008.
In higher education, the use of algorithmic models that rank colleges has led to an educational arms race where schools offer more and more merit rather than need based aid to students who’ll make their numbers (thus rankings) look better.
O’Neil has proposed a Hippocratic Oath for mathematicians. She and others also suggest much deeper regulation of the burgeoning field, perhaps via random algorithmic “audits” by regulators, and deeper analysis of how such algorithms work
Tomi Engdahl says:
Gertrude Chavez-Dreyfuss / Reuters:
Study: between Bitcoin’s creation in 2009 and March 2015, 33% of all Bitcoin exchanges were hacked, and 48% closed
Cyber threat grows for bitcoin exchanges
http://www.reuters.com/article/us-bitcoin-cyber-analysis-idUSKCN11411T
When hackers penetrated a secure authentication system at a bitcoin exchange called Bitfinex earlier this month, they stole about $70 million worth of the virtual currency.
The cyber theft — the second largest by an exchange since hackers took roughly $350 million in bitcoins at Tokyo’s MtGox exchange in early 2014 — is hardly a rare occurrence in the emerging world of crypto-currencies.
New data disclosed to Reuters shows a third of bitcoin trading platforms have been hacked, and nearly half have closed in the half dozen years since they burst on the scene.
“There is a general sense in the bitcoin community that any centralized repository is at risk,”
“I am skeptical there’s going to be any technological silver bullet that’s going to solve security breach problems. No technology, crypto-currency, or financial mechanism can be made safe from hacks,” said Tyler Moore, assistant professor of cyber security at the University of Tulsa’s Tandy School of Computer Science who will soon publish the new research on the vulnerability of bitcoin exchanges.
of the 6,000 operational U.S. banks, only 67 banks experienced a publicly-disclosed data breach between 2009 and 2015. That’s roughly 1 percent of U.S. banks.
Among the world’s stock exchanges, however, security breaches are much higher, with hackers attracted to the large pools of cash moving in and out of these trading venues.
“A 48 percent closure is not acceptable, but not surprising given that bitcoin is a new technology,”
Tomi Engdahl says:
5,300 Wells Fargo employees fired over 2 million phony accounts
http://money.cnn.com/2016/09/08/investing/wells-fargo-created-phony-accounts-bank-fees/
Everyone hates paying bank fees. But imagine paying fees on a ghost account you didn’t even sign up for.
That’s exactly what happened to Wells Fargo customers nationwide.
On Thursday, federal regulators said Wells Fargo (WFC) employees secretly created millions of unauthorized bank and credit card accounts — without their customers knowing it — since 2011.
“Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses,”
The bank agreed to pay $185 million in fines, along with $5 million to refund customers.
Wells Fargo confirmed to CNNMoney that the 5,300 firings took place over several years. The bank listed 265,000 employees as of the end of 2015.
Tomi Engdahl says:
creating 2 million fake bank accounts
http://www.theverge.com/2016/9/9/12859740/wells-fargo-fake-account-scam-fine
Bank fires at least 5,300 people who were involved in the scheme, which racked up $2.6 million in unauthorized fees
According to the regulators, employees created more than 2 million accounts that may not have been authorized by Wells Fargo customers, and covertly transferred funds to them from authorized accounts, racking up fees and other charges. They also created fake email accounts and PIN numbers to sign customers up for new accounts, most of which were unnoticed or closed shortly after opening.
Tomi Engdahl says:
Wells Fargo Fires 5,300 For Engaging In Massive Fraud, Creating Over 2 Million Fake Accounts
http://www.zerohedge.com/news/2016-09-08/wells-fargo-fires-5300-engaging-massive-fraud-creating-over-2-million-fake-accounts
For years we have wondered why Wells Fargo, America’s largest mortgage lender, is also Warren Buffett’s favorite bank. Now we know why.
In all, Wells opened 1.5 million bank accounts and “applied” for 565,000 credit cards that were not authorized by their customers.
Wells Fargo told to CNN that it had fired 5,300 employees related to the shady behavior over the last few years. The firings represent about 1% of its workforce and took place over several years. The fired workers went to far as to create phony PIN numbers and fake email addresses to enroll customers in online banking services, the CFPB said.
And, since it is US government policy never to send a banker to prison, they thought that engaging in criminal behavior was not such a bad idea.
Federal banking regulators said the practices reflected serious flaws in the internal culture and oversight at Wells Fargo, one of the nation’s largest banks.
“Consumers must be able to trust their banks. They should never be taken advantage of,” said Mike Feuer, the Los Angeles City Attorney who joined the settlement.
Tomi Engdahl says:
Federal Judge Rules Bitcoin Is Money In Case Tied To JPMorgan Hack
https://yro.slashdot.org/story/16/09/20/0225212/federal-judge-rules-bitcoin-is-money-in-case-tied-to-jpmorgan-hack
Roughly two months ago, a Miami-Dade judge ruled that bitcoin does not actually qualify as money. Now, it appears that bitcoin does indeed qualify as money, according to U.S. District Judge Alison Nathan in Manhattan. “Bitcoins are funds within the plain meaning of that term,” Nathan wrote.
Bitcoin is money, U.S. judge says in case tied to JPMorgan hack
http://www.reuters.com/article/us-jpmorgan-cyber-bitcoin-idUSKCN11P2DE
Murgio had argued that bitcoin did not qualify as “funds” under the federal law prohibiting the operation of unlicensed money transmitting businesses.
But the judge, like her colleague Jed Rakoff in an unrelated 2014 case, said the virtual currency met that definition.
“Bitcoins are funds within the plain meaning of that term,” Nathan wrote. “Bitcoins can be accepted as a payment for goods and services or bought directly from an exchange with a bank account. They therefore function as pecuniary resources and are used as a medium of exchange and a means of payment.”
Tomi Engdahl says:
SWIFT Moves to Combat Inter-Bank Fraud
http://www.securityweek.com/swift-moves-combat-inter-bank-fraud
The Society for Worldwide Interbank Financial Telecommunication, better known as SWIFT, announced Tuesday that it will be introducing two new Daily Validation Reports to supplement its customers’ existing fraud reports.
The new effort is part of a program designed to strengthen customers’ security following the theft of $81 million from the Bangladesh central bank, and several other successful and failed bank thefts.
The reports include Activity Reports and Risk Reports comprising, says the SWIFT announcement, “a snapshot view of each day’s messaging activity against which to detect unusual patterns.” They are designed to provide SWIFT customer banks with a focused review of large or unusual payment flows and new combinations of payment parties. They will be provided to customers’ payments and compliance teams ‘out-of-band’ to ensure that any incumbent hackers will not be able to alter or hide them.
“A key step in the modus operandi in recent wire fraud cases at customer firms,”
These Reports are just one of several new procedures designed to strengthen the overall security within the use of SWIFT. The SWIFT network itself was not compromised during the recent thefts, but the organization clearly feels it is incumbent on itself to help customers improve their own security. However, there is some concern over whether daily reports of what has already happened will have much effect on fraud prevention – timed correctly, the fraud may have already occurred before the banks see the reports.
The earlier thefts at Bangladesh and an Ecuadorian bank led to suggestions that the reserve banks holding the cash had some liability for the loss. Indeed, early suggestions from Bangladesh suggested that SWIFT itself was responsible for leaving the Bangladesh bank insecure. SWIFT has responded with recommendations to its customers.
To a degree SWIFT has to tread carefully in the requirements it makes, since it is owned by the same organizations it is trying to police. However, Reuters reported Sept. 15 that the world’s major central banks are now getting involved.
Tomi Engdahl says:
Microsoft Teams with Bank of America on ‘Blockchain’
http://www.securityweek.com/microsoft-teams-bank-america-blockchain
Microsoft and Bank of America Merrill Lynch on Tuesday announced they are working together to make financial transactions more efficient with blockchain technology — the foundation of bitcoin digital currency.
The companies said they will build and test frameworks for blockchain-powered exchanges between businesses and their customers and banks.
Blockchains are considered tamper-proof registers in which entries are time-stamped and linked to previous “blocks” in a data chain.
Blockchains serve as public ledgers considered easy to audit and verify. They are also automated, speeding up transactions and limiting potential for error or revision.
Microsoft planned to use its Azure cloud service platform to enable blockchain transactions between a major corporate treasury and a financial institution.
“By working with Bank of America-Merrill Lynch on cloud-based blockchain technology, we aim to increase efficiency and reduce risk in our own treasury operations,” Microsoft chief financial officer Amy Hood said in a release.