New Features Greet Riders As They Return to Transit

people walking on train station

Everyone seems to think that MaaS (Mobility-as-a-Service) is a brand-new business model, when in fact, Transit Agencies have been providing mobility as a service for years, just without the hyphens. When I ride transit I just pay for the service when I need it or purchase a monthly pass if I expect to use it regularly. This is similar to the “as-a-Service” model that has been popularized by software companies who moved away from the license model where users pay a one-time fee to purchase the software. They now offer a subscription model where users pay a recurring fee to use the software. I’ve ridden transit for many years and have never had to buy a bus or train. Sounds like Mobility-as-a-Service to me.

Can Current Technology Deliver Secure Mobile Voting Solutions?

red check mark over black box

Insecure technology is regularly cited as barrier to the use of online voting systems, in particular when casting your vote through your mobile phone, rather than putting your cross on a piece of paper and putting in a box at the polling station or mail box. At the same time those detractors trust the same mobile technology to place stock trades, initiate high value payments and more recently accessing their health records.

Be on the smart side of the Great Reset

planet earth

The human society is now at crossroads – demanding changes in our lifestyle, health choices, economics, and civil liberties. These changes are accelerated by climate change, political response to the pandemic, the need for racial and gender equality, human migration, and of course, a few break-through technologies such as digital automation, data analytics, and machine-learning (AI). So where are we heading? The call for “Great Reset” has been reverberating since the past few years and is now getting louder and louder. This was the topic of the virtual fireside chat by two visionaries on our Tomorrow’s Transactions webinar, Brett King and Dave Birch, discussing the societal and technological changes that are foreseen in the next few decades. This conversation was centered around Brett King’s (Richard Petty, co-author) book, “The Rise of Technosocialism and aligns with Consult Hyperion’s engagement with think tanks on global issues.  Our aim to is separate foresight and facts from fiction in trying to understand the trends in the market that our clients should watch-out for especially in payments, banking, transit, digital identity, and information security.

Will 2022 start to drive the future of Interoperability and Inclusion?

close up shot of a calendar

Our overriding theme of this year’s Live5 is interoperability which will lead to inclusion. Whether this is in payments or transit, identity or as a generalised trend what we’re seeing is a collapsing of the barriers between silos. In some areas this is happening more quickly than in others.

The Role of Technical Due Diligence in Investment Cycles

people discuss about graphs and rates

Have you noticed that some of the best attended events at conferences recently are the investment panels, populated by canny investors talking about where they are currently placing their funds? And so this was the case with Consult Hyperion’s recent webinar The Role of Due Diligence in Investment Cycles, featuring Jonathan Luff Co-Founder of CyLon, Europe’s leading investor in pre-seed and seed stage cyber and security technology startups. Howard Hall, Managing Director of Consult Hyperion North America, and Gary Munro, Technical Director Consult Hyperion and Dave Birch our Global Ambassador, who moderated the discussion.

Will the UK identity framework support decentralised identity?

question mark on paper crafts

In our Live 5 for 2021, we said that governance would be a major topic for digital identity this year. Nowhere has this been more true than in the UK, where the government has been diligently working with a wide set of stakeholders to develop its digital identity and attribute trust framework – the rules of road for digital identity in the UK. The work continues but with the publication of the second iteration of the framework I thought it would be helpful to focus on one particular aspect – how might the framework apply to decentralised identity, given that is the direction of travel in the industry.

The changing face of payments

person paying using a bank card

EMV is at the heart of global payment card processing. As a specification it governs the processing of billions of transactions globally, with the vast majority of those flowing through the international payment schemes. As a technology it has been incredibly successful, reducing fraud levels everywhere it’s been introduced and its extension into contactless payments is now the fastest growing area of face-to-face payments. The idea that EMV might soon be obsolescent seems far-fetched, to put it mildly, but there are reasons to believe that its hegemony is under threat.

Ambient accountability as a narrative for the blockchain

The fintech flavour of the month is the blockchain. This is an amazing new technology that will completely revolutionise our entire industry and make the world a better place.

“Blockchain, as the digital ledger, will heavily impact the way we do business in the financial services industry” [Oliver Bussmann, CIO of UBS]
[From CIO says blockchain ‘will heavily impact’ financial services | CIO]

The article is not specific as to how the blockchain will heavily impact financial services, but I’m sure Oliver is barking up the right tree and, while I haven’t spoken to him about this, I imagine that he means some form of shared private ledger rather than the Bitcoin blockchain. The super smart Vitalik Buterin, who some of you will have met at our annual Tomorrow’s Transactions Forum this year, wrote about this on the Ethereum blog a while ago.

…there is good reason for the focus on consortium over private: the fundamental value of blockchains in a fully private context, aside from the replicated state machine functionality, is cryptographic authentication, and there is no reason to believe that the optimal format of such authentication provision should consist of a series of hash-linked data packets containing Merkle tree roots

[From On Public and Private Blockchains – Ethereum Blog]

He must be correct. For most of the businesses that I am interested in (i.e., the ones who pay Consult Hyperion money for services rendered) the use of what Vitalik calls a “consortium” blockchain, or what I referred to as an open private replicated decentralised shared ledger at NextBank in Barcelona, is the way forward but it is far too early to say exactly how that ledger should work and anyone that says they know otherwise should be treated with some suspicion.

Note that by creating privately administered smart contracts on public blockchains, or cross-chain exchange layers between public and private blockchains, one can achieve many kinds of hybrid combinations of these properties. The solution that is optimal for a particular industry depends very heavily on what your exact industry is.

[From On Public and Private Blockchains – Ethereum Blog]

Indeed. And we don’t yet know what is optimal for our industry. We can all agree that the use of shared ledgers, of which the blockchain is an example, is going to transform financial services. But why? Well, in an absolutely brilliant King’s Review piece about the relationship between the use of ledgers, the law and enterprise, Quinn DuPoint and Bill Maurer make explicit the relationship between the technology, the private maintenance of the technology and the public use of the technology. They go on to say that:

Blockchain systems occasion a reconsideration of two of the central legal devices of modernity: the ledger and the contract.

[From Ledgers and Law in the Blockchain | King’s Review – Magazine]

This insight around private maintenance and public use is critical to the development of a narrative around the blockchain that can help engineers, investors, businesses and regulators to construct a paradigm for the use of the blockchain in financial services. This is what Richard Brown, Sally Parulava and I argue in a paper called “Toward Ambient Accountability: Shared ledgers, glass banks and the legacy of the great financial crisis” that is in draft at present but that we will be sharing soon.

More than the robustness of shared ledgers or their potential for innovation, for the financial services the ability of technology to deliver “translucency” through cryptography is (I am convinced) far more radical than it seems at first and there are plenty of reasons to believe that building glass institutions around replicated shared ledgers is the first step to a new kind of financial system. I’m spoke about this at NextBank Barcelona today (you can see my slides here at Slideshare), and was interested to see the feedback from the pretty well-informed folk there.


If my suspicion is correct, and transparency is more important than computational efficiency then we are at the dawn of a new era and ambient accountability might be the real technology legacy of the last financial crisis.

Mass market biometrics – convenience and trust

Back in 2002, biometrics seemed futuristic to say the least. Minority Report was released in that year and I vaguely recall a scene where Tom Cruise trades-in his eyes (yes, his eyes!) to fool, what was supposed to be a retinal scanner.

We’re now in 2015 and biometrics do not seem that sci–fi anymore. Biometrics are insidiously creeping in our lives, via a plethora of services and solutions. But whilst I do passionately follow how widespread biometrics are getting, I still remain very sceptical when it comes to saying that biometrics are the ultimate answer to security.

Let’s take fingerprints for example. Granted, fingerprints are truly efficient when it comes to authentication. They are part of you, and they are unique. Unless I am in serious, serious trouble, I would not be ready to have new fingerprints stitched, were that procedure to be available.

Fingerprints are unique:

A fingerprint is the representation of dermal ridges of a finger. Dermal ridges form a combination of genetic and environmental factors; the genetic code in DNA gives general instructions on the way the skin should form in a developing fetus, but the specific way it forms is the result of random events such as the exact position of the fetus in the womb at a particular moment. This is the reason why even the fingerprints of identical twins are different.

[From Encyclopedia of Biometrics, Stan Z.Li, Anil Jain : Fingerprint Recognition, Overview.]

But, this perceived uniqueness is not without some loopholes:

Doddington et al developed a statistical framework based on the matching performance of individual users.[…]. Their work focused on determining user-induced variability. In particular, they identified four categories of users:

(sheep) users who are easily recognized,

(goats) users who are particularly difficult to be recognized,

(lambs) users who are easy to be imitated,

(wolves) users who are particularly successful at imitating others.

[From Revisiting Doddington’s Zoo: A Systematic Method to Access User-dependent Variabilities]

Fine then, my fingerprints are supposed to be unique. What if there was a “wolf” out there who knows he can access my biometrically locked services, consciously, not by hacking, but simply by the trick of his finger? I’d be having a “finger twin” (remember Joey in Friends in the hand twin episode), albeit an evil one.

This situation, though infinitesimally probable (and even more improbable when it comes to me, with my abnormally high number of minutiae, but that is another story!), does pose a pertinent question. Should I be able to repudiate a service which was authenticated biometrically?

The straightforward answer would be no. However, there have been, in the past, numerous cases in which innocent people have been wrongly singled out by means of fingerprint evidence.

In 2004, Brandon Mayfield was wrongly linked to the Madrid train bombings by FBI fingerprint experts in the United States.

Shirley McKie, a Scottish police officer, was wrongly accused of having been at a murder scene in 1997 after a print supposedly matching hers was found near the body.

[From “Why your fingerprints may not be unique” The Telegraph 21 April 2014]

These cases do prove one thing: An unlucky string of circumstances, though highly unlikely, could be enough to repudiate the alleged non-repudiable: fingerprints.

Mind you, I have not even stepped into the “conventional” debate – Tsutomu Matsumoto, the Japanese guy who made fake fingerprints out of gelatine – nor started a discussion on the challenges facing biometrics – varying physiological aspects in population and environmental effects on both the biometrics to be sensed and the sensor used. And I am miles away from two three-letter acronyms: FAR and FRR.

Mass market biometrics are currently only about convenience, not security. Not having to remember PINs is nice (particularly if you collect bank cards like I do), but relying solely on biometrics is hazardous.

Security is added, or rather implemented, by combining other factors (something you have, something you know), but here is the catch – the more you secure, the less convenient is the solution. Phone + fingerprint + PIN definitely imply that my evil twin finger would have to get hold of my phone, know my PIN to access my services, but would I, as a lazy client, be bothered if I had to have the phone on me, key in a PIN and place my finger on the reader for each access to a service?

But besides this well-known trade-off between convenience and security, there is another crucial aspect in biometrics: sustainability. Unlike “conventional” credentials which can be revoked and changed in case of attack, revoking compromised biometrics is certainly more difficult. Revocable biometric algorithms may be the answer, but I prefer make abstraction of it in this article. In view of ensuring the viable trust of future biometric solutions, emphasis should be laid on zero-flaw in current roll-outs.

L’Observatoire appelle également les acteurs à être vigilants durant les phases d’expérimentation de solutions fondées sur la biométrie, la compromission d’empreintes biométriques utilisées par celles-ci pouvant mettre en cause le déploiement de solutions futures à plus grande échelle.

The panel also calls on players to be vigilant during the experimental phases of solutions based on biometrics. The use of compromised fingerprint may seriously challenge the deployment of future solutions on a larger scale.

[From 2014: Rapport annuel de l’observatoire de la sécurité des cartes de paiement]

Trust, once shattered might be hard, impossible even, to rebuild, especially if the same client pool has been compromised. A case in point here is the Mauritian Biometric Identity Card Scheme. The fingerprints enrolled were stored on the chip, which is secure enough, and a not-so-secure centralised database. A couple of years, frenzied passion against biometrics and doubt-instilling database procedure malfunctions, were enough to convince legal authorities to destroy the much controversial biometric database. The Mauritians are paying the high price of a rapid and not sufficiently prepared solution. I’m not sure they’ve gauged the extent of the problem though.

Les empreintes digitales de 947 000 citoyens, collectées pour la nouvelle carte d’identité, ont été supprimées de la base de données. […]Les données biométriques seront désormais sauvegardées uniquement sur la puce insérée dans la carte.

The fingerprints of 947 000 Mauritian citizens previously collected for the new identity card scheme, have been deleted from the database. […] The biometric data shall be saved only on the identity card chip. 

[From Carte d’identité : Les empreintes digitales de 947000 citoyens détruites” L’express.mu: 1st September 2015]

Were I to be one those 947 000 enrolled, the court’s order to destroy the biometric database, limiting the credential to the chip, would not reassure me at all. There has been a point in time where the database was operational with people behind accessing them. Damage could already have been done, and leaving my fingerprint data on the identity card chip is like having a key in a safe when the duplicate key is either destroyed or lost somewhere.

Our approach to biometrics needs to change rapidly. The stars are getting lined up for biometrics. Demand for new authentication methods, enhanced reliability as well as more affordable price ranges are starting to build up a huge potential for future solution deployments. It is up to us to develop new archictectures. Assessing the expected convenience levels and maintaining the high levels of trust will ensure consistency in the security of biometric solutions.

It’s the convenience and trust, convenience and trust only. Security is the outcome of it.

 

 

 

Everybody panic, part 97: contactless cards

Oh no! Shock horror! Something must be done! It’s an outrage! Thank goodness we have a free press to expose this egregious, calamitous, nefarious episode! Questions must be asked in Parliament. Yes, it turns out that a famous author (J. K. Rowling who wrote the tedious “Harry Potter” series of children’s books) has been trimming her hedge.

Shock! Horror!

Oh, and on the front page the non-issue of contactless card security has come up once again, following a report from the consumer organisation “Which?”. They reported that contactless cards work according to their specifications. Using a standard reader they were able to interrogate standard cards and obtain the standard details, which do not include either the cardholder’s name or the security code. You cannot use the details to make a clone contactless card or a clone chip and PIN card or a counterfeit magnetic stripe card.

Yet the Which? researchers managed to buy a £3,000 TV set using one of the cards.

[From Banks want us all to have ‘tap and pay’ cards even though they’re a godsend to fraudsters | Daily Mail Online]

No, they didn’t. They did not use one of the cards. What they did was to use the card number and expiry date with a merchant who does not check the name, address or security code. Retailers are entirely free to do this, it’s up to them. The point of the card system is to protect consumers, not retailers. If retailers decide to deliver a £3,000 TV to a block of flats in Hoxton on the basis of a card number and expiry date (without checking the name, address or security code) then that is their look out. The customer will spot the unusual transaction and charge it back. The bank will charge it back to the merchant. The merchant will be out of £3,000. But it was their choice, so who cares? Anyway, the researchers were surprised that some merchants would behave in this fashion.

We doubted we’d be able to make purchases without the cardholder’s name or CVV code, but we were wrong.

[From Thieves use scanners to steal account details even when contactless card is in your wallet | Daily Mail Online]

Remember, this is the same information that a fraudster could obtain just by looking at your card. Luckily, the newspapers have also had some useful advice for customers concerned about card security.

James keeps his debit card at home and the PIN is still in the sealed letter. That way, if a fraudster takes money from his account, he can easily prove to the bank that he hasn’t used it.

[From There’s nothing James Freedman doesn’t know about fraud … so why won’t HE use contactless cards? | This is Money]

Had the researchers glanced at any or our blog posts about contactless security, starting back in 2006, they would have known about this uninteresting risk. It isn’t news. I’ve suggested before that rather than panic about the non-issue of contactless security, their energies might be better directed toward educating the public about the technology and the distribution of liabilities.

The traditional way of educating the mass market in the UK about anything is to pester the BBC to include it as an EastEnders story line.

[From Crime and contactless]

You may think that I was being flippant with that remark last year but I wasn’t. In fact, the soap opera route has been tried, albeit on the other side.

Coronation Street and Emmerdale will feature Visa’s contactless payment technology from February.

[From TV signs Visa product placement deal for Coronation Street and Emmerdale – Coronation Street News – Soaps – Digital Spy]

Sadly, I have never watched either Coronation Street or Emmerdale, although I know what they are because Harry Hill used to make fun of them on “TV Burp”, so I’m not best-placed to suggest appropriate plot lines. But perhaps one of the characters spotting a £3,000 charge to Currys on their statement and then charging it back might be far too dull.

Now, you might imagine that these stories are so trivial as to be utterly uninteresting. And on the one hand they are. But on the other hand I find them intensely annoying, because they are so insulting. “Fraud alert” over a payment architecture that has been under development for a decade? That’s a headline that suggests that I am a moron. As are the experienced risk analysis and payments architecture experts at Consult Hyperion. As are the risk management experts at retail banks. As are the strategists at Visa and MasterCard.

What are the media thinking? That there is no point over the past decade when it occurred to anybody that because the EMV standard involves the passing of unencrypted data between the card and the point of sale terminal that anyone with a standard reader would be able to obtain the card number and expiry date? That the thousands of people involved in the planning, design, launch and management of contactless cards were as thick as planks? That the issuing banks were so dumb to accept full liability for the fraudulent use of contactless cards that they are going to go out of business? That merchants who accept card numbers and expiry dates without a valid cardholder name or address are simply too dense to understand the liability shift?

Just to be clear. The actual figures (from the UK Cards Association) are that fraud losses from contactless cards are less than for contact cards, for the obvious reason that card numbers are, by and large, stolen online in vast bulk (see, in the Daily Mail, for example “Benson bought stolen credit card details from Russian gangsters”) and not obtained by individual fraudsters waving phones around peoples’ arses (although that would work, as this video shows).

You can tell from the Nokia 6131 used in that video that it was made a good few years ago but, as yet, the gangs of pickpockets in London seem to prefer the old fashioned methods, so you’re much better off carrying a contactless card (that can be refunded in the event of loss) rather than cash (which cannot).

Don’t panic. Unless you spot someone holding their mobile phone a little too close to my backside on the tube, that is.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.