Have you noticed that some of the best attended events at conferences recently are the investment panels, populated by canny investors talking about where they are currently placing their funds? And so this was the case with Consult Hyperion’s recent webinar The Role of Due Diligence in Investment Cycles, featuring Jonathan Luff Co-Founder of CyLon, Europe’s leading investor in pre-seed and seed stage cyber and security technology startups. Howard Hall, Managing Director of Consult Hyperion North America, and Gary Munro, Technical Director Consult Hyperion and Dave Birch our Global Ambassador, who moderated the discussion.
In our Live 5 for 2021, we said that governance would be a major topic for digital identity this year. Nowhere has this been more true than in the UK, where the government has been diligently working with a wide set of stakeholders to develop its digital identity and attribute trust framework – the rules of road for digital identity in the UK. The work continues but with the publication of the second iteration of the framework I thought it would be helpful to focus on one particular aspect – how might the framework apply to decentralised identity, given that is the direction of travel in the industry.
EMV is at the heart of global payment card processing. As a specification it governs the processing of billions of transactions globally, with the vast majority of those flowing through the international payment schemes. As a technology it has been incredibly successful, reducing fraud levels everywhere it’s been introduced and its extension into contactless payments is now the fastest growing area of face-to-face payments. The idea that EMV might soon be obsolescent seems far-fetched, to put it mildly, but there are reasons to believe that its hegemony is under threat.
The fintech flavour of the month is the blockchain. This is an amazing new technology that will completely revolutionise our entire industry and make the world a better place.
“Blockchain, as the digital ledger, will heavily impact the way we do business in the financial services industry” [Oliver Bussmann, CIO of UBS]
[From CIO says blockchain ‘will heavily impact’ financial services | CIO]
The article is not specific as to how the blockchain will heavily impact financial services, but I’m sure Oliver is barking up the right tree and, while I haven’t spoken to him about this, I imagine that he means some form of shared private ledger rather than the Bitcoin blockchain. The super smart Vitalik Buterin, who some of you will have met at our annual Tomorrow’s Transactions Forum this year, wrote about this on the Ethereum blog a while ago.
…there is good reason for the focus on consortium over private: the fundamental value of blockchains in a fully private context, aside from the replicated state machine functionality, is cryptographic authentication, and there is no reason to believe that the optimal format of such authentication provision should consist of a series of hash-linked data packets containing Merkle tree roots
He must be correct. For most of the businesses that I am interested in (i.e., the ones who pay Consult Hyperion money for services rendered) the use of what Vitalik calls a “consortium” blockchain, or what I referred to as an open private replicated decentralised shared ledger at NextBank in Barcelona, is the way forward but it is far too early to say exactly how that ledger should work and anyone that says they know otherwise should be treated with some suspicion.
Note that by creating privately administered smart contracts on public blockchains, or cross-chain exchange layers between public and private blockchains, one can achieve many kinds of hybrid combinations of these properties. The solution that is optimal for a particular industry depends very heavily on what your exact industry is.
Indeed. And we don’t yet know what is optimal for our industry. We can all agree that the use of shared ledgers, of which the blockchain is an example, is going to transform financial services. But why? Well, in an absolutely brilliant King’s Review piece about the relationship between the use of ledgers, the law and enterprise, Quinn DuPoint and Bill Maurer make explicit the relationship between the technology, the private maintenance of the technology and the public use of the technology. They go on to say that:
Blockchain systems occasion a reconsideration of two of the central legal devices of modernity: the ledger and the contract.
This insight around private maintenance and public use is critical to the development of a narrative around the blockchain that can help engineers, investors, businesses and regulators to construct a paradigm for the use of the blockchain in financial services. This is what Richard Brown, Sally Parulava and I argue in a paper called “Toward Ambient Accountability: Shared ledgers, glass banks and the legacy of the great financial crisis” that is in draft at present but that we will be sharing soon.
More than the robustness of shared ledgers or their potential for innovation, for the financial services the ability of technology to deliver “translucency” through cryptography is (I am convinced) far more radical than it seems at first and there are plenty of reasons to believe that building glass institutions around replicated shared ledgers is the first step to a new kind of financial system. I’m spoke about this at NextBank Barcelona today (you can see my slides here at Slideshare), and was interested to see the feedback from the pretty well-informed folk there.
— Jane Hewitt (@JaneHewy) September 22, 2015
— gustavo vinacua (@gvinacua) September 22, 2015
If my suspicion is correct, and transparency is more important than computational efficiency then we are at the dawn of a new era and ambient accountability might be the real technology legacy of the last financial crisis.
Back in 2002, biometrics seemed futuristic to say the least. Minority Report was released in that year and I vaguely recall a scene where Tom Cruise trades-in his eyes (yes, his eyes!) to fool, what was supposed to be a retinal scanner.
We’re now in 2015 and biometrics do not seem that sci–fi anymore. Biometrics are insidiously creeping in our lives, via a plethora of services and solutions. But whilst I do passionately follow how widespread biometrics are getting, I still remain very sceptical when it comes to saying that biometrics are the ultimate answer to security.
Let’s take fingerprints for example. Granted, fingerprints are truly efficient when it comes to authentication. They are part of you, and they are unique. Unless I am in serious, serious trouble, I would not be ready to have new fingerprints stitched, were that procedure to be available.
Fingerprints are unique:
A fingerprint is the representation of dermal ridges of a finger. Dermal ridges form a combination of genetic and environmental factors; the genetic code in DNA gives general instructions on the way the skin should form in a developing fetus, but the specific way it forms is the result of random events such as the exact position of the fetus in the womb at a particular moment. This is the reason why even the fingerprints of identical twins are different.
But, this perceived uniqueness is not without some loopholes:
Doddington et al developed a statistical framework based on the matching performance of individual users.[…]. Their work focused on determining user-induced variability. In particular, they identified four categories of users:
(sheep) users who are easily recognized,
(goats) users who are particularly difficult to be recognized,
(lambs) users who are easy to be imitated,
(wolves) users who are particularly successful at imitating others.
Fine then, my fingerprints are supposed to be unique. What if there was a “wolf” out there who knows he can access my biometrically locked services, consciously, not by hacking, but simply by the trick of his finger? I’d be having a “finger twin” (remember Joey in Friends in the hand twin episode), albeit an evil one.
This situation, though infinitesimally probable (and even more improbable when it comes to me, with my abnormally high number of minutiae, but that is another story!), does pose a pertinent question. Should I be able to repudiate a service which was authenticated biometrically?
The straightforward answer would be no. However, there have been, in the past, numerous cases in which innocent people have been wrongly singled out by means of fingerprint evidence.
In 2004, Brandon Mayfield was wrongly linked to the Madrid train bombings by FBI fingerprint experts in the United States.
Shirley McKie, a Scottish police officer, was wrongly accused of having been at a murder scene in 1997 after a print supposedly matching hers was found near the body.
These cases do prove one thing: An unlucky string of circumstances, though highly unlikely, could be enough to repudiate the alleged non-repudiable: fingerprints.
Mind you, I have not even stepped into the “conventional” debate – Tsutomu Matsumoto, the Japanese guy who made fake fingerprints out of gelatine – nor started a discussion on the challenges facing biometrics – varying physiological aspects in population and environmental effects on both the biometrics to be sensed and the sensor used. And I am miles away from two three-letter acronyms: FAR and FRR.
Mass market biometrics are currently only about convenience, not security. Not having to remember PINs is nice (particularly if you collect bank cards like I do), but relying solely on biometrics is hazardous.
Security is added, or rather implemented, by combining other factors (something you have, something you know), but here is the catch – the more you secure, the less convenient is the solution. Phone + fingerprint + PIN definitely imply that my evil twin finger would have to get hold of my phone, know my PIN to access my services, but would I, as a lazy client, be bothered if I had to have the phone on me, key in a PIN and place my finger on the reader for each access to a service?
But besides this well-known trade-off between convenience and security, there is another crucial aspect in biometrics: sustainability. Unlike “conventional” credentials which can be revoked and changed in case of attack, revoking compromised biometrics is certainly more difficult. Revocable biometric algorithms may be the answer, but I prefer make abstraction of it in this article. In view of ensuring the viable trust of future biometric solutions, emphasis should be laid on zero-flaw in current roll-outs.
L’Observatoire appelle également les acteurs à être vigilants durant les phases d’expérimentation de solutions fondées sur la biométrie, la compromission d’empreintes biométriques utilisées par celles-ci pouvant mettre en cause le déploiement de solutions futures à plus grande échelle.
The panel also calls on players to be vigilant during the experimental phases of solutions based on biometrics. The use of compromised fingerprint may seriously challenge the deployment of future solutions on a larger scale.
Trust, once shattered might be hard, impossible even, to rebuild, especially if the same client pool has been compromised. A case in point here is the Mauritian Biometric Identity Card Scheme. The fingerprints enrolled were stored on the chip, which is secure enough, and a not-so-secure centralised database. A couple of years, frenzied passion against biometrics and doubt-instilling database procedure malfunctions, were enough to convince legal authorities to destroy the much controversial biometric database. The Mauritians are paying the high price of a rapid and not sufficiently prepared solution. I’m not sure they’ve gauged the extent of the problem though.
Les empreintes digitales de 947 000 citoyens, collectées pour la nouvelle carte d’identité, ont été supprimées de la base de données. […]Les données biométriques seront désormais sauvegardées uniquement sur la puce insérée dans la carte.
The fingerprints of 947 000 Mauritian citizens previously collected for the new identity card scheme, have been deleted from the database. […] The biometric data shall be saved only on the identity card chip.
Were I to be one those 947 000 enrolled, the court’s order to destroy the biometric database, limiting the credential to the chip, would not reassure me at all. There has been a point in time where the database was operational with people behind accessing them. Damage could already have been done, and leaving my fingerprint data on the identity card chip is like having a key in a safe when the duplicate key is either destroyed or lost somewhere.
Our approach to biometrics needs to change rapidly. The stars are getting lined up for biometrics. Demand for new authentication methods, enhanced reliability as well as more affordable price ranges are starting to build up a huge potential for future solution deployments. It is up to us to develop new archictectures. Assessing the expected convenience levels and maintaining the high levels of trust will ensure consistency in the security of biometric solutions.
It’s the convenience and trust, convenience and trust only. Security is the outcome of it.
Oh no! Shock horror! Something must be done! It’s an outrage! Thank goodness we have a free press to expose this egregious, calamitous, nefarious episode! Questions must be asked in Parliament. Yes, it turns out that a famous author (J. K. Rowling who wrote the tedious “Harry Potter” series of children’s books) has been trimming her hedge.
Oh, and on the front page the non-issue of contactless card security has come up once again, following a report from the consumer organisation “Which?”. They reported that contactless cards work according to their specifications. Using a standard reader they were able to interrogate standard cards and obtain the standard details, which do not include either the cardholder’s name or the security code. You cannot use the details to make a clone contactless card or a clone chip and PIN card or a counterfeit magnetic stripe card.
Yet the Which? researchers managed to buy a £3,000 TV set using one of the cards.
No, they didn’t. They did not use one of the cards. What they did was to use the card number and expiry date with a merchant who does not check the name, address or security code. Retailers are entirely free to do this, it’s up to them. The point of the card system is to protect consumers, not retailers. If retailers decide to deliver a £3,000 TV to a block of flats in Hoxton on the basis of a card number and expiry date (without checking the name, address or security code) then that is their look out. The customer will spot the unusual transaction and charge it back. The bank will charge it back to the merchant. The merchant will be out of £3,000. But it was their choice, so who cares? Anyway, the researchers were surprised that some merchants would behave in this fashion.
We doubted we’d be able to make purchases without the cardholder’s name or CVV code, but we were wrong.
Remember, this is the same information that a fraudster could obtain just by looking at your card. Luckily, the newspapers have also had some useful advice for customers concerned about card security.
James keeps his debit card at home and the PIN is still in the sealed letter. That way, if a fraudster takes money from his account, he can easily prove to the bank that he hasn’t used it.
Had the researchers glanced at any or our blog posts about contactless security, starting back in 2006, they would have known about this uninteresting risk. It isn’t news. I’ve suggested before that rather than panic about the non-issue of contactless security, their energies might be better directed toward educating the public about the technology and the distribution of liabilities.
The traditional way of educating the mass market in the UK about anything is to pester the BBC to include it as an EastEnders story line.
[From Crime and contactless]
You may think that I was being flippant with that remark last year but I wasn’t. In fact, the soap opera route has been tried, albeit on the other side.
Coronation Street and Emmerdale will feature Visa’s contactless payment technology from February.
Sadly, I have never watched either Coronation Street or Emmerdale, although I know what they are because Harry Hill used to make fun of them on “TV Burp”, so I’m not best-placed to suggest appropriate plot lines. But perhaps one of the characters spotting a £3,000 charge to Currys on their statement and then charging it back might be far too dull.
Now, you might imagine that these stories are so trivial as to be utterly uninteresting. And on the one hand they are. But on the other hand I find them intensely annoying, because they are so insulting. “Fraud alert” over a payment architecture that has been under development for a decade? That’s a headline that suggests that I am a moron. As are the experienced risk analysis and payments architecture experts at Consult Hyperion. As are the risk management experts at retail banks. As are the strategists at Visa and MasterCard.
What are the media thinking? That there is no point over the past decade when it occurred to anybody that because the EMV standard involves the passing of unencrypted data between the card and the point of sale terminal that anyone with a standard reader would be able to obtain the card number and expiry date? That the thousands of people involved in the planning, design, launch and management of contactless cards were as thick as planks? That the issuing banks were so dumb to accept full liability for the fraudulent use of contactless cards that they are going to go out of business? That merchants who accept card numbers and expiry dates without a valid cardholder name or address are simply too dense to understand the liability shift?
Just to be clear. The actual figures (from the UK Cards Association) are that fraud losses from contactless cards are less than for contact cards, for the obvious reason that card numbers are, by and large, stolen online in vast bulk (see, in the Daily Mail, for example “Benson bought stolen credit card details from Russian gangsters”) and not obtained by individual fraudsters waving phones around peoples’ arses (although that would work, as this video shows).
You can tell from the Nokia 6131 used in that video that it was made a good few years ago but, as yet, the gangs of pickpockets in London seem to prefer the old fashioned methods, so you’re much better off carrying a contactless card (that can be refunded in the event of loss) rather than cash (which cannot).
Don’t panic. Unless you spot someone holding their mobile phone a little too close to my backside on the tube, that is.
For some years, we’ve been talking about an emerging category of what we’ve been calling “near-banking”. I remember using the concept in a couple of projects around the O2 Wallet. Remember that? It was a mobile wallet with a companion pre-paid Visa card. We used it in a Cabinet Office Alpha project with welfare benefit recipients and it worked very well indeed. But it was canned shortly afterwards.
It wasn’t well-received. It seemed like a patchwork of products, was not very user friendly and was essentially not compelling enough to persuade users to try it.
This was not, to my mind, a condemnation of the concept. Only a few days after Telefonica shut down O2 Wallet in the UK, we see T-Mobile in the US launching essentially the same product: a pre-paid Visa card linked to a mobile phone number.
The company announced today Mobile Money, a free checking account service available to anyone with a T-Mobile phone number.
The concept wasn’t the problem. I never saw any marketing of the O2 Wallet. I don’t remember ever seeing a TV ad or anything in the mainstream press.
A key problem here, Holden suggested, is the failure of NFC to take off as a contactless payments technology.
I disagree. I thought the NFC thing was tangential. Yes, O2 were a bit hopeless in getting NFC up and running and yes they should have looked at HCE sooner and yes it is symptomatic of a structural flaw that even a telco can’t get SIM-based SEs sorted out. This isn’t because O2 were especially hopeless. Look at what happened in Spain, where Bank Inter launched HCE-based solutions even though they are an MVNO with their own SIMs! I notice, by the way, that Bank Inter have taken advantage of Google’s decision to add HCE to KitKat and put their Mobile Virtual Card (MVC) solution on that platform. I do have to confess that I found some aspects of the O2 customer proposition baffling though. I remember when I got an e-mail from O2 informing me that
As a result of recent changes in the law, we’re obliged to ask you about the source of your funds, once you’ve loaded more than £2000 a year on your Wallet. Unfortunately, if we’re unable to contact you after three attempts, or get an inappropriate answer, we may be forced to block and subsequently close your account.
I’m really curious to know what an “inappropriate” answer might have been, but when someone sounding for all the world like a sophisticated fraudster phoned me up claiming to be from some Gibraltar-based entity wanting details about my personal financial circumstances, I told them. I knew, of course, that this was pointless time-wasting money-wasting AML nonsense but I did wonder what a typical member of the public might have thought about it.
But I digress. I have to say that I rather liked the product as it ended up. With two teenagers in the house I found it simple and convenient. We kept the Visa card in the kitchen and when one of the boys went to get some shopping or had to buy something for school or whatever they took it and used it and I got the transaction confirmation immediately on my phone and I could top it up when necessary.
It was sort of like a bank account for our house.
When I spoke about the rise of “near-banking” at Payments 2012 in London in May of that year, I made the point that there is an opportunity for a spectrum of near-banks that target a potentially wide variety of specific niches (the example I used then was a “Sagabank” for older people), and I still think that this is one of the attractions of the model. The near-bank is not a new idea. In 1997, I wrote (with my then fellow Consult Hyperion colleague Mike Young) an article for Internet Research called “Financial Services and the Internet” (Volume 7, Number 2, p.120-128). In that article we wrote about the potential for the new technology to assemble a banking service depending on the customers’ needs.
Financial services customers use IT to build a seamless environment for themselves, “with the underlying best-of-breed products originating from a wide range of suppliers”; Financial services providers “retreat to a small range of products that build on core competencies, but supplied to a global market”.
This came to mind when I read an interesting post about the new market segmentation for retail banking by the Starling Bank CEO Anne Boden. Anne refers to “neo-banks”.
If you look at the US and some of the European markets, you can see another area of growth that is likely to hit the UK market soon, in the form of so-called neo-banks. These brands claim to deliver the best in class digital experience, with none of the risk of a balance sheet – so they effectively put a layer of information management over another banks’ product set… Simple and Moven are probably the most well known names in this space, with Number 26 starting to grow their reputation across Europe.
She then goes on to talk about the O2 Wallet category that is centred around pre-paid debit cards, although I think I might argue that these categories have a great deal of commonality.
The grouping of brands that have the greatest potential to cause customer confusion have to be the pre-paid debit cards.
This made me think about breaking down the “near-bank” category. There’s a difference, I think, between something that looks like bank but isn’t (e.g., Moven or Holvi) and something that doesn’t look like a bank but performs the same functions as a bank in the eyes of the consumer (e.g., Bluebird). In both cases the proposition is essentially a mobile app plus a pre-paid card, but their grammar is different. Therefore, I propose a new terminology standard: I propose that we call the first category neo-banks (as Anne did) and that we call the second category iso-banks. Are we agreed?
With this terminology, we can distinguish neatly between neo-bank (Moven) and iso-bank propositions (O2 Wallet). In business terms, the neo-banks are competition to the retail banks but the iso-banks complement them in specific niches. I have a Simple account instead of a conventional retail bank account, whereas I have my Caxton FX euro wallet as well as a conventional retail bank account. What do you think?
I’d been along to the first European Bitcoin conference, I’d asked our guys about the different aspects of the technology, I’d looked at the functionality that Bitcoin delivered. I came to the conclusion that the technology behind Bitcoin (the blockchain) was much more interesting than the new digital currency and this is what I told our clients and, later, blog readers. Here’s what I wrote back in 2011:
The best strategy is to learn, and to think about ways that the cryptography at the heart of Bitcoin can be used to deliver new kinds of services in a connected environment. I don’t think cash will be one of them.
I still don’t. And just to save time and e-mails, yes I know that technically you can’t use the Bitcoin blockchain without technically having to use Bitcoins but I don’t seeing using the smallest possible divisions of bitcoins that there are (known as satoshis – there are 100,000,000 sastoshis to one Bitcoin, making them worth around one ten-thousandth of a cent) as transport vehicles for digital assets as the same thing as using Bitcoin as money and certainly not as a currency. And it’s only one way of building a blockchain anyway. But back to the point.
Interest in bitcoin has waned.. Interest in the underlying mechanics of the currency, however, has continued to grow. The technological breakthroughs that made bitcoin possible, using cryptography to organise a complex network, fascinate leading figures in Silicon Valley. Many of them believe parts of Mr Nakamoto’s idea can be recycled for other uses.
Some of them are pretty serious people, too. Wim Raymaekers, who manages SWIFT’s Banking and Treasury Markets worldwide and is responsible for the evolution of its core banking value proposition, had this to say about Bitcoin earlier in the year [Raymaekers, W. Cryptocurrency Bitcoin: Disruption, challenges and opportunities. Payments Strategy and Systems 9(1): 22-29 (2015)]:
Banks should look at the technology underlying cryptocurrencies as a potential generic new way to transfer ownership of value in the longer term.
This is essentially the same thing that we said four years ago, so I was happy to see a serious player coming to the same conclusion from a different perspective. And I can assure that SWIFT is not the only serious institution thinking this way. One of the first blockchain-centric assignments for a financial services customer that Consult Hyperion worked on was to look at the idea of using blockchain technology in certain kinds of trading environment and this particular use of the blockchain appears to be gaining momentum.
[Overstock.com] filed a prospectus with the Securities and Exchange Commission that indicates it may issue up to $500 million in stock or other securities using technology akin to the online software system that underpins bitcoin.
Hence I was very interested to see that Nasdaq are going to do an experiment in just that space. To have one of the world’s most important exchanges use the technology for trading would certainly be a confirmation that there is something to the idea that the blockchain is a new way of doing things and a genuinely novel solution to an old problem. So how are they going to do it?
Nasdaq will initially leverage the Open Assets Protocol, a colored coin innovation built upon the blockchain.
Colored coins? Well, they’re not really coloured (just like quarks aren’t really red, green or blue).
…bitcoins can be selectively “colored” or marked with extra information to represent something else, such as a stock, but it still retains all the information needed to still use it as a bitcoin. If the stock fails for that colored coin, or the holder wants to abandon the stock and use the bitcoin instead, the “stocks” that the user received as fractions of a bitcoin can be spent as a normal bitcoin without any problem.
Now, a blockchain is a computationally expensive mechanism for maintaining a distributed ledger. It’s worth doing for Bitcoin because the design goals for Bitcoin include cash, and cash must be resistant to double spending and counterfeiting and open to use by anyone. Is it worth doing for, for example, equities? That depends on how cash-like you want to make them. Remember Edward de Bono and his “IBM Dollar”? I was thinking about this while I was listening to Angus Scott from Euroclear (which makes Visa look like a picnic – it settles more than a trillion euros every week) talk at the recent Payments Forward event on cryptocurrencies that my colleague Steve Pannifer commented on last week. Angus was talking about “collapsing” the data flows around clearing and settlement, which I thought was a useful way to think about the impact of the blockchain on the activities.
So – in the absence of any actual knowledge of what they doing – Nasaq will (I’m guessing) use coloured satoshis as a mechanism to maintain a distributed ledger as a means to affect trades without clearing: if I want to move one of my IBM shares from me to you, I simply send you the satoshi with the IBM share in it to you and it’s yours. Done. All of the asymmetric, error-prone, costly data flows associated with the trade are thus collapsed. It’s certainly an interesting experiment although it’s not to my mind an indication that Nasdaq will any time soon cut over to the Bitcoin blockchain or, indeed, a blockchain of any description.
Note that this is not THE Nasdaq market. Nasdaq is only testing with a special tiny little private market that was previously tracked by hand. This is just an experiment that might not go anywhere.
Yes, absolutely. But like all well-designed experiments, even if it goes nowhere we will all learn something from it. I’m not smart enough to predict what is going to happen here, and my hunch is that coloured coins are not the optimal implementation for this sort of thing and that something like Ethereum would be better (because I think that “smart contracts” have a key role to play). But that’s just my opinion. In the meantime, the more experiments the better as far as I am concerned.