Who thinks pseudonymity isn’t important?

OK, at the extreme risk of boring everyone to tears, let’s ask the same old question again: should you be allowed to do things on the Internet without giving away your “real” identity? Remember this was something that was discussed here a little while back, using the simple case of newspaper comments as an example. Someone has come up with an interesting way of solving for two problems simultaneously: paying for news online and making people responsible for their comments…

However, he recently went back and was surprised that, in order to comment you need to hand over your credit card, and the paper will charge you $0.99. Obviously, this is more to prove that you are who you say you are, but it does seem a bit distorted when the newspaper wants to charge people just to comment. Also, once charged, your name and hometown are automatically associated with your comments.

[From Newspaper Wants You To Pay To Comment | Techdirt]

Interesting. I think the idea of paying to comment is very interesting. I might be tempted to do that in some cases. But paying to give up your real name? I’m not so sure. I might well want to comment on something without that kind of disclosure. Back to “real names” again. The discussion goes on and on.

Why does a comment with a real name have so much more value?

[From The Real “Authenticity Killer” (and an aside about how bad the Yahoo brand has gotten) — Scobleizer]

This isn’t always true. A nurse at a hospital, forced to comment with her real name, is highly unlikely to post anything critical of a doctor. There’s a difference between an authenticated persona (so that the web site can be sure she really is a nurse at the hospital) that may be based on a pseduonym (or even a cryptographically strong unconditionally unlinkable anonym) and an authenticated identity. There may be many reasons why the latter is undesirable.

Mexico announced a plan Monday to reward people who report suspected money laundering, under a program that will allow them to get up to one-quarter of any illicit funds or property seized. Under the new plan, people can file reports in person, by telephone or by e-mail. The exact percentage of individual rewards will be determined case by case by a special committee.

[From Mexico sets rewards for reporting money laundering | ajc.com]

Would you e-mail in a tip about a suspected money launderer and expect to pick up the reward? It seems to me that this is a good example of system that demands real names for integrity but real names mean it can never work. (Although, and it’s outside the scope of this piece, it is entirely cryptographically possible to enable the payment of rewards to anonymous people).

Public servants, law enforcement and banking system employees will not be eligible for the rewards, in part because it is already their duty to report suspicious transactions.

[From Mexico sets rewards for reporting money laundering | ajc.com]

Good luck to anyone who decides to report in person, or by telephone. SIM registration is mandatory in Mexico, which means that the money launderers will find you before the police do — don’t forget, they have more money than the police do. Come to that, they have more money than anyone does.

More shocking, and more important, the bank was sanctioned for failing to apply the proper anti-laundering strictures to the transfer of $378.4bn – a sum equivalent to one-third of Mexico’s gross national product – into dollar accounts from so-called casas de cambio (CDCs) in Mexico, currency exchange houses with which the bank did business.

[From How a big US bank laundered billions from Mexico’s murderous drug gangs | World news | The Observer]

Given the stringent anti-money laundering (AML) regulations in place around the globe — which meant it took me 15 minutes to put a few quid on my Travelex prepaid card at Heathrow, something I will never do again — I’m surprised that this could have happened, but there you go. Perhaps instead of hassling people trying to load low-value prepaid payment accounts, the authorities could focus on the counterparties in larger electronic transfers. Hence the discussions about Legal Entity Identifiers (LEIs) that have been going on recently. Many interbank payment messages have account identifiers only — you could send money to my account with the name Carlos Tevez and it would still get to me because it’s only the account stuff that matters — and the some law enforcement agencies want to stop this and have banks validate the names as well (it will help to track funds to and from suspects I guess).

LEI will be assigned at the over all corporate entity level and also at subsidiary levels. Its usage will be standardized Internationally. My immediate thought was, never mind systemic risk, this is the perfect means to route B2B transactions across a myriad of financial systems and payment schemes worldwide!

[From Reflections on NACHA Payments 2011 — Payments Views from Glenbrook Partners]

I’m sure I’d heard somewhere before, possibly at IPS 2010, that the plan was to use the SWIFT business identifier codes (BICs), but apparently that’s no longer the case.

Vandenreydt said SWIFT is changing its tune due to a recent meeting of the International Standardization Organization’s Technical Committee 68, where SWIFT has a seat. At the meeting, participants concluded that developing a new code would help avoid ambiguities that might be involved if existing codes are used. “[The committee] wants a pure number without country or other information,” Vandenreydt added. The BIC is made up of eight to 11 alphanumeric characters with four letters for the bank, two letters for the country, two digits for the location, and three digits for the specific branch.

The utility is still working with ISO on what the identifier would look like. Vandenreydt said that process could take up to three months, though he expects a decision to be made sooner. He noted the proposal also depends on other details about the initiative that haven’t been specified by OFR, such as how long the registration authority would have to ramp up the system, whether IDs will be assigned or requested, and how many codes are expected.

[From SWIFT Retools Legal Entity Identifier Proposal]

So here’s a positive suggestion. Forget about the 1960s notion of an identifier as a unique alphanumeric code and instead make the identifier a pseudonym attested by a bank. So we become consult.hyperion!barclays.co.uk or something similar. It doesn’t matter whether the sender, or anyone else, knows who Consult Hyperon is, because the identifier tells them that Barclays does. And for 99% of real-world transactions, that’s enough. What’s important is that we are always consult.hyperion!barclays.co.uk in all relevant linked transactions. Then, if consult.hyperion!barclays.co.uk is found to be sending money to Osama bin Laden on a regular basis, the appropriate law enforcement agencies can provide Barclays with a warrant and Barclays will disclose. For general commerce, the persistence is the critical foundation. The always-accurate Eve Maler pointed this out a while back:

The neat thing is, we do this all the time already. When you meet someone face-to-face and they say their Skype handle is KoolDood, and later a KoolDood asks to connect with you on Skype and describes the circumstances of your meeting, you have a reasonable expectation it’s the right guy ever after. And it’s precisely the way persistent pseudonyms work in federated identity: as I’ve pointed out before, a relying-party website might not know you’re a dog, but it usually needs to know you’re the same dog as last time.

[From Tofu, online trust, and spiritual wisdom | Pushing String]

Quite. But there’s another point. You don’t need to be a “real” persistent identity to have a reputation, as should be obvious. A useful reminder of this came at the end of 2010, when an anonymous critic was named the Village Voice’s “Music Critic of the Year”.

Twitter spokesperson Matt Graves called it a “milestone”; whether he’s serious or not, (“dead serious,” he later said) @discographies certainly carries a certain seriousness throughout today’s interview in the Village Voice. “Twitter,” the account holder says, “may be the first mass communications system that also functions as a meritocracy: it actively promotes good ideas and good content, regardless of where they come from.”

[From Anonymous Twitter Account Named Music Critic of Year by Village Voice]

I’m not sure that meritocracy is the right word, but I think the sentiment is accurate: you have to earn reputation to attach to your identifier, and once it’s been earned it’s hard to replicate (unlike intellectual property). So I might want to send money to @discographies without knowing or caring whether @discographies is a roomful of students or an internationally-known music critic. (And, over on Digital Money, I will point out that I want to send money to @dgwbirch — which is an entirely unique Twitter identifier — by MasterCard, PayPal, WebMoney, M-PESA or anything else, but that’s another point entirely.) Why can’t @discographies be mutated into discographics!wellsfargo.com or whatever?

It’s an entirely plausible model: banks managing reputation, because it’s more important than money. The presence of banks legitimises the market, so knowing that a bank has carried out some KYC on @discographies means that other players can treat the reputation attached to it seriously without being concerned about the “real” identity.

Bid and offer

There was an involved discussion about convergence of transaction platforms on a project that I am involved with and it set me thinking about what convergence actually means in this space and what the impact of that convergence might be. I started by remembering something that I’d read at Payments Views.

A couple of weeks ago, eBay held an Analyst Day where eBay senior management shared their thinking about the future of the changing commerce landscape – and how they’re thinking about taking the “e” out of eCommerce… What’s this taking out the “e” business all about? It’s about the influence of mobile on integrating online and offline commerce together.

[From The PayPal Juggernaut — Payments Views from Glenbrook Partners]

Scott is typically accurate with his comments hereafter. The strategic direction is convergence. Not the simplistic kind of convergence, where our mobile phones become watches, cameras, wallets and devices for getting stones out of horses hooves. This simply hasn’t happened. Sometimes I use my iPhone, sometime my iPhone, sometimes my MacBook Pro, sometimes my MacBook Air, sometimes my Apple TV (spot a bit of a theme here?) and sometimes I still walk into a store to buy things. The point is that the strategic direction of transactions is convergence so that whichever of these channels I use, I use the same digital money and digital identity infrastructure. It’s the transactions that become integrated, not the devices. And by integrating across channels, the transaction systems give me a better service, whether in terms of loyalty, fraud protection, price or whatever. I then continued by remembering a good report on e-payments that I’d read a couple of months ago.

A new O’Reilly/PayPal report on web-native payment platforms, “ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity,” is now available for download. Among the topics covered in the report are the rise of payment platforms, the mobilization of money, and the advent of contactless payment in mobile commerce.

[From 3 mobile payment products hint at the future – O’Reilly Radar]

The thought experiment in the O’Reilly Radar “report about auctioning payments set me thinking. The idea is that, rather as advertising networks such as DoubleClick auction page impressions to advertisers in real-time (when you click on a page, the advertising network sends the details to advertisers who get 20 milliseconds to respond with a bid, and then the advertisement from the highest bidder is displayed) so when you click on “pay”, the payment platform might bundle together some facts about the transaction and auction them to processors. Presumably, one of the key elements in the bid decision would be related to fraud, especially if the pricing for the fraud management is unbundled from the pricing for the transaction itself and any other value-added services.

If this analysis is correct, then there will be a premium on identity and authentication because the higher the standard of identification that can be provided to the processors, the lower the bid! This would mean – to continue the thought experiment – that we would have a very accurate means of pricing identities. I imagine that this accurate pricing would reveal at least two interesting things. First of all, whether an identity is “real” or not is immaterial to the price, because the price will be based mainly on reputation (ie, transaction history). Secondly, the strength of the authentication will be directly reflected in price but for smaller transactions the price increments from 2FA to 3FA will be minimal. Thus, pricing will point towards pseudonymous 2FA as the “sweet spot” for transactional identities. So far, so good. Can we use this analysis to make some predictions about who might be best-placed to take advantage of this converged platform then? Well, last year I read that (all other things being equal) then it really should be the mobile operators. Qualcomm call these “horizontal models” for mobile operator value-added services – what I would call the “smart pipe” future of the mobile operator – and say that if operators do make a play in delivering intelligent services now, the potential upsides are great because…

  • They will strategically position themselves as a valued service provider to their subscribers – getting the retail experience right on mobile will be critical to capturing value;
  • They can act as an honest broker – trusted, secure, in their interests to protect and cater to their users’ needs;
  • They stand to gain from the uptick in usage as well as providing services using their billing platforms and the knowledge of their subscribers;
  • The potential of data analytics to turn digital footprints into value for consumers, MNOs and other players that have been cited in the two sided business model begins to emerge.

Vertical models may have created the marketplace, but Qualcomm believes a retailing experience that is not tied to any one operating system or technology is necessary for the industry to scale.

[From Mobile Internet: Horizontal Platforms Needed (Guest Post, Qualcomm) – Convergence Conversation]

I think this is broadly correct — especially the part about the honest broker, protecting the “real” identity of the consumers — and I think it means that operators must be more aggressive about their digital identity infrastructure as well as their digital money infrastructure. After all, who has this “retailing experience that is not tied to any one operating system”? The mobile operators do, but so does Apple. On the other hand, the mobile operators have a direct billing relationship with customers (and they know where they are). It’s time for the operators to start talking to processors about creating the mobile transaction auction house.

Party like it’s 2019

After sitting in on a few sessions at the International Payments Summit 2011 — and in particular the excellent Chatham House session chaired by Forum friend Ruth Wandhofer of Citi — I have to say that in all honesty my professional opinion is that it’s a mess. The ECB predicted that SEPA would erode payment margins in Europe by 5-10% (eventually) but that banks and customers would benefit from lower costs in the long run. Yet the cost burden is crushing. According Equens, there are 200 different formats for SEPA Credit Transfer (SCT) and SEPA Direct Debit (SDD) messages. They further estimate that since both the XML message formats and the EPC rulebooks are updated every year, it means 20-30,000 man-days per annum just to maintain the software. And that’s for just one processor. What’s more, SEPA is reducing competition (and therefore increasing costs) in local markets long before the projected cost savings arrive.

One way to do something to bring on these cost savings might be to enforce and end date. When I had the honour of chairing ECB board member Gertrude Tumpel-Gugerell in Brussels last November, she said that an end-date for SEPA would be her first New Year’s resolution for 2011. Well all I can say after IPS 2011, is good luck Gertrude. If there is going to be an agreed end-date this year, I’d lay a pound to a penny that it will be 2019. Frankly, who knows what will have happened to the payments business by then?

Gertrude and others have said that one of the goals of SEPA was to encourage innovation to the payment sector, but has it? Tom Noyes excellent analysis of the current environment ends with three key constraints on innovation.

Innovators are dependent on local national relationships to launch a product;
SEPA creates harmonization, but country specific laws and regulatory guidance are unique;
ECB initiatives (ex. See ELMI) create opportunities for non-bank participation in payments, but SEPA has removed all margin from the business.

[From Payments Innovation in Europe « FinVentures]

I’m not so sure about that last point. SEPA has removed all of the margin if you are bank, but if you are not a bank and are not dependent on their high-cost, highly-regulated infrastructure. All of these issues mean that I can’t help but let an evil thought wander in to myconsciousness, a thought-crime of the most serious degree. What is SEPA doesn’t happen? What if it ends up defining the standard for pan-European payment infrastructure that is vanishing? Worse still, what if there are sinister forces at work to torpedo the project?

The EC will “effectively derail the entire Sepa project” if upcoming regulatory intervention on migration end dates does not include deadlines for phasing out national schemes, says the European Payments Council.

[From Finextra: EC migration plans would ‘derail the entire Sepa project’ – EPC]

I don’t want to bore foreign readers with the ins and outs of the relationship between the Commission and the EPC, but I will say that it is not good. If the Commission regulatory “intervention” were to be to mandate the EPC rulebooks with a fixed deadline, then banks (I’m pretty sure, having spoken to quite a few bankers about this) would grin and bear it. In some countries (eg, Germany) it might be an unpopular decision, but it would get done. Instead, the Commission seem to want to tinker with what the EPC has been going but without an end date? Why? (Answer: because they are politicians responding to national interests.)

Personally, I think the Commission are derailing the train taking us to lower costs in other ways as well, such as by forcing retailers to accept euro coins and high-value euro banknotes, thus promoting the least efficient and most expensive payment mechanism instead of electronic alternatives that would be better for society.

Mobile payments are good for mobile banking

Mobile payments and mobile banking are not the same thing at all and, as I have long maintained, there is no reason to think that mobile payments should be provided by banks, nor that mobile operators want to get in to banking. This is why I maintain the much of the comment around these topics is misleading. For example:

Geo-strategic and political consultant at Nova-Comm Strategy Group, Brett Goldman, says: “With M-Pesa… Essentially, what you are doing is eliminating the need for a bank,”

[From Near field comms: How are mobile payments changing traditional banking? – 2/22/2011 – Computer Weekly]

Well, up to a point. They are not eliminating the need for a bank, they are eliminating the need for banks to run payment services. And this is not bad for banks, or customers, because M-PESA don’t need to eliminate banks in order to improve the banking infrastructure as it demonstrates with the example of the M-KESHO service, launched with Equity Bank, that allows M-PESA customers to transfer money to and from savings accounts.

With the M-Kesho Account, customers will be able to get pre-qualified personal accident insurance, access to short-term loan facilities ranging from KES 100, and interest on the mobile account from as little as KES 1. The application is built with the ability to score a customer’s credit rating using a six-month history of his M-Pesa balances.

[From Safaricom, Equity Bank launch M-Pesa bank account – Telecompaper]

How interesting is that? The transaction history built up inside M-PESA provides a straightforward mechanism for financial inclusion, simply not available in a cash economy, and an apparently entirely viable alternative to credit history. The service has been tremendously successful.

He noted that some 21 percent of M-PESA users in Kenya now use the service simply to store money and earn interest. The savings service – branded as M-KESHO and in partnership with Kenya’s Equity Bank – has effectively set-up 750,000 new bank accounts in Kenya since launching in May with deposits totalling KES900 million (US$10.7 million).

[From Vodafone, Telenor To Expand Their Financial Services | Telecom Recorder]

Scatchamagowza! They’re on their way to creating a million new bank accounts. Far from taking customers away from banks, M-PESA is bringing customers to them! As far as I can see, this is pretty conclusive proof that banks are wrong to lobby regulators to insist that mobile payments can only be provided by banks and that regulators are wrong to listen to them. (In Europe, fortunately, this is not true because of the Payment Services Directive: O2 have applied for a payments licence in the UK, for example). So, an efficient and effective mobile payments platform adds value to mobile financial services by making those financial services more accessible at lower cost. And while stimulating this, operators can make money too.

Aite says mobile payments will account for $214 billion in gross dollar volume by 2015, up from only $16 billion in 2010

[From The Smartphone Payments Train’s Leaving the Station – Bank Technology News]

That means lots of transaction fees. It’s interesting to note how M-PESA’s transaction fee income has held up.

As the use of M-Pesa spread, Kenyans started using it for smaller and smaller transactions. The average amount sent through M-Pesa declined from the equivalent of about $50 in March 2007 to less than $30 by March 2009.

[From Fascinating Stat and Lesson for the US About Mobile Payments in Africa]

So Kenyans are sending smaller amounts and are paying transaction fees that amount to larger fraction of the transaction (around 7%) because they still find it more convenient to do this than to use any of the alternatives. Once again, we see the mobility premium in action and a new value network that enables mobile operators to provide profitable payment services (because of that mobility premium) while simultaneously enabling bank, insurance companies and others to provide profitable financial services using mobile payments as a conduit.
More important than the mobile payments business itself will be the businesses that it enables. Just like M-KESHO, there will be new financial services businesses that only make sense on the mobile payments platform. In the UK, initiatives such as O2 Mobile Money and Orange Cash should provide some useful early indications as to how the market might evolve: if third-party financial services offer new products using these payments (eg, SME payments, media subscriptions, that kind of thing), then I think that will show that the pie will get bigger instead of getting sliced.

P.S. By way of an experiment in the service of readers, I have instructed no.1 son to go mystery shopping for an Orange Cash card and will report here in a couple of weeks.

Finnovation

I really enjoyed the first Finovate Europe in London. We had an excellent couple of days, because we had BarCampBankLondon the day before (I’ll write something about it later), and lots of folk came in for that too.

Although it was in London, three of the UK’s four biggest banks had just one person at the event. Three of the others didn’t send anyone at all. Barclaycard and Santander sent six each. Hmmm. Perhaps the others are just being careful with taxpayers’ money. I wish the head of eBusiness from my bank had been there.

[From Some Observations From Finovate Europe | Forrester Blogs]

To be completely honest, I was looking at most of the presentations in horribly mercenary terms: asking only which of our clients might be able to exploit this? As a consequence, I wasn’t really grabbed by what one of my fellow delegates called the “wheelspinning” around personal financial management (looking at pie charts of your overdraft and that sort of thing). Our space is the secure electronic transaction space, so I enjoyed the presentations from our friends at SecureKey and VoiceCommerce. It’s that kind of thing that is hot, I think. I’m going to find out more about Miicard as well.

I liked the StockTwits presentation, which probably combined innovation in technology and innovation in business model in the most interesting way, targeting a specific niche in an engaging way. There’s a lesson for me here: if I used Twitter for something more than moaning about South West Trains, I could have been a contender. Boku were great and so were Ixaris: I understand what they are trying to do in payments and I’m sure that both of them will succeed. None of my picks made it in to the delegate’s top three in the final vote, but I’m happy to stand alone.

All things considered it was a super day, an excellent opportunity to connect with clients and colleagues, and an energising look around the space. Jim and all of the chaps should be very happy with it.

The presentation that I probably thought about the most after the event, though, was the one from Fidor Bank. They have integrated a variety of alternative currencies into their online banking platform. These are presumably attractive to German consumers fleeing the euro, with folks memories of hyperinflation pushing them toward non-fiat stores of value.

The partnership will enable Fidor’s customers to buy gold, silver, platinum and palladium without completing any GoldMoney application forms. Orders will be processed daily through the FidorPay Account at the bank and then placed with GoldMoney through an ‘Omnibus-Holding’ in the name of Fidor.

[From Finextra: Germany’s Fidor Bank to offer retail access to precious metals via GoldMoney]

If you want to find out more about GoldMoney, forum friend James Turk, their CEO, will be at this year’s Digital Money Forum. Although only precious metals are live at the moment, Fidor are planning to integrate virtual currencies the future. I didn’t get a chance to talk to them to find out what the mechanism for this is: as far as I know there’s no API for accessing your Everquest platinum (or, literally, a payments wizard) so it would have to be done using screen scraping with usernames and passwords, just as it is for other services with no security (eg, banking).

I’m naturally fascinated to see how customers respond to this. If you can shift from euros to gold to World of Warcraft gold in a simple and friction free way, then we might see some interesting markets emerging.

Announcing London BarCampBank4

I’m a big fan of the unconference format, where the agenda is set on the day by the participants, so I’m very excited to announce that the 4th BarCampBankLondon “Unconference” will be held on 31st January 2011. The facilities will be provided by NESTA at their offices at 1 Plough Place, London EC4A 1DE with support from Consult Hyperion and BullionVault. Look forward to seeing you there!

This year, there will be a special focus on the role of financial services and institutions and their potential to help local communities unlock currently underutilised capacity to meet currently unmet needs. Why? Well, the new coalition government in the UK has an initiative called “The Big Society”: The Big Society is about helping people to come together to improve their own lives and putting more power in peoples hands. There is real interest – both within and outside of government – around the potential of ‘people helping people’ models such as complementary currencies and timebanking. The recent “giving” green paper consultation launched by the Cabinet Office makes particular reference to the potential of complementary currencies and raises questions around scaling local timebanks on a national scale.

New complementary currencies mean new institutions and my particular interest at the event will be to explore potential institutional arrangements. What would it mean to make complementary currencies part of the financial services landscape? What new kinds of financial institutions are need for the new economy? Questions like these deserve examination from a range of perspectives and I hope that we can exploit the opportunity to explore decentralisation, locality, community in financial services. New technologies — everything from mobile phones and smart cards to Facebook and Twitter — have a key role to play here, both in terms of stimulating new organisational models and and scaling up working alternative models to regional and national scale.

The number of tracks running in each session naturally depends on the number of participants and what they want to talk about but for BarCampBankLondon4 we hope to run 3-4 parallel sessions both before and after lunch. The topics to be covered in each track depend on you, the audience, but I expect them to range across new ideas for financial services businesses, ways to use new technology (with a big focus on social media), banking regulation and industry structure, community banking and a wide range of related issues.

The proposed agenda for the day is simple:

10am Welcome and introductions

10.30am Agenda-setting and ice-breaking

11am – 12.15pm First Session

12..15-12.30pm Report and review

12.30pm-1.30pm Lunch and networking

1.30-2.30pm Second Session

2.15-2.30pm Report and Review

2.30-3.30pm Third Session

3.30-4pm Report and Review, Closing Discussion.

See you at at NESTA on 31st January 2011. We hope to see 50-60 people there but space is limited, so please register right away here via MeetUp. There is a nominal booking charge of £10 and all delegates will receive copies of the latest Digital Money Reader with the compliments of Consult Hyperion and When Money Dies with compliments of BullionVault.

Moving transactions online

[Dave Birch] Well I managed to get myself invited to the launch of Forum friend Sir Bonar Neville-Kingdom‘s new book. As the government’s technology outreach czar, he makes a point of having his personal assistant Patricia use all forms of new information and communication technology. He has, of late, been dictating tweets for her to place on the Twitter and now, to ensure that these valuable insights into the heart of British government IT policy are preserved for posterity, they have been gathered together in “The Twitters of Sir Bonar Neville-Kingdom“. I wasn’t sure about the current regulations concerning the photographing of key civil servants, but I managed to sneak a few pictures and have put them on Flickr for the general public to peruse. Here are a few of them so that you can see what was going on (I spotted known activists in the crowd and am perfectly prepared to hand my footage over to the relevant authorities on the condition of pseudonymity).

Given Sir Bonar’s famous “ring of soup” formulation for government identity management services, I was keen to ask him how he sees the evolving balance between privacy and surveillance. In particular, I was curious about his views on Umair Haque succinct note that

The internet itself isn’t disempowering government by giving voices to the traditionally voiceless; it’s empowering authoritarian states to limit and circumscribe freedom by radically lowering the costs of surveillance and enforcement.

[From The Social Media Bubble – Umair Haque – Harvard Business Review]

Unless we take steps to build an identity infrastructure that embodies certain protections, encodes certain balances, then I think it is perfectly reasonable to anticipate a path whereby governments become authoritarian by default, simply becuase they can and not because of any directed or debated policy. I don’t think that you have to be some kind of privacy nutter to find this a concern: unfortunately, I was not able to put this point to Sir Bonar because he had to leave for a pressing bottle of claret, but I perhaps I will be able to catch up with him again in the not-too-distant future.

My multiples

[Dave Birch] I watched a strange TV show on a plane back from the US. I was about a woman with “Multiple Personality Disorder” (remember that book Sybil — not the one by Benjamin Disraeli — from years ago). I make no comment about whether the disorder is real or not (the TV show wasn’t that interesting) but there’s no doubt in my mind that when it comes to the virtual world, multiple personalities are not only real, but desirable.

Here’s a good reason for not having your Facebook account in your real name (as I don’t):

Five interviewees who traveled to Iran in recent months said they were forced by police at Tehran’s airport to log in to their Facebook accounts. Several reported having their passports confiscated because of harsh criticism they had posted online about the way the Iranian government had handled its controversial elections earlier this year.

[From Emergent Chaos: Fingerprinted and Facebooked at the Border]

I’ve already created a new Facebook identity and posted a paen to Iran’s spiritual leaders just in case I am ever detained by revolutionary guards and forced to log in. But will this be enough? Remember what happened to film maker David Bond when he made his documentary about trying to disappear? The private detectives that he had hired to try and find him simply went through Facebook:

Pretending to be Bond, they set up a new Facebook page, using the alias Phileas Fogg, and sent messages to his friends, suggesting that this was a way to keep in touch now that he was on the run. Two thirds of them got in contact.

[From Can you disappear in surveillance Britain? – Times Online]

So even if you are careful with your Facebook personalities, your friends will blab. As far as I can tell, there’s no technological way around this: so long as someone knows which pseudonym is connect to which real identity, the link may be uncovered. Probably the best we can do is to make sure that the link is held by someone who will demand a warrant before opening the box.

With my peers

[Dave Birch] I went over to the FS Club to hear Forum friend Giles Andrews of Zopa give an update on their progress. He explained that one way of thinking about Zopa is as a bond market for consumers, but one that allows people to get a social return as well as a financial one. What an interesting description. And it was an interesting meeting. I won’t quote anyone, because the meeting was held under the Chatham House rule, but rather I will give some general impressions of the discussion…

We all know Zopa as P2P lending, a marketplace for money. It’s not that hard to set up a web site, though, so there must be more to it. What makes it work, seeing as their numbers have steadily climbed? Giles gave a few insights: he said, for example, that the core of Zopa’s business is their sophisticated credit rating model. I deduce it must be working tolerably well, since their bad debts over the last five years have averaged 70bp.

What I found particularly interesting was the relationship between Zopa and retail banks. In an odd way, the credit crunch came along at the right time for Zopa. Their lending went from £15 million in 2008 to £35 million in 2009 to £75 million this year. It seems to me that as public trust in banks collapsed (along with the interest rates) so more and more people turned to Zopa.

Recently Zopa have been lobbying for regulation of P2P Lending in UK.

[From New Datamonitor report on P2P Lending in the UK has some interesting analysis points « The Bankwatch]

This is true. In fact Giles has said that Zopa think they should be highly regulated and properly supervised. This would be good for them for two reasons: first of all it would create a structure for more competition, and more competition is good for innovation and excellence, and secondly it would further legitimise the P2P sector, thus bringing in more borrowers and lenders. It would also, presumably, bring in more competitors, which would be good for competition.

Criminal inconvenience

[Dave Birch] It was identity theft week, or something like that, and since I’m about to start the CSFI’s 2010/2011 Research Programme into “Identity in Financial Services”, with support from Visa Europe, I’ve been thinking about the key aspects of the problem. For example: how well are current know-your-customer procedures working? After all, they are pretty stringent. To the point where the typical customer finds dealing with financial services organisations an absolute nightmare.

The ID banks require is getting beyond a joke. I’ve just been locked out of one of my online accounts, through no fault of my own, and they’re demanding I send them a certified document plus a utility/bank bill, but they won’t accept one printed online. Yet like many people, both for the environment and ease, I opt for paperless billing wherever I can, so I simply don’t get any printed statements anymore, leaving me at an ID disadvantage when banks refuse to count those as ID.

[From Martin Lewis’ Blog… | The bank ID farce: online accounts don’t accept online statements]

Still, I’m sure we’d all agree that it’s worth the massive imposition on customers, and the massive costs to companies, in order to crack down on ne’er-do-wells who are trying to defraud our banking system (at least, the ones who don’t work for banks). But since identity fraud appears to be at record levels, either these stringent controls are counter-productive (because only criminals will bother jumping through the hoops) or a total waste of money.

Drawing upon victim and impostor data now accessible because of updates to the Fair Credit Reporting Act, the data shows that identity theft impostors supply obviously erroneous information on applications that is accepted as valid by credit grantors. Thus, the problem does not necessarily lie in control nor in more availability of personal information, but rather in the risk tolerances of credit grantors. An analysis of incentives in credit granting elucidates the problem: identity theft remains so prevalent because it is less costly to tolerate fraud. Adopting more aggressive and expensive anti-fraud measures is extremely costly and jeopardizes customer acquisition efforts.

[From SSRN-Internalizing Identity Theft by Chris Hoofnagle]

Given the amount of trouble I find in accessing my own accounts — I tried to log in to my John Lewis card account this week and it asked me a password that I’d forgotten and when I followed the “forgotten password” link it asked me for a secret word or something that I didn’t even know I’d set — I can only assume that the total amount of time, effort and money wasted on this sort of thing across the financial services sector as a whole is enormous.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.