Big Tech, Financial Data … and resilience for critical infrastructure

black android smartphone showing instagram and gmail application

Victoria Saporta, BoE executive director for prudential supervision, has said recently that minimum resilience requirements should be required for the tech giants’ (and others’) hosting services, before they may process and store banking data. We strongly support these comments. We have identified this issue as one of a number of new risks arising from modern financial systems architecture, in recent Structured Risk Analyses that we have carried out for financial and retail organisations in North America, Asia-Pac and EMEA.

United we fall

[Dave Birch] I think that the decision by United Airlines to make some smaller travel agents process ticket sales on their own merchant accounts (and therefore pay the merchant service charge, or MSC) is one of those developments that seems on the margins at the time but actually signals the start of the supertanker’s turn. United’s new policy, starting 20th July, is for one reason: cost.

United would say only that the move was prompted by rising card-acceptance costs. “Credit card processing costs are escalating at a high rate and represent several hundred million dollars of cost each year,”… All travel-agent ticket sales on cards in 2008 totaled $79 billion, according to ASTA estimates, with an average discount rate of 3%.

[From News]

Never mind the average 3% MSC, the figure I thought was really shocking in this report was that brick-and-mortar agents account for nearly half of all airline ticket sales. I haven’t been in a travel agency for years (except to buy prepaid payment cards), all my personal travel is bought via web sites and all our corporate purchases go through invoices, so I was genuinely surprised to read that….

At the same time, airlines depend on so-called traditional, or brick-and-mortar, agents for somewhere between 40% and 50% of their ticket sales, with online agencies accounting for another 20% to 25%,

[From News]

Wow. To me, that was a genuinely surprising statistic. Anyway, that led me to wonder if people buy airline tickets with debit card given the price incentive — many airlines make an explicit charge for credit cards, but no charge for debit cards — or if the benefits of a credit card in these circumstances are seen as being sufficient to outweigh any surcharge.

Personally, I never buy airline tickets using anything other than a credit card, even though many airlines surcharge and try to get you to use debit cards. That’s because if anything goes wrong — let’s say the airline goes bankrupt, for example — then if you paid with a credit card you’ll get your money back. I’m more than happy to pay for the peace of mind. My top tips for avoiding fraud: use a credit card for everything in all circumstances and never use your debit card for anything except ATM withdrawals.

It’s criminal!

[Dave Birch] I went to a seminar on financial crime the other today. Not, as you might think, to look into the possibility of an alternative career if the whole consulting thing doesn’t pan out, but because I’m always looking for ways to help our customers to develop new propositions that have a chance working because they solve genuine problems, perhaps in new and innovative ways. So, I thought, why not brush up on the key financial crimes and get an idea of where some of our clients might useful focus their efforts, while at the same time getting a sense on the priorities of law enforcement agencies, banks, regulators and so on. It turned out that some of it wasn’t particularly relevant because financial crime is a wide-ranging (you might even say “catch all”) term for a pretty diverse set of concerns. There were people at the seminar concerned with armed robbery, anti-money laundering (AML) activity, sanctions-busting and goodness knows what else. To me, this made seminar less useful than it might have been had it been more focused, but I still felt as if I was learning something, but there were to many different concerns being expressed and responded to. The particular issue of payment security was discussed, of course, but for many of the people there it wasn’t as much of a concern (in terms of both financial and reputation loss) as you might think: if your bank has just lost a few billion quid, what’s a few tens of millions in card fraud?

The seminar was held under Chatham House rules — as, indeed, was the seminar that went to at Chatham House last week — so I can’t go into any details on organisational positions, but I will say that I found the strategic perspective limited. One recirculating meme was that of market failure. A couple of people said something like “the market hasn’t produced secure solutions”, which I think is a misunderstanding of what a market is. If banks wanted better security, they would already be paying for it. To some of the participants, particularly from law enforcement, this is evidence of a market failing, where to me it is evidence of a market working. If the law enforcement guys want, for example, better security for payment cards then they need to either transfer more of the cost of failure away from the public purse and on to the industry (which they’ve started to to in the UK by no longer treating card fraud as a crime) or incentivise the desired behaviour.

The Home Office has been accused of failing to take credit card fraud seriously after it was revealed the crime can no longer be reported by victims directly to the police.

[From Police News – Card Fraud ‘Being Decriminalised’]

There were some crimes being discussed, such as mortgage fraud, that are clearly of scale but unquantified. No-one seemed to know how much of it is going on or how it breaks down. Others, such as sanctions-busting, are very important but there is no obvious way that technology can help: if the tanks get loaded onto the ship labelled “Kenya” then dropped off in Sudan instead, I don’t think that better passwords or chip cards will make much difference to be honest.

As to how technology could make a difference, someone asked a representative of the banking sector precisely that question, and we were told to improve the keys on JCBs! Apparently, every time one of these is driven through a bank wall to steal the ATM, the bank loses about a hundred grand on the ATM and the cash inside, together with five times as much to repair the bank branch. Since the incidence of this kind of crime is both seasonal (it rises towards the holiday season) and recession-enhanced, making mechnical diggers harder to steal would make all the difference!


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.