We might want an irreversible anonymous blockchain but not for irreversible anonymous payments

I think I’ll just read John Lanchester’s superb piece about bitcoin in the London Review of Books one more time. It’s hard to choose a favourite part of such an excellent article, but if I was pressed to do so, I suppose it would be this part:

David Birch is the author of a fresh, original and fascinatingly wide-ranging short book about developments in the field, Identity Is the New Money. His is the best book on general issues around new forms of money, and new possibilities generated by blockchain technology.

From John Lanchester · When Bitcoin Grows Up: What is Money? · LRB 21 April 2016

John is much too kind. And is a much better writer than I am, which is why his piece is so good. His basic question about where we are going next is fascinating and has been at the heart of some heated debates that I’ve been involved in recently, including a stand-up with a bunch of very clever people at the European Blockchain Congress in London.

Arguing with smart people is how I learn

 

My preferred method of accelerated learning is arguing with smart people, and the Congress delivered them in spades. But before I come back to this particular argument, let’s just frame the big picture. First of all, no-one would deny that the bitcoin blockchain is a triumph of technology and engineering and innovation and ingenuity. Statistically, almost no-one uses it, but that’s by the by.

“The total addressable market of people who want to buy bitcoin is very, very thin,”

From What a Tech Startup’s Pivots Say About Bitcoin’s Future | American Banker

Indeed. And most of them aren’t in America or any other developed market. Why? Well, bitcoin is a super-inefficient form of digital currency that was designed to solve one problem (uncensorability). If I’m trying to get my last few dollars out of Caracas before the power is shut off permanently then bitcoin might provide a rickety bridge to US Dollars, but if I’m trying to pay for a delicious burrito at Chipotle then bitcoin is pointless. However, and this is what the argument at the Congress (in the picture above) made me think about, there may be other factors that mean the bitcoin blockchain will obtain mass market traction.

What factors? Well, here are two that were touched on during the discussion pictured above, together with my more considered reflections on them.

One factor might be irreversibility. I think we all understand that you can’t build an irreversible payment system on top of a reversible payment system (such as direct debits in the UK) but you can build a reversible payment system (which is what society actually wants) on top of an irreversible one. That’s a good argument for having an fast, free and irreversible payment system that can be built on to provide a variety of different payment schemes suited to particular marketplaces. In the UK we already have this, it’s called the Faster Payment Service (FPS). Once the Payment Systems Regulator (PSR) has finished opening up access to FPS and once FPS can be accessed efficiently through the “XS2A” Application Programming Interaces (APIs) that will be put in place by the Second Payment Services Directive (PSD2), then we ought to be able to unleash some creativity in the developer community and perhaps build a reversible payment scheme on top of this irreversible infrastructure (I’m not the only genius to have thought of this: MasterCard are one of the bidders). Then it wouldn’t matter whether the scheme used the bitcoin blockchain or the FPS or NPP in Australia or TCH in the US or Ripple or anything else: the choice would come down to price and performance. Perhaps bitcoin would then be a choice, although I’m not sure about it.

Another factor might be anonymity. No-one who actually thinks about it wants anonymity. What they want is privacy. But there is a similar asymmetry as in the case of irreversibility. You can’t build an anonymous system on top of a non-anonymous system but you could build a privacy-enhancing transaction system on topic of an anonymous system and since I’m rather wedded to the idea of private payment systems, I find this an interesting combination. Again, would bitcoin be a choice for this? That’s not clear to me at all.

What if those factors turn out to be important enough to build new services, but not for creating a currency? This would support the view that a blockchain, although not necessarily the bitcoin blockchain, might well be the shared security service that society needs to anchor a new generation of online transactional services. As time goes by, this strikes me as a more and more interesting possibility. I mentioned it a couple of weeks ago.

Dr. Wright says “The mining of bitcoin is a security service that alone creates no wealth”. So to return to the point above, the sheer volume of mining going on (provided it does not become concentrated) means that there is a very, very secure piece of infrastructure out there. This infrastructure may be used to “anchor” all sorts of new services that need security as I said above. Some of them may be payments (as the Lightning folks hope) but most of them will not be.

From Mining for what? | Consult Hyperion

So, to get back to John Lanchester’s piece, where might we be going next? I’m pretty sure that we’ll soon see another more efficient blockchain that will untangle the cryptocurrency from the carrier by providing some other incentive for mining (perhaps more like Ethereum, who knows). This, the Watt blockchain that will replace the Newcomben blockchain that we have now, could well be the new supranational security infrastructure that, as some claim, will be as important as the Internet itself because it will provide the security layer that the Internet should have had in the first place.

Mining for what?

(Updated 6th May with reference to post by Dr. Craig Wright.)

As I am sure you know, the security of the bitcoin blockchain rests on a consensus protocol that includes a proof-of-work algorithm, and executing this algorithm (which is computationally very intensive) has become known as “mining” by analogy to gold mining (because of the bitcoin reward for the activity). Hence the idea of bitcoin miners.

On the edge of a tiny Chinese town is a strange building where you can get an insight into the future – and only a handful of people know what is happening inside.

From BBC – Future – We looked inside a secret Chinese bitcoin mine

By complete coincidence, on the very day that this story about a secret Chinese bitcoin mine was published on the BBC, I ran into the secret Chinese bitcoin miner himself at a not-at-all secret hotel in New York.

Secret Chinese Bitcoin Miner

Yes, it was Chandler Guo! As you may recall, Chandler won the coveted Toast D’Or at last year’s Money 2020 in Las Vegas (you can read the full story about it here) because he asked the best question from the floor.

Money2020 Toast and More

Anyway, he told me not to mention where the secret mine is, so I won’t, but it was interesting hearing him talk (as it always is) about how mining is going and the dynamics in the sector. Chandler mentions in passing in the BBC article that about three-quarters of the world’s bitcoin mining equipment is in China and that he is currently building a bitcoin mine that will produce about a third of all the bitcoins. What will happen to these bitcoins is anyone’s guess.

“The total addressable market of people who want to buy bitcoin is very, very thin,”

From What a Tech Startup’s Pivots Say About Bitcoin’s Future | American Banker

Indeed. And most of them aren’t in America or any other developed market. But what if it turns out that bitcoins aren’t useful as money at all, but as “anchors” for a variety of new and innovative cryptography-based services (one of which may be payments). The bitcoins will be useful because of the sheer volume of mining going on (since the security of the system rests of mining), not because they are coins representing any actual value.

Wait, what? Bitcoins might be valuable because they are not money? Well, yes.

I’ve said before, in my usual soundbite twitter-centric superficial and aphoristic way, that the future of money isn’t bitcoin and the future of bitcoin isn’t money. We don’t need to go into why I think this, although I will say that I think my early analysis of the technology for out clients has stood up pretty well over time. I touched on the topic again last month in a blog post “Is Bitcoin Money?” where I again said “will money as we know it be replaced by bitcoin? I sincerely doubt it” after a discussion about the functions of money. I started thinking about this again during a couple of the discussions at Consensus 2016 and then some pointed me towards a discussion thread about whether bitcoin is money or not. To be honest, I wasn’t that interested in reading it, but as I was bored on a plane I started to scroll down. It became mildly more interesting when someone mentioned John Lanchester’s piece in the London Review of Books. You remember, the one where he says “David Birch is the author of a fresh, original and fascinatingly wide-ranging short book about developments in the field, Identity Is the New Money. His is the best book on general issues around new forms of money, and new possibilities generated by blockchain technology”. (Which reminds me, I must write a blog post on John’s excellent piece…)

Anyway, while I skimmed some of the arguments, the core of the discussion was that an economic adviser to Jeremy Corbyn, the current leader of the UK Labour Party, said that money is credit and bitcoin isn’t credit so it isn’t money. I’m pretty sure he’s wrong about this (since it is easy to envisage non-credit monies), but that’s not my point. He also makes a point about trust, which is a good one and similar to a point made in a Forbes piece that I read a while back.

Why should anyone have more trust in a digital currency created by an anonymous group of coders accountable to no-one than in a democratically-elected government accountable to everyone? Why is an essentially feudal governance model “safer” than a democratic one?

From Bitcoin: In Technology We Trust (Maybe) – Forbes

So far so familiar to people I bore senseless about this stuff at parties. Then it got a lot more interesting when my old chum Izabella Kaminska from the FT stepped into the fray, pointing to something that Craig Wright (the man who may or may not be Satoshi Nakamoto) wrote on the topic.

It’s the first time anyone in the bitcoin world has actually made a compelling argument, with historical references. First, he describes bitcoin not as a currency or a commodity but as a security service.

From Tax Research UK » The problems with Bitcoin

I had not read the Wright piece before, so I had a very quick glance and then bookmarked it to read later. Unfortunately, there was no later as Mr. Wright has now canned his blog, but a correspondent found it using the wayback machine. Dr. Wright says “The mining of bitcoin is a security service that alone creates no wealth”. So to return to the point above, the sheer volume of mining going on (provided it does not become concentrated) means that there is a very, very secure piece of infrastructure out there. This infrastructure may be used to “anchor” all sorts of new services that need security as I said above. Some of them may be payments (as the Lightning folks hope) but most of them will not be. Now, while I think it unlikely that the bitcoin blockchain will be the final form of this infrastructure, that’s no reason not to experiment with it, in which case bitcoins will continue to have value even if no-one is using them to buy mundane goods or services.

We must stop solicitors from using e-mail as soon as possible

I was watching Panorama on the BBC on Monday. It was about hacking, ID theft, the usual stuff. The main takeaway for the general public was, I think, that everyone’s personal details have already been stolen and are common currency amongst criminals.

Hackers have stolen the personal details of millions of customers from companies like Talk Talk. So how do cybercriminals get hold of our data? Reporter Daniel Foggo meets the hackers who can break into any website and finds out how criminals profit from our information.

[From 

BBC One – Panorama, How Hackers Steal Your ID

]

It featured one sad case of a woman who had been misled by fraudsters. She was buying a house and got an e-mail from (she thought) her solicitor asking her to transfer the funds for the house purchase (some £50,000) to a particular bank account. She did. The e-mail was, of course, from crooks and they transferred the money out and were never seen again (so much for the KYC/AML checks we spend so much money on). With so much money at stake, I couldn’t help but wonder, wouldn’t some form of security seem appropriate?

According to the American Bar Association (ABA), only a third of lawyers use encryption to communicate with their clients and of the lawyers who claim that they do use encryption, fully a third cannot say what kind of encryption they use. Of those who could say what type of encryption they use, the most commonly identified type was general purpose software with encryption features that required the recipient to be sent a separate password. Which is perfectly acceptable: I do the same all the time, using some zip utility to encrypt with a password then texting the password to the recipient. But I can’t help but wonder: why it is that Facebook can send me e-mail that is encrypted and digitally-signed and lawyers cannot? It’s not as if there isn’t a threat model!

Mrs d’Adhemar engaged a solicitor to handle the transaction and sent all correspondence through her secure work email address, but used her personal email account for everything else, including contact with the estate agent, Chestertons.

But 10 days after the sale was completed they received a call from their solicitor, who said NatWest had flagged up a problem with their account. Alarm bells immediately rang. The couple didn’t have a NatWest account, they banked with HSBC.

[From 

Email hacking: another home-seller robbed of £270,000 – Telegraph

]

Just in case you are thinking that I’m highlighting odd or exceptional cases in order to make a point, I can assure you that I am not. This sort of thing goes on all the time in the UK.

Mr Lupton’s solicitor, Perry Hay & Co in Richmond, Surrey, emailed him requesting his bank account details for the sale proceeds to be paid into.

As millions of people do regularly and without thought, he duly replied, sending his Barclays bank account number and sort code.
The email was intercepted by fraudsters. Posing as Mr Lupton, the fraudsters swiftly emailed Perry Hay & Co again – from the same email account – and told it to disregard the previous details and send the money to a different account instead.

[From 

‘Fraudsters hacked emails to my solicitor and stole £340,000 from my property sale’ – Telegraph

]

After all these years, we still can’t make e-mail security work. Imagine the hassle that the average solicitor would face in trying to get an average customer to install GPG or something. It’s never going to happen. The solution, as Ian Grigg pointed out seven years ago when I was going on about the security of e-mail another time, is to stop trying to fix e-mail and (as my teenagers did) move somewhere else. Why not use messaging systems that are secure, like Facetime? Yes they aren’t interoperable (so you would need to know whether the customer had Skype or Yahoo or WeChat or WhatsApp or whatever) but I don’t think it would be hard to set up a few accounts. Then the fraudsters would have to take over the solicitor’s account rather than just send an e-mail. This would have two immediate benefits: first, the security of the account would be specifically the problem of the solicitor and they would fix it by using strong authentication and, second, all communications could be encrypted (I remember that we worked on a pilot system like this – for financial services rather than for solicitors – a few years ago and even then the overheads associated with encrypting and signing were negligible).

We need solicitors to stop using e-mail as soon as possible, but we need to provide a viable alternative. If not social media or messaging, then why can’t we have something like they have in Denmark, where everyone has a sort of secure government postbox?

P.S. It’s a rhetorical question. I know perfectly well why we can’t: it’s because Denmark has a national digital identity infrastructure and we don’t. But why not have it as a bank service, like the Barclays Cloud thingy? Since the solicitor knows your bank account, they would automatically know which bank cloud to send the documents to. And if you wanted to tell your solicitor to send money somewhere else or some other instruction, you would have to do it from inside your bank cloud. Surely, with a nuclear-powered robot on Mars, it ought to be possible to send documents from a postbox in one bank cloud to a postbox in another?

#IDIoT is a serious business

The Gartner hype cycle is jolly bullish on autonomous vehicles, which I’m really looking forward to. According to Jerry Kaplan’s fascinating “Humans need not apply”, switching to autonomous vehicles in the US will save thousands of lives and billions of dollars every year. Personally, I couldn’t care less if I never drive a car for myself ever again, and I hope that Woking will become an autonomous vehicle only zone as soon as possible. Sadly, this won’t be for a while.

While autonomous vehicles are still embryonic, this movement still represents a significant advancement, with all major automotive companies putting autonomous vehicles on their near-term roadmaps.

[From Gartner’s 2015 Hype Cycle for Emerging Technologies Identifies the Computing Innovations That Organizations Should Monitor]

Gartner are even more bullish on what they call autonomous field vehicles (which I think means drones, combine harvesters and such like) and predict that these will be around in 2-5 years time, just like enterprise 3D printing and cryptocurrency exchanges. I couldn’t help but notice, though, that their very same hype cycle puts digital security at least 5-10 years out. So they are forecasting that there will be vehicles running around for some years before we are able to secure them, 3D printers inside organisations printing things for years before we are able to protect them and people trading money years before we can stop hackers from looting them. Actually, I agree with Gartner’s prediction, as it’s entirely congruent with my own #IDIoT line of thinking, which is that our developments in connection technologies are accelerating past our developments in disconnection technologies. And if you don’t care what I think about it, you probably do care what Vint Cerf thinks about it.

“Sometimes I’m terrified by it,” he said in a news briefing Monday at the Heidelberg Laureate Forum in Germany. “It’s a combination of appliances and software, and I’m always nervous about software — software has bugs.”

[From Vint Cerf: ‘Sometimes I’m terrified’ by the IoT | ITworld]

We’re busy going round connecting vehicles, equipment and money to the internet with having any sort of strategy in place for disconnecting them, which is much more difficult (doors are easy, locks are hard, basically). And with chips that we don’t even understand being built into everyday devices, the complexity of managing security is escalating daily. Look at the recently-launched “21” idea.

Its core business plan it turns out will be embedding ASIC bitcoin mining chips into everyday devices like USB battery chargers, routers, printers, gaming consoles, set-top boxes and — the piece de resistance — chipsets to be used by internet of things devices.

[From Meet the company that wants to put a bitcoin miner in your toaster | FT Alphaville]

Really? Chips in everything? What could possibly go wrong? Oh wait, it already has. There’s something missing here: an identity layer. Hardly a new idea and I’m not the only person going on about it.

Everyone and everything will have an identity… We can’t scale a world that we can’t talk to, can’t control and can’t secure. Everything, including your toaster, you fridge and your car, will have an identity.

[From Facing the new Big Bang: The IoT’s identity onslaught — Tech News and Analysis]

Yet nothing much is getting done, despite that fact that we already have plenty of case studies as to how bad the situation is already. Never mind smart fridges that give away your personal details or televisions that spy on you there are issues about the maintenance and upkeep of things in the field that create an identity management environment utterly different to anything are used to dealing with in the worlds of OIX, Mobile Connect, SAML and so on. 

Did you buy a smart TV or set-top box or tablet any time before January 2013? Do you watch YouTube on it, perhaps through an app? Bad news: Google has shut down the feed that pushed content into the app.

[From You buy the TV, Google ‘upgrades’ its software and then YouTube doesn’t work … | Technology | The Guardian]

It’s issues like this that make me want to focus on identity in the internet of things (or #IDIoT, as I call it) in the near term, so I was really flattered to be asked along by the good people at ForgeRock to talk about this at their London Identity Summit tomorrow. Really looking forward to exploring some of these ideas and getting feedback from people who know what they’re talking about. What’s more, Consult Hyperion and the Surrey Centre for the Digital Economy (CoDE) will be delivering a highly interactive workshop session designed specifically for the University of Surrey’s 5G Innovation Centre SME Technology Pioneer Members on 30th November 2015. This will include “business lab sessions” interleaved with presentations and discussion. We’ll be putting forward the #IDIoT structure to explore identity, privacy and security issues using our ‘3 Rs’ of Recognition, Relationship and Reputation. The event will be an opportunity to establish contacts with companies interested in the IoT space, as well as connecting with the broader University community and a select group of large enterprises so I’m really looking forward to it and, as you might imagine, you’ll read all about it here!

The dawn of the cardholder-present transaction (Salford edition)

Well, today was the big day. Yes, a cusp in the annals of payment history. The day that mobile payments became real etc etc. Apple Pay in dear old Blighty! And a surprising amount of media attention.

It is the first time the “tap-and-pay” system — which allows users to pay for goods and services by touching their smartphones on contactless payment points — will be available outside the US.

[From Apple Pay taps UK to shake up consumer spending – FT.com]

Hurrah! Now, I’ve been tapping and paying with my iPhone for ages using my splendid Barclaycard sticker. But now the rest of you can join in the fun. Well, at least those of you with some of the latest Apple gear, that is.

Owners of an Apple Watch synced to an iPhone 5, iPhone 5c, and iPhone 5s will also be able to use Apple Pay, albeit without the extra security of Touch ID available only on the latest iPhone 6/6S model. Those with the latest iPad Air 2 or iPad mini 3 will also be able to use Apple Pay within apps to make purchases online.

[From Apple Pay readied for UK live debut – E & T Magazine]

The launch of Apple Pay meant that I had a pleasantly busy media day, starting of in Salford with BBC TV’s national “Breakfast” show.  This was really fun but it’s quite difficult because you have to boil down what you want to say to the bare essentials and talk in a language that a normal person (i.e., not someone obsessed with the future of electronic transactions) can connect to. The main point that I wanted to get over was that this really does mean a payments revolution, but because it brings security and convenience in-app and online, not because you can tap to buy cups off coffee, no matter how cool.

Good Morning Britain

One question that I was asked more than once during the day was “is it secure?”. I sometimes find this a little odd, because it suggests that Apple, the international card schemes, Britain’s leading retail banks and top consultants were thick as planks and hadn’t thought about it. My consistent response was that not only is it secure (or, at least secure within the bounds of the economic parameters appropriate to the business model, which is what I always mean by “secure”) but it is very secure indeed. The truth is though that none of this actually matters when it comes to adoption.

according to our Technographics data from Q1 2015, 27% of UK online consumers owning an iPhone would trust Apple to provide a mobile digital wallet but they are still more likely to trust PayPal (43%), a bank (41%), a credit card network (40%), and Amazon (32%).

[From Expect Faster Adoption Of Apple Pay In The UK | Forrester Blogs]

Now, it’s very important not to listen to consumers at all about this sort of thing. How secure a transaction mechanism is or is not has almost no bearing on whether people think it is or is not secure and no bearing at all on whether they actually use it or not. If you look at what people say and do, it’s clear that they are unconnected and surveys are a bit of a waste of time.

So, broadly speaking, people think that mobile payments are not secure, but since they don’t care about security and value convenience more highly, they will use mobile anyway.

[From I don’t trust public opinion on trust (or anything else) | Consult Hyperion]

The fact is that whatever people think, mobile payments are more secure than card payments. They might even, as it happens, lead to their demise. Anthony Jenkins, when head of Barclaycard, rather famously (to me) said that mobile phones would get rid of cards before they got rid of cash. I hate to say it, but it looks like he was right. Look at the trajectory. A decade ago, Bank Technology said that:

In the US, bank-issued contact smart cards are already in decline. In March of this year, Target said that it would discontinue its smart card programme because so few of the cards were ever used to download coupons as intended. Financial Insights reckon that the numbers in circulation will continue to fall from the peak of 21 million in 2002. Unless there is a dramatic increase in card fraud in the US, the business case for investing in anything other conventional magnetic stripe cards remains non-existent.

Well, there was a dramatic increase in fraud, yet the business case remains uncertain. US issuers are hardly racing to implement EMV. The costs of card-not-present (CNP) fraud and PCI-DSS all fall on the merchants, not the issuers, so their incentive to change is limited. But — and this is a perspective we need to explore — EMV has not been a magic bullet against fraud elsewhere in the world. The UK has had EMV for years, yet card fraud is still a major, major problem.

Damning research shows up to 3.8million bank and credit card frauds are left out of the Crime Survey for England and Wales, distorting the true scale of offending. If they were included, the number of annual offences would rise by 50 per cent, from the record low of 7.3million to 11million a year. It means seven people are defrauded every minute.

[From Why crime is really UP 50%: Upbeat official figures ignore slew of offences, from card fraud to murder | Mail Online]

The reason is two-fold. First, over time, criminals have become more inventive and have found many scams to obtain cards and PINs. Second, and most importantly, EMV did nothing about CNP. This is what Apple Pay is about to change, followed by bank schemes, Google Pay, retailers own schemes, Samsung pay and what ever else.

UK Card Fraud 2003-2014E

According to a variety of figures I’ve looked at, retail e-commerce is growing at around 10% per annum whereas card fraud in retail e-commerce is growing at double that rate. It’s time for a step change in the fight against card fraud. But what? Well, back in January 2014, I said in passing that “until we get a more secure mobile phone-based card infrastructure in place with working tokenisation” we would be stuck with these high levels of card fraud. Of course, I’m not quite the guru you might imagine for saying this, because I knew that my colleagues at Consult Hyperion were already working on tokenisation, but you can see what I was getting at.

I made this point again when I got caught up in an interesting discussion about card fraud a couple of days ago. The circumstances aren’t germane and I wouldn’t want to mention any of the organisations involved, and I hope none of them will mind if I mention that one of the main points of discussion was the relative security of mobile transactions over conventional card transactions. I think is fair to say that, broadly speaking, the discussion subgroup who came from banks agreed with me that mobile would in time be more secure than cards while the subgroup who came from merchants wanted to know if this meant changes to rules and rights. (I think it will.)

So why did the bank group think that mobile holds so much promise in security terms? As you’d expect, device fingerprinting and location-based services were seen as transforming the security around the payment transaction, and I couldn’t agree more. They also thought that this would mean that, in time, card-present (CP) rules and rights could be extended to mobile transactions. Personally, I am more bullish than that and would push further. I think that in time “cardholder present” transactions will actually be cheaper for the merchants than CP transactions and will be more desirable for the merchants because they allow for the sophisticated handling of payments related data within a transaction.

This must mean that in the longer term merchants will incentivise the use of mobile payments (e.g., Apple Pay) over the use of plastic cards and this will further support the evolution of in-app payments. As I said to a journalist this morning, Apple Pay is huge, but not because you can tap your phone to buy a coffee. Apple Pay is huge because it is the mass-market dawn of the change from card-present and card-not-present to cardholder-is-present and cardholder-was-present transactions.

But back to breakfast television. In the “green room” I ran into Mark Thompson, the astronomy chap, who was in to talk about the Pluto mission. As an experiment we decided to try out Apple Pay on his iPhone, which all went swimmingly. He opened up “add a card”, scanned his credit card and then… “sorry, your card is not supported”. He was using a Barclaycard.

Good Morning Britain

I showed him my sticker.

I don’t trust public opinion on trust (or anything else)

Down at CHYP End we work on a pretty wide variety of new payment systems and schemes around the world and we understand that consumer trust is seen to be an important factor in determining which of them might succeed or fail. But is it really true? Is trust really a determining factor or are there other ways to sway consumers?

A recent survey has revealed that consumer trust in newer payment methods has declined significantly in 2014. The survey, in which 650 UK residents answered questions about their banking and payments habits, also indicates that, for the third consecutive year, cash was seen as the most secure (73%)

[From UK: consumer trust in newer payment methods drops by the wayside, cash still king | The Paypers]

This is, of course, mad. Cash is the least secure way for consumers to pay for anything, no matter how you look at it. Getting your cash back from a retailer who does not deliver or a holiday company that goes bust or a tradesman who does a shoddy job can be very difficult. And cash is what gets lost and stolen. And if I end up with counterfeit cash it’s my problem and there’s nothing I can do about it. The idea that cash is in any way secure is laughable and I am genuinely baffled as to how anyone who has been through a minimum of 11 years of compulsory education might think otherwise.

Nearly 71% of respondents believed mobile payments to be the least secure payment method. The results show that whilst the number of people making mobile payments has increased, nearly double the amount of people perceive the mobile device to be the least secure when compared to the 2013 survey results (38%).

[From UK: consumer trust in newer payment methods drops by the wayside, cash still king | The Paypers]

Ludicrous, of course. But remember that one in four of those people think dodos still exist, so you should take anything they say on any topic whatsoever with a big pinch of salt. Mobile payments are far more secure than a great many alternatives (including cards – I’ll blog about this again soon). And in any case it may not matter what people say about new payment systems as compared to what they do with new payments systems. The figures seem to show that while three-quarters of Brits think that mobile payments are insecure, more than half of Brits want to use them.

A survey from payments and loyalty specialists Logic Group has found that UK consumers are embracing new technologies such as contactless and mobile payments… Being able to pay through a mobile device is a popular request from survey respondents (54 %), while one in five consumers is also interested in paying for goods through wearable technology.

[From UK consumers embrace contactless and mobile payments – Payments Cards & Mobile]

In fact, Brits are pretty bullish about this apparently insecure technology because not only do half of them think that they would like to use mobile payments themselves, a third of them think that mobile payments will become the preferred method of payment in a relatively short time! So the general public appear to simultaneously believe that mobile payments are insecure and they will become our main way of paying for things.

A new study published by Experian reveals that a third of the UK population (33%) believes credit and debit cards will no longer be the preferred method of payment in 2020, as paying with a smartphone will take over.

[From UK adults believe that smartphone payments will outpace credit and debit cards by 2020 – Payments Cards & Mobile]

I think that the key to understanding peoples’ responses to surveys like this is to remember that they don’t understand the slightest thing about the security of electronic transactions and therefore their opinions are based only on prejudice. Why American consumers, for example, would imagine that paying with a trivially-counterfeitable magnetic stripe is better than paying with a secure mobile alternative is completely beyond me. But they do.

Only one percent of respondents believe using a third party mobile payment provider such as Apple Pay or Google Wallet is a safe way to pay for in-store purchases.

[From Survey: Consumers Dubious of Mobile Payment Security | Tripwire]

So, broadly speaking, people think that mobile payments are not secure, but since they don’t care about security and value convenience more highly, they will use mobile anyway. At least I think that’s what it all means. Look at the early figures coming out of Apple Pay, which apparently now accounts for the substantial majority of all contactless payments in the US. Whatever people might think about the security, they tap and pay with it. This is why mobile payments will succeed: because they are convenient. I always have my phone in my hand when I’m (for example) getting on the Tube so I might as well use it.

iphone at gate
Open loop pay at gate in London with an iPhone and Apple Pay

What these results might also mean is that it is important not to listen to the general public about anything at all. This is not my curmudgeonly take on the general ignorance of our barely-literate hordes but in itself a statistically well-founded observation.

British public wrong about nearly everything, survey shows

[From British public wrong about nearly everything, survey shows – Home News – UK – The Independent]

They’re wrong about nearly everything, and mobile payments are no exception. Whatever they say about trust, they will do what’s easiest.

Biometrics are already mass-market for banking

Dgwb blog white border

Biometrics aren’t really futuristic any more, and even in as conservative a sector as banking they are being deployed in the mass market. I’ve helped to organise a CSFI roundtable on the topic to share some practical experiences. (Revised 22nd April 2015 with updated roundtable details.)


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.