The Bankwatch

Tracking the consumer evolution of financial services

Net neutrality as a concept is a disaster


Net neutrality as a concept is a disaster. President Obama has introduced a new law that contains principles which are worrying.

US watchdog heeds Obama on net neutrality

Advocates of the open internet principle — known as “net neutrality” — want to ensure that broadband providers are banned from setting up fee-based internet fast lanes or “throttling” content from websites that use a lot of bandwidth or compete with their affiliates.

Why you may ask do I feel this way. The concept of net neutrality is often reduced to internet as a utility such as electricity or water.  Internet is so not that.  

Electricity and water are on and off concepts.  It works or it doesn’t.  Internet on the other hand has upload speeds, download speeds, consistency of speeds in general and consistency of speed relative to specific applications such as torrents or netflix as two examples.

Therefore internet is much more complicated than a utility. It is more aligned with cable TV or toll roads.  In both those cases you as a consumer can achieve better results if you pay more.  But if you do not want to pay for the top tier movie and sport channels and go with basic then its your choice to watch the basic channels, or drive on the side roads.  There is nothing wrong with that model.

Net neutrality suggests that the top tier movie and sport channels should be free.

Then lets talk abut download speeds.  Net neutrality suggests we all get equal speeds.  This is a race towards the lowest common denominator.  Gamers and folks who want super fast speeds would never see them because Net Neutrality would force providers to optimise for the slowest and worst service.  There is no incentive for providers to optimise speed, only to optimise availability.

Whenever a provider optimises for avaialbility then premium considerations such as upload speeds, download speeds and application specific speeds disappear.  Everyone is treated to an equally poor service level.

Written by Colin Henderson

February 27, 2015 at 02:51

Posted in Uncategorized

RBS announces Apple Touch ID to replace username and password


Banks allow fingerprint access to accounts

RBS said it has introduced the Touch ID service following feedback from customers who asked for the technology to be included in their mobile banking app on its Ideas Bank website. The technology replaces passwords and passcodes on a mobile phone application.

From Thursday, individuals with an iPhone 5s, iPhone 6 and iPhone6 Plus will be able to use Apple’s Touch ID fingerprint sensor to check their finances, in what the bank claims is a first in Britain.

Written by Colin Henderson

February 20, 2015 at 01:25

Posted in Uncategorized

MaRS launches FinTech cluster in Toronto


Nice to catch up with fiends and colleagues at MaRS in Toronto. It was their opening for the Toronto Fintech cluster at MaRS, and a fantastic turnout.  

(Note to MaRS:  tonight was a highly oversubscribed evening, great meeting and yet I cannot see anything obvious on your site.  The fintech link has tow items, both old stuff, and tonights event is not on the events page.  

Anyhow, great evening, and here are some pics.

Andrew Graham – Borrowell

Others including Paypal, Braintree, and Moneris

Written by Colin Henderson

February 17, 2015 at 21:35

Posted in Uncategorized

More on the Bank heist – Kaspersky report pulled


There is some more information apparently from the Kaspersky Report referenced yeasterday. The report was launched then pulled.  However it is still available at writing time here on this German site.

It appears from reporting today from KrebsOnSecurity that these activities referenced in the report are part of an ongoing attack over several years.  There is no apparent newness here other than the Kaspersky Report, and they are not doing a very good job today of following up the hype they created yesterday.  The politics of security reporting aside, there are some real lessons here for banks to be concious of.  

The game changing aspect I indicated yesterday of amending the banks sub ledgers appears to be real.  The information I could glean today validate that they are able to observe business processes using screen shots and video gathered using malware deployed within the banks’ systems on users desktops.

The attack is ongoing against multiple banks.  Once they are inside a bank the target is generally compromised for two to four months. This period is used to gain intelligence on the actual processes within the target bank on the desktops of individual employees.

The original and primary attack method is using malware infected attachments using Microsoft Word 1997-2003 and sent by email.  Apparently the patches released for those MS Word versions were not installed.

Once the malware is deployed within the target bank, the bad guys can observe bank officers work protocols and processes over time, observe their daily routines and discern the best time window for attacks that would provide them most time to perpetrate and successfully complete the money theft.

The actual thefts seem to have been centred on SWIFT and ATM cash.

Written by Colin Henderson

February 16, 2015 at 14:15

Posted in Uncategorized

Kaspersky report game changing bank heist worth hundreds of millions


Tomorrow the NY Times will publish more details on the full Kaspersky report that covers an infiltration of Banks’ that is a game changer.  It does so because the approach demonstrates sophistication and understanding of banks that goes way beyond IT.  Security is no longer username and password issue.  This goes to the core of Banks business processes.

NYT1

Hundreds of banks have been infiltrated, mostly Russian but including American, European and Chinese – 23 countries in total, and hundreds or thousands of bank IP addresses.

Here is why this is important.  Whenever 99% of lay people hear about hacking and customers data or money being stolen, the going assumption is that the bad guy, perhaps some teenager in a Birmingham or Kiev bedroom is somehow guessing your online banking password and stealing some money from your account.  If we think that through that apporach is not just very hard, but of limited utility.  The bad guys needs to do things like have a credit card and pay it off, or P2P money to himself.  Hard work and small potatoes.

Financial crime has evolved.  It is run by organised crime and their approach is something I wanted to focus on here.  The Kaspersky report coming out tomorrow is going to highligh this approach that is high level summarised in the pic from the NYT on Sunday.

The new approach involves patience.  Social Engineering supplemented by patience.  Patience is easy when organised crime is involved because their other activities provide the cash flow to allow them time to develop the big job which is what happened here.  Social engineering covers a host of activities from phone and email to gaining employment at a bank. Read the wikipedia piece to see how broad that definition is.  The objective is to embed malware on a computer which provides a window for the bad guys into the banks.  This can provide them access to usernames, passwords, and the latest danger, business processes.  The very words ‘business process’ makes most people including bankers eyes glaze over.  Read on.

nyt2

The NYT article indicates that the Kapersky report covers the bad guys learning the business processes for SWIFT and General Ledger by watching the screens of bank employees as they process accounting entries and send millions of dollars around the world.  While the report also covers theft of millions in this job through ATM’s these buiness processes are the big new ones.

The biggest new advance in the perpretators approach in this instance to me at least, is how they infiltrated the Banks’ General Ledger and probably (my guess) sub ledgers.  They manipulated account balances and liability balances.  This was not picked up by the banks who apparently only verified such things periodically every 12 hours.  In the interim this allowed the bad guys to send large amounts to their own bank accounts at JP Morgan and Agricultural Bank of China and go completely undetected.

Side note:  what efforts were made at those two banks to perform AML and other customer screening during the account opening process in the names of the bad guys?  This should be the subject of intense scrutiny but not for the usual ‘find someone to blame reason’.  No it is not to penalise those banks’, but rather to point out the current new account screening approach is always looking backwards and can never predict tomorrow problem.  Time for Banks to learn from El Al and how they avoid terrorism.  I digress.

The Banks did not know that their customers account balances were manipulated and that money which basically did not exist was transferred out to the two banks mentioned.

I am certain the background to this crime will be even larger than the few anecdotes I picked up here, but rest assured this one is a game changer.

By the way, the amount stolen is in the range of $300 million to $900 million.  They are just not sure.  Thats close to 1 billion dollars.  That is worth a lot of patience.

I searched for other reporting on this new Kapersky report, but they all point back to the same Kaspersky marketing campaign, so we have to wait for more on this.

Edit.  Hackernews has some additional reporting, including this pic which validates what we know so far.  Note the red arrow at the bottom indicating access to an admin computer that truly was the key to the kingdom by allowing staff mimicking.  Also not the “inflating account balances” in box three on the right.  Hackernews also notes that the banks involved cover 23 countries and in the range of hundreds or maybe thousands of bank IP addresses.

HN1

Written by Colin Henderson

February 15, 2015 at 13:51

Posted in Uncategorized

West Coast Port shutdown becomes catastrophic


There is a problem in trade logistics in North America.  The problem lies in west coast ports whose container traffic represent 3.5% of US GDP.

The volume of trade with Asia, that basically has to arrive in a concentrated 3 or 4 major west coast ports, is such that relations between unions and ports have driven the costs up, and relations down, to such an extent that containers are backed up for several days.  One indication in the articles referenced suggests container unloading ocurred in only 4  of the last 10 days.   The ZeroHedge article following has some photos of the backlog.

US west coast ports face 4-day shutdown FT.com (registration required)

The slowdowns have caused considerable problems for both importers and exporters in the US. Japan’s Nissan and Toyota said they had been forced to airfreight parts for their US car manufacturing operations from Asia to circumvent the port hold-ups.

The congestion has pushed importers to use new routes, including routes via rail and the Canadian ports of Vancouver and Prince Rupert, to reach US consumers. However, Canadian Pacific, one of Canada’s two big railroads, announced on Tuesday that its drivers had given notice of their intention to strike from February 15 if pay negotiations were unsuccessful.

The PMA said its offer would boost terminal employees’ average annual pay from $147,000 to $162,000 over five years, increase workers’ maximum pensions and leave healthcare terms intact.

More from ZeroHedge.  

The “Catastrophic Shutdown Of America’s Supply Chain” Begins: Stunning Photos Of West Coast Port Congestion

Written by Colin Henderson

February 13, 2015 at 09:04

Posted in Uncategorized

UK: 20% of shops will never be re-occupied


More on demographic and perhaps systemic shifts driven by internet and ecommerce.  To suggest that 20% of exiting shops will never be re-occupied is a staggering statistic.  Its not quite Detroit level stuff, but we are in a similar trajectory.

 

Demolish empty UK shops, say retail experts

A fifth of empty shops in Britain will “never be reoccupied” and should be demolished or converted, according to the Local Data Company.

The picture above is not uncommon in likes of Dundee which used to be a manufacturing hub that buzzed 30 years ago.  No more.  All across Norhern England the story is similar.

More from the FT piece.

Retail parks in the West Midlands have the worst rate of long-term vacancies, with almost a third vacant for more than three years, while Skelmersdale in Lancashire has one of the worst-hit high streets. Almost 80 per cent of high street shops in the town have been vacant since at least 2011.

I dont think we are seeing this in North America yet.

Written by Colin Henderson

February 4, 2015 at 01:34

Posted in Uncategorized

Follow

Get every new post delivered to your Inbox.

Join 244 other followers

%d bloggers like this: