Payment System Blog

Repairing the Apple Pay Vulnerability

noreply@blogger.com (Anonymous) — Sun, 08 Mar 2015 15:43:00 +0000

The Apple Pay architecture works; financial institution (FI) validation of its users once again fails miserably. FI must protect all their customers better and Apple Pay users far better. There is no excuse for retail FI to continue to live in the stone ages. There is no excuse for FI not evolving with continuously changing attacks on accounts in their care. The FI approach: “this vault worked for our founders and we will not change it now” is bankrupt. FI need to continuously review their security posture and create architectures that evolve with attacks or everyone will pay increased fees to cover FI unnecessary losses.

The Apple Pay vulnerability allows thieves to enter stolen payment card data to use as payment. FI receive an initial request to validate the user of the payment card data. FI need to improve their validation techniques for this preliminary non-financial transaction and use these techniques for all their varied cardholders, regardless of the payment initiation methods they use.

At a minimum if FI customers plan to use a personal electronic device (PED), then the FI needs to send a text message or an email to their customer on receipt of a validation request. If the card holder does not respond appropriately to the validation request within reasonable time then the FI denies the validation request. FI cardholders with greater value at risk need better protection. FI should store a picture taken while the customer is present in the FI and compare it to the same picture stored in the customer’s PED during the initial validation of payment card data stored on a PED.

These techniques in today’s Wild West require that Apple and its competitors create standards for validation of cardholders and the PED applications. Once again greed prevents the development of standards to protect the paying public so FI fees increase to cover preventable losses. Government cannot create laws to protect users from FI incompetence without creating significant greater costs to FI. Perhaps a patchwork of differing FI techniques to validate its users will serve until the techniques becomes routine and therefore non-proprietary and therefore ripe for a standard.

Regardless of the uniformity of approach, FI, and financial application developers need to consider vulnerability posture before releasing payment solutions to the paying public. Whether the validation request comes from Samsung Pay, Apple Pay, or Google Pay, FI need to prove the request comes from their customer and not an impostor. FI know how to compare data from a transmission to one stored on their processing platform. FI know how to create response transmissions. FI know how to set a timer to expire if there is no response from a cardholder. Knowledge is worthless however if FI continue to think that a physical vault protects their customers from attack.

Next Blog: Removing the Security Standard Development Obstacles

Samsung Pay Changes Everything

noreply@blogger.com (Anonymous) — Tue, 03 Mar 2015 15:38:00 +0000

The Samsung Pay application gives retailers the chance to control their destiny in the payment space. However, big block retailer predilection for restricting consumer choice instead of expanding consumer choice, likely will let this great opportunity pass by them unused. It is difficult to imagine the logic of angry retailer executives under siege by the payment services industry but their actions show their infantile understanding of something typically right in their wheel house: pricing.

The Samsung Pay application allows consumers to pay for purchases by sending a magnetic wave to the reader heads of a point of sale (POS) device. Thus a well designed POS device can process a wide range of transmissions including allowing consumers to choose a method of payment other than a payment card. Simple code changes within current deployed base of POS devices has the possibility of allowing consumers to change their method of payment to an e-check or ultimately a crypto currency and require their customers to pay them for more expensive payment choices.

The payment services industry will not sit idly if retailer surcharges soak cardholders, but the payment industry allows retailers to offer discounts for customers using cheaper methods of payment such as cash. If retailers announce a convention such as track 2 beginning with digits not used by payment cards (such as 000) followed by financial data such as a routing and account numbers then a POS device can originate a real time authorization request followed by fast settlement, without swipe fees, charge backs, or liability for the theft of a consumer account.

The best retailers will present a POS device that allows consumers to enter data that establishes proof of identity as a form of protection that separates a retailer from its competitors. Consumers though will ultimately react to lower prices for cheaper payment methods. If there is not a percentage plus fixed fee attached to the price of a purchase (such as a donut dipped in chocolate and peanuts accompanied with Hawaiian coffee with real sugar and cream) then all (including hospitals specializing in cardiac services), but the payment services industry, will rejoice and pay lower prices by using non-proprietary methods of payment.

Of course Samsung Pay presents the same risks of attack as Apple pay (see http://paymentnetworks.blogspot.com/2014/09/review-of-iphone-payment-initiation.html ) and there is no antidote for electronic theft at the least secure point of its transmission, however the price of admission for electronic theft continues to increase and the Samsung payment application raises the bar higher. Fraud will decrease because of the ubiquity of magnetic stripe readers and not from the EMV boondoggle.

Will retailers use the capabilities of magnetic transmission to their advantage? Perhaps retailers will use pricing to combat the torment of the payment services industry. Perhaps financial institutions will offer portals for e-check approvals without acquirers. Perhaps pigs will fly.

Next Blog: POS architecture for Magnetic transmission

A Retailer Strategy for the Payment War

noreply@blogger.com (Anonymous) — Fri, 20 Feb 2015 15:46:00 +0000

Retailers need to help themselves in the payment wars. The solution to high swipe fees; charge backs; reversals, and monopolistic practices of the financial services industry is creating a new form of payment acceptance that retailers control. Some national chains attempted to do this with the CurrentC approach, a disaster in the making because it limits consumer choice (see http://paymentnetworks.blogspot.com/2014/10/why-retailers-cant-build-payment-systems.html). Retailers must let consumers choose their payment method but let the marketplace influence consumer payment choice by controlling the pricing of payment methods. If retailers let the payment services industry cram the EMV boondoggle in their places of business then they acquiesce to increased costs and lower margins after spending precious capital improvement budgets deploying the boondoggle or a haphazard response to the boondoggle.

Retailers now let the payment services industry dictate the equipment to originate payments in stores. Retailers need to design payment equipment with payment system architects and point of sale (POS) manufacturers. With custom built devices and new standards created by retailers and given as specifications to the POS equipment manufacturers, plastic with a stripe or a chip will be an overly expensive device that consumers rapidly abandon.

Retailers can piggy back the current requirements and specifications to their new device and surcharge for plastic (or discount for non-plastic) card payment by use of easy configurable settings on their custom POS device. Further, the POS device must easily allow or disallow certain payment options all together. If acceptance of credit card transactions is too expensive then retailers can configure the device not to originate payment without a personal identification number (PIN).

Configuring the device to accept the currently accepted methods of payments though will not give retailers the real advantage in the payment wars. The design of the POS device must accommodate payment evolution and not just telephone currency, digital currency, and e-checks. The device needs to accept non-chained based digital currency issued by independent issuers of digital currency. The device must be configurable to lower risk of payment acceptance by authenticating various elements of the payment data in real time.

For example a customer uses an e-check application on their phone. The POS device communicates the amount of the purchase to the e-check application. Once the phone user authorizes the use of the e-check application (by a method dictated by the phone and its user) then the payer application creates an electronic signature on top of the e-check already signed with the issuing bank’s public key. Interception of this data by an attacker is worthless because the payer signature uses hashed data built from data within the phone (also stored at the financial institution), the geo-code, and the local time (sent unencrypted with the message). The FI accepts the check in real time (after validating the signature) and settles the money to the retailer bank on the same day. The FI notifies the retailer of the action in real time. The FI does not need an acquirer, merchant number, or to pay a swipe fee. The POS device routes using the routing number stored within it (just like use of the bank identification number (BIN) used by payment cards acceptance devices today).

If retailers architect a good solution then a POS device and electronic wallet soon will negotiate the cheapest payment option for both the retailer and the consumer (based on the configuration of both devices) and the retailer or the customer may not necessarily know what method originated the payment especially if actually resides in the same consumer account.

Next Blog: White Elephants roaming the Payment sphere

Is a Retailer Revolt from EMV in the Near Future?

noreply@blogger.com (Anonymous) — Tue, 27 Jan 2015 15:18:00 +0000

Bad group thinking created EMV and now bad group thinking is trying to cram it down the throats of reluctant retailers. Threats of fines, charge backs, increased fees, and the rest of the arsenal wielded by the major players of the payment services industry does not seem to have yielded the expected results. “Wait until fall”, say the bad group thinkers; but an unexpected reaction may revolutionize the retail payment industry.

Small retailers, such as the bodegas, convenience chain stores, and others making rapid small value sales may refuse to originate credit card transactions. Patrons will start entering their PINs so these retailers do not have to pay for counterfeit card transactions. This natural evolutionary response creates a remarkable consequence, on-line retailers that accept EMV cards will take the brunt of fraud attacks because EMV has no protection against card not present (CNP) fraud. The EMV boondoggle thus moves the smaller retailers to a more secure solution than EMV at a fraction of the cost. Use of a PIN accompanied by derived unique key per transaction (DUKPT) encryption is the heart of the Chip and Pin solution (the British EMV application). Small US retailers will employ the exact same technique.

The unintended consequence of bad group thinking creates focused attacks against on-line retailers. Amazon and the rest will bear the brunt of new costs based on issuer losses and thus level the costs for on-line and traditional retailers. People will swarm to Main Street in droves.

Maybe the coming small retailer revolt will have other consequences. Since smaller retailers will not bear the costs of upgrading their point of sale (POS) equipment, and will not pay obscene fines for payment industry stupidity, they will become competitive again with the large national chains. If a hammer costs the same at Joe’s as it does in the Humongous, why not buy it at Joe’s. Walking down the street is healthier than a 20 minute car ride anyway.

Payment technology has advanced beyond the plastic solution and the knee-jerk response to adopt the EMV boondoggle sounds the final death knell for an obsolete solution. Vested interests cannot prevent the Federal Reserve (the US central bank) from creating a modern small value payment solution, much as the lobbyists may try. Maybe if the politicians could stop the Fed as they stopped single payer health solution then EMV would succeed in the US. But the Fed is independent, and lobby proof (although they do seem receptive to new and creative ideas). Internet and phone companies soon will become the infrastructure providers for payments and the retail world rejoices with lower fees and increased sales.

Next Blog: The new payment system attacks

8583 is Obsolete; So Why Don’t Payment Networks Replace It

noreply@blogger.com (Anonymous) — Sun, 25 Jan 2015 20:30:00 +0000

Using a bit mapped data protocol in an HTML world is a bit like using candles to light a house. The candles only light parts of the interior; the occupants must carry a candle around from room to room; and wax drips on every surface with the slightest breeze. ISO 8583 similarly requires data remain in a precise location; requires a maximum length; cannot allow different data attributes; and does not allow the growth of new fields easily. In today’s rapidly evolving payment infrastructure, the use of such a dinosaur as 8583 increases transaction costs, increases the risks of badly formed messages, and slows innovation.

There is a good reason why the payment services industry does not use a tagged based data protocol (such as 20022); it may make many players in the industry obsolete. If a data protocol can be accessed easily and free from anywhere on the net; have fields added by anyone that needed to add one (by use of schema links attached to messages); and use HTML; then payment messages to issuers need not originate from acquirers, forwarders, or gateways. Any personal device has the ability to transmit a payment order using a common tagged based protocol and it is simple for financial institutions (FI) to write sending and receiving applications using the data protocol.

Enhanced security may cause this shift away from the current status quo. All transactions will need approval in real time, originate from a known device, use a derived encryption key unique to the device, and contain a meaningful origination location. Issuers can create many varied security methods using different logic for validating users. This diversity of approach minimizes the gain from any one successful attack.

There will be no difference in paying a person, or a business, or a government. Payers can pay the fees associated with use of such a system, which issuers may waive to encourage the use of their institutions, especially for large value accounts. Issuers also may be able to collect sales taxes depending on the interpretation of the data and immediately move the money to the government entities benefitting from a particular transaction.

Apple Pay and the grousing about interchange fees may also start the move to a better data protocol. How long will it take before the internet industry gets tired of moving payment data through the likes of First Data? When will Google negotiate with the big issuers, create their own links, use their own modern data protocol, and become their own authorizing agents? FIs can stop worrying about courts limiting their interchange fees and make any deals they want until true competitors force fees south. The first step: create the data protocol and place it on an easily accessible site and see what happens.

Next Blog: What happened to the anticipated data scraping attacks over the holidays, shhhh

Importance of Anonymity For Accounts Used By Students

noreply@blogger.com (Anonymous) — Thu, 22 Jan 2015 21:39:00 +0000

There are numerous studies linking good nutrition and education (see for example: http://www.nal.usda.gov/fnic/pubs/learning.pdf, http://www.cdc.gov/HealthyYouth/health_and_academics/, and http://www.nature.com/nrn/journal/v9/n7/abs/nrn2421.html )

Linking nutrition to intellectual growth does little good however if access to a needs based nutrition account creates stigma for the users. Stigma prevents poor students from participating in nutrition programs (see for example: Mirtcheva, D. M. and Powell, L. M. (2009), Participation in the National School Lunch Program: Importance of School-Level and Neighborhood Contextual Factors. Journal of School Health, 79: 485–494. doi: 10.1111/j.1746-1561.2009.00438.x; Found at http://onlinelibrary.wiley.com/doi/10.1111/j.1746-1561.2009.00438.x/abstract ).

Anonymity prevents stigma, and any payment token masks its funding source, or at least has the capacity to do so. Giving everyone in a community equal access to the necessities required for public education including access to nutritional foods, books, and transportation increases the pool of educated people needed to lead and serve their societies in future generations. That makes creating a payment token that masks the origin of its funding source and making that token the sole medium of exchange for all purchases made while in the loco parentis of a school system vital for social mobility and a strong middle class.

Each independent school system typically issues a student identification card associating a unique number with a student enrolled in the system. School systems can map that unique number to a payment token in ubiquitous use within the same local area as the school. Diagram 31 depicts the concept.

Diagram 31; Masked Funding for Student Payment Systems

The flow of funds from the student to the points of purchase must be the same for all students, regardless of the funding source. A school payee can only accept one form of payment which is the token issued by the school system. If (inevitably, when) an ID is lost, or stolen then manual entry of the ID must be available (accompanied by a real-time check for last use).

The standardization of payment for access to all the necessities of education will eliminate stigma of needs based recipients permanently and societies will benefit from the growing confidence of the next generation.

Next Blog: Busting Retail Payment Monopolies

Will the New US Relationship with Cuba Create the First Cashless Society

noreply@blogger.com (Anonymous) — Sat, 17 Jan 2015 20:14:00 +0000

Looking at the new rules for US citizens traveling to Cuba prompts questions about what a remittance is or if access to money is the same as money. Can a US traveler to Cuba give a potential local business associate a payment card with an associated large value limit? Can a US traveler create an account on an African phone and fund it with large value and give it to a Cuban national for business development purposes? Do US citizens need to take such steps at all since US banks can now create Cuban correspondent accounts and thus effectively create gross real time payment access (although “real time” may be a bit optimistic in this case)? Will the Cuban tourism industry now accept payment cards issued by US financial institutions (FI)?

The Cuban Government intends to unite its dual currency system and make other reforms. However, requiring Cuban FIs to comply with BASEL II, instituting a large value real time payment system, or a deferred netting system (regardless of the periodicity of settlement), and generally providing a financial infrastructure allowing Cuban citizens to amass wealth from outside sources will not sit well with revolutionaries in Havana. Perhaps the distrust of the capitalist system that fomented the Castro Government will lead to the development of a new type of fiat currency and a new type of payment system that will resolve several issues at once.

Instead of forcing business to exchange foreign currency to Cuban Convertible Pesos the government may allow their citizens to keep the currency in their original denominations if the government can pool that money into an account and issue digital currency strictly backed with the foreign reserves. Effectively such a system will give Cuba three types of currency, but likely not for long. The limiting factor of such a system is the availability of modern cell phones and other like equipment capable of storing, transmitting, and receiving digital currency securely. If the Cuban government promotes the ubiquitous flow of digital currency backed with hard fiat currency then the creation of a cashless society may be a step away. The Cuban central bank issues and redeems the digital currency; there is no foreign exchange (since the issuance is in the currency pooled at the central bank); the other two Cuban currencies will quickly fail to be used and be converted to the digital currency as fast as the foreign currency is amassed.

The Cuban Central bank redemption activities will soon dwindle to nothing and once both versions of pesos move into a digital form then there will be no impetuous to keep any non-digital currency at all. Certain activities such as insuring that all Cuban citizens have access to a personal electronic wallet; making clear transparent regulations on the audit of foreign currency pools; and limiting the power of the government severely to revoke the certificates embedded in digital currency will ensure the success of the endeavor and make the Cuban cashless society the envy of modern governments worldwide.

Next Blog: Contraband: the destroyer of a cashless society

Is NPR the Latest EMV Boondoggle Shill

noreply@blogger.com (Anonymous) — Tue, 06 Jan 2015 17:45:00 +0000

The payment card industry push for EMV has little to do with security and everything to do with increasing profits from retailers and ultimately consumers. The costs to implement EMV far exceed the benefits (see http://paymentnetworks.blogspot.com/2014/05/the-regressive-movement-to-europay.html ) and yet the main stream media continue to trumpet the industry line without really examining their true motives. The fact that using the current infrastructure and requiring PIN entry fixes the problem of skimming, scraping, and card not present (CNP) fraud does not seem to matter to anyone. Lazy reporting, and promoting a corporate agenda are the feed for today’s media and that is not a surprise to anyone. There are still some jewels in the tarnished media crown that take the time to unearth real news and discover the dialectic pulse that vibrates across all human endeavors. Their numbers dwindle and recently National Public Radio (NPR) published a puff piece that demonstrates how problematic any reporting from the most venerable of media outlets has become.

The NPR report on EMV conversion naturally discussed the completely discredited defense against fraud motivation, but then almost hit on the truth. In the article (see: http://www.npr.org/blogs/alltechconsidered/2015/01/05/375164839/u-s-credit-cards-tackle-fraud-with-embedded-chips-but-no-pins ) the reporter (Jim Zarroli) almost came close to the truth but ultimately spouted the corporate line “PINs would actually turn off U.S. customers” without so much as a look at the supposed marketing survey that produced such malarkey.

So the listening public gets the false impression that EMV protects against modern day financial data intercept attacks and that the expense for this needless conversion to an expensive infrastructure that functions exactly the same as the current infrastructure (in key aspects) is due to issuers looking after the public’s well-being. Is this really the same network reporting on the Central Intelligence Agency (CIA) and the National Security Agency (NSA) antics while waging the terrorism war?

The story in the Halcyon days might have brought light to the payment services industry lobbying efforts in Congress, their loss of fees because of Dodd Frank, their loss of monopoly due to mobile payments and other innovative approaches to payment? However now the long suffering public hears a puff piece sounding a lot like the industry’s PR shills. Real reporting does not pay anymore however NPR used to have a reputation for good reporting. Let’s hope this report is an aberration and not the coming trend.

Next Blog: Payment Trends in the Coming Year

Needed: Weapons to Attack Payment Card Attackers

noreply@blogger.com (Anonymous) — Fri, 02 Jan 2015 15:39:00 +0000

Underground bazaars selling payment card data seem to operate with impunity. The financial services industry, law enforcement officials, and issuers, seem to relegate the monitoring and discovery of thefts to private researchers such as Brian Krebs and his krebsonsecurity.com web site. When a pawn shop openly sells stolen goods, or an arsonist announces a plan to set a fire, or a mugger attacks a victim in a camera’s view, society reacts and moves to stop the activity. Law enforcement captures the offenders, prosecutors prove violation of unambiguous laws, and judges sentence the offenders. Yet the financial data bazaars operate without fear of justice, and sell their stolen data without hindrance and feed a blossoming market for thieves.

Perhaps there is room for controlled internet vigilantes. If any private entity attacks a rogue web site they risk arrest and prosecution for violation of a number of federal statutes. Law enforcement officials cannot arrest, victims cannot attack, and countries hosting the sites do not seem to care. The situation generally is not without precedent. Governments winked at the activity of privateers or openly gave them license to attack enemy merchants on the open seas. Perhaps an internet privateer is a concept that works on the electronic open sea.

Governments can grant licenses to private entities to attack a web site. If a would-be internet privateer (or a privateer’s sponsor) presents evidence to a duly constituted court that a web site outside the jurisdiction or reach of the court causes harm to citizens under the jurisdiction of the court, then the court can grant an internet privateer license that gives the holder immunity from prosecution for attacking the specific rouge web site. There may be various levels of licenses. One level may be for simple denial of service attacks, while other licenses may allow the tracing of data, while others allow the deletion of data, and others allow the destruction of hardware.

If such a privateer license exists then an industry of attackers may meet the criminal enterprises head-on. The financial services industry may offer large bounties for privateers willing to permanently (or for a specific time) eliminate a financial data bazaar. The methods for attack may become as varied as the original attacks that steal financial data. Privateers will create methods for proving that they disabled the site and not their competitors. Governments will create specialized courts to handle the requests and fund them with license fees, ensuring efficient and timely license grants. Card holders and retailers at last will not feel that they are the only ones under a cyber siege.

Of course there are lobbies that will not want internet privateer licenses. Acquirers and others that receive good income from bad traffic (especially when the card is not present in the fraudulent transactions) may argue that vigilantism does not work for a society built on observance of laws, not the wholesale breaking of them for a profit. However, ultimately no politician will want to side with international mobsters, and with just a bit of coddling, cyber vigilantism will become as normal as a tweet on a sporting event.

Next Blog: New Fraud Detection Techniques for Needs Based Payment Systems

A Legal Non Bank Infrastructure for States without Criminal Marijuana Laws

noreply@blogger.com (Anonymous) — Tue, 30 Dec 2014 21:22:00 +0000

The remarkable thing about governments is their persistence in pursuing failed policies of ancient generations regardless of the harm caused to present constituents. Fortunately a bit of imagination sidesteps the lumbering posture of slow-moving and dim-witted dinosaurs.

A case in point is the US Federal Government’s refusal to clarify banking regulations for States that legalized recreational or medical use of marijuana. The consequences of inaction mean large amounts of cash dangerously moving from point to point without a home in either the underground or the above board economy. Fortunately it is a relatively simple problem to solve for the most inexperienced payment system architect, although tragically, the legal marijuana industry has yet to employ one.

The basic ingredient for the payment solution is a large building in a remote location with sufficient guards, gates, and guns to make any armed attack against the facility (without the equivalent of an army division) unsuccessful. Members of the industry, (let’s call it the Aging Hippy’s Benevolent Fund or AHBF) then take their cash and deposit it there. The depositor owns their cash; the industry owns and manages the facility. The AHBF hires the staff and equipment necessary to account for funds from the moment members place cash on deposit to the moment members remove it.

Once the funds have found a home, the AHBF creates a cyber currency by issuing electronic cyber currency to their customers. Marijuana purchasers do not buy marijuana directly they buy an amount of cyber currency which is the exact same as purchasing a Bitcoin and therefore completely unambiguously legal. The consumer payment can come from any electronic account including bank accounts. Once the consumer has their non-reputable certificate of value securely placed on the electronic medium of their choice, it is relatively simple to transfer that certificate to a marijuana provider that in turn can transmit it the AHBF, which in turn, augments the provider’s account accordingly.

If the industry just wanted to make a safe haven for their cash, then the above solution provides the haven and allows customers to purchase goods without using cash. However if the industry wants to profit from the innovation then they will provide a secure application that allows purchasers of the cyber currency to transmit the electronically stored value to any electronic device; the AHBF will allow their currency to freely circulate. Consumers may redeem the issued currency the next day or they may never redeem it. Thus issuance provides excess funds allowing seamless operation of the AHBF facility without a membership fee. Likely they will have to distribute the profits to members on a periodic cycle.

The AHBF may also want to provide a special large value currency that allows the industry to move product in needed quantities to themselves. To do this they can use the method described above but allow for a special cases. Wampum provides a solution (please see: http://paymentnetworks.blogspot.com/2014/10/concept-of-large-value-non-fiat-digital.html for further details)

Next Blog: New discussion on Fraud, its detection, and industry failure to do so.

Converting Credit Card Available Balances to Cash and Sidestepping FI Usury

noreply@blogger.com (Anonymous) — Fri, 21 Nov 2014 00:25:00 +0000

When consumers travel by public conveyance they become captives. Moreover, long haul travelers become easy prey for diabolical payment architects blatantly blurring the lines between debit and credit payment applications.

Consider the ubiquitous embedded screens on the seat backs of jumbo jets and place them on all modes of transportation where passengers wait patiently for their journeys to end. Next consider optional ticket prices to include cash available to gamble, access proprietary content (maybe not actually used), pay for contingent travel (such as discounted hotels if circumstances interrupt a trip) or other similar amenities. If the option includes winning money (not necessarily by gambling, but by contests, refunds, or a host of such promotional items) then effectively $x charged to a credit card becomes $x - $y where $y is cash received back by the consumer.

The cash strapped traveler may use their credit limit to access ready cash at a discount and the conveyance providers may well get the use of a generous float if weary travelers do not stop at a Kiosk to get their cash back but let it ride until their next trip. Further the conveyance providers have a source of data that shows what their custom want to do to wile away the hours. The losers of course are financial institutions (FI) that get less money than they would otherwise for a cash advance on a credit card.

Providing cash to credit cardholders is not just for the travel industry. It is possible for inspired entrepreneurs to provide a cash delivery service to credit card customers. The cash strapped consumer gives the credit card number to the delivery company that initiates a request for the cash, the card not present (CNP) fee, and a fee for the service. Once again all are happy except the FI that may complain that it violates card acceptance agreements somewhere way down in the small print.

There are many such ways to wring cash from credit cards without the regular FI fees and perhaps now there are certain unscrupulous merchants that ring up a sale, only to give the majority of the value back to their custom. There is likely an economic model that gives a price point for the cheap loan service including covering the risk that the evil merchant takes if discovery means the inconvenience of changing their merchant number or some other ruse. These after all are desperate times for a middle class under siege.

Next Blog: Bad Ed II: new filters for a new era of fraud

New Payment Systems Processes for Dispute Mitigation

noreply@blogger.com (Anonymous) — Fri, 14 Nov 2014 13:41:00 +0000

Banking associations, clearing house associations, and central banks have rules and laws governing payments made in error. However the payment architectures described in this blog such as small value gross real time payment systems, push payment architectures, and issued digital currency have little in place to protect payers that move value to the wrong payee. Reversals used by debit card networks or voids used by credit card networks will not work with these new types of payment systems. Imagine reversing a digital currency payment and then imagine how ne’er-do-wells may exploit such a function. Similar security concerns exist for nullifying transactions using the evolving types of payment methodologies discussed in this blog. The other form of dispute processing designed for the unhappy payer, also needs a transparent and fair dispute mitigation process.

Issued (notably not mined) digital currency has the best prospects for dispute mitigation because properly designed digital currency contains more than value; it contains logic to process data about its container and other environmental factors. Further digital currency can have logic that signals the correct disposition of the goods (services have tougher hurdles) exchanged for the digital currency.

For example, a consumer sends a digital amount to a retailer for an item marked with a universal product code (UPC). The currency determines if it arrived in the right till by checking public attributes of the till such as its certificate and perhaps a known precise geographical location. If the environment does not meet the expectation of the currency then it revokes its own certificate and if possible transmits the action to its certificate authority or some yet to be invented currency monitoring body.

If the currency finds its new environment matches expected after-transaction criteria then it signals OK and that status transfers to the brick and mortar security monitors mounted at exits. The payer walks past the monitor that matches the payment initiating device and the product UPC and allows an exit without raising an alarm. On-line merchants may have more complex processing steps such as sending the initiating device the periodic status of the UPC as it moves from warehouse to shipper to payer door. If the movement does not occur as expected within the times declared by the merchant then the buyer may have a legal right to revoke the digital currency certificate.

Smart tags too may add to the new automated dispute processing infrastructure. If the smart tag determines a jolt occurred past a known threshold then the tag record the fact and on arrival transmits the exact geographic location and time of the jolt to the payer and thus the entity liable for the damage.

Real time payments and push payments do not bring working code into transactions, however initiating and receiving devices attaching various data with payment information can precisely identify what the payer expected to purchase and when a transfer of goods completes after payment. The smart tag recording of damage still applies.

It is difficult to estimate the cost for exotic dispute mitigation infrastructure for modern payment methods, however no doubt the processes will be more satisfactory than the methods in place today with payment cards, their obscure rules, disgruntled merchants, and their custom.

Next Blog: Consequences of anonymous payment methods

Will Payment Cards go the way of the Dodo

noreply@blogger.com (Anonymous) — Tue, 11 Nov 2014 17:13:00 +0000

The evidence is clear and the trend shows payment cards slowly leaving the retail payment infrastructure. Large retailers that issued their own private label cards sold their stock and processing to professional payment services firms. Telephone operators and Internet service firms assume the role previously occupied by issuers and acquirers. Retailers create their own payment initiation protocol to preempt hostile acquiring agents from increasing their fees. Something must give or retailers’ slim margins will force consumer payments back to riskier payment methods such as cash or paper check.

On the horizon sits a new form of payment architecture, cheaper, safer, and faster than anything card technologies offer. Clearing, settlement, and notification to the parties of transactions take place at the speed of light without middlemen pocketing fees from lack of a physical token at a payment acceptance device or a chargeback for dubious causes. The only question remaining is will the change occur quickly once a small value real time payment system becomes ubiquitous or will the old guard fight back with discounts and incentives. Will a payment system that works equally well regardless if the payee is a retailer, a charity, or a government, trump a system loaded down with fees and designed only for retailer payees?

Consider Diagram 30 that contains a portrayal of a small value real time payment system.

Diagram 30: Small Value Real Time Payment System

The payer financial institution (FI) retrieves the payee data from a common data store and acts on the instructions from the payer and notifies the payee and payer in real time about the results of the transaction and then moves the value of the payment to the payee’s FI. This is a valuable service and warrant fees (including a reasonable profit). If the infrastructure exists (and it seems that plans are under way for its completion; see positive movements in that direction http://paymentnetworks.blogspot.com/2014/10/movement-to-small-value-gross-real-time.html ) then the funds for the infrastructure and the processing environment must come from somewhere. The operators need to charge a fee similar to what the Fed charges for use of Fed Wire, namely whatever is necessary to cover the cost of running and maintaining the system, however without profit. FIs also can charge whatever fees they want as long as they do not collude with each other to set one illegal fee. Payers and Payees negotiate with each other to determine the payer of the bank fees.

So what will a few bits of data cost to transport from one point to another. That is a question of conjecture but logically it will cost a lot less than what payers and payees pay for the archaic structure currently run by huge monopolies.

Next Blog: The new entrepreneurs selling a push system to an eager public

Using Throughput Measurements to Detect Data Scraping Attacks

noreply@blogger.com (Anonymous) — Sat, 08 Nov 2014 13:11:00 +0000

If retailers insist on using out-of-the box operating systems to process card payments in electronic cash registers (ECR) then the least they can do is perform the minor calculations needed to determine that throughput within the ECR meets nominal expectations. Microsoft has provided various functions to monitor processing such as QueryPerformanceCounter (QPC). It is possible to use these functions to determine if there is unusual activity within an ECR.

ECR suppliers can create benchmarks for movement of financial data across their platforms both before and after distribution to customers. Timing begins before reading a port containing external financial data and ends at the point after clearing memory containing financial data just before returning control to a non-financial data processing application.

A terminate stay resident (TSR) application then can read the measurements on a continual basis and determine if increased processing time indicates a likely data scraping attack. The following rough pseudo code gives an example of this type of countermeasure to a data scraping attack

Read Timer with highest resolution possible

Process Financial Transaction

Wipe financial data from application memory and I/O buffers

Read Timer with highest resolution possible

Write End timer results – Begin timer results to next position of data store for TSR

The TSR then continually looks at the values in its data store and if the values start increasing consistently beyond a reasonable deviation variable then the TSR performs actions based on its configuration.

This simple method comes from descriptions of data scraping attacks in various media. The presumption that these attacks originate within the ECR ensure that monitoring activity occurs for only one financial transaction at a time. If the data scraping attacks occur further up stream then similar methods of measuring throughput are possible, however the complexity of the approach increases.

The pseudo code mentions the wipe of application memory containing financial data. If applications do not contain this step then this monitoring approach is futile. So please developers and ECR manufacturers, wipe after flushing.

Next Blog: Something pseudo wicked lurks nearby

Is the Diversity of Payment Origination a Symptom of Struggling Middlemen

noreply@blogger.com (Anonymous) — Tue, 04 Nov 2014 14:09:00 +0000

Points of sale are one of the few places where it is known people exchange money for goods or services. In the Halcyon days before payment cards, a merchant accepted cash or checks and consumers carried those payment methods with them. Now central banks want to eliminate the paper check and no one carries cash with them unless to buy illegal goods or services. In some cases underground outlets accept plastic. Yet for the many diversified ways to pay, the fees for payment keep increasing to the point that merchants make ridiculous attempts to avoid them (see http://paymentnetworks.blogspot.com/2014/10/why-retailers-cant-build-payment-systems.html for my discussion on CurrentC) and charlatans create fatally flawed crypto currencies such as Bitcoin (see http://paymentnetworks.blogspot.com/2014/06/an-analysis-of-bit-coins.html ) to prevent middlemen from picking retailer pockets.

Now point of sale (POS) equipment manufactures recognize that consumers will originate payment from continually changing technologies and so build machines to accept all of them (see http://www.paymenteye.com/2014/10/30/former-head-of-google-wallet-debuts-alternative-payments-terminal/ ). Is it not time to ask if the diversity is unwanted and used not for efficiency, security, or cost advantage, but because retailers must offer all the choices foisted on the consumers by all those eager souls desiring to sit just between the wallet and the till.

A retailer that does not accept a method of payment that a consumer uses will lose a sale, which is the main reason they bow to the ridiculous requirement of a chip card when their current POS devices effectively do the same thing with PIN entry and derived unique key per transaction (DUKPT). The card service industry sells consumers a pack of lies on a routine basis by insinuating consumer laws do not protect their accounts or that theft of card data necessarily means a successful attack against consumer accounts. How many parrots out there clamor incessantly about the growing threat of cyber attacks against payment systems when actual details of the percentage of successful attacks compiled by the Fed in the US and many other European and other countries show successful attacks against brick and mortar retailers pale in comparison to the value successfully cleared and settled. When a PIN accompanies a purchase request, there are few claims of a successful intercept of payment data and subsequent attack (See Federal Reserve System; The 2013 Federal Reserve Payments Study Recent and Long-Term Payment Trends in the United States: 2003 – 2012 Summary Report and Initial Data Release; (December 2013); p.32 and ff http://www.frbservices.org/files/communications/pdf/research/2013_payments_study_summary.pdf ).

The retailers are not helping their own cause, because they keep insisting that consumer payments originate from retailer payment requests to the consumer financial institutions. The complaints about payment service monopolies, interchange fees, and charge backs occur because of the firm but unsubstantiated belief that knowledge of customer payment data increases marketing and future sales opportunities. The CurrentC architecture uses the current payment system architecture with “pull” logic. The only difference is knocking out Apple Pay and all other Near Field Communication (NFC) origination technology but unless a retailer issues the payment card or routes the card correctly to the authorizer, transaction costs remain virtually the same, regardless of promises of huge discounts.

There is the possibility that consumers do not care how they pay for their goods and services as long as a payment does not result in a successful and uncompensated attack on their account and the initiation method is not overly awkward or time consuming. If the origination method also means a discount over another method, then cost conscience consumers use the least expensive method. So why do financial institutions (FI) issue debit cards and let their consumers use them over credit card networks? The interchange fee seems like the most logical answer. So how do retailers get money from consumer FIs without astronomical fees? They ask consumers to push money to retailer accounts and let them do it for less than a percentage plus a fixed fee and both sides of a transaction split the middleman’s money.

Next Blog: New Musings

Chances for a successful Cashless Society

noreply@blogger.com (Anonymous) — Fri, 31 Oct 2014 14:20:00 +0000

There exists a ratio between transactions for legal goods and services and illegal goods and services. Let me represent that ratio for the sake of discussion with a term, the criminality index and represent the term with the following equation:

CI = IT/LT

Where CI equals criminality index and IT equals the value of all illegal transactions and LT equals the value of legal transactions during a given time.

Typically the ratio is less than 1 and approaches equality with 1 as a region increases laws created to prevent goods and services within the population. Since there will always be a demand for criminal activity unacceptable to the majority of people within the region then the ratio will never equal zero if the period of monitoring is sufficient.

For example there will always be a limited demand for murder for hire; modern societies will always consider it a criminal act, and so the parties to the transaction require cash for the transaction. If actual cash does not exist, then the parties to the transaction barter with goods or services to complete the transaction.

Banning barter only causes the IT/LT ratio to increase and drags people that like to barter for legal goods and services into the region of anonymous activity increasing the camouflage for parties to the original illegal act. The government response actually helps parties to complete illegal transactions by making such transactions less rare.

If a society and its government implement a cashless society then its chance for success rests on the anonymity parties to a transaction experience. Governments that log the parties to a transaction, the amount of a transaction, the location of parties to a transaction, and all other data allowing a forensic transaction analyst to determine if the transaction is a criminal act or not, will cause the cashless currency to fail, and if the government has a high criminality index then the currency will never experience ubiquitous acceptance by a population.

If governments do not log transaction activity then the chance for ubiquitous acceptance of a completely cashless region is much likelier regardless of a regional criminality index. I say that without proof and make the assumption for two reasons, namely:

1) People recognize that future events shape their future behavior. If government monitors behavior and anonymous behaviors become usual for observers regardless of the criminality of observed activity, then observers cannot notice a change caused by potential future criminal activity.

2) Non-criminal activity may have consequences for personal reasons such as transponder payment data from a defendant in divorce court that travels on a toll roll to conduct an extra-marital affair.

It does not matter that access to logged data is limited in scope; people react to their perception of potential threats not actual ones; witness the absurd behavior of some US State government officials reacting to health workers returning from countries experiencing Ebola outbreaks.

The chance for ubiquitous acceptance of a cashless society also rests with the criminality index. If laws only exist against assault and theft and there is no monitoring of financial transactions, then people do not care if ultimately prosecutors develop a criminal prosecution by using defendant financial data lawfully obtained with court ordered warrants.

Next Blog: Beyond issued digital currency, beyond push payments, lies a thought payment system

Why Retailers Can’t Build Payment Systems

noreply@blogger.com (Anonymous) — Mon, 27 Oct 2014 01:12:00 +0000

What is it about large retailers that make them incompetent at building efficient payment acceptance systems? It is my unsubstantiated belief that IT systems in general and payment system architecture particularly sit quite low on the retailer totem pole. I come by the belief honestly in that I have made recommendations to tweak specific applications to save retailer money and see obvious changes completely ignored resulting in losses of millions of dollars and counting. It also makes sense that organizations built by sales people, managed by sales people, and directed by sales people scorn the beanie wearing pocket protected nerds scuttling around in off-limits dungeons guarded by 3 headed dragons. That is why the latest attempt by retailers to attack transaction fees especially from Apple Pay is so amusing.

CurrentC is payment system architecture under construction by MCX (Merchant Currency Exchange) and under attack by critics near and far (see for example http://www.theverge.com/2014/10/25/7069863/retailers-are-disabling-nfc-readers-to-shut-out-apple-pay). As the reader(s) of this blog know I believe the current payment card infrastructure is not secure, too expensive, monopolistic, and technologically archaic. In short, it is ripe for wholesale replacement, and it is natural for its chief exploited users to replace it by rolling their own. However if the description of this architecture that I read remotely resembles the planned deployment of CurrentC (see http://techcrunch.com/2014/10/25/currentc/ ) then once again we will witness millions wasted, angry consumers, and happy payment system providers increasing their fees.

The first mistake is disabling the near field communication (NFC) devices and replacing it with their own proprietary protocol. Payment system infrastructure requires open standard protocols for ubiquitous acceptance by the public. Any move away from an existent standard to a proprietary one is bound to fail. Worse yet, it limits payment choice by customers which sales folks know is not conducive to sales growth.

The second mistake is the interaction (if the cited article correctly describes the interaction) requires too many data transfers presumably to enhance the security posture but actually increasing the risk of data intercepts and therefore the opportunity for a successful attack. In an earlier post (see http://paymentnetworks.blogspot.com/2014/09/review-of-iphone-payment-initiation.html ) I noted that Apple Pay did not reduce its vulnerability that much although it will take at least two years from the date of its deployment before an attack succeeds. I think the same is true for the CurrentC architecture regardless of the derived unique key per transaction (DUKPT) type of encryption the cited article described. I never will describe an attack method in this blog, but I think it is safe to say that MCX needs to carefully review its risk posture.

MCX exists for good reason but once again we find sales people fielding a technology that they do not understand. Perhaps they should consider using the infrastructure they already have in place and competing against Financial Institutions and their acquirers by issuing digital currency. It will be a lot safer, a lot cheaper, and it has the “gee whiz” feel that modern consumers love. More importantly, cyber currency increases consumer choices for payment and notably does not reduce consumer choice.

Next Blog: Payment tails wagging payment dogs

Movement to a Small Value Gross Real Time Payment System

noreply@blogger.com (Anonymous) — Fri, 24 Oct 2014 14:21:00 +0000

I read an article in an excellent on-line publication (http://www.finextra.com/ ) that reported the US Automated Clearing House (ACH) (presumably under the auspices of the National Clearing House Association (NACHA) although not mentioned in the article) will develop a real time payment system (see http://www.finextra.com/news/fullstory.aspx?newsitemid=26617). The article seemed to indicate that the system would use a push methodology instead of the payment card pull methodology: “It is expected that the new system will route payments based on tokens that cannot be used to debit accounts, so senders and receivers will not need to provide complex, sensitive bank account details”.

This is a sea change in the payment environment in the US and perhaps the world. Questions, however, abound. Will we see connectivity between real time systems in Sweden, Singapore, and eventually Australia? Will the mobile payment operators especially in Africa offer a real time platform also? Will we see the simultaneous development of tag based data protocol to originate transactions? How will the large payment service providers react? How will banks price the service? Will the system ensure delivery of goods and services by instituting a synchronization of delivery and payment?

Of all the questions, perhaps the most intriguing one is how the big payment services firms will react. If US politics is the same beast that brought us the “Citizens United” Supreme Court decision (stating companies are people and allowing unlimited spending on behalf of political candidates) then lobbying to prevent the development of the modern payment platform already began. I think the lobbying effort will fail and we will see a new approach. Payment services firms will start to offer digital currency and it may have the advantage to some transaction participants by providing anonymity. Sure the gauging of retailers by necessity will vanish, but the circulation of digital money for years after its purchase will allow the payment services firms an endless supply of tax free loans to compete against the registered payments present in the real time payment platform the announcement promises.

I suspect the private label cards will disappear also. The big box retailers and super stores will begin to issue virtual currency with their own corporate electronic signature and it will circulate freely; perhaps consumers will get discounts if they redeem the currency at the company of origin.

The dark side will also get into the game. As long as governments declare certain goods and services illegal then criminal suppliers will meet the demand and if electronic currency becomes the only viable medium of exchange then suppliers will create their own to meet illicit demand.

Fraud will not go away, but the practitioners of thievery will need to become a lot more sophisticated than scraping data off retail payment initiation devices.

Next Blog: The growing schism between payment systems for the rich, the middle class, and the poor

Requirements for International Standards for Bank Issued Digital Currency

noreply@blogger.com (Anonymous) — Tue, 21 Oct 2014 18:07:00 +0000

Once banks realize that issuing digital currency in local denominations is the same as receiving interest free loans (with surcharges paid by the lenders) for indefinite periods then there will be a rush to issue the stuff. The major hurdle may be the lack of infrastructure for customers to spend the currency and without standards that hurdle may prove to be an innovation killer.

Issued digital currency requires a defined business object. The object needs required functions such as “Verify Currency”, “Currency Amount Remaining”, ”Currency Denomination”, ”Pay To”, “Receive From”, and “View Transaction Log”. Each function needs defined parameters. Knowing the haphazard development of innovation though and the protection of the status quo from powerful industry players, what the world will likely get is a single (probably small) financial institution (FI) creating a proprietary standard and trying to fly the beast with a small initial base of paying consumers that likely will not gain needed momentum before failure.

There is a way to avoid the fail fate but it requires the cooperation of a nation’s FIs, the design and publication of standards, and the simultaneous launch of a ubiquitous service offering throughout the entire nation. Witnessing the squabbles of the Kenyan mobile payment service providers, does not give great hope that a profitable, popular, and safe digital currency will emerge within an environment of FIs competing for mobile accounts and transaction fees. If, on the other hand, FI compete by allowing their issued digital currency to freely circulate, and use the cash paid to buy the currency for loans, then the entire economic situation improves for all the FIs within the implementing nation.

For the infrastructure to be complete the payment services community also needs to create a data protocol standard. Earlier reader(s) know of my call for such a standard based on tagged based data protocols such as ISO 20022 for a payment push from a payer account to a payee account. The same data standard developed for payment data originating from a personal electronic device (PED) can double as a data protocol moving digital currency between PEDs.

The one risk for developing financial payment standards is the homogeneous environment provided to attackers. That is why FI must customize the security modules within the digital currencies. For example, some FI may require biometric proof for authentication, while others may leave authentication completely to the PED hosting the digital currency. If the standard provides for multiple security posture it forces attackers to limit their attacks to a single FI. Such a standard naturally leads to increased chance that the issuing FI will discover the attack before an attack succeeds.

FI also mitigate risks also by adding optional insurance modules to the digital currency object. The standard will define a module whereby holders of digital currency have insurance protecting their funds from damage, loss, or theft. The insurer thus needs access to currency they insure on a real time basis or as soon as possible after a transfer event.

The costs for assembling technical people around a table to hammer out the details of these types of standards with no immediate demand and no proof that the idea will succeed may prove to be too much for an innovative nation, but the alternative, a haphazard launch without government support, seems far riskier.

Next Blog: The poor judgment of the US issuing EMV cards

The Dialectic of Attack and Defense of Payment Systems

noreply@blogger.com (Anonymous) — Fri, 17 Oct 2014 15:04:00 +0000

Designers of payment systems need to think more than the clearing, settlement, security, and marketing of these systems. Designers need to consider the evolution of attacks once a security posture is in place. The security design of Europay, MasterCard, and Visa (EMV) for example used public key interchange (PKI) and the cryptogram evolved from static data authentication (SDA) to dynamic data authentication (DDA) to combined data authentication (CDA) and yet this evolution did nothing to stop the type of attacks that compromised the cardholder data originating from card accepting devices. The designers of EMV also did not consider how to protect an attack against cardholder not present (CNP) transactions. The payment solutions of the future cannot present a security posture and dare anyone to attack it. Designers must engineer payment solutions to present different defense postures depending on the environment of their deployment and the type of current attacks.

Payment initiation software must include sensors that indicate an attacker is currently present, and shut down depending on the configuration of the payment initiating device. Software deployed in payment initiation devices must know what their environment is. If (as likely) the operating system is interrupt driven then the software must look at all of the interrupt vectors and determine if those are pointers to legitimate drivers signed by legitimate developers. Payment system software must identify every logical port and verify the legitimate uses of those ports. Introduction of new software into the payment initiation environment cannot take place without validation. These are primitive examples of design considerations taken at the software level that do not rely on hardware to respond to evolving attacks.

As digital currency gradually replaces card base technology, the currency must include software with the payment data that recognizes its environment and responds to attacks. For example the currency will know its payer and intended payee before a transaction takes place. If the currency finds itself in an environment that it did not expect the software within the currency must invalidate the financial data present in the currency. Attackers naturally will respond by mimicking the intended environment so the software imbedded in the currency must continually update the parameters that define a legitimate payee. The logic using those parameters must also contain an ability to change although without giving a vector for an attack. These are not easy architectural problems to solve and mistakes may lead to the compromise of financial data on an unprecedented scale. However, planning a mission to Mars seems more difficult and the world embraces that challenge.

Next Blog: The consequences of diverging payment methodologies

Use of Government ID cards for Emergency Payments

noreply@blogger.com (Anonymous) — Thu, 16 Oct 2014 13:30:00 +0000

What good is disaster funding if the people targeted for the funds cannot get it? Government ID cards can serve as emergency cash during disasters regardless of the state of the infrastructure supporting payment systems.

A natural disaster may destroy checkbooks, cash, and payment cards. However, people generally tend to hold on to their government issued ID cards from habit. When governments declare an emergency, it is possible to give a value for payments originating from a government ID.

The cost of adding a magnetic stripe to an ID is miniscule compared to the potential suffering alleviated by the action. Additionally the ID might contain a punch-out token for cases when loss of power or communications prevents the initiation of payment from card accepting devices. The value of the tokens will be set during the declaration of the emergency. Each token will contain the unique identifier that ties the token back to the citizen using it.

Governments can configure the emergency payment system differently so it meets the requirements of differing policy makers. For example, some governments may invalidate the tokens if not redeemed within a specific time. Other governments may forbid the purchase of specific goods or services (although enforcement of such bans may prove to be quite difficult).

After the disaster the government can recoup the payments through various methods such as sending a bill to the user, or (if the address no longer exists) charge the citizen when they come to renew their ID. In some cases government will never recover the emergency payment but their citizens will have food, shelter, or clothing. The alternative, looting, rioting, and general mayhem cost governments far more. It also prevents payees from gouging people by limiting the price charge for specific items (although in practice enforcing a not-to-exceed price will be difficult at best).

Governments may be tempted to charge for the potential use of emergency cash before issuing the ID. This practice quite likely will cause the political failure of the government ID emergency solution because it will seem like a new tax without cause.

Preparing for emergencies before they occur is a critical government function. Preventing hunger and the other ill effects of natural disasters also falls under the authority of government. Using a non-emergency function such as id issuance seems a reasonable approach to mitigate the suffering caused by nature’s wrath.

Next Blog: A review of current innovations in payment systems

Concept of a Large Value, Non-Fiat, Digital Currency

noreply@blogger.com (Anonymous) — Fri, 10 Oct 2014 17:59:00 +0000

So far in this blog I discussed digital currency as values stored in a personal electronic device (PED) denominated in local fiat currency. Conceptually the architecture depicts walking around money; it is cash for use for purchase of goods and services and not for investments such as a ship’s cargo or a factory or a business. In this post, I want to design a different type of digital currency, one that primarily transfers large values and denominated in a non-fiat currency although still issued by financial institutions (FI).

The purpose of creating non-fiat currency is to eliminate the perils of foreign exchange (although the currency will float in value against different world currencies). It does not need conversion to a fiat currency for deposit to an account. There are other advantages to such a currency, (call it the Wampum) such as it does not need to use a gross real time payment system to safely transfer it instantaneously because interception of the data by unauthorized recipients renders it worthless.

Both the payer and payee devices form the electronic signature and so another device receiving it automatically invalidates the signature. If an attacker knows both device values forming the signature a counterfeit Wampum is still worthless because the attacker will never know the other elements of the signature that only occur once for any given transaction and automatically form part of the encryption used during transfer. Finally insurance for each transfer will cost less than fees charged by operators of large value transfer systems. The insurance will be less because if an attacker does manage to counterfeit a Wampum transaction, no entity will accept it without first validating it with their insurance company, which will determine quickly that its history is suspect.

Wampum allows corporate treasuries to store large sums outside of banks within the confines of a tamper resistant storage device in the presence of more than 1 person at all times. Although no interest accrues on a Wampum stored outside a FI, conversion of Wampum to a fiat currency at any specific instant almost guarantees a successful bet. For example if a company buys 1 Wampum for $100,000 and at that instant a dollar was worth .8 Euros, .62 Pounds, and 108 Yen, and later the company wishes to convert the Wampum to a fiat currency, then conversion to any of those currencies worth more at that later time will constitute a winning bet. In some cases conversions will create more profit than any interest payment.

So why have no banks tried this concept? Is there vulnerability or laws that make such a scheme unworkable? I encourage comments from knowledgeable readers so many may understand the impracticality of the Wampum.

Next Blog: Comments on Comments

Adding Details to FI Issued Digital Currency

noreply@blogger.com (Anonymous) — Thu, 09 Oct 2014 14:57:00 +0000

Adding a bank signature to bundled financial data does not make digital currency immune from counterfeiters. Nothing prevents the recipient from receiving issuance from a financial institution (FI), duplicating the data, and spending it multiple times. Trusted software must receive and dispense electronic currency from a personal electronic device (PED) and invalidate the data and revoke the signature in the case of a data breach outside the confines of trusted software.

A certificate authority (CA) or some other trusted entity signs software running on the PED. The issuing FI validates the software with access to the digital currency using any of a number of methods including a challenge with a cryptogram and a legitimate response. If satisfied the trusted software challenges the FI and only receives an issuance of currency after validating the response to the challenge. This double challenge and response (or other verification methodology) then is replicated (preferably using an industry standard) between payer and payee for as long as the currency circulates.

There are still multiple vulnerabilities presented by the storage of digital currency on a PED regardless of the care used to store and move value from PED to PED. Ingenious attackers will ply their trade. Issuing FI may cease to exist. Theft (along with the user access codes), loss, or destruction of the PED threatens the currency. In short, issued digital currency will not gain acceptance without users having confidence that they will not lose their money.

There must be insurance for the digital currency with fees based on real risk. A regulation E (protects cardholder accounts in the US) approach does not work with a circulating digital currency because FI will not control access to the currency after issuance. Can risk have a price based on aggregate value stored on the PED? Is the risk linear? Is the cost for a small value stored on a PED the same as a large value stored on a PED? My hope is that companies think about insuring digital currency so when there is a rush to the exits of card technology the infrastructure supporting digital currency exists.

Governments also will address certain aspects of digital currency. Will users with PEDs containing large values need to declare such at border crossings or will the movement be the same as a check book moving across borders? Equally important to users is anonymity of purchases (not really possible with signed values), so acceptance will depend on limited government interference of value transfers and the preservation of the illusion of anonymity, Governments need warrants before review of stored payment activity logs. Current laws seem to offer adequate protection for users of digital currency, however, knowing the predilection of governments to know of large value transfers, some new laws are almost inevitable. I only hope that excessive lawmaking zeal will not nip the bud before it blooms.

Next Blog: Digital currency in war zones

Building an Altruistic Payment Architecture

noreply@blogger.com (Anonymous) — Tue, 07 Oct 2014 15:37:00 +0000

Occasionally when I purchase groceries at the supermarket the card accepting device asks if I want to give some money to various causes. I usually decline for several reasons but the overwhelming one is that if I organize my charitable contributions I receive a tax deduction whereas if I impulse give, I do not get that tax write-off.

If the design of payment systems allowed payers to automatically give an amount to the charity or charities of their choice with values of their choice then I suspect that the amount of charitable gifts will increase significantly. If we look at the data protocol standards such as ISO 8583 we see there is room for various amounts and for various fees (not to mention superfluous data that have nothing to do with a financial transaction) but only one payee. By creating payment data protocols with multiple payees and specific amounts for each payee then it is possible to designate charities as co payees. It is also possible to designate sales tax recipients, which may relieve payees of the administrative burden of collecting and paying sales tax.

It is possible to automatically give to charity with the current cumbersome protocols but it too expensive to utilize unless the payment networks allowed a charitable transaction to trail a regular purchase with no extra charge. If they did so then they no doubt would receive a tax deduction and payment service providers could gain good will because they facilitate charitable giving. However, if we could convince the various players involved in a single transaction not to charge for a trailing charitable message, the probability of agreeing to more than one charitable is next to nil.

If buyers used an e-check application (see http://paymentnetworks.blogspot.com/2014/10/a-real-e-check-application.html ) then it would be possible to cut as many checks to charities as the buyer wanted with no extra overhead unless the financial institution charged a fee for each check or for too many checks. However, as the reader(s) of this blog know, I have frequently advocated for the creation of a data protocol specifically for movement of financial data from a personal electronic device (PED) to a point of presence (POP) and from there to a FI with no translation needed. If that protocol allowed for multiple payees then it would be common practice for payment applications to allow users to configure payments to go to the charities of their choice without needing to do so for each transaction or by planning each contribution. The payment applications keep track of payment so end of the year accounting becomes a simple matter of importing the charitable amounts to the tax preparation process.

Future payment architecture no doubt will allow for multiple payees; however that does not prevent the current payment system providers from allowing the free donation of funds to charities. With a little imagination payment system providers could use the additional amounts field in the ISO 8583 message to accomplish the same goal seamlessly, no trailing transaction needed.

Next Blog: A small equity distribution architecture

The Promissory Note in an Electronic Age

noreply@blogger.com (Anonymous) — Sat, 04 Oct 2014 18:06:00 +0000

Is there demand and supply for an instant loan system based on unregistered promissory notes? Does the Uber model work with loans? Consider a broker that sets up a clearinghouse that allows borrowers and lenders to get together and complete transactions. A reasonable design certainly is possible, so I thought I might make a back of the napkin sketch.

Lenders in such a system must be gamblers; they must be willing to risk complete loss of the bet. However, if the value of the loan is small, and the potential payoff large, then the concept might sell.

Lenders push any amount they want to risk to the clearinghouse and specify the terms. The clearinghouse aggregates the various loans and notifies the loaners when a borrower accepted their terms. Lenders may specify the total aggregate value of their loan coupled with others that the loan cannot exceed. Lenders may request a payoff instantly and the clearinghouse can try to replace the loan amount with another lender and in lieu of that call the loan and immediately pay off all the lenders if the call succeeds. If the call does not succeed then debt collectors or court are the only option and the clearing house not the lenders may take those options.

The borrowers may request specific terms such as timing of payments and no call options during an initial period. As always the greater the risk, the greater the reward, and lenders plunking down hundred dollar chips on the outcome of the roll of dice might not care if the potential reward is great enough. The real draw for borrowers is there is no credit check, although borrowers may have a past unpaid debt with the clearinghouse, which would disqualify them for any future loan. Competing clearinghouses may wish to share their list of deadbeats.

The clearinghouses profit from the float before the loan and collecting loans that failed. For example suppose a borrower could not pay off a called loan. The clearinghouse sells the debt to a debt collector and keeps the payment; the actual lenders get nothing. Clearinghouses may operate differently, some may want to register the promissory notes (especially large value ones) or have them notarized (if such an action is possible electronically otherwise clearinghouses need to invent the electronic equivalent).

That is the rough sketch, the only question remaining does the activity violate gambling laws?

Next Blog: The Promissory note as an electronic bearer bond