Tuesday, December 30, 2014

A Legal Non Bank Infrastructure for States without Criminal Marijuana Laws

The remarkable thing about governments is their persistence in pursuing failed policies of ancient generations regardless of the harm caused to present constituents. Fortunately a bit of imagination sidesteps the lumbering posture of slow-moving and dim-witted dinosaurs.

A case in point is the US Federal Government’s refusal to clarify banking regulations for States that legalized recreational or medical use of marijuana. The consequences of inaction mean large amounts of cash dangerously moving from point to point without a home in either the underground or the above board economy.  Fortunately it is a relatively simple problem to solve for the most inexperienced payment system architect, although tragically, the legal marijuana industry has yet to employ one.

The basic ingredient for the payment solution is a large building in a remote location with sufficient guards, gates, and guns to make any armed attack against the facility (without the equivalent of an army division) unsuccessful. Members of the industry, (let’s call it the Aging Hippy’s Benevolent Fund or AHBF) then take their cash and deposit it there. The depositor owns their cash; the industry owns and manages the facility.  The AHBF hires the staff and equipment necessary to account for funds from the moment members place cash on deposit to the moment members remove it.

Once the funds have found a home, the AHBF creates a cyber currency by issuing electronic cyber currency to their customers.  Marijuana purchasers do not buy marijuana directly they buy an amount of cyber currency which is the exact same as purchasing a Bitcoin and therefore completely unambiguously legal. The consumer payment can come from any electronic account including bank accounts.  Once the consumer has their non-reputable certificate of value securely placed on the electronic medium of their choice, it is relatively simple to transfer that certificate to a marijuana provider that in turn can transmit it the AHBF, which in turn, augments the provider’s account accordingly.

If the industry just wanted to make a safe haven for their cash, then the above solution provides the haven and allows customers to purchase goods without using cash. However if the industry wants to profit from the innovation then they will provide a secure application that allows purchasers of the cyber currency to transmit the electronically stored value to any electronic device; the AHBF will allow their currency to freely circulate.  Consumers may redeem the issued currency the next day or they may never redeem it. Thus issuance provides excess funds allowing seamless operation of the AHBF facility without a membership fee. Likely they will have to distribute the profits to members on a periodic cycle.

The AHBF may also want to provide a special large value currency that allows the industry to move product in needed quantities to themselves.  To do this they can use the method described above but allow for a special cases. Wampum provides a solution (please see: http://paymentnetworks.blogspot.com/2014/10/concept-of-large-value-non-fiat-digital.html for further details)

Next Blog: New discussion on Fraud, its detection, and industry failure to do so. 

Thursday, November 20, 2014

Converting Credit Card Available Balances to Cash and Sidestepping FI Usury

When consumers travel by public conveyance they become captives. Moreover, long haul travelers become easy prey for diabolical payment architects blatantly blurring the lines between debit and credit payment applications.  

Consider the ubiquitous embedded screens on the seat backs of jumbo jets and place them on all modes of transportation where passengers wait patiently for their journeys to end. Next consider optional ticket prices to include cash available to gamble, access proprietary content (maybe not actually used), pay for contingent travel (such as discounted hotels if circumstances interrupt a trip) or other similar amenities. If the option includes winning money (not necessarily by gambling, but by contests, refunds, or a host of such promotional items) then effectively $x charged to a credit card becomes $x - $y where $y is cash received back by the consumer.

The cash strapped traveler may use their credit limit to access ready cash at a discount and the conveyance providers may well get the use of a generous float if weary travelers do not stop at a Kiosk to get their cash back but let it ride until their next trip. Further the conveyance providers have a source of data that shows what their custom want to do to wile away the hours.  The losers of course are financial institutions (FI) that get less money than they would otherwise for a cash advance on a credit card.

Providing cash to credit cardholders is not just for the travel industry. It is possible for inspired entrepreneurs to provide a cash delivery service to credit card customers.  The cash strapped consumer gives the credit card number to the delivery company that initiates a request for the cash, the card not present (CNP) fee, and a fee for the service. Once again all are happy except the FI that may complain that it violates card acceptance agreements somewhere way down in the small print.

There are many such ways to wring cash from credit cards without the regular FI fees and perhaps now there are certain unscrupulous merchants that ring up a sale, only to give the majority of the value back to their custom. There is likely an economic model that gives a price point for the cheap loan service including covering the risk that the evil merchant takes if discovery means the inconvenience of changing their merchant number or some other ruse. These after all are desperate times for a middle class under siege.

Next Blog: Bad Ed II: new filters for a new era of fraud

Friday, November 14, 2014

New Payment Systems Processes for Dispute Mitigation

Banking associations, clearing house associations, and central banks have rules and laws governing payments made in error. However the payment architectures described in this blog such as small value gross real time payment systems, push payment architectures, and issued digital currency have little in place to protect payers that move value to the wrong payee. Reversals used by debit card networks or voids used by credit card networks will not work with these new types of payment systems. Imagine reversing a digital currency payment and then imagine how ne’er-do-wells may exploit such a function. Similar security concerns exist for nullifying transactions using the evolving types of payment methodologies discussed in this blog. The other form of dispute processing designed for the unhappy payer, also needs a transparent and fair dispute mitigation process.

Issued (notably not mined) digital currency has the best prospects for dispute mitigation because properly designed digital currency contains more than value; it contains logic to process data about its container and other environmental factors. Further digital currency can have logic that signals the correct disposition of the goods (services have tougher hurdles) exchanged for the digital currency. 

For example, a consumer sends a digital amount to a retailer for an item marked with a universal product code (UPC). The currency determines if it arrived in the right till by checking public attributes of the till such as its certificate and perhaps a known precise geographical location. If the environment does not meet the expectation of the currency then it revokes its own certificate and if possible transmits the action to its certificate authority or some yet to be invented currency monitoring body.

If the currency finds its new environment matches expected after-transaction criteria then it signals OK and that status transfers to the brick and mortar security monitors mounted at exits. The payer walks past the monitor that matches the payment initiating device and the product UPC and allows an exit without raising an alarm.  On-line merchants may have more complex processing steps such as sending the initiating device the periodic status of the UPC as it moves from warehouse to shipper to payer door.  If the movement does not occur as expected within the times declared by the merchant then the buyer may have a legal right to revoke the digital currency certificate.

Smart tags too may add to the new automated dispute processing infrastructure. If the smart tag determines a jolt occurred past a known threshold then the tag record the fact and on arrival transmits the exact geographic location and time of the jolt to the payer and thus the entity liable for the damage.

Real time payments and push payments do not bring working code into transactions, however initiating and receiving devices attaching various data with payment information can precisely identify what the payer expected to purchase and when a transfer of goods completes after payment.  The smart tag recording of damage still applies. 

It is difficult to estimate the cost for exotic dispute mitigation infrastructure for modern payment methods, however no doubt the processes will be more satisfactory than the methods in place today with payment cards, their obscure rules, disgruntled merchants, and their custom.

Next Blog: Consequences of anonymous payment methods

Tuesday, November 11, 2014

Will Payment Cards go the way of the Dodo

The evidence is clear and the trend shows payment cards slowly leaving the retail payment infrastructure. Large retailers that issued their own private label cards sold their stock and processing to professional payment services firms. Telephone operators and Internet service firms assume the role previously occupied by issuers and acquirers. Retailers create their own payment initiation protocol to preempt hostile acquiring agents from increasing their fees. Something must give or retailers’ slim margins will force consumer payments back to riskier payment methods such as cash or paper check.

On the horizon sits a new form of payment architecture, cheaper, safer, and faster than anything card technologies offer. Clearing, settlement, and notification to the parties of transactions take place at the speed of light without middlemen pocketing fees from lack of a physical token at a payment acceptance device or a chargeback for dubious causes. The only question remaining is will the change occur quickly once a small value real time payment system becomes ubiquitous or will the old guard fight back with discounts and incentives.  Will a payment system that works equally well regardless if the payee is a retailer, a charity, or a government, trump a system loaded down with fees and designed only for retailer payees?

Consider Diagram 30 that contains a portrayal of a small value real time payment system.

Diagram 30: Small Value Real Time Payment System

The payer financial institution (FI) retrieves the payee data from a common data store and acts on the instructions from the payer and notifies the payee and payer in real time about the results of the transaction and then moves the value of the payment to the payee’s FI. This is a valuable service and warrant fees (including a reasonable profit).  If the infrastructure exists (and it seems that plans are under way for its completion; see positive movements in that direction http://paymentnetworks.blogspot.com/2014/10/movement-to-small-value-gross-real-time.html ) then the funds for the infrastructure and the processing environment must come from somewhere. The operators need to charge a fee similar to what the Fed charges for use of Fed Wire, namely whatever is necessary to cover the cost of running and maintaining the system, however without profit. FIs also can charge whatever fees they want as long as they do not collude with each other to set one illegal fee. Payers and Payees negotiate with each other to determine the payer of the bank fees.

So what will a few bits of data cost to transport from one point to another. That is a question of conjecture but logically it will cost a lot less than what payers and payees pay for the archaic structure currently run by huge monopolies.

Next Blog: The new entrepreneurs selling a push system to an eager public

Saturday, November 8, 2014

Using Throughput Measurements to Detect Data Scraping Attacks

If retailers insist on using out-of-the box operating systems to process card payments in electronic cash registers (ECR) then the least they can do is perform the minor calculations needed to determine that throughput within the ECR meets nominal expectations. Microsoft has provided various functions to monitor processing such as QueryPerformanceCounter (QPC). It is possible to use these functions to determine if there is unusual activity within an ECR.

ECR suppliers can create benchmarks for movement of financial data across their platforms both before and after distribution to customers. Timing begins before reading a port containing external financial data and ends at the point after clearing memory containing financial data just before returning control to a non-financial data processing application. 

A terminate stay resident (TSR) application then can read the measurements on a continual basis and determine if increased processing time indicates a likely data scraping attack. The following rough pseudo code gives an example of this type of countermeasure to a data scraping attack
            Read Timer with highest resolution possible
                        Process Financial Transaction
                        Wipe financial data from application memory and I/O buffers
            Read Timer with highest resolution possible
            Write End timer results – Begin timer results to next position of data store for TSR

The TSR then continually looks at the values in its data store and if the values start increasing consistently beyond a reasonable deviation variable then the TSR performs actions based on its configuration.

This simple method comes from descriptions of data scraping attacks in various media. The presumption that these attacks originate within the ECR ensure that monitoring activity occurs for only one financial transaction at a time. If the data scraping attacks occur further up stream then similar methods of measuring throughput are possible, however the complexity of the approach increases.

The pseudo code mentions the wipe of application memory containing financial data. If applications do not contain this step then this monitoring approach is futile. So please developers and ECR manufacturers, wipe after flushing.

Next Blog: Something pseudo wicked lurks nearby

Tuesday, November 4, 2014

Is the Diversity of Payment Origination a Symptom of Struggling Middlemen

Points of sale are one of the few places where it is known people exchange money for goods or services. In the Halcyon days before payment cards, a merchant accepted cash or checks and consumers carried those payment methods with them. Now central banks want to eliminate the paper check and no one carries cash with them unless to buy illegal goods or services. In some cases underground outlets accept plastic. Yet for the many diversified ways to pay, the fees for payment keep increasing to the point that merchants make ridiculous attempts to avoid them (see http://paymentnetworks.blogspot.com/2014/10/why-retailers-cant-build-payment-systems.html for my discussion on CurrentC) and charlatans create fatally flawed crypto currencies such as Bitcoin (see http://paymentnetworks.blogspot.com/2014/06/an-analysis-of-bit-coins.html ) to prevent middlemen from picking retailer pockets.

Now point of sale (POS) equipment manufactures recognize that consumers will originate payment from continually changing technologies and so build machines to accept all of them (see http://www.paymenteye.com/2014/10/30/former-head-of-google-wallet-debuts-alternative-payments-terminal/ ). Is it not time to ask if the diversity is unwanted and used not for efficiency, security, or cost advantage, but because retailers must offer all the choices foisted on the consumers by all those eager souls desiring to sit just between the wallet and the till.

A retailer that does not accept a method of payment that a consumer uses will lose a sale, which is the main reason they bow to the ridiculous requirement of a chip card when their current POS devices effectively do the same thing with PIN entry and derived unique key per transaction (DUKPT). The card service industry sells consumers a pack of lies on a routine basis by insinuating consumer laws do not protect their accounts or that theft of card data necessarily means a successful attack against consumer accounts. How many parrots out there clamor incessantly about the growing threat of cyber attacks against payment systems when actual details of the percentage of successful attacks compiled by the Fed in the US and many other European and other countries show successful attacks against brick and mortar retailers pale in comparison to the value successfully cleared and settled. When a PIN accompanies a purchase request, there are few claims of a successful intercept of payment data and subsequent attack (See Federal Reserve System; The 2013 Federal Reserve Payments Study Recent and Long-Term Payment Trends in the United States: 2003 – 2012 Summary Report and Initial Data Release; (December 2013); p.32 and ff http://www.frbservices.org/files/communications/pdf/research/2013_payments_study_summary.pdf ).

The retailers are not helping their own cause, because they keep insisting that consumer payments originate from retailer payment requests to the consumer financial institutions. The complaints about payment service monopolies, interchange fees, and charge backs occur because of the firm but unsubstantiated belief that knowledge of customer payment data increases marketing and future sales opportunities. The CurrentC architecture uses the current payment system architecture with “pull” logic. The only difference is knocking out Apple Pay and all other Near Field Communication (NFC) origination technology but unless a retailer issues the payment card or routes the card correctly to the authorizer, transaction costs remain virtually the same, regardless of promises of huge discounts.

There is the possibility that consumers do not care how they pay for their goods and services as long as a payment does not result in a successful and uncompensated attack on their account and the initiation method is not overly awkward or time consuming. If the origination method also means a discount over another method, then cost conscience consumers use the least expensive method. So why do financial institutions (FI) issue debit cards and let their consumers use them over credit card networks? The interchange fee seems like the most logical answer. So how do retailers get money from consumer FIs without astronomical fees? They ask consumers to push money to retailer accounts and let them do it for less than a percentage plus a fixed fee and both sides of a transaction split the middleman’s money.

Next Blog: New Musings

Friday, October 31, 2014

Chances for a successful Cashless Society

 There exists a ratio between transactions for legal goods and services and illegal goods and services. Let me represent that ratio for the sake of discussion with a term, the criminality index and represent the term with the following equation:


Where CI equals criminality index and IT equals the value of all illegal transactions and LT equals the value of legal transactions during a given time.

Typically the ratio is less than 1 and approaches equality with 1 as a region increases laws created to prevent goods and services within the population.  Since there will always be a demand for criminal activity unacceptable to the majority of people within the region then the ratio will never equal zero if the period of monitoring is sufficient.

For example there will always be a limited demand for murder for hire; modern societies will always consider it a criminal act, and so the parties to the transaction require cash for the transaction. If actual cash does not exist, then the parties to the transaction barter with goods or services to complete the transaction.

Banning barter only causes the IT/LT ratio to increase and drags people that like to barter for legal goods and services into the region of anonymous activity increasing the camouflage for parties to the original illegal act. The government response actually helps parties to complete illegal transactions by making such transactions less rare.

If a society and its government implement a cashless society then its chance for success rests on the anonymity parties to a transaction experience. Governments that log the parties to a transaction, the amount of a transaction, the location of parties to a transaction, and all other data allowing a forensic transaction analyst to determine if the transaction is a criminal act or not, will cause the cashless currency to fail, and if the government has a high criminality index then the currency will never experience ubiquitous acceptance by a population.

If governments do not log transaction activity then the chance for ubiquitous acceptance of a completely cashless region is much likelier regardless of a regional criminality index.  I say that without proof and make the assumption for two reasons, namely:

1) People recognize that future events shape their future behavior. If government monitors behavior and anonymous behaviors become usual for observers regardless of the criminality of observed activity, then observers cannot notice a change caused by potential future criminal activity.

2)  Non-criminal activity may have consequences for personal reasons such as transponder payment data from a defendant in divorce court that travels on a toll roll to conduct an extra-marital affair.

It does not matter that access to logged data is limited in scope; people react to their perception of potential threats not actual ones; witness the absurd behavior of some US State government officials reacting to health workers returning from countries experiencing Ebola outbreaks.

The chance for ubiquitous acceptance of a cashless society also rests with the criminality index. If laws only exist against assault and theft and there is no monitoring of financial transactions, then people do not care if ultimately prosecutors develop a criminal prosecution by using defendant financial data lawfully obtained with court ordered warrants.

Next Blog: Beyond issued digital currency, beyond push payments, lies a thought payment system

Sunday, October 26, 2014

Why Retailers Can’t Build Payment Systems

What is it about large retailers that make them incompetent at building efficient payment acceptance systems? It is my unsubstantiated belief that IT systems in general and payment system architecture particularly sit quite low on the retailer totem pole. I come by the belief honestly in that I have made recommendations to tweak specific applications to save retailer money and see obvious changes completely ignored resulting in losses of millions of dollars and counting. It also makes sense that organizations built by sales people, managed by sales people, and directed by sales people scorn the beanie wearing pocket protected nerds scuttling around in off-limits dungeons guarded by 3 headed dragons. That is why the latest attempt by retailers to attack transaction fees especially from Apple Pay is so amusing.

CurrentC is payment system architecture under construction by MCX (Merchant Currency Exchange) and under attack by critics near and far (see for example http://www.theverge.com/2014/10/25/7069863/retailers-are-disabling-nfc-readers-to-shut-out-apple-pay). As the reader(s) of this blog know I believe the current payment card infrastructure is not secure, too expensive, monopolistic, and technologically archaic. In short, it is ripe for wholesale replacement, and it is natural for its chief exploited users to replace it by rolling their own. However if the description of this architecture that I read remotely resembles the planned deployment of CurrentC (see http://techcrunch.com/2014/10/25/currentc/ ) then once again we will witness millions wasted, angry consumers, and happy payment system providers increasing their fees.

The first mistake is disabling the near field communication (NFC) devices and replacing it with their own proprietary protocol. Payment system infrastructure requires open standard protocols for ubiquitous acceptance by the public. Any move away from an existent standard to a proprietary one is bound to fail. Worse yet, it limits payment choice by customers which sales folks know is not conducive to sales growth.

The second mistake is the interaction (if the cited article correctly describes the interaction) requires too many data transfers presumably to enhance the security posture but actually increasing the risk of data intercepts and therefore the opportunity for a successful attack. In an earlier post (see http://paymentnetworks.blogspot.com/2014/09/review-of-iphone-payment-initiation.html ) I noted that Apple Pay did not reduce its vulnerability that much although it will take at least two years from the date of its deployment before an attack succeeds. I think the same is true for the CurrentC architecture regardless of the derived unique key per transaction (DUKPT) type of encryption the cited article described. I never will describe an attack method in this blog, but I think it is safe to say that MCX needs to carefully review its risk posture.

MCX exists for good reason but once again we find sales people fielding a technology that they do not understand. Perhaps they should consider using the infrastructure they already have in place and competing against Financial Institutions and their acquirers by issuing digital currency. It will be a lot safer, a lot cheaper, and it has the “gee whiz” feel that modern consumers love. More importantly, cyber currency increases consumer choices for payment and notably does not reduce consumer choice.

Next Blog: Payment tails wagging payment dogs

Friday, October 24, 2014

Movement to a Small Value Gross Real Time Payment System

I read an article in an excellent on-line publication (http://www.finextra.com/ ) that reported the US Automated Clearing House (ACH) (presumably under the auspices of the National Clearing House Association (NACHA) although not mentioned in the article) will develop a real time payment system (see http://www.finextra.com/news/fullstory.aspx?newsitemid=26617). The article seemed to indicate that the system would use a push methodology instead of the payment card pull methodology: “It is expected that the new system will route payments based on tokens that cannot be used to debit accounts, so senders and receivers will not need to provide complex, sensitive bank account details”.
This is a sea change in the payment environment in the US and perhaps the world. Questions, however, abound. Will we see connectivity between real time systems in Sweden, Singapore, and eventually Australia?  Will the mobile payment operators especially in Africa offer a real time platform also? Will we see the simultaneous development of tag based data protocol to originate transactions? How will the large payment service providers react? How will banks price the service? Will the system ensure delivery of goods and services by instituting a synchronization of delivery and payment?

Of all the questions, perhaps the most intriguing one is how the big payment services firms will react. If US politics is the same beast that brought us the “Citizens United” Supreme Court decision (stating companies are people and allowing unlimited spending on behalf of political candidates) then lobbying to prevent the development of the modern payment platform already began. I think the lobbying effort will fail and we will see a new approach. Payment services firms will start to offer digital currency and it may have the advantage to some transaction participants by providing anonymity. Sure the gauging of retailers by necessity will vanish, but the circulation of digital money for years after its purchase will allow the payment services firms an endless supply of tax free loans to compete against the registered payments present in the real time payment platform the announcement promises.

I suspect the private label cards will disappear also. The big box retailers and super stores will begin to issue virtual currency with their own corporate electronic signature and it will circulate freely; perhaps consumers will get discounts if they redeem the currency at the company of origin.

The dark side will also get into the game. As long as governments declare certain goods and services illegal then criminal suppliers will meet the demand and if electronic currency becomes the only viable medium of exchange then suppliers will create their own to meet illicit demand.

Fraud will not go away, but the practitioners of thievery will need to become a lot more sophisticated than scraping data off retail payment initiation devices.  

Next Blog: The growing schism between payment systems for the rich, the middle class, and the poor

Tuesday, October 21, 2014

Requirements for International Standards for Bank Issued Digital Currency

Once banks realize that issuing digital currency in local denominations is the same as receiving interest free loans (with surcharges paid by the lenders) for indefinite periods then there will be a rush to issue the stuff.  The major hurdle may be the lack of infrastructure for customers to spend the currency and without standards that hurdle may prove to be an innovation killer.

Issued digital currency requires a defined business object. The object needs required functions such as “Verify Currency”, “Currency Amount Remaining”, ”Currency Denomination”, ”Pay To”, “Receive From”, and “View Transaction Log”. Each function needs defined parameters. Knowing the haphazard development of innovation though and the protection of the status quo from powerful industry players, what the world will likely get is a single (probably small) financial institution (FI) creating a proprietary standard and trying to fly the beast with a small initial base of paying consumers that likely will not gain needed momentum before failure.

There is a way to avoid the fail fate but it requires the cooperation of a nation’s FIs, the design and publication of  standards, and the simultaneous launch of a ubiquitous service offering throughout the entire nation. Witnessing the squabbles of the Kenyan mobile payment service providers, does not give great hope that a profitable, popular, and safe digital currency will emerge within an environment of FIs competing for mobile accounts and transaction fees.  If, on the other hand, FI compete by allowing their issued digital currency to freely circulate, and use the cash paid to buy the currency for loans, then the entire economic situation improves for all the FIs within the implementing nation.

For the infrastructure to be complete the payment services community also needs to create a data protocol standard. Earlier reader(s) know of my call for such a standard based on tagged based data protocols such as ISO 20022 for a payment push from a payer account to a payee account. The same data standard developed for payment data originating from a personal electronic device (PED) can double as a data protocol moving digital currency between PEDs.

The one risk for developing financial payment standards is the homogeneous environment provided to attackers. That is why FI must customize the security modules within the digital currencies. For example, some FI may require biometric proof for authentication, while others may leave authentication completely to the PED hosting the digital currency. If the standard provides for multiple security posture it forces attackers to limit their attacks to a single FI. Such a standard naturally leads to increased chance that the issuing FI will discover the attack before an attack succeeds.

FI also mitigate risks also by adding optional insurance modules to the digital currency object. The standard will define a module whereby holders of digital currency have insurance protecting their funds from damage, loss, or theft.   The insurer thus needs access to currency they insure on a real time basis or as soon as possible after a transfer event.

The costs for assembling technical people around a table to hammer out the details of these types of standards with no immediate demand and no proof that the idea will succeed may prove to be too much for an innovative nation, but the alternative, a haphazard launch without government support, seems far riskier.

Next Blog: The poor judgment of the US issuing EMV cards

Friday, October 17, 2014

The Dialectic of Attack and Defense of Payment Systems

Designers of payment systems need to think more than the clearing, settlement, security, and marketing of these systems. Designers need to consider the evolution of attacks once a security posture is in place. The security design of Europay, MasterCard, and Visa (EMV) for example used public key interchange (PKI) and the cryptogram evolved from static data authentication (SDA) to dynamic data authentication (DDA) to combined data authentication (CDA) and yet this evolution did nothing to stop the type of attacks that compromised the cardholder data originating from card accepting devices. The designers of EMV also did not consider how to protect an attack against cardholder not present (CNP) transactions. The payment solutions of the future cannot present a security posture and dare anyone to attack it. Designers must engineer payment solutions to present different defense postures depending on the environment of their deployment and the type of current attacks.

Payment initiation software must include sensors that indicate an attacker is currently present, and shut down depending on the configuration of the payment initiating device. Software deployed in payment initiation devices must know what their environment is. If (as likely) the operating system is interrupt driven then the software must look at all of the interrupt vectors and determine if those are pointers to legitimate drivers signed by legitimate developers. Payment system software must identify every logical port and verify the legitimate uses of those ports. Introduction of new software into the payment initiation environment cannot take place without validation.   These are primitive examples of design considerations taken at the software level that do not rely on hardware to respond to evolving attacks.

As digital currency gradually replaces card base technology, the currency must include software with the payment data that recognizes its environment and responds to attacks. For example the currency will know its payer and intended payee before a transaction takes place. If the currency finds itself in an environment that it did not expect the software within the currency must invalidate the financial data present in the currency. Attackers naturally will respond by mimicking the intended environment so the software imbedded in the currency must continually update the parameters that define a legitimate payee. The logic using those parameters must also contain an ability to change although without giving a vector for an attack. These are not easy architectural problems to solve and mistakes may lead to the compromise of financial data on an unprecedented scale. However, planning a mission to Mars seems more difficult and the world embraces that challenge.

Next Blog: The consequences of diverging payment methodologies

Thursday, October 16, 2014

Use of Government ID cards for Emergency Payments

What good is disaster funding if the people targeted for the funds cannot get it? Government ID cards can serve as emergency cash during disasters regardless of the state of the infrastructure supporting payment systems.

A natural disaster may destroy checkbooks, cash, and payment cards. However, people generally tend to hold on to their government issued ID cards from habit. When governments declare an emergency, it is possible to give a value for payments originating from a government ID.

The cost of adding a magnetic stripe to an ID is miniscule compared to the potential suffering alleviated by the action. Additionally the ID might contain a punch-out token for cases when loss of power or communications prevents the initiation of payment from card accepting devices. The value of the tokens will be set during the declaration of the emergency. Each token will contain the unique identifier that ties the token back to the citizen using it.

Governments can configure the emergency payment system differently so it meets the requirements of differing policy makers. For example, some governments may invalidate the tokens if not redeemed within a specific time. Other governments may forbid the purchase of specific goods or services (although enforcement of such bans may prove to be quite difficult). 

After the disaster the government can recoup the payments through various methods such as sending a bill to the user, or (if the address no longer exists) charge the citizen when they come to renew their ID. In some cases government will never recover the emergency payment but their citizens will have food, shelter, or clothing. The alternative, looting, rioting, and general mayhem cost governments far more.  It also prevents payees from gouging people by limiting the price charge for specific items (although in practice enforcing a not-to-exceed price will be difficult at best).  

Governments may be tempted to charge for the potential use of emergency cash before issuing the ID. This practice quite likely will cause the political failure of the government ID emergency solution because it will seem like a new tax without cause.

Preparing for emergencies before they occur is a critical government function. Preventing hunger and the other ill effects of natural disasters also falls under the authority of government. Using a non-emergency function such as id issuance seems a reasonable approach to mitigate the suffering caused by nature’s wrath.

Next Blog: A review of current innovations in payment systems

Friday, October 10, 2014

Concept of a Large Value, Non-Fiat, Digital Currency

So far in this blog I discussed digital currency as values stored in a personal electronic device (PED) denominated in local fiat currency. Conceptually the architecture depicts walking around money; it is cash for use for purchase of goods and services and not for investments such as a ship’s cargo or a factory or a business. In this post, I want to design a different type of digital currency, one that primarily transfers large values and denominated in a non-fiat currency although still issued by financial institutions (FI).

The purpose of creating non-fiat currency is to eliminate the perils of foreign exchange (although the currency will float in value against different world currencies). It does not need conversion to a fiat currency for deposit to an account. There are other advantages to such a currency, (call it the Wampum) such as it does not need to use a gross real time payment system to safely transfer it instantaneously because interception of the data by unauthorized recipients renders it worthless.
Both the payer and payee devices form the electronic signature and so another device receiving it automatically invalidates the signature. If an attacker knows both device values forming the signature a counterfeit Wampum is still worthless because the attacker will never know the other elements of the signature that only occur once for any given transaction and automatically form part of the encryption used during transfer. Finally insurance for each transfer will cost less than fees charged by operators of large value transfer systems. The insurance will be less because if an attacker does manage to counterfeit a Wampum transaction, no entity will accept it without first validating it with their insurance company, which will determine quickly that its history is suspect.

Wampum allows corporate treasuries to store large sums outside of banks within the confines of a tamper resistant storage device in the presence of more than 1 person at all times. Although no interest accrues on a Wampum stored outside a FI, conversion of Wampum to a fiat currency at any specific instant almost guarantees a successful bet. For example if a company buys 1 Wampum for $100,000 and at that instant a dollar was worth .8 Euros, .62 Pounds, and 108 Yen, and later the company wishes to convert the Wampum to a fiat currency, then conversion to any of those currencies worth more at that later time will constitute a winning bet.   In some cases conversions will create more profit than any interest payment.

So why have no banks tried this concept? Is there vulnerability or laws that make such a scheme unworkable? I encourage comments from knowledgeable readers so many may understand the impracticality of the Wampum.  

Next Blog: Comments on Comments

Thursday, October 9, 2014

Adding Details to FI Issued Digital Currency

Adding a bank signature to bundled financial data does not make digital currency immune from counterfeiters. Nothing prevents the recipient from receiving issuance from a financial institution (FI), duplicating the data, and spending it multiple times. Trusted software must receive and dispense electronic currency from a personal electronic device (PED) and invalidate the data and revoke the signature in the case of a data breach outside the confines of trusted software.

 A certificate authority (CA) or some other trusted entity signs software running on the PED.  The issuing FI validates the software with access to the digital currency using any of a number of methods including a challenge with a cryptogram and a legitimate response. If satisfied the trusted software challenges the FI and only receives an issuance of currency after validating the response to the challenge. This double challenge and response (or other verification methodology) then is replicated (preferably using an industry standard) between payer and payee for as long as the currency circulates.

There are still multiple vulnerabilities presented by the storage of digital currency on a PED regardless of the care used to store and move value from PED to PED. Ingenious attackers will ply their trade. Issuing FI may cease to exist. Theft (along with the user access codes), loss, or destruction of the PED threatens the currency. In short, issued digital currency will not gain acceptance without users having confidence that they will not lose their money.

There must be insurance for the digital currency with fees based on real risk. A regulation E (protects cardholder accounts in the US) approach does not work with a circulating digital currency because FI will not control access to the currency after issuance. Can risk have a price based on aggregate value stored on the PED? Is the risk linear? Is the cost for a small value stored on a PED the same as a large value stored on a PED? My hope is that companies think about insuring digital currency so when there is a rush to the exits of card technology the infrastructure supporting digital currency exists.

Governments also will address certain aspects of digital currency. Will users with PEDs containing large values need to declare such at border crossings or will the movement be the same as a check book moving across borders? Equally important to users is anonymity of purchases (not really possible with signed values), so acceptance will depend on limited government interference of value transfers and the preservation of the illusion of anonymity, Governments need warrants before review of stored payment activity logs. Current laws seem to offer adequate protection for users of digital currency, however, knowing the predilection of governments to know of large value transfers, some new laws are almost inevitable.  I only hope that excessive lawmaking zeal will not nip the bud before it blooms.

Next Blog: Digital currency in war zones

Tuesday, October 7, 2014

Building an Altruistic Payment Architecture

Occasionally when I purchase groceries at the supermarket the card accepting device asks if I want to give some money to various causes. I usually decline for several reasons but the overwhelming one is that if I organize my charitable contributions I receive a tax deduction whereas if I impulse give, I do not get that tax write-off.

If the design of payment systems allowed payers to automatically give an amount to the charity or charities of their choice with values of their choice then I suspect that the amount of charitable gifts will increase significantly. If we look at the data protocol standards such as ISO 8583 we see there is room for various amounts and for various fees (not to mention superfluous data that have nothing to do with a financial transaction) but only one payee. By creating payment data protocols with multiple payees and specific amounts for each payee then it is possible to designate charities as co payees. It is also possible to designate sales tax recipients, which may relieve payees of the administrative burden of collecting and paying sales tax.

It is possible to automatically give to charity with the current cumbersome protocols but it too expensive to utilize unless the payment networks allowed a charitable transaction to trail a regular purchase with no extra charge. If they did so then they no doubt would receive a tax deduction and payment service providers could gain good will because they facilitate charitable giving. However, if we could convince the various players involved in a single transaction not to charge for a trailing charitable message, the probability of agreeing to more than one charitable is next to nil.

If buyers used an e-check application (see http://paymentnetworks.blogspot.com/2014/10/a-real-e-check-application.html ) then it would be possible to cut as many checks to charities as the buyer wanted with no extra overhead unless the financial institution charged a fee for each check or for too many checks. However, as the reader(s) of this blog know, I have frequently advocated for the creation of a data protocol specifically for movement of financial data from a personal electronic device (PED) to a point of presence (POP) and from there to a FI with no translation needed.  If that protocol allowed for multiple payees then it would be common practice for payment applications to allow users to configure payments to go to the charities of their choice without needing to do so for each transaction or by planning each contribution. The payment applications keep track of payment so end of the year accounting becomes a simple matter of importing the charitable amounts to the tax preparation process.

Future payment architecture no doubt will allow for multiple payees; however that does not prevent the current payment system providers from allowing the free donation of funds to charities. With a little imagination payment system providers could use the additional amounts field in the ISO 8583 message to accomplish the same goal seamlessly, no trailing transaction needed.

Next Blog: A small equity distribution architecture

Saturday, October 4, 2014

The Promissory Note in an Electronic Age

Is there demand and supply for an instant loan system based on unregistered promissory notes? Does the Uber model work with loans? Consider a broker that sets up a clearinghouse that allows borrowers and lenders to get together and complete transactions. A reasonable design certainly is possible, so I thought I might make a back of the napkin sketch.

Lenders in such a system must be gamblers; they must be willing to risk complete loss of the bet. However, if the value of the loan is small, and the potential payoff large, then the concept might sell.

Lenders push any amount they want to risk to the clearinghouse and specify the terms. The clearinghouse aggregates the various loans and notifies the loaners when a borrower accepted their terms. Lenders may specify the total aggregate value of their loan coupled with others that the loan cannot exceed. Lenders may request a payoff instantly and the clearinghouse can try to replace the loan amount with another lender and in lieu of that call the loan and immediately pay off all the lenders if the call succeeds. If the call does not succeed then debt collectors or court are the only option and the clearing house not the lenders may take those options.

The borrowers may request specific terms such as timing of payments and no call options during an initial period. As always the greater the risk, the greater the reward, and lenders plunking down hundred dollar chips on the outcome of the roll of dice might not care if the potential reward is great enough. The real draw for borrowers is there is no credit check, although borrowers may have a past unpaid debt with the clearinghouse, which would disqualify them for any future loan. Competing clearinghouses may wish to share their list of deadbeats.

The clearinghouses profit from the float before the loan and collecting loans that failed. For example suppose a borrower could not pay off a called loan. The clearinghouse sells the debt to a debt collector and keeps the payment; the actual lenders get nothing. Clearinghouses may operate differently, some may want to register the promissory notes (especially large value ones) or have them notarized (if such an action is possible electronically otherwise clearinghouses need to invent the electronic equivalent).

That is the rough sketch, the only question remaining does the activity violate gambling laws?

Next Blog: The Promissory note as an electronic bearer bond

Wednesday, October 1, 2014

A Real E-Check Application

What prevents a payer from creating an e-check within a personal electronic device (PED), electronically signing it, and transmitting it to a payee? As far as I can tell the check is valid as long as it contains the routing number, account number, date, and had the signature placed last on the payment data. Why then have we not seen an abandonment of card technology, which is expensive for the payee, vulnerable to attacks, and requires expensive processing equipment? There are a lot of reasons why the world does not adopt this superior method for payment but the primary reason (with absolutely no evidence for this statement) is bankers do not understand that an electronic signature makes the e-check impossible to repudiate later.

The implications of a real e-check are profound. A good design for the routing and clearing of an e-check will allow merchants to receive funds in their accounts the next business day (just like a payment card transaction) without an interchange fee. Merchants do not need acquirer services to deposit the e-check in their account. Financial Institutions (FI) can easily build portals to receive and process e-checks and payees that have an account with an FI should be able to cut deals based on volume that makes alternatives seem like the payment stone ages.

Merchants are not the only ones that benefit from a common e-check infrastructure. Any class of payee can have access to an application hosted by a PED that allows receipt, validation, and deposit of an e-check in real time if there is a network connection or a delayed deposit if a network is not present.

Why stop at checks? People can transmit, receive, store, and redeem all types of financial instruments, without undue processing charges. Will we see the elimination of paper and plastic in the next few years? We will if FI find their collective backbones.

Next Blog: A payment infrastructure without network access

Sunday, September 28, 2014

The Coming Digital Currency Future

For digital currency on a personal electronic device (PED) to find widespread worldwide acceptance it must meet, at a minimum, the following requirements:

  • Invulnerability to theft.
  • Anonymous use (with allowances for law enforcement)
  • Easy and real time conversion to non-digital currency
  • Legal protection

Invulnerability to theft may seem to be unattainable, however if sufficient business processes exist, theft can become so hazardous to the perpetrators, that it simply will not be worth the attempt. Simple features such as user authentication function accepting two personal identification numbers, one for regular access to the stored value, and one that broadcasts a robbery is in progress. Payment applications revoke the user signature if the payee does not receive a transaction within a configurable period. Insurers restore funds (OK insurers will still be vulnerable to theft, but they are insurers, they will make more than they lose or will not be in the business) in a rare case of a successful attack (an attack is only successful if the attacker converts the digital funds to regular currency). Regular synchronization of the payment log with the insurer will limit friendly fraud and losses due to damaged or lost PED.

The possibility of anonymous use will attract the paying public away from card technology and will become a great draw for widespread acceptance of digital currency. All transferred values will require the signature of the payee, but the insurer and/or the FI that issued the value to the PED only need to know the real identity of the signer.

A typical payment application might give users a menu shown in Diagram 28.

Diagram 28 A Sample Menu for PED Digital Currency Application

Shoulder surfers might see the log displayed in Diagram 29 or exactly what the user intends.

Diagram 29 Example Payment Log

Secure, fast, and cheap means widespread acceptance by PED users. Unlimited deposited funds for unlimited time will attract the first issuers followed rapidly by their competitors. It cannot happen fast enough what with the flat footed response by payment industry to data scraping attacks and the loss of revenue by capped interchange fees. Will the last retailer using a point of sale, please turn out the lights.

Next Blog: A timed embezzlement attack

Friday, September 26, 2014

Consequences of Digital Currency

In theory any entity can issue a digital currency but practically only a financial institution (FI) has the trust of the public at large to issue wholesale stored value to personal electronic devices (PED). However once issued, there is nothing preventing the purchaser of digital currency from reissuing it, and that dear reader(s) will attract the attention of smugglers, terrorist groups, legitimate commercial sectors, and financial crime investigators.   

FI can know their customers quite well, but will never know the difference between a reissuance and a legitimate purchase, especially if digital currency freely circulates for years or decades without returning to the issuing FI. If the security for stored monetary value makes successful conventional attacks too expensive then the values stored on PED will increase dramatically; people will think nothing of purchasing houses, cars, or jumbo passenger jets with currency stored on their PED.

I can read your thoughts dear reader(s); I am channeling “Farfetched”, “impossible”, or “not in this century”. Yet we already see the demand for the semi-anonymous bitcoin, regardless of its fatal flaws. Consider stored values with associated currency able for exchange or validation instantly. FI or digital currency insurers can add multiple features to data associated with the value stored on PEDs. Customers will demand anonymous transfers or interest payments and FI will respond if not constrained by regulators.

The initiation of secure and speedy movement of large values by PED may make gross real time payment systems obsolete and central banks as relevant as buggy whips in the near future. After all why let FI know the destination of your payments if it is not required. Why would FI need a discount window or to tie up funds in reserves if people purchase digital currency and never redeem it until the accrued interest has increased the purchased value exponentially?

Next Blog: The importance of digital currency logs

Wednesday, September 24, 2014

Evolution of Stored Value on a Personal Electronic Device

Circulation of digital money using personal electronic devices (PED)  must be reliable and secure for widespread acceptance. Vulnerabilities existing in current electronic payment systems remain with digital money, however the methods to exploit the risks change. Vulnerabilities include:

  • Issuance to a counterfeit PED
  • Unauthorized issuance
  • Intercept and capture of issuance to a legitimate PED
  • Surreptitious or unauthorized transfer from a PED to another device  
  • Payment to a counterfeit payee
  • Intercept and capture of payment to a payee
  • Intercept and capture of payee redemption
  • Capture by use of force
  • Friendly Fraud

Mitigation of these vulnerabilities requires careful design of the end-to-end solution. The solution requires the use of public key interchange (PKI) (or similar method to create a non-reputable issued or transferred value). There must be a method to determine the history of legitimate transfer of value from one point to another with the understanding that the circulation of the digital value does not require redemption at the issuer within any time limit. The PED transfer and receive functions must detect attacking agents and have the capability to evolve easily as attacking agents mutate.

Manufacturers must design PEDs better to mitigate the vulnerabilities of digital money. Certainly the use of biometrics to validate users has helped the situation but the capability of PEDs to detect and prevent attacks remains abysmal. PEDs must have situational knowledge when transferring digital currency and that requires allowing only code registered with the payment application to execute during vulnerable processing cycles. 

As manufacturers, financial institutions, and others involved in the payment services industry tighten their security posture the ease, cost effectiveness, and ubiquity of digital currency tied to a value in an account will increase to the point that payment cards and the infrastructure that supports them will go the way of all things.

Next Blog: Digital Currencies and Underground Economies

Tuesday, September 23, 2014

Storing Value on Personal Electronic Devices; Push Pay Nirvana

It is just a matter of time before people start storing monetary value on their personal electronic devices (PED); cooperative solution of a few architectural problems solution remains the only obstacle. Some of those problems include:

  • Lost, damaged, or stolen (LDS) PEDs
  • Foreign exchange
  • Standard data protocols
  • Communication Network availability

People solved these problems more or less with pull payment architecture and provided a common (and somewhat shaky environment) for payers and payees alike. A push architecture (moving value directly from payer to payee, not a payee requesting payment from the payer) requires less messages and less time, and so is inherently more secure. Storing value on a PED eliminates the need for payment networks and if designed correctly eliminates the need for any network if payer and payee share the same physical space.

Tying the value to the holder of the value mitigates the LDS threat. Foreign exchange occurs when the value arrives at a financial institution (FI). However getting makers of PEDS and network providers to cooperate and develop a data standard is harder than herding cats. Perhaps we do not need such a standard.  One FI will issue electronic value to its customers and the storage of that data on the device will become a de facto standard much as the VISA 1 standards evolved from the early attempts to negotiate a line and send a payment message.

If people share the same space then use of USB ports solves the problem of network availability. The problem of converting the ownership of value from payer to payee in a secure manner remains a delicate problem, however there are enough smart engineers out there to do it well. The German Geldkarte solves most of these problems; I wonder if the world will shake if Geldkarte move their solution from smart card to PED.

Next Blog: Payment Traffic Jams

Monday, September 22, 2014

If State Governments Build a Bum’s Pocket for Pot Purchases, Would the Feds Bust ‘em?

Twenty one States and DC have some form of legal marijuana distribution. Two more have imitative on the 2014 ballot. Yet the Federal Government continues to force consumers and businesses to pay for pot with cash. Financial Institutions (FI) do not want to get involved in business that may force their permanent closure and have their principals banned from the financial services industry forever. Governments, with a theoretical purpose of protecting citizens, instead put them at risk by forcing them to carry and keep large volumes of cash. It’s really time for State Governments to pool their resources, build a jointly held bum’s pocket for any retailer to join, and move marijuana industry money safely and efficiently. If the States adopt some of the features that I described in an earlier blog (see http://paymentnetworks.blogspot.com/2014/09/payment-system-architecture-for.html ) then states can protect their citizens and create a continuous daily stream of tax money that the businesses will no longer need to collect and pay.  

I understand the reluctance to attempt the push payment architecture of the bum’s pocket, but all state governments already have a ubiquitous payment system using a pull design for consumer redemption at retailer locations. All States have electronic benefit transfer (EBT) used to efficiently allow citizens to access their cash from many different types of government programs such as SNAP (nee food stamps), or child support funds. It would be simple to add a pot program to allow consumers to fund the account and retailers to accept the EBT card. Consumers can walk into any grocery store or retail location that accepts EBT cards, and fund accounts with a return transaction. The entire infrastructure already exists!

The account aggregation occurs at the State treasury level. Since the State treasuries actually move the money into the retailer accounts, they act as the FI. If the Feds want to stop it, they would have the Hobson’s choice of taking action against the State government or its EBT contractor. Either way, the 22 point headlines will scream something like “Black Booted Federal Thugs block Food Funds destined for Poor Children”. The public outcry might accelerate the movement to repeal Federal marijuana laws once and for all.

I ask the States that allow legal distribution of marijuana, do you want to protect your citizens or let them operate with the Federal Sword of Damocles dangling over their heads? What happens if citizens pass a referendum that requires EBT systems to support pot purchases? That is a case to make Supreme Court justices queasy and the DEA and FINCEN despair.

Next Blog: Unnatural Payment System Evolution

Sunday, September 21, 2014

Is an Escrow System Cheaper than Charge Backs

Trust is tough when payer and payee never meet physically. When any part of a transaction fails costs mount and recriminations fly. If the concept of a small value gross real time payment system succeeds it will need a mechanism other than Reg E or charge backs to cure a failed transaction.

So the bum’s pocket (small value gross real time payment system designed earlier in this blog) requires a method to protect both sides of a transaction. I envisage different solutions when the world eliminates charge backs. There might be healthy competition between shippers and financial institutions (FI). 

Shippers may offer a service similar to collection on delivery except collection occurs before shipment. In this scenario the payer pays shipper; shipper picks up and delivers goods; payer accepts shipment; shipper pays payee (keeping shipping fees).If the payer or payee disputes the transaction then the shipper picks up the goods and returns them to the payee and refunds the payer(subtracting more fees).

Another alternate solution dictates the design of the data protocol for a command to pay message. The message must allow for multiple payees. In that way a FI can offer standard escrow services. The payer directs the bum’s pocket to credit a shipper and an escrow account owned by the FI.  The FI moves the funds to the payee after notification of receipt by the payer or the passage of time. In the case of a dispute the FI holds the funds until payer and payee resolve it and both parties notify the FI they resolved the dispute. 

The question arises what costs more, routine multiple transactions, or charge backs. It seems to me that the former is more cost effective, but without any data or actual firms providing these services it is at best a haphazard guess. Certainly the passage of time allows for interest charges which allows the intermediary payee a chance for income without charging either the payer or payee.

However the payment system evolves, payees likely will be happier, and payers will not see much difference unless they intend to defraud their payees.

Next Blog: A discussion on current methods for foreign exchange transactions

Friday, September 19, 2014

Payment System Architecture for the Colorado Pot Industry

The Colorado (CO) pot industry suffers from the war on drugs; the industry requires a payment system architecture that cannot use common settlement procedures available to all other commercial enterprises. Headline: Government Hypocrisy Makes Payment Architects Drool (excuse the puddle).

CO needs a bum’s pocket (small value gross real time payment system) for its pot industry, and I thought I would sketch out a design.  

Step 1: Assign a public account number to all payees. The number only allows credits to the account, no debits.

Step 2: Give payers a private number associated with a funded account. The funded account might be the same account as the public payee account, just assigned a separate number.

Step 3: Write a clearing application, which receives a message from the payer to move funds to a payee; moves the funds electronically; notifies the payer and payee of the results.

Step 4: Create a club of merchants and their customers. The club’s business is to serve its members but not participate directly in the marijuana trade. When members deposit money to their accounts the club pools all the money in a financial institution account but keeps track of money with normal accounting methods.

Payers will fund their accounts using the regular payment system infrastructure. Payers then go to any establishment connected to the Bum’s pocket. Retailers of all kinds should be able to join this new merchant payment hub. The payer initiates a payment to by using the publically accessible payee account number as a destination for the funds already in their account. The club’s clearing system moves the money to the correct account. Whenever a member wishes to cash out, the club deposits their money in a bank account if the member is fortunate enough to have one or pay cash otherwise.

It may be hard to convince a financial institution to create a bank account for the club. However since the money deposited at the club comes from private citizens and not marijuana businesses it should not be denied access to banking services. I encourage any reader with legal training to comment on whether this payment hub runs afoul of the bank blab everything act.

Next Blog: A clearing house for barter services

Wednesday, September 17, 2014

Repeal the Bank Blab Everything Act

The war on drugs now the war on terror has become a war on banks, needlessly, causing great harm to the country. The intrusive nose of government only serves to have legitimate financial activity flee the US because a group of analysts at FinCen scrutinize every wee dime and can deduce future activity, which people want to keep secret for legitimate purposes.

There are plenty of ways government can monitor the aggregate movement of money in small and large value payment systems; and present a court of law a probable cause warrant to get details of particular financial activity; without having to watch everyone’s financial activity every second.
This 70’s relic of a law symbolizes the surrender of  people’s liberties to the right wing cause that government dictate citizen behavior conform to an obtuse concept of morality based on 17th century religious ideals. How much of our payment infrastructure flees every day to unregulated, unsafe, and untaxed methods because of this constitutionally suspect practice? 

We cannot fulfill the dream of a cashless society without people initiating their transactions with anonymity. We see the routine avoidance of government detection methods for two reasons, movement of funds to and from underground payment hubs, and preventing people other than government from seeing financial activity. How many FinCen investigations turned up adulterers, closet drinkers, compulsive gamblers, small cash businesses, and other harmless souls not requiring investigation by the Federal Government? It’s odd, but I see no data on the investigation of false positives and yet that is a critical number to determine the effectiveness of any payment hub detection activity. More to the point, how many money launderers no longer use US banks?

If banks did not spend the money needed to comply to this ridiculous intrusive nanny requirement perhaps they could use those funds to bolster their current payment architectures and stop relying on other companies to perform what used to be one of their primary functions, efficient cost effective funds movement.

Next Blog: Welding a push payment architecture to a bum’s pocket

Monday, September 15, 2014

An Open Letter to the ETSI, TIA, the Fed, BIS, and the ECB

I write this open letter to the European Telecommunications Standards Institute (ETSI), Telecommunications Industry Association (TIA), the United States Federal Reserve Bank (the Fed), the Bank for International Settlements (BIS), and the European Central Bank (ECB) to propose that you folks get together and create a tagged base data standard (like ISO 20022) for transportation of payment data to financial institutions (FI) from personal electronic devices (PED). 

It’s important the standard be flexible (allow many different types of encryption methods for example) and yet transport the minimum data to enable a push of funds from the payer account to the payee(s) account. If large respected institutions create an open standard that meet requirements for payments at least for the group of 20, then manufacturers can produce personal electronic devices containing acceptable applications that push funds to payees.

If on the other hand, manufacturers create their own specifications, large individual firms will produce proprietary schemes that lock out competitors and create a Tower of Babel for a vital communication network. Further a standard specification creates a minimum security posture for the initiation of payment pushes giving confidence that devices will not be lax creating a minimally acceptable effort to protect payer funds.  

It is in the best interest of financial institutions that have regulations in place to protect the public in a reasonable and unobtrusive way to specify a safe method to initiate payment instructions and receive notification of results. Further the current retail payment architecture creates monopolistic practices with banks and network providers setting fees as a single entity rather than competing by offering various fee structures to the purchasing public.

It should not take long to create an adequate specification with the right technical people sitting in a room with a strong financial interest to build a new small value payment infrastructure. The work I predict will take less than a year because most of the critical elements are part of current financial data standards. Some needs based architectures require redemption of goods by description of the goods and not of the value of goods and your new protocol needs to support this practice. 

I know there will be lobbyists and politicians in Gucci suits representing well-heeled constituents screaming that institutions such as you should not dictate protocols for good capitalists. I note that standards are not regulations, more like guidelines, and only provide a common language and not necessarily a regulated methodology.  Allowing innovation is good for all including people in jeans and a tee shirt, like me.

Thank you for your consideration of this request.


Ed Oppenheimer