Tuesday, August 26, 2014

Will a Personal Electronic Device Data Standard Eliminate the Acquiring Function?

Let me (for the purposes of this post) define acquirer as any entity between a purchaser and the purchaser’s financial institution. This definition is far too broad for a typical discussion of the payment services industry; however it suits the point of this post quite nicely. The definition makes any part of the payment network providers (regardless of brand or size) an acquirer, It leaves an issuing FI or its authorizing agent, the sole party needed for  a financial transaction with a payer and it is a very scary concept to payment network providers.

To demonstrate the concept Diagram 26 shows the current retail payment system infrastructure present in many countries today.

Diagram 26: The Acquiring Function Infrastructure

And Diagram 27 shows an imaginary structure without an acquirer.

Diagram 27: Hypothetical Payment Hub without Acquirer

I ask my readers which diagram depicts a cheaper network easier to deploy and more adaptable to the emerging human communication methods.

The reason we cannot implement diagram 27 right now is because data transport standards encapsulating payment information from a personal electronic device (PED) do not exist. Such standards need to adapt a key management scheme such as DUKPT, a reasonable number of digits to be stored in secure areas of the PED for use as offsets, transaction counters, etc. and more importantly able to accommodate an astronomical number of individual PEDs.

Another reason we cannot implement diagram 27 right now is because of the insistence that payees pull payment from payer accounts instead of payers pushing payments to payee accounts. If we build the standards the more efficient push method of payment will come because it eliminates regulation E in the US and more importantly for the rest of the world it eliminates switching fees.

The standard needs much more detail than a reasonable encryption scheme and I can think of many elements that need careful consideration among technical folks from quite a few different industries, so the sooner, we build a standards technical committee, then the sooner we can build a payment hub that gives the security payers need at a fraction of the current costs.

Next Blog: Why queues containing payment data in the clear are the biggest target today

Wednesday, August 20, 2014

The No Limit Attack

Occasionally, I will write specifically for the SNAP EBT forum and not publicize the post except in my linked-in page and the Food Stamp Benefits (EBT) Fraud Group.  This is one of those occasions.

Trafficking SNAP benefit is the sexiest attack, and attracts the most attention and the most law enforcement dollars. I think the attack is a quaint artifact, easily defeated, easily prosecuted, and no longer where big dollars are lost. I think the government loses big dollars from no limit attacks.

Recently thieves attacked a commercial payment system hub in India. The payment authorizing host was the victim. Essentially the attackers created a legitimate account and then attacked by increasing the spending limit of the account. I named the attack the no limit attack and poked a little fun at Indian authorizers, because the method for redemption of stolen funds had no disguise and thus easily detectable.  

If no limit attacks exist on the SNAP payment hub they are detectable by comparing aggregate dollars issued versus aggregate dollars redeemed over the lifespan of the EBT program. If there is a consistent ratio between aggregate SNAP dollars redeemed and issued (I know of no studies or evidence that this is true) then anecdotally the ratio is less than one. I suspect the actual ratio is quite different and that dollars redeemed exceed dollars issued over the lifespan of the average EBT system administered by states. If so, then state systems suffer from no limit attacks and there are no dollars budgeted for defense against it.

EBT systems generally receive SAS 70 audits but those audits look primarily at documented security procedures and actual security operations. The audits will not detect hidden attacks. Surely there is a little money out there just to detect if an attack exists and actual dollars lost from the attack so we can muster a defense warranted by the size of loss.

Next Blog: An exploration of the “lunch room attack”

Tuesday, August 19, 2014

The Fundamental Paradox of Modern Payment Systems

Payment systems move money, and everyone wants a piece of the action. Motives differ; governments want to know geographic and demographic details; sellers want to know purchasing habits; buyers want anonymity and security; providers of payment systems infrastructure want to satisfy the demands of their users.

The paradox is easy to state. The design of a payment system structure without forces influencing specific contours of a payment pipes is impossible. The paradox (in a nutshell) is operation of payment systems demand security, and prevents description of the pipes’ contours; so customers do not fully understand the system they use and cannot demand (and pay for) the features they want.

Because the paradox exists we witness deformities in the systems that allow attacks to succeed and prevent architects from designing effective countermeasures. We witness the HAL 9000 logic and seem powerless to unplug a Schizophrenic machine. One such deformity is Bitcoins a fatally flawed payment system resulting from the demand for semi-anonymous payment structure regardless of settlement speed. Another such deformity is the EMV requirement for a chip to the detriment of preventing the higher percentage of attacks on international small value payments.

Observations are easy; overcoming defects funded by big money and unimaginative suits is not so easy.

Next Blog: Fluid dynamics and payment flow

Wednesday, August 13, 2014

Evasion Detection Filters do not always require Behavior Detection Filter in SNAP Applications

Occasionally, I will write specifically for the SNAP EBT forum and not publicize the post except in my linked-in page and the Food Stamp Benefits (EBT) Fraud Group.  This is one of those occasions.

When I read of some of the investigations lasting years, and the announcement of a prosecution, I wonder if the investigators deployed a rudimentary evasion detection filter before announcing the prosecution.

Presume the cardholders frequenting a prosecuted vendor are trafficking regardless if they are or not. Presume that when investigators announce a prosecution, cardholder traffickers will now seek other opportunities to materially gain from their needs-based benefits. Within a local region, the new trafficking vendor will attract the trafficking cardholders after the shock of prosecution diminishes. The EBT evasion detection filter shows the amalgamation of cardholders evading detection from the publicly announced prosecution.

Some may wish to preserve precious investigation budgets by sending notes to cardholders frequenting publically declaimed trafficking vendors and letting the cardholders off (or not) with a note. This activity does not make proper use of fleeing cardholder data which may lead to the next high value trafficker.

Next Blog: More basic concepts of Payment System

Wednesday, August 6, 2014

Will Africa Develop the Next Generation Retail Payment Hubs

The nations of Africa quickly adopted the use of mobile phones to initiate retail payments. Is it just a matter of time before they recognize that the rest of the world still uses an archaic system that:

  • Costs too much
  • Places payer data at too much risk
  • Limits retailer’s choice of payment acceptance types
  • Plans to adopt an old technology that aggravates the 3 prior bullet points

I think the 50+ independent nations beginning to thrive already recognize western point of sale methodology does not work well in rural communities with limited access to western infrastructure and prone to attack from organized groups.

The African conference under way in DC underlines the dramatic need for an African Central Bank, not in some pie-in-the sky future, but ASAP. It really will not be that difficult to build if participants realize that two systems supported by a central bank will not require consolidation of national currencies, will allow the creation of a small value gross real time payment system, a regular gross real time payment system, and support for all currencies with a demand vs. demand currency exchange.

The benefits are great, the stakes are huge, and the stabilizing effects of a secure central financial system for the entire continent (and beyond) so important, it just amazes me that there seems to be little political will to complete the project by mid 2015. When the delegates return home, presumably with pockets full of promises, and the squabbles of nationalism preventing rapid trade movement with agreements in place, perhaps we will see a stirring of the nations in the continent and a focused plan to architect a payment system far more advanced than any currently existent. I am confident this will happen; it is just a matter of time.  I am confident because South Africa destroyed its nuclear weapons regardless of the fears of Western hawks. I am confident because Kenya has more mobile payment platforms than most. I am confident because the growing realization that western approaches benefit western firms and have terrible unintended consequences for developing social structures.

Next Blog: Will an international mobile payment initiation standard begin in Africa and take over the retail payment platform in a few years?

Saturday, August 2, 2014


I took my browser out for a stroll in Palestine this morning. I wanted to see if it was possible to purchase anything, and although it might be possible, some of the few sites that claimed to accept payment cards, seemed dodgy at best. Western Union said I had to go show up in person, and various other methods routinely accepted as legitimate payment methods in most countries did not work. 

The Palestine Authority built a gross real time payment system. It has a pipe to rebuild an economy, to loan money, to build infrastructure, to create a working civilization, but the bully boys won’t let it happen.
I wonder if the world can use the payment structure in place to stop the fighting and build a healthy independent government that wants trade with its neighbors not their destruction.  What will happen if the world in a unified voice says there will be a job, or a classroom chair, or a passport to the outside, to everyone in Palestine that wants one? If the missiles became dollars, would the majority of the people turn on the bully boys, and get back to the real work of living and building in peace. 

I do not believe that the majority of the people living in Gaza want this conflict, or see any future other than agony and death in this fight.If people see how to transform their world by using a modern payment system, will they have the courage to stand up to their bully boys and kick them out? I think they will, but only if they believe they can travel, own a thriving business, or go to a steady job every day.  The promise must be real. Soldiers cannot make promises, only politicians can do that.  Look to the example of Germany and Japan after World War II. Compare those results to the actions by politicians in the Middle East over the same period.

Next Blog: The concept of Friction in Payment systems, and its use and abuse