The Card Was and Is Only a Credential Carrier

Cash is here to stay – cards are the true dinosaurs

This question of the extinction of the payment card is misleading.

What is a payment card? It is the carrier of a set of credentials, A means of Identification offering financial Attributes capable of being authenticated by a party seeking to sell something to the individual or entity presenting the credential as a mechanism to assure payment.

Back when credit cards were designed, the goal was to offer merchants a guarantee of payment and anonymous consumers a means of paying. Behind this means of payment, a financial institution, the issuer, provides the consumer with a “Line of Credit”.

On the merchant side, another financial institution buys these guaranteed receivables from the merchant and charges the merchant a “merchant discount”. Later that day the Issuing Institution advances payment to the Acquiring Institution based on an agreed set of terms and operating rules. Terms and conditions the involved financial institutions collectively agreed upon.

For this method of payment to be effective, a large number of consumers and merchants had to agree to participate; hence the financial institutions came together and formed what we now know as MasterCard and Visa.

Given the state of technology at the time it was essential this new mechanism work without the burden and expense associated with the merchant, supported by the acquirer, contacting the issuer to receive approval, or, in stronger terms be assured of a guarantee of payment. To achieve this result, the merchant needed something to acquire the necessary information to submit a request for payment. For both the merchants and financial institutions,, there had to be a means of authentication. Designed to assure the responsible parties of the authenticity of the person or entity to present their payment credentials.

To accomplish this goal, just like with money, physical security features are integrated into the payment card designed to allow the merchant to authenticate the uniqueness of the card carrying the payment credential, thus assuring the merchant of the authenticity of the card.

Overtime criminals successfully counterfeited these security features.

As these features were compromised additional features had to be added.

Today, a computer has been embedded inside the card, in order to assure the authenticity of the payment card credentials being presented to the merchant.

These computers embedded onto the front of a payment card exploit the power of cryptography. Cryptographic certificates and digital signatures are created by and for these computers, allowing:

- The Issuer (symmetric cryptography) to support Online Authentication
- The merchant (asymmetric cryptography) to support Offline Data Authentication

These two mechanisms prove to the merchant and issuer that the card is unique and the data, credentials, and digital signature it contains or produces are authentic.

Once all the merchants have are capable of reading the data from the chip card, the security features of the card become redundant.

As these features become redundant and the merchants embrace Near Field Communications, based on the ISO 14443 standard, the issuer can replace the card form factor with anything equipped with the necessary computational capabilities and ability to communicate with the terminal over the NFC interface.

This is exactly what Apple Pay and Google Pay have done. They replaced the card with a device. Yes, the Payment Card may become redundant. But, the Payment Credentials they contain, remain.

What we know as card payments, is fundamentally an account-based solution. Money, through the defined settlement process, ultimately move from the line of credit or deposit account of the buyer, through a series of accounts with the participating financial institutions, to the account of the merchant.

Card-based credential payments
simply become
Device-based credential payments

Is hell for those who are wrong because I am right

This article offers an interesting perspective on what we believe Heaven and Hell is. It draws one to think like much of what history is. It is the thinking of people designed to categorize and allows one to pridefully assume they are either the best or the worst.

Hell therefore in thinking this way, it is for all those people who do not believe as you or are wrong because you are right.

https://www.nytimes.com/2020/01/10/opinion/sunday/christianity-religion-hell-bible.html

Why Do People Believe in Hell?

The idea of eternal damnation is neither biblically, philosophically nor morally justified. But for many it retains a psychological allure.

By David Bentley Hart

Dr. Hart is a philosopher, scholar of religion and cultural critic.

Once the faith of his youth had faded into the serene agnosticism of his mature years, Charles Darwin found himself amazed that anyone could even wish Christianity to be true. Not, that is, the kindlier bits — “Love thy neighbor” and whatnot — but rather the notion that unbelievers (including relatives and friends) might be tormented in hell forever.

It’s a reasonable perplexity, really. And it raises a troubling question of social psychology. It’s comforting to imagine that Christians generally accept the notion of a hell of eternal misery not because they’re emotionally attached to it, but because they see it as a small, inevitable zone of darkness peripheral to a larger spiritual landscape that — viewed in its totality — they find ravishingly lovely. And this is true of many.

But not of all. For a good number of Christians, hell isn’t just a tragic shadow cast across one of an otherwise ravishing vista’s remoter corners; rather, it’s one of the landscape’s most conspicuous and delectable details.

I know whereof I speak. I’ve published many books, often willfully provocative, and have vexed my share of critics. But only recently, in releasing a book challenging the historical validity, biblical origins, philosophical cogency and moral sanity of the standard Christian teaching on the matter of eternal damnation, have I ever inspired reactions so truculent, uninhibited and (frankly) demented.

I expect, of course, that people will defend the faith they’ve been taught. What I find odd is that, in my experience, raising questions about this particular detail of their faith evinces a more indignant and hysterical reaction from many believers than would almost any other challenge to their convictions. Something unutterably precious is at stake for them. Why?

After all, the idea comes to us in such a ghastly gallery of images: late Augustinianism’s unbaptized babes descending in their thrashing billions to a perpetual and condign combustion; Dante’s exquisitely psychotic dreamscapes of twisted, mutilated, broiling souls; St. Francis Xavier morosely informing his weeping Japanese converts that their deceased parents must suffer an eternity of agony; your poor old palpitant Aunt Maude on her knees each night in a frenzy of worry over her reprobate boys; and so on.

Surely it would be welcome news if it turned out that, on the matter of hell, something got garbled in transmission. And there really is room for doubt.

No truly accomplished New Testament scholar, for instance, believes that later Christianity’s opulent mythology of God’s eternal torture chamber is clearly present in the scriptural texts. It’s entirely absent from St. Paul’s writings; the only eschatological fire he ever mentions brings salvation to those whom it tries (1 Corinthians 3:15). Neither is it found in the other New Testament epistles, or in any extant documents (like the Didache) from the earliest post-apostolic period. There are a few terrible, surreal, allegorical images of judgment in the Book of Revelation, but nothing that, properly read, yields a clear doctrine of eternal torment. Even the frightening language used by Jesus in the Gospels, when read in the original Greek, fails to deliver the infernal dogmas we casually assume to be there.

On the other hand, many New Testament passages seem — and not metaphorically — to promise the eventual salvation of everyone. For example: “Therefore, as one trespass led to condemnation for all men, so one act of righteousness leads to justification and life for all men.” (Romans 5:18) Or: “For as in Adam all die, so also in Christ shall all be made alive.” (1 Corinthians 15:22) Or: “He is the propitiation for our sins, and not for ours only but also for the sins of the whole world.” (1 John 2:2) (Or: John 13:32; Romans 11:32; 1 Timothy 2:3-6; 4:10; Titus 2:11; and others.)

Admittedly, much theological ink has been spilled over the years explaining away the plain meaning of those verses. But it’s instructive that during the first half millennium of Christianity — especially in the Greek-speaking Hellenistic and Semitic East — believers in universal salvation apparently enjoyed their largest presence as a relative ratio of the faithful. Late in the fourth century, in fact, the theologian Basil the Great reported that the dominant view of hell among the believers he knew was of a limited, “purgatorial” suffering. Those were also the centuries that gave us many of the greatest Christian “universalists”: Clement of Alexandria, Origen, Gregory of Nyssa, Didymus the Blind, Theodore of Mopsuestia, Diodore of Tarsus and others.

Of course, once the Christian Church became part of the Roman Empire’s political apparatus, the grimmest view naturally triumphed. As the company of the baptized became more or less the whole imperial population, rather than only those people personally drawn to the faith, spiritual terror became an ever more indispensable instrument of social stability. And, even today, institutional power remains one potent inducement to conformity on this issue.

Still, none of that accounts for the deep emotional need many modern Christians seem to have for an eternal hell. And I don’t mean those who ruefully accept the idea out of religious allegiance, or whose sense of justice demands that Hitler and Pol Pot get their proper comeuppance, or who think they need the prospect of hell to keep themselves on the straight and narrow. Those aren’t the ones who scream and foam in rage at the thought that hell might be only a stage along the way to a final universal reconciliation. In those who do, something else is at work.

Theological history can boast few ideas more chilling than the claim (of, among others, Thomas Aquinas) that the beatitude of the saved in heaven will be increased by their direct vision of the torments of the damned (as this will allow them to savor their own immunity from sin’s consequences). But as awful as that sounds, it may be more honest in its sheer cold impersonality than is the secret pleasure that many of us, at one time or another, hope to derive not from seeing but from being seen by those we leave behind.

How can we be winners, after all, if there are no losers? Where’s the joy in getting into the gated community and the private academy if it turns out that the gates are merely decorative and the academy has an inexhaustible scholarship program for the underprivileged? What success can there be that isn’t validated by another’s failure? What heaven can there be for us without an eternity in which to relish the impotent envy of those outside its walls?

Not to sound too cynical. But it’s hard not to suspect that what many of us find intolerable is a concept of God that gives inadequate license to the cruelty of which our own imaginations are capable.

An old monk on Mount Athos in Greece once told me that people rejoice in the thought of hell to the precise degree that they harbor hell within themselves. By which he meant, I believe, that heaven and hell alike are both within us all, in varying degrees, and that, for some, the idea of hell is the treasury of their most secret, most cherished hopes — the hope of being proved right when so many were wrong, of being admired when so many are despised, of being envied when so many have been scorned.

And as Jesus said (Matthew 6:21), “Where your treasure is, there will your heart be also.”

David Bentley Hart is the author, most recently, of “That All Shall Be Saved: Heaven, Hell, and Universal Salvation.”

Cryptocurrency – built on the hopes and dreams of the masses

As is my habit each morning I run through a serious of Google Alerts scanning and reading those that tweak my interest. One of these alerts helps me to stay abreast of what is happening in the crypto market. Most often times the articles present the hype and expectation of those enamored with Bitcoin and the excitement the last ten years of cryptocurrency excitement has wrought.

One article’s conclusion deserves a bit more thought.

5 Costly Tech Mistakes Crypto Beginners Make

There’s a lot of money to be made in cryptocurrency, but it belongs to those who can avoid making ruinous mistakes.

Whether you’re trading or mining, it is important to treat your endeavor with the utmost care and diligence.

As a crypto newcomer, you will go much farther and enjoy success if you note these tech-mistakes and steer clear of them.

This middle sentence once again reinforces my skepticism.

What is behind these immaterial assets?

Is the price of a bitcoin simply the result of the actions of crypto believers, speculators, and gamblers?

Is a cryptocurrencies price driven by the value of the reward required by miners to cover their cost for electric, space and computer resources?

Unlike the US dollar, the British pound, Swiss Franc or other stable country issued currency built on “trust” in the future of the USA, UK or Switzerland; these new currencies are built on peoples’ belief in a speculative and trustless cryptographic universe.

In essence, these cryptocurrencies are built on
The hopes and dreams of many

Behind all of this is the cost of supporting these cryptocurrencies. Costs measured in electric bills and the investment in racks of mining resources “computers”. Is it the ever-increasing need for computation power that drives the ever-increasing need for higher rewards set against the process of halving, apparently designed to address inflation.

This mystery of “inflation” leaves me wondering if inflation of the price a built-in part of a scheme to assure the original and still invested success of the few?

In the Digital world certificates replace so many things

What is a certificate? A certificate as defined by Merriam Webster

certificate noun

1: a document containing a certified statement especially as to the truth of something
specifically: a document certifying that one has fulfilled the requirements of and may practice in a field

2: something serving the same end as a certificate

3: a document evidencing ownership or debt

certificate verb

: to testify to or authorize by a certificate

When we designed the EMV specification we employed a cryptographic mechanism to assure the merchant and ultimately the issuer of the presence of a uniquely issued payment card. The goal, address the weakness of the security features then present on a physical payment card.

For the merchant – a local mechanism capable of allowing the device – the point of sale to attest to the membership of that card to the family of cards issued under one of the Payment Network brands.

For the Issuer – a mechanism where the card signed transaction details the merchant would forward a digital certificate – the cryptogram – to the issuer for authentication. This cryptogram included in the message sent to the issuer assured the issuer, the card they issued; was presented to the merchant as a means of payment, for the transaction.

What is a payment card? – It is a certificate, issued by a financial institution, designed to guarantee the merchant will be paid – if they follow the agreed payment brand rules.

What is a ticket? – It is a certificate, issued by the movie theater, or a designated vendor, granting access to some venue or event.

What is a license? – It is a certificate, issued by some authority identifying your right to be or the ability to do something.

In the digital world, certificates are strings of characters, such as 2FG%4T678&b23, created, using some mechanism, by an Authority. The readers, of these characters, use the certificate to Authenticate the uniqueness and Authority associated with the presentation of this certificate by someone or thing to something or someone.

A morning to reflect

The Sunday after Christmas and one wonders if people are here thinking of family, food, fun. Or, if they are reflecting on the wonder of words Jesus spoke, the majesty of his message and the wholeness of the teaching of love, peace, mercy, and friendship.

Instead, one is drawn to reflect on reality. A world divided along religious, racial and cultural lines. Be it right from left, liberal from conservative or male from female.

I was once told to never ask the WHY question. Yet, it is this one question we each must consider when we think of the divisions surrounding us.

A new year is around the corner. The ability to change is inherent in all of us. the challenge is to put friendship and love first. Then we can think of bounty and the goodness of this earth.

First, we must put our mind to preserving the majesty of what the creator enabled.

To Identify or to Authenticate what is the difference?

Today I read an article on LinkedIn

‘Identification’ is to give an answer to the question of ‘Who is he/she?’, while ‘Authentication’ is to answer ‘Is he/she the person who he/she claims to be?’

This distinction for me is clear. Yet, based on this article, and personal observation, people do not appreciate the unique difference between these two words.

For those who remember the film War Games, the two young adults were able to access the game simply by learning tidbits about the author of the program. “Joshua” is the critical fact our young hackers unveiled. This single word was both the identifier and the password. A simplistic form of Identification which some may confuse with Authentication.

Our driver’s license number, credit card numbers, passport number, social security number, employee number, email address or other aliases; are identifiers. These values are and should have remained, simple means of linking someone to the person who initially registered on a web site.

We then link these identifiers to a means of Authentication, an Authenticator. We then use the authenticator combined with the identifier to assure Identification. The recent NIST 800-63 standard defines the strength of an Authenticator. The simple reality the authenticator can be a combination of things you know, things you have, and things you are. Combining these factors create different strengths of Authentication.

Back in the day, a password, if properly constructed, was a very strong means of authentication. Unfortunately remembering numerous and unique passwords is unmanageable.

One of the issues we face is how so many entities, companies, and other enterprises have taken the identifier and allowed it to also become a means of Identification, a secret.

As soon as a simple number or string of letters designed as public information, to be shared with others; became a means of Identification we created an untenable situation.

The Surveillance State Exists for Profit

I hope we all understand the data collected on each of us

https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html

https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

As a technologist, the revelation of what is available did not surprise me. I understood how location can easily be captured from all of the electronic devices I use. Be it the GPS chip, the triangulation of Cell Towers or the IP address of the router I am using to access the Internet. Where I am is easily acquired by any application or server I am employing.

What bothered me is that “We the People” have not pushed our governments to regulate the capture and use of this very personal information and data. What bothers me is that most of the citizens of this country or this world do not take the time to read the terms and conditions or the privacy statements provided to us and so often simply consented to them without a thought. And, if they did read them, most of us would not appreciate the language and therefore the meaning of these legal documents.

The surveillance state is real. Marketing companies, employers and so many others are buying the data and using it to improve their delivery of services, advertisements and so much more.

https://www.linkedin.com/pulse/i-hope-we-all-understand-data-collected-each-us-philip-andreae/

Is Identity Dead – The answer is Authentication

Today 2019-12-12 I found my way to the following article and associated podcast.

https://diginomica.com/fall-event-highlight-steve-wilson-says-digital-identity-dead-so-where-do-we-go-here

https://www.constellationr.com/blog-news/identity-dead

Below is a flow of thought as I read and listened. to Jon Reed and linkedin.com/in/lockstep Stephen Wilson discuss this most interesting topic.

Surveillance Capitalism – So many are taking advantage of our data!

We need to evolve through the pony express stage of data management, and get to a point where there are responsible data intermediaries who are being held to account.

Identity management, for me, is about proving things about myself. I want to log onto a bank and prove that I have a particular bank account. Sometimes I want to log on and prove that I am the controller of a multi-party bank account with my wife. And sometimes I want to log onto a health service and prove my health identity. So this is all about proving things about me in different contexts.

In the podcast, they beg the question “Why is the Digital Identity problem still any issue”? This leads one to think about the scale and expectation so many have surrounding this idea of “DIgital Identity”!

They then go on to ask the question What is two-factor authentication and remind us that our phone is a two-factor device, exactly what the standards FIDO Alliance worked to develop. They remind us of the reality that people look after their phones. We know when our phone is not with us.

Why not simply bind my identity to my phone.

Mr. Wilson sees the phone as the second factor. I would suggest our devices, bond to our identity, is the primary factor.

Mr. Wilson reminds us that Identity is all about Verifying Claims. We claim to be someone and the relying party seeks to confirm that I am who I claim to be. Or, when I seek to log back into a website, the relying party needs to make sure it is I – the same person who the relying party originally proofed, registered and agreed on an identifier and an associated means of authentication.

Attributes are more interesting than Identity

Attributes are what matters in the various relationships we have when we interact with another. As we think about our data we need to think seriously about what other parties need to know about us and what we wish to share with them. Efforts in Europe to institute GDPR and the efforts in California to implement CCPA

As I continued to read and follow the thread I ended up at a W3C working group working on “Verifiable Claims” and found the following:

Abstract

A verifiable claim is a qualification, achievement, quality, or piece of information about an entity’s background such as a name, government ID, payment provider, home address, or university degree. Such a claim describes a quality or qualities, property or properties of an entity which establish its existence and uniqueness. The use cases outlined here are provided in order to make progress toward possible future standardization and interoperability of both low- and high-stakes claims with the goals of storing, transmitting, and receiving digitally verifiable proof of attributes such as qualifications and achievements. The use cases in this document focus on concrete scenarios that the technology defined by the group should address.

The truth is that Identity Providers, as imagined, can’t deliver. Identity is in the eye of the Relying Party. The state of being identified is determined by a Relying Party (RP) once it is satisfied that enough is known about a data subject to manage the risk of transacting with them.

We are expecting people to be better than smarter than the crooks. This is an interesting thought that begs the question.

How do “we the people” trust anything we hear, read or otherwise come across.

How does each of us keep up with all of the various products, standards, specifications and other efforts to develop stuff capable of securing our “IDENTITY”?

I am a firm believer in the work the FIDO ALLIANCE and W3C’s work on Web Authentication and recommend its adoption and use based on authenticators capable of adhering to a level of security certification commensurate with the associated risk of the acts, transactions, information, and services offered by the relying party to the user.

Cryptocurrencies, Politics and the Future

A world of volatility and speculation

This morning hash rates, degrees of difficulty and the creating of derivatives to moderate the risk of Bitcoin mining drew me in. Several years ago I was asked to participate in a fireside chat on Crypto-currencies at the Federal Reserve in Atlanta.

Blockchain A FireSide Chat

One of my concerns then and still today is the exponential growth in the cost of mining. These charts offer a perspective on a concept called the Hash Rate, a measure of the work necessary to create a block. Clearly, as time marches forward, the work to earn the reward gets harder. Thus creating a need to increase the fees charged to add a transaction within a block to the chain.

When people speak to the justification of Bitcoin they would speak to the reduction in cost. Is this statement still valid?

Disruption, lies, and politics

While considering the potential of Bitcoin; the working of our government rambles on, as we consider the fate of the American President. Lies, bribes, abuse, and obstruction seems to be the order of the day.

The division between political parties; drives division within families, cities, and two people sitting together over lunch creates animosity.

We are now a world driven to speculate or better said gamble while not wanting to find a gentle and graceful road to mutual satisfaction.

We need to reflect consider and potential restore faith in what is real, what is just and what is fair for all.

Spending money on machines of war instead of investing in education and our environment makes no sense to this lone individual. We need to once again seek peace and justice.

Identity – A Most Complex Thought

The idea of my identity, your identity, and our identity took me on a journey into social norms, physical realities, spiritual considerations, psychological consideration, and philosophy. Starting with the classic approach of learning the definition of a word takes us to the dictionary. What then assured the complexity of my quest is each of several definitions is similar, but, not the same.

I then found an interesting quote:

G.K. Chesterton once observed that the “special mark of the modern world is not that it is skeptical, but that it is dogmatic without knowing it.” His point was that moderns have forgotten that they are assuming what they believe to be a given. “In short,” he concludes, “they always have an unconscious dogma; and an unconscious dogma is the definition of a prejudice.”

With this thinking in mind on definition stood out:

identity n.

1. 1. 1. 1. an individual’s sense of self defined by (a) a set of physical, psychological, and interpersonal characteristics that is not wholly shared with any other person and (b) a range of affiliations (e.g., ethnicity) and social roles. Identity involves a sense of continuity, or the feeling that one is the same person today that one was yesterday or last year (despite physical or other changes). Such a sense is derived from one’s body sensations; one’s body image; and the feeling that one’s memories, goals, values, expectations, and beliefs belong to the self. Also called personal identity.
      2. in cognitive development, awareness that an object is the same even though it may undergo transformations. For example, a coffee cup remains the same object despite differences in distance, size, color, lighting, orientation, and even shape. Also called object identity.

I then thought of the various ways people expand on this word Identity and began to build a list.

- - - Brand Identity
    - Cultural Identity
    - Digital Identity
    - Ego Identity
    - Emotional Identity
    - Ethnic Identity
    - Family Identity
    - Gender Identity
    - intellectual Identity
    - Material Identity
    - Moral Identity
    - National Identity
    - National Identity
    - Official Identity
    - Organizational Identity
    - Personal Identity
    - Physical identity
    - Political Identity
    - Psychology Identity
    - Racial Identity
    - Sexual Identity
    - Social Identity
    - Spatial Identity
    - Visual Identity

I am convinced my list is not complete. What I can say is each item can be found in an article, definition or other written material produced by others.

As a final thought
Understand our identity leads one to wonder
“Who am I”
an Existential question
we each must answer for ourselves

xmaslist

Merry Christmas All

Welcome to the Andreae Secret Santa Wish List

This is the original message Liz sent via Messenger slightly modified.

Good afternoon, I am writing you this note to let you know that we are going to do Christmas a little different this year.

We are going to draw names (actually I’m going to use a random number generator to pick names from oldest to youngest) for whom you will buy Christmas presents.

Married couples will be treated as one unit, unless each member of the couple wants to buy a present.

The dollar amount for the presents will be between $50 and $150 (the lower dollar amount is for those who have just gotten out of school and just are starting with their jobs).
To make sure everyone gets what they want, we are each going to make a wish list with gifts in various price ranges. We will draw names after Thanksgiving.

Please post your wish list here and have it ready by December 1. This should be a fun new family tradition.

Please use the comment section below to publish your Christmas wishes.

We assume Santa will also be reading entrees on this Blog and will be checking the list at least twice to find out who has been naughty or nice. Hint, Hint Santa Claus.

Philip will approve without edits or comment, all comments/wishes emanating from family members. The need for approval is simply to avoid SPAM across the Blog

Why do we humans ignore the instruction of the ages

John 23:¹ Woe to the shepherds who destroy and scatter the sheep of my pasture! says the LORD. ² Therefore thus says the LORD, the God of Israel, concerning the shepherds who shepherd my people: It is you who have scattered my flock, and have driven them away, and you have not attended to them. So I will attend to you for your evil doings, says the LORD. ³ Then I myself will gather the remnant of my flock out of all the lands where I have driven them, and I will bring them back to their fold, and they shall be fruitful and multiply. ⁴ I will raise up shepherds over them who will shepherd them, and they shall not fear any longer, or be dismayed, nor shall any be missing, says the LORD. Woe to the shepherds {officials, kings, priests governors} who destroy and scatter the sheep of my pasture! says the LORD. ² Therefore thus says the LORD, the God of Israel, concerning the shepherds who shepherd my people: It is you who have scattered my flock, and have driven them away, and you have not attended to them. So I will attend to you for your evil doings, says the LORD. ³ Then I myself will gather the remnant of my flock out of all the lands where I have driven them, and I will bring them back to their fold, and they shall be fruitful and multiply. ⁴ I will raise up shepherds over them who will shepherd them, and they shall not fear any longer, or be dismayed, nor shall any be missing, says the LORD.

When I read this passage of today’s liturgy I was drawn to think of the Shepperd as those responsible to lead and the sheep those who are led. If the sheppards seek to control, kajoul and threaten the sheep with taxes, racist jargon or lies wend up with a tribe bent to the will of these malicious leaders who seek to profit from the efforts of others.

One is then drawn to ponder the colonial instincts of various nations to subjugate others to their will.

Tribalism, nationalism and racism these are all driven by the greed and a belief one is better than another.

The Identifier should not be the Authenticator

I was asked to look into the value of the EMV Secure Remote Commerce Specifications. In the first section they wrote:

“1.1 Background … While security of payments in the physical terminal environment have improved with the introduction of EMV specifications, there have been no such specifications for the remote commerce environment. …”

This statement caused a bit of angst. It caused me to think of the work to create SET and Visa’s efforts to promote the original version of 3D-Secure. I was further reminded of how difficult it has been to find the balance between convenience and fraud and how merchants are more worried about abandonment than they are about the cost of fraud. Ultimately, it caused me to wonder about the goal of the EMV 3-D Secure specification.

“To reflect current and future market requirements, the payments industry recognised the need to create a new 3-D Secure specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. This led to the development and publication of the EMV^® 3-D Secure – Protocol and Core Functions Specification. The specification takes into account these new payment channels and supports the delivery of industry leading security, performance and user experience.”

The keywords found in the last sentence “the delivery of industry leading security, performance and user experience” suggest these two specifications are searching to solve the same problem.

According to the Oxford dictionary

Security is

“The state of being free from danger or threat.”

“Procedures followed or measures taken to ensure the security of a state or organization.”

Authentication is

“The process or action of proving or showing something to be true, genuine, or valid.”

“Computing The process or action of verifying the identity of a user or process.“

On this same page, the authors go on to make the following statement

“… there is no common specification to address the functional interactions and transmission of data between the participants.”

This then causes me to wonder about the original ISO 8583 specification, the current ISO 20022 specification, and the subsequent concept of the three-domain model within the 3D-Secure specification. All three of these specifications define the interaction between the participants while not restricting the method of transmitting the data. It seems the authors of the SRC specifications have forgotten history. Or, are they trying to rewrite history.

At this stage, Authentication seems to the most important part of what EMV is attempting to address. But, the focus seems to be more about rewriting history that solving the fundamental problem. We seem to have this desire to take public identifiers and convert them into secrets.

“An industry transition from a dependency on Consumer entry of PAN data can be accomplished by providing an SRC specification that meets the needs of all stakeholders involved.”

These intriguing contradictions beg the question. Why did the authors of the Secure Remote Commerce specification not reference the good work of those that created the 3D-Secure specification and propose an approach unlike EMV? They all are part of the same organization!

Is the goal not to address authentication and Security of the payment transactions, be they instore or on the Internet. I would argue

We allowed the PAN, the payment card identifier, to become a means of authentication

This use of the PAN as both an identifier and an authenticator; reminds me of a hearing of the United States House Committee on Ways and Means May 17th, 2018 hearing on “Securing Americans’ Identities: The Future of the Social Security Number”.

“House Ways and Means Social Security Subcommittee Chairman Sam Johnson (R-TX) announced today that the Subcommittee will hold a hearing entitled “Securing Americans’ Identities: The Future of the Social Security Number.” The hearing will focus on the dangers of the use of the Social Security number (SSN) as both an identifier and authenticator, and examine policy considerations and possible solutions to mitigate the consequences of SSN loss or theft.”

All the witnesses and most of our members of congress accepted and understood the problem. We allowed a simple government-issued identifier to become a means of authentication, in other words, an authenticator. Like allowing the social security number and now also the PAN to become part of how we authentic someone’s identity. We caused these publically available identifiers to become valuable and sensitive PII data.

Cardholder Authentication and Consumer Device Identification

What is clear, as one continues reading the SRC specifications, is the goal is to reduce the frequency of presenting payment credentials on merchant websites.

“Minimising the number of times Consumers enter their Payment Data by enabling consistent identification of the Consumer and/or the Consumer Device”

A very different approach to what the payment schemes do with the EMV based payment process. The authors of EMV saw the PAN as public data, they architected something designed to assure the uniqueness of the card and the ability to positively verify cardholder. Card Authentication and Cardholder Verification.

Why not simply think and focus on the same architecture? Simply change the word “card” to “device” and focus on Device Authentication and Cardholder Verification or as everyone is promoting Multi-Factor Authentication. We simply need to make sure the thing is genuine and the right individual is using the thing. The thing is what the cardholder has – The “what you have” factor. Add a pin/password or better still a biometric to be the second factor the “what you know” or “what you are” factor.

EMV 3D-Secure creates the ability to exploit the “what you have” factor by offering Device fingerprint data to the issuer’s authentication process.

A Nation Divided

Reviewing Facebook comments I worry for some who have lost sight of the center. We as a country or maybe we as a globe appear to be splintering into two oppositional groupings.

Some simply brand the divide as the Right and the Left or the Liberals and the Conservatives.

With this in mind, we should look back in history. At 5 PM June 16th, 1858 Abraham Lincoln spoke in the Springfield Illinois Hall of Representatives. He spoke of the issue of slavery yet if we reflect on the bigger issue he was also speaking to those who still insist on racial, religious or any other difference as reason for segregation.

If we delve back in time we find in Luke 11:17, Matthew 12:25 and Mark 3:25 writings of how Jesus spoke of a simple reality. Every Kingdom or house divided against itself will be laid waste, become a desert, fall upon itself or will not stand.

We could read and listen to the lyrics of Dave Mustaine.

Brother will kill brother
Spilling blood across the land
Killing for religion
Something I don’t understand

Fools like me, who cross the sea
And come to foreign lands
Ask the sheep, for their beliefs
Do you kill on God’s command?

A country that’s divided
Surely will not stand
My past erased, no more disgrace
No foolish naive stand

The end is near, it’s crystal clear
Part of the master plan
Don’t look now to Israel
It might be your homelands

Holy wars

Upon my podium, as the
Know it all scholar
Down in my seat of judgement
Gavel’s bang, uphold the law
Up on my soapbox, a leader
Out to change the world
Down in my pulpit as the holier

Than-thou-could-be-messenger of God

Wage the war on organized crime
Sneak attacks, repel down the rocks
Behind the lines
Some people risk to employ me
Some people live to destroy me
Either way they die, they die

They killed my wife, and my baby
With hopes to enslave me
First mistake, last mistake!
Paid by the alliance, to slay all the giants
Next mistake, no more mistakes

Fill the cracks in, with judicial granite
Because I don’t say it,
Don’t mean I ain’t thinkin’ it
Next thing you know, they’ll take my thoughts away
I know what I said, now I must scream of the overdose
And the lack of mercy killings
Mercy killings
Mercy killings
Killings, killings, killings, killings
Mercy you know, they’ll take my thoughts away

In the end, the question is clear

When will we learn?

Pay to be Paid

An interesting concern and a telling phrase. When one Googles the phrase “Pay to the Paid” the result takes us into the contracts associated with Protection and Indemnity insurance P&I.

When I entered the search term, I was thinking about how financial institutions see ‘payments’ as a revenue source. In particular, the word ‘Interchange’ springs to mind. I remember sitting in a management meeting in Foster City, at the Visa International offices, as we discussed the results of a McKinsey study this study stated the banks were not earning from their most frequent activity – processing payments.

We then as Visa saw a need to help our members appreciate the breadth and complexity of this simple word “Payment”. Payment Zsars and Gurus were all the rage. International Banks spent millions to create payment factories capable of supporting ACH, WIRE, Swift and card payment. Was the goal to streamline the process? For some, yes! For others, the focus was on reducing costs. For others, they focused on creating a sticky proposition capable of assuring long term relationships with their corporate clientele. For all, increase revenue and profit.

Did any actually think to focus on streamlining the mechanical process of moving money between two individuals or entities? Many will argue yes. Why did they not seek to develop Real-time Gross Settlement Systems, RTGS? Why is it only new economies that saw these opportunities?

The answer often comes back to the fear of cannibalizing existing sources of revenue or even worse making a legacy solution redundant.

It is time to move to Multi-Factor Authentication built on a Restricted Operating Environment

Passwords should become a thing of the past. Here’s why

This morning one of my Google alerts found a blog coming from the World Economic Forum. It reminds us of the inventor of the password Fernando Corbato. In an interview with the Wall Street Journal, he said passwords have become “a nightmare”.

The open question is how do we solve for the nightmare of password management we have created that is both effortless and secure.

This article calls for private enterprise and our governments to find answers. I hope in finding these answers capitalism and profit do not become the reason to act. I hope social responsibility and community action drive all to find answers that are affordable, convenient, secure and more importantly consumer-friendly.

We Keep Talking About It, When Will We Solve For Identity in the Digital Space

This morning I read an article in the Financial Times The real story behind push payments fraud. What is disturbing, the acceptance of fraud and the focus of bankers on adding fees (like Interchange) to help cover the cost of fraud. This article speaks to Push Payments and how liability shifts from the merchant back to the Issuer and ultimately the consumer. It makes reference to Pull Payments and the use of debit cards where the fraud liability, unless online, is the merchants’.

To address card payment fraud in the physical world the payment schemes developed EMV. In the digital or eCommerce realm everyone accepted allowing the merchants to not attempt to authenticate the cardholder and simply ask the consumer to provide openly available data {cardholder name, PAN the account number, expiry date, and address details}; if they, the merchant, would accept liability for any fraud.

As the world moves to embrace “Faster Payments” and Real-Time Gross Settlement ‘RTGS’, instead of focusing on assuring the identity of the sender and the recipient; we assume fraud will occur.

Why not focus on solving the problem? Solving for Digital Identity solves for Card Not Present fraud, RTGS fraud, Faster Payment fraud, and so much more.

God of Israel

Who is this God of one place. It is not the God of my imagination. The God of my imagination extends far beyond Israel, extends to all mankind.

God is a spirit who does not care how we worship. God only seeks the memory of the grace of God, the story of those who spoke boldly of each of our responsibility to love and do for others as we would expect to be loved. The doing is the key to our social engagement.

Generational poverty this is the bane of our society. This division between those that are brought up with and those brought up without. How do those without escape poverty. What hand reaches out across the abyss to help those without.

Or is it capitalism without a thought for society. The innovation capitalism and the effort of those who can is significantly better than the concept of a society managed by the few for the many. When there is nothing unique to be gained for our effort, the desire to do our best is lost. The flaw of capitalism is when wealth and power become the aims. It is this concentration of wealth and power which takes from the many to benefit the few.

We must find a method to merge the good of capitalism with the warmth and humanity of socialism. We must help the powerful to appreciate their role to help the many. We need to find a way to share wealth while assuring the individual desire to innovate and strive to create, Shepard’s and be good stewards.

Nature, the resources and the spirit within society and this earth are here to be employed, conserved and cherished. When greed wants for me and my pride assumes I am better than you then we lose and society slips into conflict within itself and with its neighbors.

The End of Time

Today at Church the sermon started with a reading of Wacky Wednesday. A story of how we wake and nothing fits into place or is as it should be.

Our rector then proceeds to like it to today’s passage in Luke’s Gospel

21:⁷ They asked him, “Teacher, when will this be, and what will be the sign that this is about to take place?” ⁸ And he said, “Beware that you are not led astray; for many will come in my name and say, ‘I am he!’* and, ‘The time is near!’ Do not go after them.

⁹ “When you hear of wars and insurrections, do not be terrified; for these things must take place first, but the end will not follow immediately.” ¹⁰ Then he said to them, “Nation will rise against nation, and kingdom against kingdom; ¹¹ there will be great earthquakes, and in various places famines and plagues; and there will be dreadful portents and great signs from heaven.

¹² “But before all this occurs, they will arrest you and persecute you; they will hand you over to synagogues and prisons, and you will be brought before kings and governors because of my name. ¹³ This will give you an opportunity to testify. ¹⁴ So make up your minds not to prepare your defense in advance; ¹⁵ for I will give you words and a wisdom that none of your opponents will be able to withstand or contradict. ¹⁶ You will be betrayed even by parents and brothers, by relatives and friends; and they will put some of you to death. ¹⁷ You will be hated by all because of my name. ¹⁸ But not a hair of your head will perish. ¹⁹ By your endurance you will gain your souls.

The sermon reminds us of the time after the destruction of the Second Temple in Jerusalem. I, maybe we, are caused to reflect on current times. I wonder of the impeachment investigation. I worry of the conflicts within families. The fractured nature of civil society. The structure of our economy where wealth accumulates at the top and flows away from those in the lower 50%. A a global worry; driven by dictators tyrants, democracies and republics. No social system has yet found the way of balance.

Battles of religion and belief bring lose, assure destruction and feed those that profit from conflict.

Our spiritual leaders, Jesus Christ, the vortex of so many before, brought all of the positive thoughts from within and beyond. Asked each of us to adhere to two simple commandments.

Why can’t we? Is it greed? Is it our pride?

Until we finally understand we are all the same and yet different. Stewards of this earth. Servants here to care for each other.

when the end, is it simply the fear of what we see today and know has been. Is there an end or simply repetition of the continuous conflict between tribes who can’t see the value of love and peace.

What is a Cryptocurrency or better yet why do we want them

As a member of a committee responsible to develop the agenda for Payment Summit this February in St Lake City, we’ve been discussing a panel on Cryptocurrency. The initial conversation spoke of blockchain and cryptocurrencies and how these two topics, while related, need to be independent of each other.

With an agreement to focus on Cryptocurrency, I began to ask myself, “What is a cryptocurrency”?

Off to the Internet. My computer instantly offered a definition.

cryp·to·cur·ren·cy /ˈkriptōˌkərənsē/ noun

A digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank

- - - ‘decentralized cryptocurrencies such as bitcoin now provide an outlet for personal wealth that is beyond restriction and confiscation.’
    - ‘States will undoubtedly resist the spread of cryptocurrencies.’
    - ‘Bitcoin was the first widely used cryptocurrency, but few people know it is not the only one.’
    - ‘What does your cryptocurrency allow people to do that they could not do otherwise, and how does it help them do existing tasks more quickly or cheaply?’
    - ‘If cryptocurrencies are like other speculative activities, the early players and the big players benefit to the detriment of the late entrants and the small players.’
    - ‘As with all cryptocurrencies, price is based on supply and demand.’‘Even with recent fluctuations, the total value of the cryptocurrency is still over eight billion USD.’
    - ‘The majority of cryptocurrency activity still appears to be speculative.’
    - ‘A cryptocurrency may be hackable, but it can also be really, really, really hard to hack—harder than robbing a bank.’

The interesting challenge in this definition is the words “operating independently of a central bank”.

In September 2017 the Bank of International Settlement BIS published a report on Cryptocurrencies. This report spoke to the idea of CBCC or Central Bank Cryptocurrency. The authors offered a diagram known as the Money Flower. The flower positions this idea of CBCC within the world of money and argues a Central Bank could easily create a sovereign cryptocurrency.
The article then goes on to describe a series of examples. As I moved through the document I was drawn to the idea of Digital Currency and once again was compelled to search for clarity. At the same time I noted the recent announcement by China and how the European Union recently suggested the European Central Bank consider just such an investment.

During my research, I was reminded of the work of David Chaum and remembered how early in the growth of Bitcoin someone suggested David could be Satoshi Nakamoto. I am also reminded of my time at Europay and how we explored the use of Chip Cards, given their hardware and cryptographic capabilities, to create a Cash Replacement, Mondex. In parallel with our efforts Visa Cash emerged, Proton, Chip Knip, Chipper and, others emerged. This led me to a BIS report on Electronic Money.

Looking back in history to the early discussions of Electronic Money and read the early views of the European Union and the US Treasury, it reminded me of some of the original concepts and issues. I’m reminded of words like anonymity, traceability, origination, and sovereignty.

Anonymity and the lack of traceability are what criminals and Silk Road Market Place saw as the benefit of Bitcoin. The concepts of origination and sovereignty clearly are key to the thinking of Governments and Central Bankers and critical elements of the origin of Bitcoin, as expressed in the original white paper.

What these cryptographers have created is amazing, yet one worries about who is responsible for and benefits from the origination of Bitcoins, forks of Bitcoins and the multiple cryptocurrencies now in existence.

If we look inside Bitcoin its architecture promotes the idea of mining and allows the successful miner to originate new bitcoins. They argue this is the incentive driving participation. I then wonder about the cost of Bitcoin mining or the cost of Ethereum mining. Does the cost of supporting Bitcoin justify its continued existence? Does the supposed benefit of cryptocurrencies justify the profit earned by the miners who support the work to assure consensus?

As my research progressed I ran into a speech given at a conference and the Bundesbank Money in the digital age: what role for central banks? The article attempts to address three questions:

- - What is money?
  - What constitutes good money, and where do cryptocurrencies fit in?
  - And, finally, what role should central banks play?

The author’s arguments are worthy of consideration. Especially the questions of efficiency and trust.

The question we all must consider
What is money?
Especially in the global and emerging digital market place.

In the end, I remain confused and concerned. Digital Money, Electronic Money, Digital Currencies, Cryptocurrencies, Feit Money, stablecoins and the potential of the distributed ledger clearly are set to disrupt much.