Author: Philip Andreae

Going Cashless

For some twenty plus years I can remember hearing people speak of the dream of an economy without coin and paper money. A dream, driven by the desire to promote the use of electronic payments.

Over the last months, a number of articles focus on promoting the idea of a cashless society.  They all speak to the advantages and attempt to promote the concept, arguing we can:

  • Eliminate the concern of thugs insisting at gunpoint for the cash
  • Reduce the risk of employee theft
  • Stop paying people to count all those dirty coins
  • Remove the need for an expensive safes
  • Stop paying to have a specialist truck take the money to the bank
  • Eliminate the grey market

The business case for a merchant to eliminate cash seems to be beneficial.   Many have tried and succeeded to no longer accept cash.

At the same time articles report on the new regulations; various cities and states are implementing and considering, intent on outlawing merchants from going cashless.  The argument often focuses on how eliminating cash disadvantage the underbanked.

Then there is reality! As a consumer, I recently have been surprised at the need to carry cash and the unsettling pleasure of finding that I still had  cash in my leather wallet.

The first wake up to this reality took place while driving from St Simons, GA to the Orlando International Airport. In the trusting hands of Google Maps, I traveled down I-95, across I-4 and was directed to the FL-417. Suddenly a road sign informed me that I was on one of the various Florida toll roads.  above my head was a road sign indicating which lane to move into, based on my preferred method of payment. Driving a car that was not mine and knowing it did not possess a PeachPass, my only option was cash. Fortunately, I had cash and was able to continue my journey.

The following Friday my father and I went to The Lodge to play Sniff, a dominoes game. The game was competitive and cash was the only method to settle. With a bit of cash in my pocket, I was able to pay the few dollars I lost.

One Saturday a street vendor in front of the local Harris Teeter was selling spare ribs. When I went to pay they informed me, they only accepted cash. Once again I was Fortunate, I had enough cash and was able to buy those delicious ribs for dinner.

On various Sunday’s, when the collection plate came around, I’ve had a check or a bit of cash and was able to leave my tithing.

On a number of occasions, the valet deserved a tip and I’ve had a few dollars in my wallet.

Two more events brought the reality of how society does not want cash to disappear. one morning, I wanted to enjoy a pastry. Not having $2.75 to pay for the Danish, Sweet Mama’s, a local baker, charged me $0.50, an eighteen percent surcharge, simply to use a credit card

Finally, yesterday as a guest for lunch at the local Rotary Club, I was confronted with a series of cash only events. This time I did not have any cash and was not in a position to contribute to various worthy causes.

We dream of a cashless society. Yet churches, valets, toll booths, street vendors and the Rotary all continue to desire or require cash. Some are not even willing to accept anything but cash.

Looking at our society from two different ends, we must accept the continuing need for cash.  Be it the underbanked, unable to acquire a credit or debit card or those who carry many credit cards; both need to use cash simply to eat or enjoy life.

Later today I will have to visit the ATM and make sure I have a bit of cash in my wallet.

 

https://www.paymentssource.com/news/target-outages-show-the-failings-of-cash-as-backup

What is Faith

Faith a profound and complex topic, yet, it is simply a word. How does this one word meld with that other word anger. Is it love or shall it be hate we allow to drive the conversation, to focus our thinking or to heal.

Faith a belief in more than what we know, see or feel. A longing for salvation. A desire for truth. A hope of comfort.
Some immediately seek to align Faith with a belief in a set of religious or spiritual axioms. When we define Faith as a religion oran agreed or imposed doctrine; we attempt to force Faith on the many.

When we allow each of us to figure out and define Faith, I wonder how each of us would define our Faith.

Is it simply the belief the sun will rise in the morning? Is it the belief God will keep you safe? Is it the belief Jesus Christ is the route to salvation?

Many ask, Many wonder many are told to have Faith.

What is Faith?

Biometrics are great as long as we understand.

Biometrics are probabilistic, therefore not 100% accurate every time

They should not be shared in central databases. If they are there must be safeguards and strict privacy policies associated with their use

The better approach is to use the biometric to unlock your device or prove you are present.

Your device should then be cryptographically authenticated by the relying party.

The relying party should maintain a list of devices (Authenticators) you register.

The device proves uniqueness.

The Biometric proves presence on that unique device at that moment in time.

Frictionless authentication of the device.

Active verification when the risk demands assurance of the individual who is authorizing or instructing.

Biometrics – Do we end up in a surveillance state

http://www.planetbiometrics.com/article-details/i/10211/desc/guest-post-experience-a-seamless-lifestyle–idemia/

https://www.aclu.org/other/whats-wrong-public-video-surveillance

https://www.govtech.com/policy-management/Study-Surveillance-Cams-Worth-Money.html

As we think about the world we are living in and the world we want to live in. We must balance friction and convenience against the potential risks which will emerge as technology blossoms and expands to touch ever part of our lives. This morning I got a text informing me of the 200 million cameras the Chinese had watching their citizens. I immediately remember the CATV system in London and

CCTV Camera technology on screen display

what parts of the City it covers. Its goal record everyone’s movements to protect against terrorists. Airlines are talking about ticketless travel and some are speaking of passport-less and ticketless airports. We wonder if Alexa is recording our every word and we know our PC, Tablet, Baby monitor & mobile phone cameras and microphones can be used by: who knows who, to watch who knows what, whenever they so please?

Is this the world we want to live in? Or would we prefer our cities to enact laws like those recently enacted in San Francisco. This law is meant to ban the use of these various cameras and listening devices from being used to identify everyone they see or hear.

This conversation then immediately bleeds into the question of our right to privacy. With all that the internet offers for free and what all these devices are capable of sharing; we’ve given our privacy away.

How often do you wonder why the ads you see seem to attempt to sell you exactly what you recent read about? How often do you wonder why you no longer can easily find the site you are looking for? Instead you have to filter through the search list to get past all the ads. How many of us even understand the information people can glean from what we do and were we are; when we use or carry our devices around?

On one side of the discussion is reality. As has been the case for as long as I can remember.  TV, radio, newspaper, magazine, browser, social media, much web content and mobile app are funded by advertising dollars. Spent by those who want to convince some of us to buy what is on offer. It is these advertising dollars which pays for the content and ultimately decides what will survive the test of time. On the other side are the politicians, regulators, lobbyist and corporations who are focused on one thing. Helping people prosper or worse protecting some so they can continue to prosper.

The acquisition of wealth, the construction of infrastructure, the destruction of our enemies or the support for those without; is all about money.

If we seek to protect our privacy and be assured, we will not live in a surveillance state. We must be willing to read the fine print and be ready to pay for what is now free.  We must be ready and willing to take the extra time to pull out our passport, enter our user name, present our boarding pass. We must insist on the necessary friction to protect our identity and our freedoms.

If convenience is what we insist on.  Be assured, companies will happily build solutions to remove friction. Beware, removing friction, when it comes to  your identity or privacy, means you will allow people and organizations to collect and store everything they can about you/  Their goal to identity you and without friction, with the purpose of serving you or better said profiting from your actions.

All of this is more than the Uber experience.  Uber recognizes your phone and account not you.

This will be a world where the system behind the camera will see you, compare your face to all the faces on file and determines it is you. Therefore, knowing who you are, it can do what it is told to do; because it is you.

Monday Morning May 13th 2019

A day begins.  Life anew.  The tensions of what next are real.

The life of Philip can be seen in four dimensions

  • Spiritual – A space confused by dogma, the needs of the many and the understanding of science.  We seek answers to what we do not understand.  We find salvation in believing life is eternal and our sins and mistakes can be forgiven if not also forgotten.  This spiritual plain also hopes for peace and tranquility.  Yet there is a tribal bias of you am right and I are wrong.  It is this schism; this unbending difference in view, perception and belief drives us to compete, to wage,war and creates the tensions surrounding all of us.
    The great spiritual teachers all spoke of the respect and love we should demonstrate to and for each other.  If only we could come together and not always attempt to find the differences.
  • Worldview – A landscape peppered with the vastness of patriotism, nationalism, globalization and the desire to best the other.  Fraught with the struggles emerging from tribal instincts, built upon greed and the desire to have what others possess.  To often man seeks to demonstrate superiority and the need to lord over others.
    Here in America we have our own issues, The need is to remove the noise from our lives while still feeling part of something.  We need to consider all people as equal and no longer fear some, disrespect others and worship the unworthy.
    Economic forces sit deep within any worldview.  The need to eat, have a place to sleep and most unfortunate the desire to have more and more.
  • Family and Life – That can I say a struggle.
  • Career – Those of us who grew up as baby boomers were expected to work all hours given.  To what end where went the time will family and life.

NYTimes: Reverend, You Say the Virgin Birth Is ‘a Bizarre Claim’?

Reverend, You Say the Virgin Birth Is ‘a Bizarre Claim’? https://nyti.ms/2UOW6iT

This particular interview, at this time in the christian year, is an appropriate discussion as we remember the teaching and value Jesus brought to this world.

I have often wondered about the birth and death of Christ. These are the two parts of the life of Jesus Christ which I continue to struggle with.

It is easy to accept the need to create such a noble beginning and end to his life. Easier still when we think of our society and how people are. We must remember they then and still now struggle to learn and embrace complex thought. The mythology helped so many find their way to the true teaching of Jesus.

Cash is King especially when the battery dies or the power goes off

Digital payments are growing, but consumers aren’t ready to abandon real money

Cash is king let us never forget it. Cash has always been the primary form of payment.  It was until very recently accepted everywhere.  Most likely will once again be accepted everywhere especially given the need to make sure we do not disenfranchise the unbanked and underbanked will remain the default form of payment

This said, what always amazes me is how so many authors forget Apple Pay, Google Pay and the other NFC based mobile phone based payment solutions are simply another device capable of carrying your debit and / or credit card credentials.

What many of these authors are starting to  remember is how much it costs a merchant to accept these alternate forms of payment.  I wonder when they will also begin to appreciate how many if not all of these alternate forms of payment only work when the power is on.  Our always on society assumes power never goes off.  We dream of everything in our mobile phone and forget when we last could not use our phone because the battery was empty.  Or the store clerk who could read your card because the power went down.

This is one of the redemining facts about cash.  Cash exists without power and can be used whenever.

Are we in Need of Faster Payments – a question of speed and instant gratification

When I started to read this article, https://www.pymnts.com/news/b2b-payments/2019/wespay-corporate-faster-payment-adoption/ , my first thought, why would anyone in accounts payable want to pay a bill sooner than it is due.  Clearly someone in accounts receivable, the CFO and the treasurer, is in need of a strong cash position.  Therefore  therefore, wants to bring cash in as fast as possible.  This classic struggle between the buyer (accounts receivable) and the seller (accounts payable) begs the question – Who gains from faster payments and who loses?

Clearly the financial institutions are stuck in the middle.

    • On one side their clients want moneys to flow into their accounts, oh so fast.
    • While on the other hand those same companies would prefer moneys moved out of their accounts at a snail’s pace.

If the competition offers the service, then, the financial institution simply must decide if faster Payments creates a competitive disadvantage.
The question is not if – it is when.

Do we the consumer care?  Today we have credit and debit cards which allow us to pace the movement of money.  In the case of debit – today.  In the case of Credit – some number of days after we get the bill.  We can set up autopay facilities for those every month payments.  We can schedule money transfers to occur on the day we desire.

From a business and technical perspective the movement of funds immediately upon instruction, makes good sense.  We the receiver are assured those funds are good funds.  We the sender know the moneys have been sent and received.  Therefore, whatever subsequent result can be expected, now!

365/7/24 seems to be what instant gratification is all about.  We want everything now and have lost the excitement of expectation.

All this said, there are risks we must consider when deciding to employ faster payments.  There is no recourse.  Once the moneys have been authorized the moneys are in the hands of the party you transferred them to.  Only if they so desire, will you be able to recover from a mistake.

Worse still, if someone is able to assume your identity then an even greater risk exists.  The funds are gone. The party receiving them will have no interest in addressing your lose.

Therefore Strong Authentication is the essential requirement.

 

2FA – Starts With The “What You Have” Factor

https://twofactorauth.org/

I ran into this site today and am happy to see how Josh has offered a listing of sites, across multiple verticals, who have and have not embraced Multi-Factor Authentication.

What the primary factor is, is the key to the strength of authentication.

“What You Know” could be extremely secure, except we depend on the human to make sure they protect it, make it unique and complex.

“What You Are” can only be as secure as the quality and accuracy of the sensors and the algorithms used to match what is sensed now to what was registered then.

For me a “Restricted Operating Environment” capable of securing secret and private KEYS and use them to securely performing cryptographic functions, be they Symmetric and / or Asymmetric is the primary factor.  The DEVICE(s) we use to access the service provided by the relying party simply needs to be registered, recognized and therefore the UNIQUE “What We Have” factor.

If we know the device is UNIQUE. Then the only outstanding question is, is the registered user using it, while not under duress.  If the relying party is not comfortable with the presence of the registered user, then the Relying Party needs an additional factor to assure presence.  Be it the “What You Know” and / or “What You Are” one adds to assure presence during the transaction or the authentication dialogue.

If the Relying party is comfortable the registered user is using their registered device, why add friction?

Prevention is what we need to focus on.  Lock the door with strong keys . Detection is after the fact and necessary.  Investigation helps to punish the evil doer and improve the quality of security.

We need to focus on making sure the methods used to allow someone onto the relying parties website or when they execute a transaction.  Like in the physical world, it is about making sure the user’s KEY is unique and the right individual is in possession of the the key.

In other words.  The user is present using a registered and recognized device.

 

Easter thought. John 20:1-18

Surprises. Oh how surprises impact one and each of us. Who is Mary to Jesus? Does this event demonstrate how our bodies can go into a stasis, dead to most – alive in truth.

Gracious in a spacious place -there the truth can be found.

How is it that Mary and Jesus are ever so personally and ever so intimately entangled. Who is this person named Mary?

The Teacher. A teacher who touched billions over thousands of years. One who came, learned and shared. Here to led us into the wilderness. Here to bring us out into the light.

We still have not fully embraced the gift of love he shared with us. We have not recognized the truth is in the love he asked each of us to have for one another.

Jesus, the one among a handful who has finally and ultimately shared the truth these few tried so hard to share with us.

The others who shared with other parts of the ancient world tried to help us understand the mysteries of life, the value of meditation and the glory of God. The one God who created all, sees all, knows all.

Smart Cards with Fingerprint Scanners

Over the last couple of years the reality of fingerprint cards is a hot topic in conversation, white papers and press articles.  It led me to think about the challenges and opportunities associated with this intriguing convergence of technologies.

My purpose is not to determine which solution is best or which companies are developing and selling them.  My goal is simply to explore.

The first consideration begins when the card is constructed.  Here we must ask the mechanical question relative to how the electronics are integrated into the strata of an ID-1 card.  This then begs the question of making sure this new card conforms to the specifications dictated by Payment, Networks, Governments or other bodies who define the use of these branded cards.  If we continue to think about the card manufacturing process we need to think about electronics and the use of heat in the typical lamination process or the inclusion of metallic materials used to create a particular look.  One needs to think about the method of connecting the various internal components to the other electronic elements  as the fingerprint scanner, antenna(s)m LEDs, batteries, the EMV chip or contact plate on the face of the card.

The second set of concerns must be related to the personalization of the card.  First question is where will it be personalized? in a branch or within a bureau?  How will it be personalized? With a thermal printer, laser engraver or embossing machine?  Will any of the  personalization processes adversely affect the electronic?. Similarly it will be appropriate to confirm whether any of the various card transport mechanisms will disrupt or damage the sensor and related electronics.

At some point in the processes the consumer must register their fingerprint and the resulting template must be instantiated into the card.  How will this be done?  Some speak of an in branch process.  Others talk about some type of first time cardholder activation process performed when they receive the card in the mail.

Clearly there are a lot more questions the issuer, card manufacturer and personalization provider need to address.  Let alone the method of making sure the cardholder knows how to use the card at the point of sale or ATM

The key question is the cost of the card, is it worth it?

Where are we going

Each morning I read trade articles on Blockchain, Faster Payments, Mobile Wallets, Authentication, Identity and other alerts & subjects of interest. Each day the writers leave me thinking about the future of society, howbwe will address cyber security, what we can do to funally eliminate fraud and which solutions will help us to mitigate risk. These then drives concern about where we will end up, as we drive to define effective means of identity and authentication, capable of supporting the individual desire for convenience and gratification.

Facial recognition deployed to speed up entry and exit to and from countries and through airports are here. The surveillance state is emerging at alarming speed. These same cabilities could potentially deliver a safer environment. Which will it be?

Physical and behavioral biometrics many feel should become the primary means of authentication. Yet, false acceptance and more importantly false rejection will result in inconvenience some expect the consumer to tolerate while other remember friction typically ends up with the consumer abandoning the journey.

The cost of payments, the escalating concern of the retail sector, remund us thatnpayments are sourcesnof revenue for some and friction for others.

Identity theft and the ability to create synthetic identifies are the fears of many. Consumers whose identity is stolen struggle to regain their standing.

In the end all we seek is:

  • Pay for something
  • Identify ourselves
  • Protect our hard earned money
  • Live a safe and productive life
  • Be assured you are you and not someone else

Faith, What is Faith

Faith, what is faith? Is faith the belief in the words in a book. Is it the acceptance of cultural norms or is it an understanding of the unimaginable power, majesty, timelessness and infinity reality of that which we call The Almighty, Tian, Shandgi, God, the Tao, Buddha and a hundred other names? Is it one identifiable entity or is it a spirit form. Is it singular or as some believe a collection of forces personalized to make them understandable?

Clearly this God is an unimaginably power, one we cannot even begin to understand!

For me, faith is accepting I can never appreciate that which is so infinity as to be beyond knowledge. It is to accept how each one of us builds our own understand of that which we cannot conceive.

When we human kind claim to know; be it as a tribe, a society, a civilization or a religion. It is at this moment we create division. These human constructs become the imprinted beliefs we give our children. As these tribes grow larger they seek to expand. To expand they come in contact with others different than their own.

In this difference springs animosity. In this animosity emerges fear. From fear comes the temptation to be right. Being right means those who do not believe and think as the tribe does must be wrong. If the tribe is wrong, then, surely they should be vanquished.

War and violence. Man again man is the greatest of sins. We in all faiths are taught to embrace our enemy, to encourage discourse, to share in the joy and happiness of others and most important to love each other as we seek to love ourselves. It is this one requirement, common to so many, we most often ignore.

How can we find the common bond to heal the hurt, fix the wrong, right the balance and discover the peace; we so all desire?

Proofing or Identity Verification is the Key to any Relationship

When we consider our activity in cyber space  and even in in person.  The most important element is the relationships we develop.

If we consider the characteristics of a relationship, we need to think about the question from the perspective of each of the two parties.

  1. The relying party: be it a bank, merchant, club, government, employer or other operator of a website or facility; are interested in serving, selling and supporting the user
  2. The user: be it a individual, consumer, citizen or employee; are interesting in accessing information, exploring, shopping, browsing, communicating, sharing or otherwise enjoying something.

A relationship can then either be enduring or can be that of a guest.

  • The user wants to know if the party they are attempting to engage with is who that party claims to be.  Rely party simultaneously needs to believe the individual is who they claim to be.
  • What the users identity is or better said what attributes of user’ identity are necessary is down to the objectives and longevity of the relationship.

Being assured of these truths is what proofing or identity verification is all about.  Data privacy and need to know then filter into the conversation.  This then needs to be balanced against risks the relying party and the user are taking,

With all of this in mind each party can decide what level of identity verification is required.  This task is all about how one balances privacy, convenience, security and risk.

More and more to secure our digital world

The behavioral economics of authentication

Password Management Remains an Issue — What’s Next?

These articles cause me to think about the future and how the consumer will ultimately respond to the changes now taking place to how we Log-in to a website.  Yesterday, or better said 10 years ago, we all understood that simple User Name password.  A single screen with a reasonably consistent user interface.  Sometime we might have to put up with two screens, One for the User name and the next for the password.

Today we are being confronted with a variety of methods to authenticate ourselves to the websites we frequent.  Many register cookies on your machine and when your told they needs to be deleted, we are confronted with a second or even third layer of security and identity proofing.  Often times we are then told to wait for an email sent to some email address we once registered or asked to enter the number we will receive in a text message to a mobile phone number we once registered.  Some websites are using one of the various authenticators our mobile phones may now be hosting.

In my case, ignoring the various authenticators I have already deleted, I am using:

  1. Samsung Pass
  2. Google Authenticator
  3. Microsoft Authentication
  4. Norton Password Vault
  5. Samsung FIDO Certified “SIDF”, inside my Galaxy 7s phone
  6. email or text messages with a code I must type in
  7. Emails with a link as a means of verification

What is clear is there are start-ups and legacy technology companies busy trying to profit from authentication.

My concern is the consumer will be confronted with more and more as everyone claims they have a better widget capable of securing our digital world.

Why not come to consensus on a common approach to authentication?

A world between yeaterday and tomorrow

The week of March 25, 2019 I had the opportunity to visit with a room full of community banks with assets in the 100 million to billion range. Organization with 25 to maybe 300 staff.

The presentations taught me more about the difference between what large International Organizations worry about and what these small community banks need to learn. Faster Payments, Zelle, same day ACH all new services these organizations must integrate into their organization, both technically and procedurally.

Things I have been exposed to are new challenges for these small town banks.

Words like liquidity risk clearly top of mind. Yet, as we move from over night settlement to real time settlement.

Phone fraud, risk mitigation all greater challenges not necessarily appreciated yet alone understood.

In the end what is clear these community banks exist because of the small towns they understand and work within. Do those of us exposed to a larger world understand what drives these communities banks, at least not I.

And what of

When we think back to history, we in the western world are brought up on the history of the Bible and the righteous position of the Jewish people. We are taught little of the growth and beliefs of the other regions of the ancient world. Egypt, Greece and Roman are seen as part of this history. The Persian empire is the enemy and that which is to the north and off to the east are known as trading alliances, maybe not people like those of biblical, Greek or Roman times.

One day a son is born into this culture. Pure of spirit and oh so wise capable of understanding much at the tender age of twelve. Already traveled, one can only imagine he continued to travel, to learn to embrace and to bring light to all he met. To imagine he traveled to the far reaches of the spice routes is so imaginable.

John 1

The Word Became Flesh

1 In the beginning was the Word, and the Word was with God, and the Word was God. 2 He was in the beginning with God. 3 All things came into being through him, and without him not one thing came into being. What has come into being 4 in him was life,* and the life was the light of all people. 5 The light shines in the darkness, and the darkness did not overcome it.

6 There was a man sent from God, whose name was John. 7 He came as a witness to testify to the light, so that all might believe through him. 8 He himself was not the light, but he came to testify to the light. 9The true light, which enlightens everyone, was coming into the world.*

In these words we learn of a teacher who will return. John his cousin, who did not travel east, instead shared beliefs and the letters he had receiving from this learned man. John’s childhood friend who traveled through and around all of the civilizations of ancient times.

Finally the thoughts and teaching from these other ancient lands and people would be merged together with the thoughts of Jesus’ original faith. A new loving and more holistic system of belief could rise binding all of human kind into one chosen people. One group of people not distinct from the other. All loved by the creator.

For some the idea all are equal is not easily, especially still, to accept. This is the great message we should have and must learn. This learned man moved around teaching, performing get things and creating a following embracing all.

The First Commandment

28 One of the scribes came near and heard them disputing with one another, and seeing that he answered them well, he asked him, “Which commandment is the first of all?” 29 Jesus answered, “The first is, ‘Hear, O Israel: the Lord our God, the Lord is one; 30 you shall love the Lord your God with all your heart, and with all your soul, and with all your mind, and with all your strength.’ 31 The second is this, ‘You shall love your neighbor as yourself.’ There is no other commandment greater than these.32 Then the scribe said to him, “You are right, Teacher; you have truly said that ‘he is one, and besides him there is no other’; 33 and ‘to love him with all the heart, and with all the understanding, and with all the strength,’ and ‘to love one’s neighbor as oneself,’—this is much more important than all whole burnt offerings and sacrifices.” 34 When Jesus saw that he answered wisely, he said to him, You are not far from the kingdom of God. After that no one dared to ask him any question.

This is the greatest teaching to love one another, not to create divisions and ferment hate. Embrace each as you wish to be embraced is the true learning we must all learn.

Account TakeOver should be the Bankers concern

FASTER PAYMENTS, FASTER FRAUDSTERS

Another article published by PYMNTS.COM causes me to reflect on a discussion I had last we at the Payment Summit organized by the Secure Technology Alliance.  When the US Faster Payments work groups where stood up on e of the working groups focuses on security, yet no particular drive exists to protect the consumer of the corporate treasure from their account being hacked into by some phishing, vishing or other criminal act.  Account takeover will become a much more interesting attack vector.  Moneys will irrevocably flow out of the hacked account and to whatever account the criminal so directs them.

Key word real time gross settlement and faster payments depend on the irrefutability of the funds.  once executed they instantaneously transfer to the receiving party.  What is required is a concerted effort to implement strong multi-factor authentication, at least at the time the transaction is authorized by the sending party.  Some will say the risk is no greater than what exists today when a consumer or treasurer executes a Wire Transfer or any form of transfer between two financial institutions.  This maybe true.  the availability and assumed convenience will as the article described lead to heightened risk.

As I have written in other blogs we need to embrace strong Multi-Factor Authentication.  The standards exist, the security of the device in many case is present.  Relaying parties need to decide security is worth the investment.  They need to recognize the value of  satisfying the consumers’ need to have access to their funds properly protected.

Multi-Factor Authentication – Faster Payments and the Immutability of a Transaction

Biometrics carry risks.

Hacking Our Identity: The Emerging Threats from Biometric Technology

As I skimmed through this article I was reminded of the reality of biometrics.  It is a statistical algorithm designed to compare what was registered to that was just sensed.  It is an imprecise process.  The author reminds us of the importance of our identity in each and every interaction we engage in.  She further ponders the question, of the potential threats to the biometric solutions that countries, people and enterprises are embracing, as we work to address the questions of Authentication and Identification in our complex digital and physical world.

The article asks the questions:

      • Do the countries and enterprises understand the technology and processes used to support biometrics as a means of authentication.
      • Do they appreciate the need to secure and protect this most sensitive of data?
      • Is the data they store able to be used to compromise the individual of the integrity of that which it seeks to protect?
      • Are we at risk of creating a surveillance society?

Finally there is the question of the accuracy of biometric matching.  It is interesting to observe the comparison of the accuracy of biometric matching to PIN or password matching.  We all recognize the challenges of PIN and password.  It is not the concept it is the question of how many complex PIN or passwords is the human mind capable of retaining without writing them down or storing them someplace that can be compromised.

As I have argued in other blogs, the answer must be in the possess of something unique which has a False Reject Rate FRR and a False Accept FAR Rate, both approaching zero.  Clearly the PIN or password has such a characteristic the challenge is in remembering so many.  An object or a thing “Something You Have”, be it a card, phone, watch or bracelet with a Restricted Operating Environment inside e.g. secure element, TEE or TPM, secured using strong cryptography, paired with a biometric makes the most sense.