Pushing back against
harmful headlines

news-677409_1280DON’T GET me wrong. I like competition. Honest I do. But that’s not to say that it doesn’t have its occasional downside. In the news media in particular, competition for audience share inevitably makes a priority of pressing hot buttons, often at the expense of putting things in perspective.

Take this recent CBS DFW headline: Study: ID Fraud Up Since Security Chips Put Into Play.” Or this one from Sputnik News: “Credit Cards Technology Fail: Credit Card Frauds Up in US Since Chips Introduced.” Both use as their source Javelin Strategy & Research’s well-executed 2017 Identity Fraud study, released on the first of this month. According to the report,

2016 will be remembered as a banner year for fraudsters as numerous measures of identity fraud reached new heights. The overall fraud incidence rose 16% to affect 6.15% of U.S. consumers, from 5.30% in 2015 — the highest on record. 

I have no quarrel with Javelin’s findings. Javelin is, after all, a first-rate research consulting firm.* Nor have I any quarrel with connecting the fraud increase with the rollout of chip cards.

My quarrel is with implying, as the above-referenced headlines arguably do, that chip cards cause fraud. The real story is that the exodus of fraudsters from point-of-purchase to online fraud is evidence of the chip card’s success. 

CreditCardscom, which average consumers don’t read, did a better job of putting the problem in perspective

… as the ability to use counterfeit cards in stores dries up, fraudsters are expected to turn to other forms of fraud that prey on different vulnerabilities. At the top of the list, payment security experts say, is using stolen card numbers to buy stuff from the Internet. 

But then, that’s not the stuff of eyeball-grabbing headlines, is it. 

It doesn’t help that few writers write their own headlines. Competition for readership led to the century-old practice of employing headline writers, whose job places a higher priority on grabbing attention than on conveying content. The result is that even the most responsible research and reporting may end up under a sensationalized, even misleading headline. The Sputnik article provides a good example. While its headline screams “Technology Fail,” that term is not to be found in the article, and the body of the article somewhat straightens the record. The CBS DFW article, not so much. 

Either way, body copy that clarifies is of little help considering that most people don’t bother reading body copy. As anyone who has seen a hasty, regrettable “share” on Facebook can attest, most readers are content to scan headlines and call it a day, unwittingly walking away under false impressions. 

Irresponsibly sensationalized headline writing is more than a pet peeve. It hurts the financial services industry. The good news is that we needn’t sit helpless. Perhaps it’s time to get more aggressive in telling the whole story. While some publications won’t care, let’s do what we can with those that will. 

__________

*For proof of Javelin’s competence, look no further than the fact that they had the acumen to rate my employer, Fiserv, “Best in Class Mobile Banking Provider” and our Mobiliti™ platform as “Top Customizable Solution.” What more do you need?

 

Posted in Uncategorized by Matt. No Comments

Gambling and Bitcoin
(by way of Super Bowl 51)

Bitcoin - poker chipA NUMBER OF notable companies now accept Bitcoin, albeit usually via an intermediary like Coinbase or BitPay. Yet one Bitcoin use in particular seems to be catching on in a big way. “By most estimates,” PBS Newshour reported in 2014, “more than half of global Bitcoin transactions are wagers on gambling sites.”

To explain the growth of Bitcoin gambling, I need to talk about Super Bowl 51.

SB 51, which only sounds like pending Senate legislation, took place just a few days ago. It received a fair amount of media coverage, so you may have heard about it. You may even have had an opportunity to place an online wager or two, including a host of “prop” or “proposition” bets, which are tied to sporting events short of predicting winners and final scores. USA Today lists 86 of 2017’s most popular Super Bowl online prop bets, ranging from whether Luke Bryan was going to show up on-camera wearing a hat, to whether Malcolm Butler would intercept a pass, to which song Lady Gaga would sing first.*

Which is curious when you consider that online sports gambling in the United States is illegal. This is due to what’s commonly called the Wire Act, which only sounds like a circus routine. The Federal Wire Act of 1961 prohibits financial institutions from knowingly wiring funds for the purpose of sports gambling. In 2011, the U.S. Department of Justice ruled that the Wire Act applied equally to online sports gambling. Financial institutions could no longer allow clients to whip out a credit card to bet on their favorite team.

There is no federal law forbidding other kinds of online gambling. Individual states, however, can ban all the online gambling they like, and most do. Either way, online sports gambling remains verboten nationwide.

But never underestimate the ingenuity of Humans Seeking Loopholes (HSLs).** HSLs argue that, technically speaking, laying down money on how many times an announcer would say “Gronk” or “Gronkowski”*** isn’t betting on the game. So far, that one seems to fly with regulators. And since it’s illegal for U.S. companies to take online sports bets, enterprising HSLs set up virtual casinos outside the U.S. that you can access via the Internet (but would be wise not to). I’m not going to link to them, even though a recent Crypto Hustle article by Nick Jakubowski suggests that the law “… doesn’t specifically … target individual gamblers.”

As for that nasty detail in the Wire Act that forbids your bank from moving funds for sports gambling, that’s where Bitcoin comes in. Bitcoin leaves banks out of it. As NPR’s Cyrus Farivar quoted senior research fellow Mercatus Center at George Mason University, “Bitcoin … totally circumvents [regulations]. There is no Bitcoin company, there’s no Bitcoin building that regulators can get their hands on. It’s basically cash.” Farivar’s article goes on to say:

… no one knows if Bitcoin is money, a financial instrument or something else.

“We don’t have a bank account at Seals with Clubs,” says Bryan Micon, the spokesperson for … a Bitcoin-based poker site. “There’s no bank account. There’s no bank of any sort that we do. We only do this one weird brand-new Internet protocol transaction that some of the nerds out there are calling money.”

Micon says it might be tough for the Feds to regulate what is just a piece of computer code and not real money.

When it comes to gambling, enthusiasts praise Bitcoin’s alleged transparency and efficiency. According to the above-referenced Crypto Hustle article,

Legitimate Bitcoin casino operators and players have worked out arrangements between themselves for fair gaming. There are standards for provably fair games. The blockchain reinforces transaction fairness while allowing immediate deposits and, importantly, withdrawals. And, above all, the whole process is anonymous.

HSLs further argue that Bitcoin isn’t “funds” and that no one “wires” them. Some even challenge if online gambling using Bitcoin can even truly be considered online gambling. Which is kind of an interesting argument, considering that it’s called “online gambling using Bitcoin.”

So perhaps it’s no wonder that, amid the weaseling and wordplay, Kyle Torpey hyperbolized a few weeks ago in his CoinJournal article, “Bitcoin is eating the entire online gambling industry.” It’s difficult to know if he’s right or turning up the volume on his wishful thinking.

Maybe it’s just me, but none of this sounds on the up-and-up. Especially that part about “the whole process is anonymous.” If it’s legit, anonymity shouldn’t be a priority. As for trying to outwit the authorities on technicalities, well, that rarely goes well. Better not to proceed. Not even with caution.

______________________

* No, yes, “God Bless America.”
** Do not take anything you read here for legal advice. If you’re bent on trying online gambling, first check with an attorney, which (and I cannot emphasize this enough) I am not.
*** Fewer than three.

Posted in Uncategorized by Matt. No Comments

The password and
the pendulum

Tip: Don’t use your birthday.

Tip: Don’t use 123456.

In Umberto Eco’s 1988 novel Foucault’s Pendulum, the protagonist tries to access a friend’s computer only to come up against the prompt, “Do you know the password?” After umpteen unsuccessful attempts, the exasperated protagonist types, “No.” Which unlocks the computer.

You might think, Get real, Umberto, what kind of nitwit uses an easily-guessed password like “No”?

The surprising answer is: Nitwits from all walks of life. Last week, The Telegraph published “The World’s Most Common Passwords.” The article lists 25. Here’s a sneak peek at the top ten:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321

Lest you think that the 25th most commonly used password must surely be way tougher to guess, well, I hate to disappoint. It’s 1q2w3e. You need only plot that one on your keyboard to see why it’s not much better than 987654321. The list goes a long way toward answering the question, How did they access my data?

I have suggested that, beyond their own security measures, financial institutions would do well to educate clients on security measures they can implement themselves. Though the primary reason for educating clients is for their own benefit—they will be safer—the benefits for financial institutions are not to be overlooked. One benefit is that sharing useful information creates good will. Another, according to a recent Fiserv consumer trends survey, is that teaching clients good security measures emboldens them to adopt more digital banking services.

There are reasons people use easily-guessed passwords. Chief among them is that what makes a password hard to guess also makes it hard to remember. The most secure passwords comprise a long string of random letters, digits, capitals, and symbols, with no real-world words or proper nouns. Since there is only so much RAM between the ears, how on earth can we expect clients to remember passwords like that, much less a different one for every account?

A good starting point might be to show clients how to create a unique, hard-to-guess password that they themselves can recall. It needn’t be difficult. If, for instance, you happen to be a Denver Broncos fan—and you should be—you might come with a password like dbR!23DB@219. Doubtless you have already figured out how I came up with that one, but just in case, I’ll explain it. dbR means denver bRoncos; the ! is there because the Broncos are awesome; 23 is player Devontae Booker; his initials are DB; and @219 means Devontae weighs in at 219 pounds. There you have a password that was easy for me to conjure up, is easy for me to recall, but would be extremely difficult for evildoers to guess.

A mnemonic device like dbR!23DB@219 is all well and good as long as clients don’t have to remember lots of mnemonic devices and keep track of which unlocks what. Trouble is, your clients most likely have a lot of password-requiring accounts. A Microsoft study found the average person was using some 25 of them, and that was in 2007. It’s not unreasonable to speculate that, with the growth and popularity of online apps, the number is much larger today.

Many people solve the need for multiple passwords in a not-terribly-smart manner: They use one password for everything. I need hardly point out why that’s unwise, but I will anyway: The moment someone divines your Facebook or Netflix password, that same person now has access to all of your financial accounts. Not good.

Which is why you might consider recommending clients use a good password manager. It may seem counterintuitive: How can it be safe to store all of your passwords in one place? But a decent password manager does what people should but generally do not or cannot do, such as assigning one complex password per account, evaluating password security, generating and tracking random passwords, providing two-way authentication, and allowing authorized access across platforms and devices. Proper use of a password manager—and guarding access to it with the most un-guessable password you can come up with—is a lot more secure than easily-guessed passwords used for several accounts.

As for me, I guess I can’t use dbR!23DB@219 anymore.

Posted in Uncategorized by Matt. No Comments

Coming this summer:
Digital food stamps

Another trip to the grocery store

DESPITE THE DAWN of the 21st century in most places, it’s not unusual for government offices to require documents by fax, as if anyone besides government offices has fax machines any more. Ask if a PDF will do only if you’re prepared to explain what a PDF is.

So, when the United States Department of Agriculture goes digital with food stamps, you know the digital age truly is upon us.

And going digital with food stamps is
exactly what the USDA is doing.
 

This summer, the USDA will pilot a two-year program in which foods stamps can be used to purchase groceries from online retailersAccording to their recent press release, the USDA will pilot the program in Maryland, New Jersey, New York, Oregon, Washington, Pennsylvania, and Iowa. Participating merchants to date include FreshDirectSafewayShopRiteHy-Vee, Hart’s Local GrocersDash’s Market —

— and, the latest to sign on, Amazon.

It may come as a surprise that 2017 marks the ten-year anniversary of Amazon’s first foray into the grocery business. As forays go, it was a tiny, by-invitation service limited to Mercer Island, Washington. The company has cautiously expanded the program since then. Their ten-year history did not stop some news media from spinning Amazon’s grocery business as new and, from there, leaping to making of it a direct challenge to Walmart. “Amazon tests food stamps, another breach of Wal-Mart territory,” screamed a recent USA Today headline. Who knew that Walmart had its own territory, much less one that could suffer breaches?

Besides, Walmart quit hyphenating their name nine years ago.

In addition to keeping up with the times and providing convenience, the USDA hopes that online food stamp redemption will help solve a serious problem known as food deserts, which the USDA defines as:

“… parts of the country vapid of fresh fruit, vegetables, and other healthful whole foods, usually found in impoverished areas. This is largely due to a lack of grocery stores, farmers’ markets, and healthy food providers.”

Trust government to say something like “vapid of.” They could have said “lacking in.” But then, they still use faxes.

You may wonder if people who rely on food stamps have online access. They often have. After all, these days it takes only a smartphone (which also happens to have a ten-year anniversary in 2017—this very month, in fact). For those without their own device for access, library computers may provide a viable option.

With food stamps going digital, I think it’s safe to say that digital payment is no longer the wave of the future. It’s the wave of the present.

Posted in Uncategorized by Matt. No Comments

Fake news and
financial institutions

fake-1903774_1280Six weeks ago, mild-mannered, 28-year-old Edgar Maddison Welch, father of two, entered a Washington D.C. pizza parlor and fired three rounds from an AR-15-style rifle. His objective was to liberate children he believed were being held captive there by a ring of abusive pedophile conspirators.

Fortunately, no one was injured. Welch’s rounds struck only a wall, a desk, and a door. Failing to find the nonexistent captives, Welch allowed himself to be arrested without further incident.

What makes this case uniquely frightening is what underlay Welch’s motivation: He had found and, he thought, confirmed his “information” online.

There’s nothing new about misinformation. It has been around as long as speech itself. Sometimes its results are costly but, ultimately, merely amusing, as with the Cardiff Giant. Sometimes its results are arguably more annoying than amusing, such as persistent rumors about Area 51 or a faked lunar landing. Sometimes its results are tragic, as with the above-referenced “Pizzagate” or, for a far earlier example, the Salem Witch Trials.

But today, fake news has attained unprecedented distribution and, with it, power to cause considerable harm, from Pizzagate to allegations of influencing a presidential election.

Financial institutions in particular need to beware fake news. As banking increasingly becomes an online service, one little rumor can be all it takes to inflict considerable damage on reputation and, therefore, the bottom line. Consider how the social media lumped banks in with Fannie Mae, Freddie Mac, and AIG.

In a broader sense, fake news can harm the economy at large. In his book On Rumors: How Falsehoods Spread, Why We Believe Them, What Can Be Done, Cass R. Sunstein writes:

In the economy, rumors can fuel speculative bubbles, greatly inflating prices, and indeed speculative bubbles help to account for the financial crisis of 2008. Rumors are also responsible for many panics, as fear spreads rapidly from one person to another, creating self-fulfilling prophecies. And if the relevant rumors trigger strong emotions, such as fear and disgust, they are far more likely to spread.

 A number of factors account for fake news’s increase in potency:

• In a social media age, information and misinformation alike can reach millions within hours.

• Website owners are not legally liable for content uploaded by outside parties.

• Search engines learn and play to individual proclivities, creating a feedback loop that reinforces motivated reasoning rather than challenges or informs.

• Since news is largely market-driven, content that an audience willingly consumes can be a safer marketing bet than straight news. This is especially true for websites whose advertising revenues depend on traffic, since fake news often proves better clickbait than real news.

Not to be overlooked is the fact that it can be no small challenge to tell satire apart from genuine, extreme views. In the days of printed editions only, subscribers understood that the likes of The Onion and The Borowitz Report were not to be taken seriously. With the phenomenon of social media sharing, anyone can happen upon an out-of-context Onion or Borowitz excerpt and take it at face value. Indeed, Poe’s Law states that

“… without a clear indicator of the author’s intent, it is impossible to create a parody of extreme views so obviously exaggerated that it cannot be mistaken by some readers or viewers as a sincere expression of the parodied views.”

So it’s no wonder that fake news is, well, in the news.

As one who gratefully makes his living in the digital payments industry, not to mention as a human being, I care about how digital media are used.

So should we all. As the financial services industry increasingly segues into a digital business, it increasingly becomes a potential sitting duck for misinformation. There is a need for all of us to remain alert to pseudo facts as they emerge, and to have solid procedures in place to dispatch them as quickly and credibly as possible.

Posted in Uncategorized by Matt. No Comments