This one is not quite a year old, originally posted August 1, 2019. But it’s still relevant, and I think the information and possibilities are intriguing.
WAY BACK—well, five years ago—when Apple introduced iPhone 5s’s thumbprint scanner, fear mongers lost no time claiming that phone thieves would now take your phone and your finger. Never mind that it wouldn’t work—irrational panic spreads faster than rational calm—and besides, what if your phone thief doesn’t know that iPhone can’t scan a dead finger?
Safe as your digits are, there are valid reasons for concern about thumbprint scanners. According to the New York Times,
… researchers at New York University and Michigan State University suggest that smartphones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time.
Carry around enough masterprints, reasons one NYU professor, and you could unlock up to half the smartphones out there.
But the NYU professor’s statement indulges a bit of hyperbole.
For one thing—one, very big thing—testing was done in a lab, not on real phones, and laboratory conditions often fail to predict what happens in the real world. For another, Apple places the odds of a rogue fingerprint’s opening your phone at one in 50,000. It’s reasonable to assume bias on Apple’s part, but then, besides making phones, Apple is also in the business of not getting sued for shoddy security.
But just to be safe, if you know that 49,999 of your friends tried to hack your phone, beware the next one.
Other forms of biometric ID are a burgeoning business. And that leads to bigger biometrics questions having less to do with thumbprint security and more to do with privacy. Namely, who owns your biometric information? Who can share it, and with whom, and for what purposes? And what to do if your biometric identifiers are stolen or compromised? You can’t exactly change them.
No longer the stuff of movies
Readers may remember the 2002 movie Minority Report, which depicted a futuristic world where eye scanners tracked people’s location, greeted them by name in shopping malls, and served up personalized advertising. The possibility is not so far off. India has already scanned into a national database the irises and fingerprints of 1.2 billion residents. Researchers at the University of Tokyo have come up with a way to replace car keys with a butt-scanning driver’s seat. Smartphones complement fingerprint recognition with facial recognition. Biometric devices recognize your ECG, your walk, even your body odor. (That last one might not be terribly secure. I know a few people who could activate such a device from several miles away.)
A national database of biometric information can be useful for second- and third-world nations. For first-world nations, however, especially those with something akin to the Fourth Amendment to the United States Constitution, it opens a can of worms as to where illegal search begins and ends. USA Today raised valid concerns:
The rapid rollout of biometric ID systems holds some promise [for underdeveloped nations]. Hundreds of millions of people lack formal identification, and that’s an obstacle to participating in society …
… [But in] the United States, Europe and other regions, the worry is not that the state doesn’t know who you are, but that it knows too well—like Big Brother. Critics of biometric programs argue that important questions haven’t been resolved.
Who has the right to collect your biodata? Who gets to access it? How can it be used? And what happens in case of security failures? After all, you can change your passwords after a Heartbleed bug, but you can’t change your irises.
From a technology standpoint, it’s not necessary to obtain your permission or even your cooperation to collect your biometric data. As Scientific American reported:
Since 2011, police departments across the U.S. have been scanning biometric data in the field using devices such as the Mobile Offender Recognition and Information System (MORIS), an iPhone attachment that checks fingerprints and iris scans. The FBI is currently building its Next Generation Identification database, which will contain fingerprints, palm prints, iris scans, voice data and photographs of faces.
Moreover,
Department of Defense–funded researchers at Carnegie Mellon University are perfecting a camera that can take rapid-fire, database-quality iris scans of every person in a crowd from a distance of 10 meters.
Such data gathering can make linking criminals to crimes easier. It can help put names to unidentified remains. But at what point does collecting—and distributing—your biometric data intrude? Clearly, what is technologically possible must be tempered by what is legally allowed and morally supportable.
The age of biotech legislation
Per the American Bar Association:
A few states have enacted legislation specifically to regulate third parties’ use and collection of individuals’ biometric information. State laws concerning biometric information fall roughly into one of three categories: (1) laws with respect to the collection and use of biometric information belonging to students; (2) laws dealing with collection by government actors; and (3) laws targeting the collection and use of biometric information by businesses.
And per the Security Privacy and the Law website:
So far, Illinois is the center of biometrics privacy litigation, thanks to its strongest-in-the-nation law regulating the use of biometrics. The Illinois Biometric Information Privacy Act, passed in 2008, imposes requirements with respect to the retention, collection, disclosure, and destruction of biometric information. Only two other states, Texas and Washington, currently have biometric-specific privacy laws in force, each of which for its own reasons has not had quite the impact of the Illinois law. (Note that some states, through their criminal laws, already protect biometric data against identity theft.)
2018 may bring big new developments, however. For one thing, look for courts to rule on the application of the Illinois law to parties located outside of Illinois. For another, a fourth state has passed a law containing biometrics privacy protections, set to go into effect in April. With various pieces of biometric-related legislation pending across the country, it’s a good bet that other states–and perhaps the federal government–will follow suit in the coming year.
In sum, your fingers and thumbs are safe, at least from informed thieves. But there remain daunting questions both philosophical and legal as to collection, distribution, and use of your biometric data. It’s no longer the stuff of science fiction. I need hardly point out how the use of biometric ID could help out—and, in some cases, compromise—the banking industry. It behooves us to keep abreast of, or even get involved in, future developments.
Jul 20
6
They only sound like Austin Powers villains
Here’s an interesting prediction from the February 25, 1966 issue of TIME magazine: “By 2000, the machines will be producing so much that everyone in the U.S. will, in effect, be independently wealthy.”
I don’t think I’m being premature when I say I think the magazine missed the mark with that one. Not that I blame the writer or editor. It takes only one unforeseen development to send events cascading down a new, never-imagined course.
Take the current year. It has already already presented multiple unforeseen developments sending events cascading innumerable never-imagined courses, and we have barely reached the halfway mark. The year began, you’ll recall, with devastating fires in Australia. Then a deadly new strain of coronavirus rocketed around the globe, and at the moment it shows little intention of abating anytime soon. Then two disparate waves of protests erupted throughout the United States, one of people infuriated at stay-at-home orders, the other of people calling for an end to systemic racism. And let’s not forget murder hornets, a threat that may have been overblown—so far. Speaking of hornets, a strain of them are building “super nests” about the size of a Volkswagen Beetle in the American south.
Oh, and in the U.S., it’s an election year.
In no way do I wish to trivialize the seriousness of any of the above when I say I’ll be surprised if, a few years hence, Hollywood doesn’t crank out a bunch of 2020-inspired B movies. The only thing that’s missing is a real-life Bond-type villain with an Austin Powers-type name.
But wait! Speaking of Bond-type villains with Austin Powers-type names—this just in from the New York Times:
A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware.
Really? Evil Corp?
In fairness to the hackers, they didn’t take their name from an Austin Powers film. They took it from the USA Network series “Mr. Robot.” Campy though the assumed moniker may be, governments throughout the world take them quite seriously. Just six months ago, the United States Department of the Treasury issued this statement:
Today the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware …
Evil Corp is the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. The Dridex malware is a multifunctional malware package that is designed to automate the theft of confidential information, to include online banking credentials from infected computers … Once a system is infected, Evil Corp uses compromised credentials to fraudulently transfer funds from victims’ bank accounts to those of accounts controlled by the group.
This part should be of particular concern to the financial services industry:
As of 2016, Evil Corp had harvested banking credentials from customers at approximately 300 banks and financial institutions in over 40 countries, making the group one of the main financial threats faced by businesses. In particular, Evil Corp heavily targets financial services sector organizations located in the United States and the United Kingdom … Evil Corp has illicitly earned at least $100 million … it is likely that the total of their illicit proceeds is significantly higher.
I’m not sure I agree with the Treasury Department’s use of “earned,” but this is otherwise scary stuff.
And it gets worse. A few days ago, the University of Florida’s Center for Cybersecurity, aka Cyber Florida, reported:
Sophisticated new attacks by [Evil Corp] … were identified in recent days by Symantec Corporation … the company reported that Russian hackers had exploited the sudden change in American work habits to inject code into corporate networks with a speed and breadth not previously witnessed … While ransomware has long been a concern for American officials … it has taken on new dimensions in an election year. The Department of Homeland Security has been racing to harden the voter registration systems run by cities and states, fearing that they, too, could be frozen, and voter rolls made inaccessible, in an effort to throw the Nov. 3 election into chaos.
Right. Because 2020 needed a bit more chaos.
The United States recently issued indictments against Evil Corp founders Igor Turashev and Maksim Yakubets. Trouble is, Turashev and Yakubets are Russian nationals, and the Russian Federation is not known for cooperating with extradition requests. That’s why Edward Snowden was able to enjoy an extended sojourn in Russia uninterrupted by U.S. authorities.
Meanwhile, the basics of keeping clients safe haven’t changed. This includes, as I have written before, keeping them informed as to safety measures they can take on their own:
The trick is to keep clients forewarned and forearmed while avoiding frightening them so much as to lose their confidence. Perhaps paradoxically, the proper presentation of information on staying safe from hackers can increase client confidence by conveying that a financial institution is knowledgeable and cares about its customers.
Here’s hoping the second half of 2020 calms down.
Originally posted on January 7, 2019
Staying home for months on end can mean more texting, participation in social media, and, at the extreme, actually using a phone to make a voice call. With the first two, we may soon see more cases of “trigger thumb” and related ailments.
Over the past decade, monthly texts have increased 7,700 percent. Worldwide we send about 19 billion of them a day. Americans send about two for every voice call they place. People between 18 and 25 send 133 a week. Texting accounts for about a third of the time Millennials spend on their phones.(1)
Only in retrospect is it not surprising that text messages would overtake voice calls. Texting lets you “converse” without being overheard. You can dispense with pleasantries and get to the point. You can reply at your convenience. You can end or pause by falling silent, with no need for “kindest regards,” “yours truly,” or “no, you hang up first.”
In short, texting is great. Except when it isn’t.
Evil twins
Just as no one foresaw the rapid rise of the text message, no one foresaw the host of problems it would bring.
Inconceivable as it is, and despite the terrifying toll on human lives, there are still plenty of dopes who text while driving.
More on the amusing side is drunk-texting, which, I suppose, you could call drunk-dialing’s evil twin. And then there’s sleep-texting, a more innocent, often entertaining twin. (I guess that makes them triplets.) Unlike its evil sibs, sleep-texts are usually gibberish, which is a good thing, considering they leave a digital record. Sleep-texting is most prevalent among adolescents and college students, possibly due to their more erratic sleep schedules.
Text neck, trigger thumb, and other pains
Excessive texting correlates with and likely causes physical problems. The Washington Post reports an epidemic of “text neck.” The American Optometric Association warns of digital eye strain. And Rush University Medical Center describes “trigger thumb,” which it defines as …
… the constriction of a flexor tendon in the thumb, may result from repetitive gripping motions such as texting or holding a smartphone. Its symptoms include painful popping or snapping when the thumb bends and straightens; sometimes the thumb even becomes locked in a curled position …
… Elbows can suffer as well if you spend too much time holding a phone to your ear, resting your elbow on a desk, or keeping your arm bent at an acute angle to use a computer mouse. These positions can contribute to cubital tunnel syndrome, or increased tension in the tunnel through which the ulnar nerve passes in the elbow.
“Fortunately,” Rush reassures us, “many of these conditions are highly treatable.”
Texting certainly risks miscommunication, which can be harmful to relationships, something the financial services industry should note when crafting automatic messages and training help-chat personnel. Kim Schneiderman L.C.S.W., M.S.W warns in Psychology Today that “… texting is not the way to negotiate a relationship.”
… UCLA professor Albert Mehrabian found that 58 percent of communication is through body language, 35 percent through vocal tone, pitch, and emphasis, and a mere 7 percent through content of the message. We all know that good communication is the cornerstone of relationship. So why attempt to resolve a disagreement using only 7 percent of your full expressive potential? … And that’s a generous 7 percent. Consider all the annoying slips of finger that can interfere with clear communication. When the difference between “mad,” “sad,” “bad,” and “glad” is an errant thumb, wobbly finger gymnastics can be costly and confusing.
At least to a point, emoticons have evolved to compensate for the body-language gap. A winky-face can work wonders for ensuring that humor or irony isn’t lost on a message recipient.
It’s important to beware alarmists who cry out unsupported warnings with every technological advance. Sitting too close to the TV didn’t ruin our eyes; radio, then TV, then video games neither destroyed our minds nor rendered reading obsolete; and home video and, later, streaming were not harbingers of movie theaters’ doom. Likewise, I suspect many if not most of the apocalyptic warnings about texting can be safely ignored.
Nor is it always bad when technology changes how we do things. I don’t see anyone complaining about no longer having to lug a bushel of clothes and a washboard to the riverbank. To be sure, pedants rue abbreviations like u for you and btw for by the way, fearing that humans will forget how to spell and punctuate. Their concerns overlook that fact that rules do not dictate usage; usage evolves while rules scurry to catch up. Moreover, no one suffered severe injury when catalog and dialog began appearing without an appended –ue.
If the texting tide ever turns, it will not be by design. If and when, it will turn only because capricious human tastes will have once again taken us by surprise. Meanwhile, there’s no sense in beating one’s head against the wall. Those of us who make our living in a digital world are best served by watching the trends, doing our best not just to stay abreast of them but to capitalize on them, and remaining alert to pitfalls so as not to fall into or exacerbate them.
__________
(1) (For these and other statistics about texting, see Irene Rufferty’s article in Medium, “50 Texting Statistics That Can Quench Everyone’s Curiosity, Even Mine.”)
There’s a new virtual assistant in town, and it’s danged smart. Its name, appropriately enough, is Virtual Banking Assistant from Fiserv.* And while virtual banking assistants are no longer new, this one impresses in its cutting-edge conversational capability.
A recent Fiserv press release states:
Rooted in Natural Language Processing (NLP), deep learning and AI technologies from Clinc, Virtual Banking Assistant … doesn’t rely on rigid scripts, keyword matching or other traditional rules-based language. … the software allows for a more fluid and flexible approach that can handle the messiness of spoken language and its varying contexts.
Permit me to demonstrate:
Caller: Hey, so I remember I was in California last year and dropped a bunch of cash on food. Can you show me what that looks like?
Banker: You spent $733.84 from your three bank accounts on food and drink in California, which is 1.95% of your total spending from January 1, 2018 to January 1, 2019.
Caller: What about in Ann Arbor?
Banker: You spent $2631.60 from your three bank accounts on food and drink in Ann Arbor, which is 7% of your total spending from January 1, 2018 to January 1, 2019.
Caller: Hey, I need to transfer a hun’rd bucks from my checking account to my savings.
Banker: Let me confirm your transfer request …
That’s a transcript from part of a video a human caller interacting with Clinc’s technology. Notice that casual speech doesn’t throw the tech off-kilter. For instance, “Hey, so …” is a typical human opener but utterly superfluous. “Dropped a bunch of cash” and “What about” are colloquialisms that could throw many a non-native human speaker. And then there’s “hun’rd” versus “hundred,” a listless contraction indulged by some of the best of us.
If you visit the site and play the video, you’ll also see that the caller changes subjects and backtracks. No matter. The tech keeps right up.
But you might also notice that, despite inflections to a point, the voice still has that telltale sound of separately recorded words cut together. I cannot help wondering if that’s by design. The cut-together sound can subtly let callers know they’re speaking with a conversational AI without outright saying “you’re speaking with a conversational AI.” As Google found out the hard way two years ago when they presented Duplex, it can creep people out to learn only after the fact that they were speaking with an AI.
As interactive technology advances, new terms emerge that can be difficult to keep straight. The Financial Brand’s Bill Streeter provided a helpful summary. “Responding to a question from The Financial Brand,” Streeter wrote, “[conversational AI company Kasisto’s CEO Zor] Gorelov divides conversational AI into four categories, from simplest to most complex:
Bot—is an automated program that runs over the internet, typically behind the scenes. This places it at the bottom of the scale of intelligence and user engagement.
Chatbot—can look for patterns in text and respond with automated answers, usually best at very simple exchanges. Some analysts refer to this as checkbox chatbot.
Conversational agent—engages consumers with its ability to precisely understand the intent of the conversation, and then guides users to complete their goal. A conversational agent is always learning, Gorelov adds.
Cognitive virtual agent—knows the consumer deeply and uses that knowledge to anticipate needs, placing it at the top of the scale for intelligence and user engagement.
Call it what you will, the industry has come along way since voicemail.
*Although Fiserv is my employer, MattWilcoxPro.com is my personal blog and does not speak for or represent Fiserv in any way.
Jun 20
25
TBT: Functional is so last-decade
Originally posted July 15, 2014.
Things have flipped. Not long ago the likes of Starbucks and McDonald’s enjoyed a competitive advantage by providing free onsite Wi-Fi. Today, that’s pretty much de rigueur. Providing onsite Wi-Fi is not so much a competitive advantage as not providing it is a competitive disadvantage.
Likewise, offering mobile banking, once the sign of a forward-thinking financial institution, no longer impresses. To do that, mobile banking must do more than function. It must connect.
We have made strides since the original hardware-delivered bank experience known as the ATM. Though you could name them, paint them, network them, and install more of them in more places than the competition, still, an ATM was pretty much an ATM. Today’s digital banking, however, needn’t be so clone-like. As yet, not too many banks seem to realize that. Unlike old ATM technology, today’s digital technology and devices allow for positive interactions, even personal ones, with a strong brand.
Here’s a quick look at how a few forward-thinking financial institutions are breaking out of the “Functional Only” box.
Tip: People will spend time on your site—when it’s fun. Walk into any public place and watch the number of people interacting with portable devices instead of with each other. While you’re at it, note that no one is making them do it. People willingly engage with the likes of Facebook, Twitter, Pinterest, Minecraft, Flipboard, and more because, well, these virtual places have personality, and they’re fun. Some financial institutions have given their websites social and entertainment appeal, and found that clients return more often and linger longer. Need I point out that returning more often and lingering longer build loyalty and present a marketing opportunity?
Get ’em young. Ordinary financial institutions stew about attracting rising generations once they come into money of their own. Smart financial institutions start earlier, when those generations are still kids. They load their sites with educational pages, games, social tools, and more. By the time young people with no money morph into young adults with careers and money of their own, they have been already won over.
Personalize the impersonal. At first it seemed that the use of technology in banking would eliminate the personal touch; instead, it turns out that technology can convey it. A good interactive system connects clients with bank people via live chat, tweets, social media, and even, when desperate times call for it, telephone. A screen is no longer a barrier. It is a conduit.
Check register? What’s a check register? Even the staunchest paper defender must concede that checks are obsolescent. If the majority of people do not want to write checks, it follows that the majority do not want to write their transactions in a check register, either. But that doesn’t mean they want to give up oversight and control of their money. Hence the rise, indeed, the inevitability of online Personal Financial Management (PFM) tools.
I dare to you to show your laundry. It’s becoming increasingly fashionable for companies, financial institutions included, to post client reviews on their websites. But if readers suspect that you parade the praise while conveniently hiding the pans, you lose all credibility. At that point, posting reviews is no more effective than not posting reviews. That is why some brave banks post negative comments right along with positive ones. With the negative ones, they also post the bank’s response as to how it plans to make things right. This validates the rave reviews, which creates trust, and shows clients how you deal with problems, which, if you handle them properly, also creates trust. Don’t worry about the occasional irrational client who can’t be pleased. Your customers are on to them more than you think.
There are two problems with ideas like the above. First, they cost money. But then, it costs more not to make the investment, thereby losing clients to a competitor who does. Second, they require vision, which, let’s be honest, is often what “can’t afford it” really means. If someone anonymously printed this article and left it on your desk, you know who you are.
For details and examples of the above plus other ideas, I commend you to the The Financial Brand post, “12 Technology Trends Shaping Financial Marketing.”
Technology, legality, and morality in biotech