Financial Cryptography

Monetary Ontology

Hasan reports that he has been working on an ontology for currency systems, mainly oriented at builders of local monies. Download is here, in Protege form which probably means you need to use that package to build with it.

Monetary_ontology_0.1d.zip: A zipped Protégé project of an ontology for currency creation and use. Also contains an "owl". The objective is an active description of all forms of "money" from barter to clearing systems, from precious metal coinage to debt-based fiat. It is oriented towards designers of payment systems and community currency systems. Here is a preview GIF image ! First begun 2008/05/04 and last updated 2008/05/12. v0.0 Contributed by Martin "Hasan" Bramwell

USD reserve currency shift -- some numbers

Some figures on the decline of the dollar as reserve currency:

• emerging-market countries shrank their dollar holdings from 71% (1997) to 61% (2007), while growing their foreign exchange holdings over fourfold.
• the euro component of emerging market reserves grew from 19% (2000) to 28% (4th Q 2007).
• Japan's exports are now often invoiced in Yen: 34% (2001) to 40% (now). Back in 1971 it was almost all in dollars.
• dollars held outside the US: from 1.83% (2002) down to 1.22% (2006), as measured in percentage of world trade.

For the Americans, this is the maths behind the current too-good-too-bad economy in the USA. For the economists, it is interesting because the monetary tool is not helpful when all these dollars flood back unwanted. For the financial cryptographers, it's a great time to be in the currency business. For the gold community, it's their decade!

Note that we have predicted this for some time, but these are fundamental shifts and they move so slowly that any discussion is fraught until the numbers come in.

2003, 2004, 2006, 2006

How does the smart telco deal with the bounty in its hands?

It is a game of FCers to speculate on how the mobile/cell phone industry is going to deal with the wonderful gift they have in their hands, literally. Will they (a) run a payment system, (b) let banks do it, or (c) see a CellPal emerge? It has to be one of the three, as far as I can see.

Here's one answer, which I'll let you place in the list above (spotted by Zopa):

Now, network provider Globe Telecom is offering a mobile credit loan system that caters to its customers’ usage habits. With their Share-A-Load program, Globe allows its users to send (via SMS) their phone credits or “loads” to others running low. The service costs PHP 1 (about US .024) for each transaction and is available to prepaid and postpaid Globe subscribers. Donors simply contact an automated number, punch in their pin code, the recipient’s number, and how much money they’re giving and both parties are notified upon receipt. Share-a-Load is a good example of the applicability of SMS beyond just text messaging - something service providers can use to their advantage if they’re clever enough.

Another frequent question I ask myself is how much effect these "bleedingly obvious strategy" messages have on the market. We've known since the year dot that this was possible, easy and a real winner. But we also know that the response will be knee-jerk, painful and destructive.

The philosophical question is, "is there any point in laying out the bleedingly obvious strategies when the only people who are interested want to stop them happening?"

(Also spotted on Zopa: their comment on how the credit crunch is their bounty ... Oops, there we go again, the curse of being a friend of FC...)

Chip&PIN cards: 1 in 5 cloned?

More dramatic claims that fraud is reaching endemic (?) proportions in retail payment systems in the UK:

Fraud is now most common over the internet, where almost 2 in 5 have fallen prey to fraudulent scams. Alarmingly, nearly 1 in 5 people have also had their cards cloned from ATMs and Chip and PIN machines, highlighting the importance of exercising vigilance with your cards and personal details at all times. ... "Card fraud is a serious concern that is still common despite preventative measures put in place to combat this ,including Chip and PIN,” said Zoe Manton, head of Card Protection at CPP. “Fraud levels increased by 26% in the first six months of 2007 compared to the same period in 2006, to reach £264m.”

Manton said that although we are regularly told to report our lost and stolen cards immediately, on average we are taking nearly ten hours to tell our banks and card companies. The good news is that 56.7% of respondents said they now check their bank statements thoroughly to pick up on any suspicious activity.

I am not sure what is 'good' about the good news. Let's see if we can break it down.

In exchange for the right to invest in subprime real estate, the banks had a responsibility to secure the money. Now they've succeded in outsourcing the responsibility back to us, the account holder. If the banks have succeeded in getting the people to no longer trust bank-supplied payment systems, and they consider this good news, chances are they'll be overjoyed if we also remove the cash as well as the trust...

Yep, looks like a break down to me.

Of course, we know the underlying systemic cause of all this is the failure of competition in European payment systems. Problem is, every time that subject comes up, the regulators say "SEPA is rolling out very nicely, thank you..." Students of irony take note...

middle banking in a english muddle

The British bankers are still trying to convince the skeptical public that cash is overpriced, and the "subsidy" should be let go. Although the central banks have lined up behind their banks, and various credible reports have been duly spec'ed, paid for, and rushed out to an audience bereft of other sources, the masses are reacting to something else the banks got a little wrong: Identity. And Payments. And Guarantees. Indeed, everything it seems except the noble pound note.

Maybe it's a spoof, but I can't tell. Read for yourself:

It's a middle England commuter town where the chief topic of conversation is usually the weather or train delays. But now the Hertfordshire town of Letchworth is coping with an explosion of identity theft, the victim of gangs of fraudsters who target one community, siphon as much money as possible out of bank accounts then move, locust-like, to neighbouring areas.

The impact on individuals who have seen their bank accounts cleaned out is devastating. And now evidence is emerging of how whole communities are losing faith in bank cards and chip-and-pin technology - and are turning back to cash-only transactions.

When Guardian Money spoke to consumers on the streets of Letchworth, we found large numbers of people boycotting outdoor cash machines, and, in some cases, abandoning the use of bank cards in stores.

Shoppers at the Shell petrol station told us they will never use their bank cards to pay for fuel again, after witnessing the chaos caused to friends who have had bank accounts plundered by fraudsters. Outdoor ATMs are strangely quiet, while inside banks there are queues of customers taking out cash.

Letchworth has a population of 33,000, but virtually everyone we spoke to in the town centre this week said they had either been the victim of bank card fraud - or they knew of someone who has had money illegally taken from their bank account. Usually the illegal withdrawals take place in Australia.

Those tricky Australians! Thank heavens we have someone to blame. Now, we all know that the Guardian is not exactly the most credible of sources, but it hasn't exactly been challenged in integrity in anything on the payments blight that I have seen.

So what's the truth? Are the Aussies turning your plastic cards into ashes? Is middle England being hit for six? Is this the end of the banks' bodyline assault on cash?

(Dave talks some more on this. Also, see Light Blue Touchpaper which probably isn't a spoof!)

Prepaid cards: offering the ECB a deal it cannot refuse

Dave asks over on DigitalMoney, perhaps in wobbly exasperation as he tries to walk the logic of the ECB's level playing field:

One of the ECB's points is that they want to create a level playing field of payments. This is a good idea: so is there a single or simple action that could be taken to do this?

I know we've played out all these arguments in the past, but on the off chance that anyone really wants to know the answer:

Yes, there is:

separate banking from payment systems!

The reason for the silly limits on anonymous prepaid cards is because banks don't issue them; their business is about identifying people for borrowing and lending purposes, so they need to know who you are.

However, issuers of pre-paid products do not want to know who you are, just what you do. What you are buying is fine. For them, a traceable-but-anonymous product works perfectly because it solves their privacy issues, and gives them the marketing data to offer you precise deals that are likely to be a win-win for both parties.

Then, why do the banks care about these products that they don't issue? Simple: a pre-paid card is a payment instrument, and a payment done by the retailer without resort to the bank is a payment lost to the bank. So we can see the lost fees as an issue (ask a bank what proportion of their income comes from payment fees).

That's bad, but it gets worse: the payment is not only a payment (for the customer) it is a loan (for the retailer). One of the inside secrets of pre-paid cards is that on the balance sheet, they appear as ... customer-provided financing! Which means that the retailer has cut out the bank.

Now do we see why the ECB is going loopy trying to fit restrictions on emerging payment instruments into contortions labelled "the level playing field?"

And, if you think that's not good, prepare for double-plus-ungood: consider the *cost* of the financing. On paper, it looks like a zero-percent loan from the customer to the business. That is, the cash put into the pre-paid card this month comes back to the customer at face value when they buy goods. Zero percent!

Can it get worse? Oh, yes. For various reasons to do with abandoned funds and expiry conditions, the actual expected interest rate is less than zero. Because the cards are also losable or inefficient, that's money the retailer never needs to give back.

That's right: the customer gives a negative interest rate loan to the business. The basic result is going to be that the one and only chance of banks surviving this is if the Central Banks declare prepaid cards to be totally illegal. We are talking pure economics here, this is a slam-dunk.

But, the CB cannot simply declare them illegal. Not without asserting some form of jurisdiction over retail processes, and coming up with an argument that will appease the consumer. And that's the rub. As its mission has some semblance of helping the consumer, it is hard to convince the consumer that you are helping them by taking something from them.

The best the CB can currently do is declare them as essential tools for money launderers, etc etc, and put lots of restrictions on them because they are "tools too dangerous to be let loose on the innocent public." That's what Dave talks about and ridicules in his post:

If there is going to be a level playing field, then lightening the regulatory burden on e-cash might be an obvious place to begin. One source of costs is the requirement to verify the identity of e-cash users. There is a simplified due diligence procedure for a limited set of circumstances:

1. nonrechargeable... no more than 150 euro; or


2. rechargeable... a limit of 2,500 euro in a calendar year, ...

These limits seem low to me. I think...

Obviously, they are stupidly low, but Dave has yet to consider how much damage Al-Qaeda can do if they get into M&S with a pocketful of these cards.

Will it work? No. Even with these limits in place, it still won't be enough to save banking (again, resort to the economics argument to see why). They can even afford to squeeze the limits lower, and retailers will still be on top. This is part and parcel of why I predict that the next 1-2 decades will see the end of Central Banking as we know it.

I know what I would do if I was one of those players. A bank, or a CB or a retailer. But that's not interesting. What's interesting is to watch how, as negative-interest loans become more "compelling" to the public, how much more wobbly the ECB can make the playing field before people start sliding off.

SEPA meets Money 3.0 -- a trainwreck?

Over at Dave's digital money blog, he keeps writing financial cryptography posts ... which saves the blog from doing it! Last night he opined on whether he could construct a new high level view of the changes to money:

The era of Money 3.0 is just beginning. Its central dynamic is no longer connectivity (since everything is connected to everything else) but community. We can see a glimmer of the future in MySpace and eBay, Zopa and Second Life, Paypal and Craig's List. It's the age of Reed's Law, disconnection technology and the decoupling of currency and the nation state.

To which I responded in comments, predictably, Money 3.0 is FC!

The reason for this is that it allows RTGS assets. ... It goes back to the Baumol-Tobin model on how much money we need. Their model postulates that the driving indicator is the _cost_to_bank_ of the money user. The model has one of these cute divide by zero singularities where everything flips when the cost to get to the bank goes to zero.

.... what then happens when cost == 0? Or, more practically, below the noise floor? Well, to skip a long story ... assets replace money.

See that old monpol paper for more. Now, we sort of all have at the back of our minds that "Digicash started this." That's a good headline date, although the credit goes much wider and deeper than that. The key thing here was that Digicash showed zero-cost-to-bank. Lynn also recalls in comments:

The issue of interchange/association (or lack there-of) also reared its head in the digicash trials ... being limited to a single, common institution that served both the merchants and the consumers. disclaimer ... in the digicash liquidation ... we were called in to evaluate the patent portfolio.

Some people believed that the Digicash patents had value, but that was their problem. What Lynn was talking about then was really the way the Interchange Association solved one of the big institutional headaches:

One of the big infrastructure issues in the 70s was interchange and the associations. Before that both the merchant and consumer had to be with the same institution. this was not just a technology interconnect problem but also contractual and legal issues. The value-added networks to address the interconnect problem have somewhat been obsoleted with the growth of the global internet. However, the legal and contractual issues still remain.

For instance, in some countries, at least in the late 90s, and possibly still true today, required bilaterial, contractual agreements between every accepting merchant and every issuing consumer institution.

The associations allowed merchants to have (contractual) agreements with their financial institutions, consumers have (contractual) agreements with their financial institutions. Then all financial institutions have contractual agreements with the associations (as opposed to every individual financial institution required to have bilaterial contract with every other financial institution) This reduced N*M problem to a N+M ... aka N are number of merchant financial institutions and M are number of consumer financial institutions (with each on the order of tens of thousands).

Right. What FC however does (including but not limited to the parts that Digicash introduced) is to solve the legal and contractual issues as well. Not only that, but the result means that the 1970s solution of one global Interchange Association is not needed.

Why? Because in zero-cost-to-bank, N*M is no problem. Now, obviously, at some point we drill down into that and discover that there is still a very small cost, and N*M matters some ... but let's just hand-wave past that by saying that the result is a paradigm shift of massive proportions.

Better, or worse, we saw it in operation. N*M with Bc==0 does in fact work, in real, global systems. The solution is not one that anyone except the user public will like, because it is *different*. But, it works. It is contractual, legal, technically sound.

Which brings us all to SEPA. What are they trying to do? Well, lots of things really, but we can wrap it up like this:

SEPA is trying to build a Money 2.0 solution in a Money 3.0 world.

Sorry, guys, the world has changed. SEPA is a train being carefully, slowly constructed to 20th century rules. When they put it on the 21st century rails, if they are lucky it won't move. If it moves, it will gather momentum and at some point SEPA becomes a trainwreck.

The fundamental _barrier to entry_ in the business of payment systems

Dave Birch reads Leo van Hove's new article "Central Banks and Payment Instruments: a Serious Case of Schizophrenia":

This article analyses the competition between cash and payment cards against the backdrop of the dual role of central banks - as issuers of cash and as institutions with a mandate to foster the efficiency of payment systems in general. It is argued that this dual role results in a number of policy dilemmas, namely concerning pricing, traceability of banknotes and the choice of denominations of coins and banknotes. On a general level, the article argues that central banks should place greater emphasis on improving the efficiency of retail payments and less on protecting their self-interest. More concretely, the article repeats the suggestion - originally put forward in VAN HOVE & VUCHELEN (1996) - that the ECB should place the upper limit of its banknote series at EUR 50 instead of EUR 500. It is also argued that policy makers should explicitly foster the use of cost-based pricing and in particular create a legal environment that makes it possible for commercial banks to start using it.

Key words: payment instruments, central banks, cash, banknotes, payment cards, public policy, efficiency.

And Dave does the summary, which is probably very good if you want a shorter read. (Indeed, I haven't read the paper myself!) He raises one point that I take issue with:

Meanwhile on the supply side, the barriers to entry are significant. It is simply not the case that anyone can start offering new payment instruments, as distinct from payments processing services.

I don't think that's true ... although I'm not at first blush sure why. Let's work it through.

Certainly the barriers to entry are significant. I once counted 8, then lost the napkin. By way of a few seconds thought, there is:

• regulation, the subject of Leo's article.
• robust technology, client-side and server-side.
• network effects, or as described by Dave, the chicken & egg problem.
• the application choice.
• sustainable system of value backing (e.g., reserves).
• governance.
• border transactions / primary sales.
• theft.
• ...

But, even though it might be granted that those barriers are present, we now have more information on how to do this. Substantially more information, indeed, I claim, solutions abound for each of the problems. We can now count around 10-15 years experience with successful open payment systems, more if you are old enough to remember the various DigiCash and other experiments.

I claim, if you give a competent FCer any of the above barriers, they'll find you a solution.

I concluded in or around 1995 that it takes around 1m of capital to put in place a payment system built primarily in software. (I also said, 100 times that amount, if doing it with smart cards or the like.) Since then, I have seen little to change that view. But, we have seen so many systems that have failed in ways that prior systems also failed, so obviously something is wrong.

Here's what I think is wrong: If there is a barrier in this special field of financial cryptography, beyond the 1m of pocket change needed to build an open payments system, it is in the FC7 thesis: there are too many disciplines to cope with.

Is knowledge the insurmountable barrier?

I like to think it simply requires an open mind, and willingness to read the experiences of others. The evidence against insurmountability barrier is over on the right hand side of this blog, where you can see a personal list of those people who've seen enough to know the layers and work through all the barriers.

But, as time goes on I lose the confidence that more people becoming financial cryptographers is an answer of utility. The evidence for that position is that only a few of those FCers are ever consulted by operators of payment systems. Nor are they often employed by banks, who classically operate payment systems, and occasionally build new ones. Pretty regularly, both repeat the errors of the past, and lose bucket loads of money, but that's no barrier, it seems.

So I guess Dave is right. There are insurmountable barriers to payments systems, and people can't just enter the business. I still don't know why, but it seems as if this institutional knowledge barrier exists, and is insurmountable, even though we as individuals know how to do this.

WebMoney does a gold unit

Dani reports that WebMoney is now doing a DGC or gold based currency.

This is big news for the gold community, as there is currently (I am told) a resurgance of interest in new gold issuers, perhaps on the expectation that e-gold does not survive the meatgrinders, also known as the Federal prosecutors in Washington D.C. (Perhaps as part of their defence strategy, e-gold now run a blog!)

What's different about WebMoney? They had financial cryptography thinkers in at the beginning, it seems, and they are successful. They know how to do this stuff. They did it, and they maintained their innovation base. They are big. They do multiple countries. They quite possibly dwarf any other gold operator in overall size, already. I could run through the checklist for a while, and it looks pretty good. (oh, and they do a downloadable client which does some sort of facsimile of blinded transactions, as presented at EFCE!)

Expect them to take off where e-gold left off, with the exception of the Ponzi based traffic. Big strategic question: will they go green or red on Ponzis?

And now the phoney war on cash (a.k.a., give us another subsidy, ma!)

Dave commented on the "war on cash" ... and Adam picked up on that. Now, that sounds like FC! For someone who once had something to do with the Financial Cryptography community, Adam has a strange comment:

Having the government provide a means for a reasonable functioning economy, and removing the costs of worrying about the gold content of a coin, or the solvency of DavidBucks adds huge efficiencies. There's quite a few things that I'd take the government out of before I took them out of coining currency. (Know thy customer regulations, for example.)

Well... to separate out some issues. Private issuance of money has a long and powerful history. Although the evidence is not entirely a slam dunk, for the most part the jury is in on this question. The envelope, please:

Where private money fails as an industry, it is because of government interference.

The US free banking tradition is the clearest example, in that several different areas had different results. Scottish free banking tradition has the best history, with a century or more of solid gains, only to be finally destroyed by the English, which had already lost free banking to the long, dark and dismal history of the Bank of England.

There is, while we are engaged in this old pub topic, one flaw to free banking that no-one can figure out: it and government currencies backed by gold reserves tend to fail in the face of total war. There are approximately 3 of these, being the US civil war of independence, WWI, and WWII, and each resulted in destroyed financial systems as governments raided them for value.

On to MkKinsey's comments on Dave's blog:

Cash needs to be priced appropriately. The fact is that, today, the pricing of cash is not in line with its costs. Consumers and merchants in most countries do not pay the real cost of cash, and so merchants and consumers have no reason to reduce their use of cash. One problem is that there is no clear ownership of cash. Another is that governments often position cash as a public good -- to be offered free by banks -- thereby inhibiting an economic debate on cash versus other instruments.

Adam is right to be skeptical. Basically, it easy to champion their case against cash, as cash is indeed subsidised competition. But there is an easy retort:

Let's strip both sides of their subsidies!

Like it? I sure do ... just as surely, every warrior against cash will run for the hills when they figure out how naked they'd be.

Henry Moore's Fallen Warrior

Start with the issuance of cash. Make it free to any operator. Leave them their know thy customer regulations, and see what happens.

(Oops, maybe we already know!)

the plan to save Paypal: Skype revealed...

Dani spots:

From within the Skype client, there's a new choice among the forms of communication that a Skype user can initiate with a contact. In addition to being able to chat, make a VoIP call, send files and other contacting information, Skype users can now elect to send another Skype user money via PayPal. Skype and PayPal are both subsidiaries of eBay. So, now, we're beginning to see the bigger picture come together at eBay.

Basically, the mystery of why eBay thought Skype was valuable is now revealed. There was no apparent synergy between chat and auctions, and in fact Skype could be a danger to the centralised auctions model.

The answer was elsewhere, in financial cryptography: Paypal, also owned by eBay, was hurting for fraud. To do real hard payments, we've known for ever that we need a real hard client. As fraud was already hard-baked into Paypal due to early, convenient but bad decisions, improving the Paypal fraud problem required drastic steps.

The first drastic step is to move to a hard client. Skype is the best choice in the world today, as it has a lot of security built in through its crypto, it protects itself from attacks on the local client machine, and it has an already well-grown user base across major platforms. Putting money into Skype is something that any FCer could do; whereas fixing Paypal is a real challenge.

So the plan is to migrate Paypal into Skype. (What took them so long?) This has other ramifications as it means that in time, Skype will become an identity platform. Paypal money is far too identity-driven at this stage to wind back its exposure to the classical regulatory money system, so Skype has to mold to suit.

The good days of Skype privacy might be then over, as identity nexus will be demanded and stored in a US datawarehouse, available at a price. The good news is that now that the model is proven, others can come along and build it. The bad news is that those of us who did build it (Ricardo for example does chat/IM and hard payments in the same infrastructure) will never be able to catch up with the user base.

WebMoney Annual Report: competition with Belarus Government

WebMoney has writes Dani Nagy just posted its annual report. Here's the short summary in English:

WebMoney Transfer is summarizing its 2006 financial year results.

Number of registrations during the past year has exceeded 1.1 million — for January 1, 2007 there were 3.145 registrations in the System. Total turnover equivalent to USD, has reached 1.46 billion and has exceeded 2005’ results: WMZ — grew 2 times bigger, WMR- three times bigger, WMU — 4 times bigger. Number of transactions is more than 15 million.

Our geography: In 2006 70% of our Customers were coming from Russia, 15% — from Ukraine, 4% - from Byelorussia. Other customers were originating from Baltic states, Kazakhstan, USA, Israel and Germany.

The System has launched a new currency WMB — equivalent to Byelorussian Rubles. The Number of merchants, connected to the System has grown too.
During 2007 we plan to introduce more WM-Currencies and launch new project with various local and foreign project and service providers as well as cooperate with financial services and payment solutions.

One of the more interesting details is the success in Byelorussia [I follow WM's spelling here; the country is better known as Belarus in English-language publications], considering repeated attempts by the government to crowd out WM - launching a government-backed competitor (which ended up being just another vehicle for turning your cash into WebMoney [*]), arresting a few exchange agents and general harrassment of WebMoney-related people and businesses. The most important servers serving Byelorussian WM customers are still conveniently located in Switzerland.

WM-penetration in Russia and in Byelorussia are roughly equal (it is only slightly higher in Russia) and substantially higher than in the Ukraine.

Considering that WM has just published all their protocols and APIs, it might be worth considering writing open-source libraries for our own payment systems or even making them general enough for, well, general use.

[*] I think that this story merits more analysis, because it teaches some important lessons. Easypay.by was set up with government backing (it has some government-friendly features, too, like no anonymous or pseudonymous accounts) and it also enjoys some support from the banking sector. There are many easy ways to turn Easypay balance into cash and vice versa. Yet, the most popular use of easypay is buying and cashing WebMoney. And this is despite the fact that WM charges 0.8% per transaction, whereas EasyPay is free. Why do people value their privacy in some cases and not in others?

Nokia and Visa announce handset payment system

Visa and Nokia have taken the wraps off their handset-based payment system. Details of workings are unclear:

The wireless standard that will link mobile phones with payment systems in stores and elsewhere will be the near field communication (NFC) chip, which will be hidden under the phone cover and makes contact when swiped over a reader.

Visa being involved means it is likely to be tied to a classical Visa card, with billing backed into the existing system.

The initial version of the mobile payment platform, which launched on Monday, offers contactless mobile payment, personalization over mobile telephony networks, coupons and direct marketing. Subsequent versions of the platform, to be made available later in the year, will include remote payment--also using mobile telephony networks--and person-to-person payment.

What is perhaps more interesting is that Visa are floating themselves as a public company. This cuts the direct tie with the banks, which in the past owned Visa (and Mastercard). So now, we can expect Visa to be (a) not a bank, and (b) not regulated by the ownership method.

Which will leave Nokia in a more confident position, as it will be Nokia that has the final say on what goes on its phones.

It's yet more evidence that the payment function is gradually moving out of the banks' sphere of influence, alongside the exploding retail gift card issuance and the slow recovery of interest in net-based payment systems.

Tom Greco's blog

A new blog on the block: Tom Greco of Reinventing Money fame takes a few tentative steps. Here, he raises an interesting definition of when a currency is issued:

A currency is not issued until a buyer offers it in payment and a seller accepts it in return for real value. Merely distributing notes to potential participants does not constitute issuance, but only distribution. Notes are not issued until they are first spent into circulation. When accepted in payment, there is an agreement to reciprocate. That agreement may be either explicit or implied, preferably explicit and precise.

That's an interesting distinction; a contract only achieves the status of an issued right when it trades between buyers and sellers. Which means many of the lesser and flawed contracts that I've mounted on servers over time aren't really issues; they never traded, even though they were minted.

Tom is author of Money: Understanding and Creating Alternatives to Legal Tender (PDF), one of the more serious books on alternative views on community credit, and he is also a persistent scholar of E.C. Riegel, an early 20th century economist who hammered out much of the thought in community currencies and indeed the theory of money.

Skype drops the payments bombshell

Canny financial cryptographers will spot the bombshell in the first and last comments of the article mentioned earlier on Skype. Read those paras first (look for "payment") and come back, as the rest won't make sense.

Skype are adding payments. I may as well now reveal that we brave cryptoplumbers at Systemics built this over the period 2001-2004. (Ooops! I already revealed it.) It took about 3 years to do, as the 6 week "summer edition" by Edwin Woudt proved a need to re-jig many fundamental parts of the SOX & Ricardo architectures. The rewrite (started by Jeroen van Gelderen and Edwin, finished by yours truly) worked, and the chat part worked so well that I can predict that it would be addictive if we ever fielded it. (Why it is not fielded is your mystery and our loss.)

So what's special about this? Someone else figured it out: Skype. They are in the process of implementing Payments over their infrastructure, which means it is no longer necessary for me to keep quiet about this innovation. We've been overtaken, so I may as well reveal all.

FTR, we implemented chat over a payments system, whereas Skype are implementing payments over a chat system. If constructed as a core FC application, the result is indistinguishable, for reasons that I am slowly writing down in many parallel documents. I continue to develop the underlying infrastructure in my spare time, as well as document the core concepts, and you have already read many of the facets on these pages ... but the absence of the whole story should give you a hint as to why this is not a fielded app.

The big picture is this: integrated chat & payments is huge. Immense. It has the potential to be if not the next killer app, certainly the next killer integration. I can show this by analogue: in your last 10 payments, how many messages did you send to your counterparties? Chances are, at least 100. Ergo, the message that carried the payment is the least of the protocol known as trade.

Trade is a chat application (with a payment message thrown in somewhere around the end).

The big question for those who appreciate this and are at this minute going long on Skype is ... can they do it? Here's my answer: Yes, if they take small baby steps, then they may avoid the many bear traps of financial cryptography. That is, they at least have the track record for doing this in lower layer terms, and if they don't rush it, they'll pick up the hard higher layer lessons in time.

Can others do it? Not a chance. Skype have the field fully open. Google, AIM, Jabber, and that MS thing (I don't use it so don't know what it is called) are so unsuited to the financial cryptography needs of chat plus payments that they haven't a chance. To be honest, it will probably require dramatic changes in Skype's architecture too -- the difference is that they have *enough* in place to show they can pick up the rest, and survive the transition. The others have no chance, IMO.

Even though I failed to deploy this and am competitively annoyed, it is a joy to see these things evolve and for others to pick up the baton. Go skype! What others should bear in mind is that this is an A-grade FatBoy BombShell, for reasons that can't really be explained in a simple blog post, but will be seen when and if Skype deploys it.

If they falter, we have to wait for the next time.

Payments and Settlements News - No. 42

http://www.e-pso.info/epso/psnews/06-08-03_psnews_no42.html

News and events:

1. European Central Bank – Communication on TARGET2
2. European Commission – Staff Working Document on the Review of the E-money Directive (2000/46/EC)
3. France – Banks upgrade security of EMV cards
4. Portugal – Payments Digitilization Programme “ProDigi” launched
5. Portugal – Electronic purse scheme PMB discontinued
6. The Netherlands/Belgium – Fortis builds European IT platform for retail banking
7. UK – Visa study on “Mystery spending of cash”
8. MasterCard – PayPass launched in Turkey, performance study published
9. United States – Agencies propose rules on identity theft and address discrepancy
10. United States – Turning into a "Debit-Card Nation"
11. United States – Overview of new mobile payment services
12. Canada – Dexit cuts staff; explores sale
13. Brasil – Fujitsu Introduces New Biometric Security Solution for ATMs

Articles, speeches and reports:

1. European Central Bank – Speech by Gertrude Tumpel-Gugerell at the European Commission’s Public Hearing on Preliminary Findings of the Retail Banking Sector Inquiry
2. Belgium – Financial Stability Review 2006 by the National Bank of Belgium
3. Germany – Study on payment processing on the internet by ibi research
4. Netherlands – Voice recognition system launched for ABN Amro customers voice recognition system launched for ABN Amro customers
5. ePaynews – SEPA as a “Mixed Bag For Europe's Payment Industry”
6. United States – Survey shows increasing popularity of contactless cards to buy inexpensive items
7. United States – “Is reporting on credit card pricing to the Fed helpful?” An article by the Federal Reserve Bank of Philadelphia
8. United States – “Prepaid Cards: An Important Innovation in Financial Services” An article by the Federal Reserve Bank of Philadelphia
9. United States – “Domain-Based Phishing Attacks on the Rise”
10. Arthur D. Little – “Mobile payments set for tenfold rise”
11. United States – “Web freebies are mobile moneymakers”
12. Externalities and Regulation in Card Payment Systems

http://www.e-pso.info/epso/psnews/06-08-03_psnews_no42.html

ePSO - european Payments and Settlements News - No 41

Payments and Settlements News - No. 41

News and events:

1. European Central Bank - The Eurosystem is evaluating opportunities to provide settlement services for securities transactions
2. European Commission - Newsletters and meeting minutes of the EU Fraud Prevention Expert Group
3. European Commission - 5 July the Member States are called upon to sign the Hague Securities Convention
4. Hague Convention - United States and Switzerland first to sign Hague Treaty
5. Google Checkout opens for business
6. Australia - A new report table by Australia's House of Representatives economics committee has called for the introduction of chip and PIN technology to replace the current signature-based card payment

Articles, speeches and reports:

1. European Central Bank - Ms. Tumpel-Gugerell's speech at the m-payment conference in Brussels on 29 June
2. European Commission - Speech by Commissioner Charlie McCreevy: "Clearing and settlement: The way forward"
3. European Commission - Public hearing on competition in retail banking on 17 July
4. European Payments Council - Making SEPA a Reality, 28 June 2006
5. United Kingdom - Financial Stability Report, Issue 20, July 2006
6. Latvia - Financial Stability Report 2/2005, available in English
7. United Kingdom - Welfare benefits of stable and efficient payment systems, July 2006
8. Euroclear - Annual report 2005
9. EuroCommerce - Annual Report 2005, Action Plan 2006
10. Financial Services Subgroup - Competition issues in retail banking and payment systems markets in the EU
11. ACI Worldwide - Global Electronic Payments Market Study and Forecast
12. Australia - Working paper, Cost and benefits of alternative payment instruments in Australia by S. Lancy and I. Harper
13. First Data - SEPA deadlines are a significant banking industry challenge

Payments and Settlements News is prepared by the ePSO team at the European Central Bank. If you have any comments or suggestions for the next newsletter, please send them to psnewsletter-at-ecb.dot.int.

DDA cards may address the UK Chip&Pin woes

Lynn points to an article that states the French rollout of chipcards uses DDA or "dynamic data authentication":

The DDA cards store an encryption key that generates a unique number, or signature, for each transaction. This signature is read by the point-of-sale terminal, which has a corresponding encryption key, so a transaction from a counterfeit card is unlikely to be approved. The DDA technology allows banks to more securely approve transactions at the terminal without having to send the transactions over the network for authorization. Most EMV cards in circulation worldwide, including those in the UK, use less-secure "static" signatures, which can be copied onto cloned cards. Unless issuers send these transactions over the processing network for online authentication, terminals might not be able to detect fraudulent cards.

This looks a little bit like diversified keys or some similar hybrid asymmetric system using symmetric algorithms. In diversified key systems the "merchant set" of receivers can check the signature but no ordinary card can. These were used in one-way triangular money products so that consumer card could prove itself to merchant card; which made the consumer cards less interesting to crack, but also shifted the burden to the merchant cards (anyone who can crack a card can steal a merchant terminal...).

Microcontroller suitable for an interceptor of SDA smartcard as per UK Chip&Pin. Mike Bond University of Cambridge, Computer Laboratory.

The fact that France is rolling out these more advanced units at the same time as Chip&Pin is being rolled and rolled in the UK is possibly a reflection on competition. In France, the banks probably have more chance to build in the higher cost base of the more expensive cards than in the UK.

Lynn asks in comments:

This looks to close the "yes card", "replay attack" scenario with existing static data (skim static data in manner similar to skimming magstripe static data, using it to create counterfeit card).

An issue raised in the "naked transaction" scenario ... is whether the actual transaction is signed ... ala x9.59
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959

Or is it an upgrade of the existing static data card authentication to dynamic data card authentication ... aka an end-point authentication ... but leaving the actual transaction otherwise naked ... and possibly vulnerable to things like man-in-the-middle attacks
http://www.garlic.com/~lynn/subpubkey.html#mitm

https://financialcryptography.com/mt/archives/000745.html

My guess is that it is "div-key-signed" but as the signature can only be checked by the fully equiped merchant card, various dumb checks won't work.

More:

The mask in question supports all bank card applications in France, EMV and Moneo, and is certified to EAL 4+ level, the toughest card security standard in existence.

Previous posts:

• Naked Payments IV - let's all go naked
• Naked Payments II - uncovering alternates, merchants v. issuers, Brits bungle the risk, and just what are MBAs good for?
• Naked Payments I - New ISO standard for payments security - the Emperor's new clothes?
• Chip-and-Pin terminals were replaced by "repairworkers" ?
• FraudWatch - Chip&Pin, a new tenner (USD10)

Prototype interceptor of SDA smartcard as per UK Chip&Pin. Mike Bond University of Cambridge, Computer Laboratory.

Naked Payments IV - let's all go naked

Dave Birch says let's all get it off:"

I've got a very simple, and absolutely foolproof, plan to reduce payment card fraud (much in the news recently) to zero. It's based on ... So here goes:

Change the law. Have the government pass a bill that says that, as from 1st January 2011, it won't be against the law to use someone else's payment card. Result: on 1st January 2011, card fraud falls to zero because there won't be any such thing as card fraud.

This has two benefits, both of which greatly increase the net welfare.

Firstly, it would to stimulate competition between payment card companies to provide cards that could not be used by anyone other than the rightful owner.

OK, logical, coherent and a definate brain tease. Much of the underlying reason that naked payments waft comfortably around inside the network is that the inside network is built of corporations that rely on the crime of misusing a payment, naked or otherwise. With such strong criminal punishments in place, they can push the naked and vulnerable payments around.

Before you discount the idea totally, consider this: it is already in operation to some extent. In the open governance payments world, there is no effective "law" operating that makes it "illegal" to use some account or other. Rather, the providers live in what we might term the "open governance" regime, and there, they use a balance of techniques to defend themselves and their customers. Those techniques refer often to contract laws, but try not to rely on criminal laws.

Does it work? I think so. Costs are lower, most such systems operate at under 1% transaction fees whereas the regulated competitors operate around 2-5%. P2p fraud seems lower, but unfortunately nobody talks about the fraud rates that much (and in this way, the open governance world mirrors the regulated world), so it is difficult to know for sure. Succesful attacks appear lower than with regulated US/UK systems, although not lower than mainland Europe. Possibly this is a reflection of the lack of anyone backstopping them, and the frequency of unsuccessful attacks giving lots of practice.

One thing's for sure - the open governance providers would be quite happy to get rid that law as they don't expect to benefit from it anyway.

Probably a useful area to research - although I get the feeling that nobody in the regulated world wants to honour the alternate with admission, and the same scorn exists in the governed world, so a researcher would have to be careful not to give the game away.