InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Digital Insights & Trends: Clearing and Settlement Platforms to Watch in 2016
2015 was the year that blockchain technology, initially used as the public ledger for tracking bitcoin, began to mature and expand beyond payments. While regulators focused on the risks associated with virtual currency, technology companies and financial institutions forged ahead with developing alternate uses for the blockchain.Using blockchain technology offers many upsides, with one of the most notable being faster clearing and settlement functionality. Companies that can clear and settle transactions faster and at a reduced cost will have a competitive advantage. Thus far, however, no dominant player has emerged.
There are a number of companies that are working on creating blockchain platforms for financial institutions to use to clear and settle trades. Below are just a few of note:
- Digital Asset Holdings. Blythe Master and team are developing a blockchain platform for financial institutions to use to settle digital currency trades as well as digitized versions of financial assets. Digital Asset Holdings recently purchased Hyperledger, which developed a distributed ledger to allow banks and other financial institutions to clear and settle transactions in real time, and Blockstack, which offers private blockchain services.
- Ethereum. Launched in mid-2015, it offers its own decentralized blockchain platform that allows each blockchain to be customized to fit the specific security that is subject to clearance and settlement.
- Bankchain. Developed by ItBit, it is a ledger system seeking to leverage the blockchain for clearing, settlement, and custody.
- Clearmatics is working with UBS to help develop a digital coin based on blockchain technology to settle trades and make cross-border payments.
- R3CEV has developed a consortium of 42 banks dedicated to developing blockchain technology for settlements and payments, among other things.
- Citigroup is developing various blockchain technologies (at least three) and has created a test virtual currency, “Citicoin,” which it uses to test the blockchain technologies.
In addition, companies are using blockchain technology to issue and trade equities. At the end of 2015, Nasdaq issued shares in Chain.com using Nasdaq Linq, its blockchain ledger technology. Additionally, the SEC approved Overstock.com’s plan to issue company stock via blockchain through its subsidiary, t0.
As the above demonstrates, both technology companies and financial institutions will be focused on developing numerous use cases for blockchain technology beyond payments in 2016. Regulators are also beginning to focus on the blockchain technology itself as opposed to solely virtual currency. For example, the CFTC is holding a hearing on January 26, 2016 to discuss the use of blockchain technology in derivatives markets. Taken together, 2016 seems to be the year that blockchain technology separates itself from payments and begins to stand on its own. Judging by the CFTC’s interest in blockchain technology, it appears that regulators may be thinking the same thing.
For another retrospective on the blockchain in 2015, see our Coindesk article "The Stories That Shaped the Blockchain Narrative in 2015."
Digital Insights & Trends: Embracing EMV Technology for Fraud Reduction and Loss Prevention
October 2015 represents a significant milepost in the migration of U.S. payments products to EMV chip technology. It also serves as a useful evaluation point as to what the technology achieves and where it falls short. By now, many U.S. cardholders have been issued EMV chip cards, the microprocessor-equipped cards that store the specific cardholder data on the embedded chip. For decades, U.S. payment cards stored cardholder data on a magnetic stripe on the back of the card, instead of a chip. Indeed most cards in the marketplace, including EMV cards, still contain the familiar “magstripe.” Unfortunately, the static nature of the data contained on the magstripe makes the production of counterfeit magstripe cards relatively easy. Once the cardholder data for a particular person is obtained, through “skimming” or other means, a usable counterfeit magstripe card can be produced and readily used at the point-of-sale, until the cardholder realizes that his or her data has been compromised. In contrast, EMV chip cards use a dynamic system of authentication at the point-of-sale, which makes the production of a counterfeit card with EMV chip technology much more difficult. As a result, merchants can safely conclude that an EMV chip card presented for payment in a point-of-sale transaction is authentic and not counterfeit, and card issuers should similarly experience smaller fraud losses.The four major U.S. payment networks (Visa, MasterCard, American Express and Discover) have long-recognized the fraud-reduction potential of EMV chip cards and, individually and through their jointly-controlled EMVCo. consortium, have pushed for the implementation of EMV technology in the U.S. As part of their efforts to encourage increased EMV chip card issuance by card issuers and acceptance by merchants, beginning in October 2015 the networks shift liability for card-present fraud losses to the party (i.e., merchant, merchant acquirer or issuer) that is least compliant with EMV requirements. For example, if fraud loss results from the use of a counterfeit magstripe card at point-of-sale, where the merchant maintains certified EMV chip terminals but the card issuer has not reissued its magstripe cards as EMV chip cards, the loss will be assigned to the card issuer. On the other hand, card issuers that have issued EMC chip cards may be able to avoid liability that arises from fraudulent transactions where the accepting merchant lacks a EMV chip terminal to be used to process the transaction.
However, while EMV chip cards are a useful tool in the fight against payment card fraud, issuers and merchants should be aware of the following limitations of EMV technology:
- Usage of stolen cards – While EMV technology assures that the payment card itself is legitimate and not counterfeit, the technology doesn’t prevent the use of stolen EMV chip cards, which continue to be usable by the holder of such cards.
- Retention of signature validation – The payment networks have not mandated the use of the more secure PIN validation as part of their EMV requirements. Instead, a cardholder’s identity still is likely to be validated through a signature at point-of-sale, to the extent that the transaction threshold requires any validation. As was the case under the pre-EMV regime, signatures remain a difficult means by which to verify the identity of a cardholder, and they may not significantly deter thieves from using stolen EMV chip cards.
- Card-not-present transactions – EMV chip card technology has no ability to reduce fraudulent transactions through online purchases, where cardholder information is entered manually. Indeed, in other countries where EMV technology has been adopted, fraud through online transactions has spiked, as fraudulent activity moved away from point-of-sale.
- Continued presence of magstripe – The increased usage of EMV technology does not simultaneously signify the death of the magstripe, which continues to appear on EMV chip cards to permit such cards to be accepted and used at non-EMV equipped terminals. As a result, cardholder data can still be pulled from magstripe cards and used online.
Now that EMV technology has entered into the next phase of U.S. adoption, the evaluation of its effect on fraud will begin. While there is little disagreement that EMV technology will decrease point-of-sale fraud through the use of counterfeit cards, issuers and merchants should recognize that EMV technology is not a panacea to fraud. The payments industry and its participants must continue to anticipate and to react to the changes in fraudulent activities that emerge in the post-EMV environment.
Digital Insights & Trends: It's All About the Blockchain
Just returning from a blockchain workshop in London, where I worked with a number of incredible people to consider solutions to some of the pressing regulatory issues impacting the blockchain technology. While considering these issues I wondered if Bitcoin had gained popularity solely as a protocol and not as a currency, would it have evolved faster and more readily. The almost instantaneous (compared to current standards) transfer of value across the globe would be just one component of the potential possibilities for the technology as recognized by the mainstream public. A secure ledger of property ownership, notarization, recordation of wills and trusts, claims for corporate names and intellectual property – all would be pursued at a much faster, or perhaps more public, pace. Currently, progressive financial institutions have announced their active experiments with the technology, while others quietly research the potential use cases.
The opportunities for developing a cryptographic, distributed, public ledger are endless, rendering predictions for the future, even 5 years from now, difficult. What is clear is that the way we conduct financial transactions will be forever altered – for the better. Payments and payment systems will be more efficient, secure, faster, and less expensive for all in the ecosystem and will also lead to financial inclusion. Government regulation – while antithetical to the original thesis of the Bitcoin protocol – is a necessary component of the “algorithm” as the protection of the public from acts of terrorism and other crimes is in everyone’s interest. So let’s work with it, think creatively about it, and help prepare the protocol, governments and the public for the next 5 years.
Digital Insights & Trends: What Keeps You Up At Night - Data INsecurity
We’re still wide awake, focusing on what keeps us (and our financial institution clients) up at night. Let’s pick up where we left off following our December webinar, but this time address data INsecurity from the perspective of its “other” victims, i.e., consumers. Last months’ webinar reviewed the benefits of risk-based approaches to organizational cybersecurity frameworks and identified potential obstacles to their achievement. Today, we’re thinking about another risk of cybersecurity breakdowns – the loss of consumer confidence. This risk threatens companies as surely as the regulatory, media and legal fallout.Despite the proliferation of data breach notification and consumer financial privacy laws, data-breach-fueled identity theft is increasing. A recent report of the National Consumers League & Javelin Strategy reveals that consumer fraud victims don’t discriminate between business organizations and financial institutions when assigning blame for data breaches. Rather, they avoid doing business with all organizations involved. Ironically, nearly one-third of fraud victims take no action to prevent further fraud, even when they’ve been notified that their data has been compromised. The majority of consumer victims, according to the NCL/Javelin report, say both businesses and FIs should be held accountable, and want to be able to sue the breached companies. An even greater majority think the federal government should protect them -- and lawmakers are listening. Senator Amy Klobuchar (D-MN), for example, favors a national security breach notification law.
Financial institutions are between a rock and the proverbial hard place. Compromised financial information results in greatly increased fraud against affected consumers. However, many consumers don’t take action to prevent a breach from escalating into further incidents of fraud. (Partly, this results from lack of faith in the effectiveness of solutions like credit monitoring, and partly, consumers don’t know where to go for help.) Some consumers contact law enforcement or government agencies, but many simply avoid patronizing the companies involved as a result of diminished trust. An overwhelming number of victims believe the right course is action against companies where their information was breached.
Trust lost is hard to regain. Data breach responses are key to effective enterprise risk management, not only because of legal and enforcement risk, but because consumer loyalty, and its loss, have real, tangible, operational and financial consequences. In an effort to bolster consumer trust, companies should: be transparent in communicating their practices and controls with respect to the management and use of data; and provide guidance to their customers on actions that can be taken to protect their own data.
Note: Information in this article is based in part on the “Consumer Data Insecurity Report” produced by Javelin Strategy & Research (2014).
Digital Insights and Trends: Can Bitcoin Support Money Laundering Charges?
Updated Oct. 7, 2014
Bitcoin owners and exchange operators are coming face-to-face with prosecutors focused on money laundering crimes, leading to novel legal arguments about whether the virtual currency is money, or sufficiently “money-like” to support charges of money laundering and other financial crimes. This comes in contrast to a determination by the IRS, for one, stating that virtual currency such as Bitcoin is treated as property for federal tax purposes, and by FinCEN and FATF, that it does not have all the attributes of real currency and does not have legal tender status. Within this context, FinCEN's Director Jennifer Shasky Calvery recently told Coindesk that the agency is focused on the bad actors, and not the new technology itself.
As reported last month in Digital Commerce & Payments, a New York Federal District Court concluded in Faiella et al. v. United States, that Bitcoin is “money,” denying a defendant’s motion to dismiss a money laundering charge. The defendant was charged with unlawfully operating an unlicensed money transmitting business, but unsuccessfully tried to dismiss the charge because Bitcoin is not “money.” The court said Bitcoin “clearly qualifies as ‘money’,” as it “can be easily purchased in exchange for ordinary currency, acts as a denominator of value, and is used to conduct financial transactions.”
Another case in a Federal District Court in Texas, involves a defendant, Trendon Shavers, who argued that he didn’t violate federal securities laws because his Bitcoin investors didn’t invest in “securities”, that his transactions were all denominated in Bitcoin, and that real money did not exchange hands. The SEC took the position that the Bitcoin investments were both investment contracts and notes, and therefore, securities. Although relevant securities law says a security involves an investment of money, the court said Bitcoin could be “used as money,” “used to purchase goods or services,” and “used to pay for individual living expenses.” It can also be exchanged for money. The court’s conclusion: “Bitcoin is a currency or form of money.”
Down in Miami, Florida, Bitcoin sellers Pascal Reid and Michel Espinoza were charged in February with money laundering after selling Bitcoin to undercover police officers to whom they admitted using Bitcoin to buy stolen credit card numbers. Defense counsel said his client couldn’t have been money laundering because Bitcoin isn’t money, but a Miami-Dade Circuit Court judge said Florida can prosecute “trade-based money laundering.” Rather than argue whether Bitcoin is money, the judge looked to the currency paid to buy the Bitcoin – and said that’s what was being laundered. The case involving Ross Ulbricht is reaching similar conclusions.
The race to define Bitcoin continues, but early indications point to a predictable conclusion: Bitcoin’s controversial status isn’t going to help its owners or traders avoid prosecution for financial crimes.
