Philip Andreae’s Thoughts

Wednesday 4 June 2008 I received an advertisement for a book from Forbes about the 400 richest people in the world.  As part of the advert they showed this graph.  When I look at something like this i wonder why we talk about lowering the tax on the rich.  With this much wealth i  would not be the least bit surprised that they could clear the debt of many of the nations of the world. 

I do not have an issue with the fact that they have figured out how to do so well.  My concern is that with this much wealth, one simply wonders when they will give back and help the world with some of the problems. we are facing like environmental damage, famine and poverty.

In response to the article published by Consult Hyperion

Conference paper e-ID as a public utility Neil A. McEvoy

Universality

Interesting that as soon as you identify that I should be able to provide my identity to anyone anywhere you state that a national government can offer such a scheme.  That is counter intuitive and fraught with the issue of achieving global standards of identification, given the bureaucracy of most national governments. 

Yes, ICAO was able to agree on a template and specification for the e-passport.  Fortunately they had a template and various agreements and treaties to justify the work.  But when we start out with the basic premise that my identity is how I wish to project myself; we immediately move into a world of nuance with built in mechanisms to embrace and resist change.  That being said Homo sapiens’ have a perchance to employ tools we morph as society and our world evolves.

Picking the right band of stakeholders to assure universality requires that at some point people abandon the idea that there is Profit in defining how we will digitally represent a person’s identity.  Instead because the consumer/citizen wishes to project or required to provide their identity; we leave it to those seeking to receive the information to find the profit in knowing something about me. 

Having been raised in America I am drawn to the words in our declaration of independence that give us the right to life, liberty and the pursuit of happiness.  Behind these words I believe I also have the right to my privacy and do not want to learn that morphing my identity into a digital form puts my identity at risk.  The citizen/consumer must be able to decide when and what information someone is able to scan.

All of this tempers my thinking about who should be engaged in defining the global standard for digital identity.

The two-way street

I could not say it better myself.  Like my business card, a police persons badge or a company id card.  We present these to each other to create trust between various parties and provide a degree of certainty that:

·         I am who I say I am

·         This is how you can locate and communication with me

·         Here is proof that I have the following rights and capabilities

Quick transaction

Very well said the exchange of information about my identity must be as easy as handing you my business card.  Everything after that is about the context of the transaction and will parallel the discussion and negotiations between the parties.

The gadget

My only addition to the supposition that the phone is the right gadget is the reality that we are talking about something that the citizen must be able to carry most anywhere.  So it must be the one object we always carry.  Some would argue this is the mobile phone; I would suggest that we not forget the more primitive device the purse or wallet.  Maybe as we think of identity we must also think of ergonomists and think about merging the phone into the wallet not the wallet into the phone.  Leather is eco-friendly warm and comfortable to the touch.  Metal or plastic tends to be brittle and cold. 

The next thought in respect to the gadget is it becomes the device I trust and will protect at almost any cost.  Should I worry about how trustworthy your device is?  All I want from you is the information you wish to share and any certificates others provide you that allow me to authenticate your rights and capabilities.  My trusted gadget is what I use to share information and certificates and what helps me absorb and as appropriate verify information and certificates others offer to me.

Extensions

Yes my information is mine and what I offer to others is my choice.

Scheme considerations

I am not convinced of the need for a central register.  Yes there is a need for third parties to attest to the citizen’s identity that others can trust and in lies the complexity of introducing a digital solution.  In fact what the citizen needs is a device they trust.  A device we trust, carries the information and certificates that third parties, who the counterparty trusts, capable of exchanging the appropriate digital data electronically.  In order to achieve this goal we must develop and support a cascade of standards, regulations, contracts and relationships that enable global interoperability thus assuring a meaningful means of exchanging our digital identity.

Before we go about defining the techniques that should be employed, I think we must first establish base principles.  Key must be the idea that there is no centralized register.  Instead those parties we as consumers are willing to trust and wish to position themselves as trusted third parties can build registries, recording those individuals they are willing to authenticate.  The citizen may wish to contract with an entity to provide support for the trusted gadget and the various relationships it supports. 

The author’s position on protecting privacy and meeting the needs of law enforcement is laudable yet scary.  I’d rather the protection offered by a distributed environment that still is capable of responding to directed queries from law enforcement and not blanket access to everything I or others have collected about me.

Make my gadget the gate keeper; allow service providers and those parties wanting the security of digital identity the ability through standards to build affordable infrastructure to read, with my permission, data stored in my gadget.  Avoid the complexity of establishing a global resister.  What we need to define is the architecture for a gadget that is capable of carrying and supporting a myriad of digital relationships with their linked need to assure proper identification.  We then need to agree on a common set of information that all sectors share.  Maybe the v-card is the base.

For more information I offer the following background and a concept for consideration.

The Promise of multi-application Smart Cards, refined to consider the device as the media

A bit of research to prove the consumer will understand

UK consumers reject mobile payments

Security is a major hindrance, says study Written by Angelica Mari, 23 May 2008

I must admit I am confused about the potential for the Mobile Phone becoming a mechanisms we employ when making payments.  If I was simply to take the reaction in an article recently published on VNUNET.com, I would worry.  Yet in other articles and industry analyst speculate that by 2012 we will evolve to employing the mobile phone as our i means of payment.  As I suggested in a previous posting there is still a lot of work to do in developing the business case. 

Yes Vivotech reports phenomenal numbers of devices installed and Inside Contactless talks about the significant numbers of contactless cards deployed.  Standards are emerging and I am sure that EMVCO will develop the necessary security to protect Mobile Payments (assuming you don’t lose your phone).  Then there is the interesting reality that there are more mobile phone users than there are people with Bank accounts.  Micro-finance and developing worlds are embracing work like what Vodaphone is doing to drive payments in the P2P space to the mobile device. Yet when will all of these experiments and trials prove that the key issues of security and stakeholder profit are there?

Judiciary Committee Antitrust Task Force
Hearing on H.R. 5546, the “Credit Card Fair Fee Act of 2008”

Today I sat down and read through all of the testimony and must admit, understanding the concepts of interchange, I am troubled by the testimony provided by both Visa and MasterCard.  Neither provided sound arguments to justify interchange.  Whereas those opposed, clearly demonstrated that Interchange benefited the large issuing banks at the expense of the merchant and consumer.  The only testimony that offered any sound support for interchange was that offered by John Blum.  Yet his arguments simply argued that without a fixed interchange structure smaller players would not be able to play, which does suggest the interchange mechanism, as a competitive process, is flawed.

Regulation is not the answer.  Yet, something must be done to assure that there are sufficient free market forces surrounding the calculation of the default Interchange rates.  

 Chairman’s Opening Statement

Witness list and links to their statements

Ed Kountz of jupiter in his recent blog on Alternative online Payments offers an opinion that credit and debit cards where not designed for the Internet.  It is interesting to reflect back in history and remember when it was not the magnetic strip that was important to the execution of the transaction but the numbers printed on the front of the card a merchant could simply would say into a phone or type onto their telephone keypad to get an authorization. 

Move to the Internet and instead of asking the merchant to type in the account number and expiry date we ask the consumer to fill in an Internet form.  How can one argue that ISO7810-3 cards where not built for the Internet.

Back in the day, circa 1993, when we began to think about how we would secure payments over the Internet and address words like dis-intermediation.  It was clear that by any definition the ubiquitous credit card was already a vehicle for enabling eCommerce.  All the internet did was to take mail order and catalogue business and give it the power to become a global operation; no longer limited by the cost of a telephone call or postage.

Yes Mr Kountz is correct, there is a real issue with security and the Internet.  Yet the issue is no greater than what was faced when Card Not Present transactions started happening as telephone ordering became common place.  Did the payment associations attempt to keep up? MAYBE! 

First we saw the introduction of CVC2/CVV2 and address verification as tools to address the risks of someone who had captured the data on the face of the card from employing that card maliciously.  Not a bad solution, if the merchant was willing to make the changes to their web sites and call center procedures. 

Next came SET, now here was the perfect solution, yet at a cost that simply did not offer anyone a reason return on investment; even if Card Not Present Fraud was an issue.  Since then the payment associations tried to develop a simpler yet equally secure solution called 3D-Secure, Verified by Visa or SecureCode.  The idea is sound.   The issue of adoption came down to the simple issue of figuring out how to get the consumer to go through the additional step of activating their 3D-Secure password and better yet remember it.  Versus what became the reality, they simply said this is too difficult, I don’t need to buy that today, so they abandon the shopping cart.  Merchants saw 3D-Secure as a way to lose potential business and at a rate alarmingly larger than the cost of fraudulent transactions.

So what is the answer?  Create new means of payment that are designed for the specific trading environment (mobile, Internet, Mail Order, telephone Order, face to face …) or figure out how to get everyone to work together to come up with a workable solution that exploits the power of the Visa, Discover, MasterCard and American Express Brands.

In my opinion it is about communications and working together as a team.  Not once has the merchant been asked to participate in developing more secure solutions to payments.  They are simply told through compliance and rule changes this is what they shall do. 

Maybe the new Visa and MasterCard will find that merchants are now shareholders and bringing them to the table is in the interest of everyone especially the consumer.  Or is it time for a new payment Brand that is built to serve the merchant and operated by the Banks?

Today on Payments News - from Glenbrook Partners” they posted an article referencing the hearing taking place

Thursday 05/15/2008 - 11:00 AM
2141 Rayburn House Office Building
Judiciary Committee Antitrust Task Force
Hearing on H.R. 5546, the “Credit Card Fair Fee Act of 2008”

House Judiciary Committee Holds Hearing on US Interchange Fees

As we mentioned here on Payments News on Monday, the House Judiciary Committee is holding a hearing on Thursday, May 15th beginning at 11 AM Eastern time on H.R. 5546, the “Credit Card Fair Fee Act of 2008”. As of tonight, the committee’s website doesn’t list the witnesses who will be testifying - but it promises that a live webcast of the hearing will be available.

As an editorial comment, many of us in the payments industry find the “solution” proposed in this legislation to be overly complex. Read the actual text of the draft legislation - and you may reach the same conclusion! We wonder whether the merchant community in fact would be well served by the remedies proposed. A very basic question comes to mind: “Is this the best you can do?”

The legislation that is under review can be found at http://judiciary.house.gov/hearings.aspx?ID=204

My sense is that like Australia, Europe and other countries the USA Congress is ready to challenge the nature of how interchange is calculated and define methods of assuring merchants much reduced rates.  How the financial lobby will engage and how the associations will defend there position, should make for an interesting debate.

Reported by Epaynews.com

According to EAST, skimmed data is also increasingly being sent to countries in and outside Europe where EMV cards can be used as magnetic-stripe cards in ATMs. This takes advantage of a process known as “mag-stripe fallback”, which is designed to ensure that a card can be used even if its EMV chip is damaged or faulty.

How Thieves Copy Credit and Debit Cards and Drain Accounts

By ELISABETH LEAMY - ABC News

May 2, 2008—

 While your ATM card is tucked in your wallet, thieves half a world away could be cloning it and using it. The crime is called “white card fraud,” and ABC News investigated just how easy it is for thieves to make a copy of your card and use it to drain your account.

It’s difficult to get an exact figure, but it’s estimated that identity thieves net an estimated $345 million this way every year. Gary Burkey of Wilmington, Del., discovered somebody was withdrawing money from his account at ATM machines in a part of Pennsylvania he had never even visited.

Criminals get people’s numbers in a variety of ways. One way they capture card numbers is by installing skimmer devices over the slot where you insert your card when you use an ATM.

They also use hidden cameras to record your PIN. Miami Beach police have actual footage from a crook’s camera in Florida that shows a victim inputting his PIN. Clear as day: 1-4-2-6.

Click here for tips to protect you from today’s modern identity thieves.

“What makes this really sneaky, really devious, is once the criminals get the account information, they wait on it for a little while, said Cpl. Jeff Whitmarsh of the Delaware State Police. They replicate the cards and when the consumer least expects, that’s when they go in and hit the account.”

ABC News found the machines used to copy cards for sale right on the Internet, even though there are very few legitimate uses for them. We had our choice of 30 machines and bought one for about $500. We were even able to request priority shipping and received the package the next day.

ABC took the device to Chris O’Ferrell, an ethical hacker for a computer company called Command Information, which helps the federal government secure its systems.

We handed over an ABC News credit card and O’Ferrell swiped it so the machine could capture the information on the magnetic strip. Right away, the data popped up on the computer screen: name and account information.

With another swipe, O’Ferrell transferred it to a blank white card that came with our kit. Any card with a magnetic strip can be made into a clone — gift cards, hotel key cards, etc.

In less than five seconds, we had a duplicate credit card.

“That’s it. That’s all there is to it,.” O’Ferrell said.

We cloned an ATM card too. At one point we even accidentally deleted the data on one of our source cards, but since we had a clone, we were able to put the data back on.

Once we had clones of our cards, the question was, would they work? We tried the Visa card out at a gas pump. Without actually making a purchase (we didn’t want to violate any laws) we inserted the card to see if it would get authorized.

When the “lift the handle and begin fueling” message came up, we knew our clone was working. We tested the cloned ATM card by checking our balance at an ATM machine. When the screen read “Hello Elisabeth Leamy,” that was our first clue that that one was working.

It’s a bonanza for crooks. They used to have to risk going into stores to buy pricey merchandise, which they then sold for cash. Now they can just drain ATMs. Authorities say specialized crews do nothing but hit ATMs, cashing out on behalf of other identity thieves and taking a commission. One Bulgarian gang pulled $200,000 out of a single cash machine in Florida.

More than 65 other countries in Europe, Asia and South America now use smart chip technology that makes card cloning almost impossible. But the United States has stayed with magnetic strips to avoid the cost of converting ATMs. By one estimate, we have 400,000 cash machines in this country.

“It’s totally unacceptable,” O’Ferrell said. “It makes it extremely easy for the criminals to clone our cards and steal our identities.” Experts say since U.S. credit and debit cards are so much easier to tap, U.S. cardholders have become targets.

Copyright © 2008 ABC News Internet Ventures

Once long ago there was a lady so fair
My heart was with her
My mind did pondered a future togehter
I understood then we each had a path we must follow
Each a Path leading to fields of fruit and bounty
Time passed and contact was lost
Yet her name stayed in my mind
Never to leave the subtle crevices of memory
Thoughts and feeling of joy kept the feeling fresh

Recently perchance our acquaintance once again remade
In yesterday unfinished was the relationship
In tomorrow expectation that are yet unknown
In today time to dream
A time to learn of of each other
A time to explore what was is and could be
No hopes, only dreams yet tempered by the realities of time

During my journey from one of not wishing to believe to one accepting the power and grace of God; I explored science and thought that science would offer all the answers and ultimately be able to explain everything.  As my learning expanded and I came to appreciate that there was too much order in all that my eyes see and my mind perceives; I came to accept that only a creator could establish the order of the universe we live in.

When I reflect on the big bang and read Genesis 1:1-5 I see in those few words the fact that once there was a Big Bang and that it was when God created the light.  Those seconds and billions of years that followed was when God set out to create the universe, and eventually create the planet we call earth.  All of that is the work of his “First Day”.  If we measure it in our time, billions upon billions of years passes; as God moved particles of matter and energy that flew out from the great blast he caused.  So great is his power and so glorious his vision that in time the galaxies, stars, suns and planets formed and began turning so that there would be a time of dark and a time of light.  His first day’s work was done.

We all know that at the foundation of all life is air and water and on the second day he created H2O and air.  With these two creations he created the expanse between the water in the sky and the water on our planet.  So ended God’s second day’s efforts.

On the morning of the third day he created DNA and developed the structure of a plant cell.  He then spent the balance of the day manipulating this creation in to what we know as the vast diversity of plant life.  He then blessed these various forms of vegetation to be fruitful, evolve and multiple.  On that day he set in motion the process that would allow these initial forms of vegetation to evolve into the various forms of vegetation we are familiar with today.  He wanted his various creations to evolve and enjoyed watching the new forms of vegetation emerge and recognized that some would not survive and in many cases decided to destroy those that were not pleasing to him.  He saw that his creation of numerous plant species was good and saw that his third day of work had come to an end.    

On the fourth day he saw that for evolution to continue there must be times when the sun, with its great energy, would touch the earth.  So he parted the waters of the sky to form what we now call clouds.  He caused the planets to rotate and the sun to disappear and the other planets, stars and galaxies to become visible.  He set the earth’s rotation and orientation to align with all his other celestial bodies, causing there to be warm times and cold times.  By setting the earth to tilt and spin at a certain rate, he was able to create the seasons which further stimulated the growth and evolution of his first creation, vegetation.  The vegetation was now able to follow a cycle of life he established when he set in motion the passage of the seasons.  By altering the strength of the light from the sun and intensity of the light of the moon he added diversity to his creation.  With this new process in place it was time for God to rest the evening of the fourth day.

On the fifth day God arose and decided to create creatures that would fill the seas and soar through the sky.  By using his creation, DNA he moved on and created animal cells.  In the morning he created simple creatures to inhabit the sea and soar through the sky.  He saw that this was good and he caused these creations to be fruitful, evolve and multiply.  As the day progressed he continued to experiment and create more complex creatures by developing animal cells capable of performing different functions.  God continued to relish in the creation of diversity.  As he created each new species he continued to embed within them his concepts of evolution and enjoyed watching each evolve from its own kind and fill the sky and the sea with a diversity of birds and sea creatures.  And it was time for God to rest the evening of the fifth day.

On the sixth day he saw that the land was only filled with vegetation and saw that the richness of the vegetation of the land could support new forms of life.  So in the morning he caused the creatures that inhabited sky and the sea to evolve and descend from the sky and crawl out of the sea.  As the day progressed God further populated the land by creating new creatures.  Like he had done on the fourth and fifth day, he blessed these creations of the land and let them be fruitful, evolve and multiply.  As the day passed he noticed that some of his creations were so large that he could not allow them to continue to multiple.  Slowly but surely God evolved his land based creations to become what we know as the livestock and the wild animals.  God was selective is his process of creation and enjoyed creating a wide variety of creatures.  Yet he also had an eye for beauty and diversity and would often determine that one or another was not fit to continue to exist.  Those that where pleasing to him, he allowed to flourish, multiply and evolve.  Others of his creations he saw where not good and he destroyed them.  In all his thinking there was a plan to create a creature in his own image.  As the creatures of the sea, sky and air evolved he selected only those creatures which would be suitable for the world man would also inhabit.  After a time he saw that through his process of selection and planned evolution his creations had evolved to the moment when he was ready to populate the world with a creature God could commune with. 

So near the end of the sixth day

Genesis 1:27-28 So God created man in his own image, in the image of God he created him: male and female he created them.  God blessed them and said to them, “Be fruitful and increase in number; fill the earth and subdue it.  Rule over the fish of the sea and the birds of the air and over every living creature that moves on the ground”.

Given that he made man in his image, man had the ability to think and had the power of free will.  God also knew that through time our knowledge of where we live and all that is around us would grow.  I could venture into the question of Sin and ponder how it all fits into God’s plan.  What we do know is that God can see everything that will and has happened so clearly he knew Woman would listen to the serpent and eat of the fruit of the Tree he had forbidden them to eat from.  With this same clarity God knows that at different stages in the growth of our knowledge of how the earth and the universe was formed some would see themselves as God’s equal and decide that there was no need to reverie the one God.  These foolish men would forget to continue to pursue knowledge and instead stop and come to believe that the little knowledge they had acquired gave them the power to see themselves as Gods and to think that they understood it all. 

Knowing all of this, when God spoke with Moses he offered us the ten commandments and reminded us in the first four commandments that there is ultimately only one and if we bow down to science or other idols we will lose sight of the reality of creation and forget that God always leaves us another question to ask, another space to explore and other theories to test. 

He wants us to learn, yet he built something so complex in it characteristic of being both infinitesimally small and infinitely large that we can and will never reach a time when there is nothing more to learn.  Any scientist that stops in his quest for knowledge has lost sight of his reason for being a scientist.  Any human that accepts what he is told and does not continue to question will lose sight of the infinite power of God and become lost in a cloud of ignorance.  For God’s greatest gift is that we can always seek and learn and that we will always have more to learn and search for.

Blaise when I read Genesis I know I am reading the words of Moses and I know that Moses was listening to God telling the story of how he created all that we see around us.  What is clear is that God knew that man was not ready to understand the complexity of what he had done and so he offered Moses a simply yet vastly complex picture of his six days of work, knowing that we could explore and learn yet at the same time accept and be certain of his power. 

What is amazing is that when we listen to the great scientists, the ones that continue to look deeper into what it is they are exploring they find that in the end there are no final answers, simply more questions.  This is exactly how God planned it.  He wants us to explore, he wants us to learn how to manipulate and utilize that which is around us.  What he also did was create something infinitesimally small and infinitely large so that through the reality of infinity we can and will never be able to find any other answer than the one written in Genesis, God created the universe and all that is within it, including the processes of reproduction, evolution, mutation and destruction.  

Yes, like I did at the beginning of this email, he will allow us to interpret the words in Genesis and wants us to further our knowledge and understanding.  He knows that through the ages we will understand some of the complexity of what he did.  BUT at the core the words that are in the Bible are the clearest way of saying everything and leaving us the responsibility to always question and learn.  Through this responsibility, God knows that in the end we will understand that only the creator could create the universe in its complex glory. 

Neither Chaos, Genetics or Evolution will ever be able to help us understand why only four basic elements can be combined in such a variety of ways to produce so many complex life forms.  The complexity of DNA and the cell and their ability to evolve are and will remain God’s greatest creation.  The stars nebula and beautiful clusters that fill the telescopes we use to see into the distance only offer us a glimpse of God’s love of art.

The order and chain of life is so structured that only the one had the knowledge and power to drive the creation of the universe and design the process of evolution that allows the plants, birds, sea creatures, land animals and those most primitive of elements: matter and energy; to continue to create new and wonders things.  Only the one God has such intellect and power.

Of Jesus that is for another day.  There the story is of God deciding that he had to finally come to earth to teach us how to live together.  For unlike the other living things, we were given free will and unless we accepted his guidance we will and can destroy that which surrounds us. 

We must remember that God almost gave up on us, when he destroyed all but those Noah took forward.  Jesus came to offer us salvation and more importantly to simplify the Ten Commandments down to two - Love God and Love Your Neighbor.   If we could simply do these two things then we would be at peace and like the other creatures of god’s creation live in harmony in God’s universe.

Our quest is simply to help everyone to understand that by living with those two commandments in our hearts and in our heads; we can live in peace and maybe one day return to the Garden of Eden.  Then with respect for God and all other people we can work as a team to be better than functioning as isolated individuals seeking dominion over someone else.

I said I would send you an interesting PowerPoint, do with is as you wish.  The rest of this email is me thinking and expressing my beliefs possibly for confirmation most probably to express in words what God has been driving into my heart and mind.

With God’s Love