Community

What banks should do is migrate fully to two-factor authentication.  Many banks require 2FA for some on-line payments, i.e. you logon to their website using a password but to make a payment you must also supply another secret-key you receive via text-message or a hardware token.  However many banks only require 2FA for tranactions above some threshold or to an unknown party, and only for the on-line banking channel.

If all payments (via any channel, not just on-line banking) required 2FA then it wouldn't matter if scammers harvested details, they couldn't transfer money unless they controlled the registered mobile phone number or possessed the hardware device.

Already there are non-bank online deposit holders that offer to make good customer losses, but only on condition the account is secured via 2FA.

The big boys want a playing field potholed with regulations onerous enough to trip up and cripple a small startup but for the big lads are a familiar landscape they can continue lumbering over.

This proposal mixes two ideas which are better considered separately: an embedded chip, and internal biometrics.  The only reasons to embed a chip in your body are convenience (you don't need to carry a card) and to inconvenience a thief (who now must carry a scalpel.)

Using your heartbeat or similar isn't an improvement on external biometrics.  For a start a heartbeat doesn't make a good secret.  With a little ingenuity a thief could make a recording.  Something as simple as a virus app on your smartwatch.  Or a bulk-hack of medical data stored by a hospital.  Much the same problem as fingerprints; the information isn't truly secret, and once compromised you can't change it short of a heart-transplant.

Nobody would bother gouging the ID chip out of a dog, all that mess for nothing, dogs don't have bank accounts.  For people passwords are still the worst form of authentication except for all the others that have been tried.

Using a real dog makes this a Rube Goldberg machine.  Maybe an electronic nose could do the job, and wouldn't want feeding.  But even a perfect e-nose would suffer from the same problems as other biometrics; a thief could steal a sample of your body odour, and if you suspect that's happened (after a honey-trap episode ?) you can't change your own essential fragrance.

A real dog would have one important advantage; imagine the deterrance value if the dog were trained to bite firmly into the genitals of a suspected fraudster.

Ideally a third-party developing a personal finance app would use a standard API/protocol that could obtain balance and transaction history for an account but didn't allow transactions, thus limiting liability.  If the customer did permit transactions safety features would kick in protecting both the customer and the third-party.  Such as value limits per transaction/per day, end-to-end identification of transactions, alerting the customer of transactions (eg. via text message) and dispute/reversal mechanisms.  This (imaginary) API would work the same for any bank anywhere in the world and the supporting policies and processes would be the same too.

But such an API/protocol doesn't exist and maybe never will.  For now a third-party who wants to add value by aggregating and linking info is stuck with such unpleasantness as screen-scraping bank websites and persuading customers to hand-over passwords thus unpredictable liability risks.

For a business it's orders of magnitude cheaper to send a statement via email than via post and of course it's the customer who pays one way or another.  If you want a paper copy then print it.  Not difficult.  This "keep me posted" campaign is ludicrously luddite.

"...the unit of account is comparable to central bank money in its nature."  Indeed Bitcoin has the nature of money, it's not a goods or service.  Nor is it any kind of debt instrument.  Thus an exchange of Bitcoin for another currency should not incur sales tax (VAT/GST).  Of course any commission on such a sale can attract sales tax, because the commission is a fee for a service.

Visionary but the picture described is a bit hazy and there's a cognitive disconnect with the blockchain model.  From page 220 of that document "The new type of infrastructure requires a network administrator as the central point" - precisely what blockchain technology does not need, what it's raison d'etre is to do without.

It's still educational, I'd assumed Apple would aim for a top-notch "any trouble call us, we'll take care of it" service experience.  Not an  "it's not our problem, call the other guy" response.  If you're going to take a cut add some value.