Community

Excellent Blog Richard, Thank you for sharing.

Hi Adam,

You are definitely right, they do check the Mag Stripe before using the PIN in ATMs. Same "smart idea" with the merchants.

At the beginning I thought it was a trick from my friend to force me to pay for the restaurant during our whole stay, but even with my card which is both Chip & Mag Stripe OK, they do swipe before inserting it, there is a check of the Mag Stripe before being able to read the Chip.

I wonder how they gonna build the rest of the team as the total budget was 300 millions EUR and they have already used half of it on 2 players...

Besides it's gonna be hard for the players to run fast on the field with all this money in the pockets now.

Hi Chris,

I am wondering if it's a good thing to offer credit to people who did not "pass" the first test.

When a bank refuses a credit, it's not only to avoid loosing money, it's also to protect consumers from themselves.

The way it is structured in France is not that bad when you look at the situation right now. People are not "that" affected by the crisis.

There is a difference between living with "debit" and entering a crisis (you just have to lower you life standards) and living on "credit" and not being able to keep up with the payments when entering a crisis.

In the second case you can immediately see that the person needs to generate more money, when in the first case, the person needs to spend less.

I am also wondering if in terms of ethics it's a good thing to offer credit to under qualified borrowers.

Your point on the new behaviors is definitely true. The relation between people and internet is always evolving and new behaviors (sometimes unexpected) appear everywhere.

I'm gonna release pretty soon a blog on the evolution of the web. Please feel free to comment also on this one, I'd really like to have your opinion.

Thank you,

Cedric

Hi Chris,

Thank you for your comment.

Concerning under-qualified borrowers, in France they almost do not exist. P2P lending is an excellent idea in itself, I really like the concept.
But France would be the last country I would target for this kind of credit.

I have been working on ratings/scorings a long time ago. All I know is that a good rating is very hard to build, especially when you are targeting a specific part of the population. Here we are talking about people who could not find a credit in a bank or who did not want to pay the rate proposed by the bank. In both cases you have someone that is outside of the average target for credit. Thus trying to give a score the same way you would do if you were in a bank would be useless. But that's an interesting question though.

Concerning Social Networks, I truly believe that they need to evolve before being able to do P2P credit on them.
Right now, either you use a social network for fun (facebook, myspace...) or for work (finextra, linkedin, xing...).
Today people don't do serious things at the same place they have fun. But these places evolve fast, it might happen later...

Bo,

Thank you for your comments. The most interesting debates are those where people disagree. And I must say I disagree with you on some points of your last 2 comments.

"Those who for some reason still do not have a bank account are unlikely to need e-id"

You are really limiting the role of the e-ID here. Besides governments wouldn't be happy, because there are 2 things that are sure in life: tax and death. What about the people who don't have a bank account? Should they be tax exempted?

"An e-id is an asset that belongs to a consumer." Disagree - the habit to use something offered by somebody belongs to the consumer - and is an asset for society at large that should be leveraged.

I have to say I'm really scared by what I read. Usually it's the governments role to take care of the society. The primary role of a bank is simply to lend money. We should not centralize all the services in a single place and make fraudsters' job so easy.

"Banks are natural e-id issuers"

Not really. Not even in Finland:

http://www.epractice.eu/en/news/283877

"Banks are fully capable of doing such a job, but it would not make sense for security reasons." Appears contradictive - capable but not secure?

Capable because they have money.

But not secure because banks are not security experts. It has been proven by all the data breaches lately. What if they also had the e-ID...?

"Whatever the business domain, one cannot be in charge of "doing" and "controlling". It's too many caps to wear for a single entity." I do not see the doing/controlling aspect here - bank e-id services are one alternative - and naturally need to be supervised - as any strong e-id issuing should be.

That's an option. But the next step is also to let banks issue passports, birth certificates...

No really I think it should be the government's job if it has to be a public service. Besides, the first thing a reasonnable public service would do is to consult and subcontract specialists.

All of this being said I'm interested in your comments on my point of view. I'm really an open minded person but so far you have not convinced me that banks would be a good substitute for the governments. Their position seem more legitimate to me.

Actually it's even in line with what's happening in the USA right now

http://money.cnn.com/2009/05/03/news/economy/risk_taking_obama.reut/index.htm?cnn=yes

Bo,

Thank you for this interesting blog.

It completely makes sense and let's hope it happens fast as e-crime rates are increasing everyday in these times of crisis.

Regarding the comments, lots of smart things have been said.

However, there is one thing on which I disagree, Banks should definitely NOT be the electronic ID issuer.

It goes against the neutrality principle. Why not ask Madoff to manage a Pension Fund?

I'm being provocative on purpose here.

Banks are fully capable of doing such a job, but it would not make sense for security reasons.

Whatever the business domain, one cannot be in charge of "doing" and "controlling". It's too many caps to wear for a single entity.

I would add that Banks (or e-Merchants) should be authenticated as any end-user is today. Mutual authentication is key in a secure e-ID scheme.

Hi Dave,

You obviously have understood what shall be the next generation of authentication: strong mutual authentication.

Hackers are not waiting for banks to be innovative, banks really need to be proactive and invest in new technologies, especially in times of crisis.

And I really mean invest because it can generate benefits for them if they actually correctly protect people's money. It would mean more accepted transactions, less charge back processing costs, and eventually better client retention and aquisition.

I wanted to add a comment on the 1-way authentication.

I was provocative on purpose but I should stay humble regarding the pioneers of the 1-way authentication who did a really good job. We have to remember that the solutions we are using today were created 'yesterday' and were perfectly answering the 'known problems' at that time.

Moreover the type of approach I'm proposing is 100% compatible with any existing 1-way authentication system, device or tool existing on the market.

It would be a waste not to use these tools as most of them perfectly answer the problematics of 1-way authentication.

Hi Dean,

Thank you for your comments.

As you were foreseeing it, there's a lot more in such as solution than what I've shown in this blog. But going too technical on this blog would not be interesting for all the readers.

The main message of this blog is simple:

1-WAY AUTHENTICATION IS DEAD.

It is useless, a real waste of time and money used alone as is.

I do not share your point of view regarding the mutual authentication, it really is the next generation of authentication methods. Actually I consider it more as a process in which we can use more than what I've described in my diagram.

I'm showing a scheme with a mobile phone, but this scheme is compatible with any kind of existing authentication tool, thus easing the transfer to the new generation of protocols.