This week was the first week of the last full month of summer. That could make this week a Sizzle because it’s the last full month of summer so everyone is determined to make every day of every week count.
Or a Fizzle – because it’s the last full month of summer and everyone is complaining about it being the last month of summer.
We’re going with the glass-half-full-summer-is-always-a-sizzle approach.
Speaking of which, there were a few other August sparklers this week.
Sending money between people, and from businesses and governments to people, got a whole lot more exciting this week – as in real time and ubiquitous. Mastercard started with week with an announcement of how its Mastercard Send product would extend the reach and the speed of Early Warning’s clearXchange P2P network for bank customers with a Mastercard branded debit product. Any Mastercard debit cardholder can soon send money to any other person with a bank account in any bank across the U.S. – all 14k of them – and have that money deposited into that receiver’s bank account instantly.
Visa also announced this week that it’s already running real-time, ubiquitous Visa Direct rails that would provide a similar capability for Early Warning’s clearXchange P2P network members with Visa-branded debit products, as well as a handful of other partners, including Fiserv (Popmoney), Square and PayPal/Venmo. Visa also announced that it had extended the real-time, ubiquitous capability to other disbursement types as well including insurance claims, contractor payments, tax refunds and even merchant account real-time funds settlement.
Both networks, or course, see gold in those $10T check-dominated disbursement hills. Estimates show that the massive opportunity isn’t P2P – but those broader business to person/government to person/payments that account for 90 percent of that $10T.
This is a sizzle for everyone since it removes a ton of friction. Consumers always have their debit card handy and and can provide that number to a sender – knowing that if something goes wrong they are protected. Senders don’t have to ask receivers for the ABA and routing number of the bank account they’d like the money deposited to either – and then when the 99.9 percent of those receivers either don’t have those numbers or are uncomfortable sharing it – have to stick a check in the mail. The networks are happy because they are the proud recipients of tons of brand new transaction volume.
So sizzles all the way around – unless, of course, you’re one of the ones asking banks to invest in a real-time payments capability that does exactly the same thing.
Samsung unveiled its new Galaxy Note 7 this week to rave reviews. Perhaps the most glowing of reviews is related to the iris scanning technology that eliminates the need to have a fingerprint unlock the phone. Aside from a few complaints from those with glasses who needed a little extra help getting it to work exactly as advertised, consumers seem to feel as though it is a much more reliable and safer way to authenticate themselves via the mobile phone. No more worries about wet fingers and a #fingerprintfail. No more worries about having to take your toasty warm hands out of your fur lined gloves in the winter to unlock the phone.
Of course, the value goes well beyond just unlocking the phone. Authenticating the consumer to mobile banking apps and payments give this technology the potential to unleash a lot of commerce opportunities. Now, if only Samsung Pay was cross platform …
Dynamic Pricing Algorithms
Rumor has it (to quote Adele – a video that has more than 22M views) that Walmart may be buying Jet.com for a purchase somewhere in the neighborhood of $3B. Now why, you might ask, would the biggest retailer in the world buy an eCommerce site that was facing a mega cash crunch in December and had to raise a whopping $550M just to keep the lights on?
It wasn’t because it has the secret to running a profitable eCommerce site or success in monetizing memberships a la its CEO’s alma mater, Amazon. Jet.com is not profitable and has no clear path to profits, critics say. But what it has is the secret sauce for calculating prices in ways that maximize margin. Their algorithms do that based on quantities purchased at one time as well as where the items ship from (e.g. proximity to warehouses and consumer’s home). That produces prices that are, on average, 10 percent lower than those offered by Amazon.
Does that make it worth $3B? Depends on who you ask. And so far, if news reports reflect reality, Walmart and Jet.com and their happy investors seem to agree it is.
Unencrypted POS Data
So, we all know this – chip cards were not going to fix the problem of fraud at the POS. We said this in December 2013 when Target was hacked and every other time every other POS was hacked too. What would is encrypting data at the POS. And NCR researchers at the Black Hat conference this week confirmed that story when they presented a way for the bad guys to commit fraud using chip cards. These bad guys — whose ingenuity is never to be underestimated — can simply reprogram the magstripe on the back of the chip card to make it appear like a chipless card. Issuers may not be able to tell the difference, thus inadvertently authorizing a transaction for a card that has been stolen.
That means that counterfeiting can still be alive and well at the POS – unless merchants also encrypt POS data.
Now, this is not at all to say that EMV technology is being foiled or compromised but does point out something that we have been saying all along: encrypting data at the POS is essential. And there are a whole bunch of players that are making it their business to help retailers make an essential part of their POS. Intel, for instance, has formulated a unique technology that creates tunnels in which data that needs to be encrypted – account data plus personal data – is sent with retailers doing little more than injecting a software upgrade into the POS terminal.
Sounds like a way to turn a fizzle into a sizzle.
Venezuela is in a world of hurt.
It’s hard to fathom, though, since the country is home to one of the largest oil reserves in the world. But we all know what has happened to the price of oil, which hasn’t helped replenish the country’s coffers when oil is exported at prices that are now cheaper than ever.
What also hasn’t helped is a massive drought that has depleted the water reserves from the dam that provides 70 percent of the country’s power to its citizens. As a result, energy is now rationed, and public workers have been given a five-day vacation every week (which means they work two days) so that energy at government buildings can be preserved. Those workers get full pay and benefits – which still has workers up in arms since they no longer get overtime pay. But at least they now have the time to stand in the food lines that have cropped up.
Reports this week suggest that Venezuela will run out of cash sometime in the next two years — or sooner, according to some. As in the cash reserves that are sitting at the central banks will be drawn down to zero, zilch, nada.
Today, the country’s coffers have about ~$12B in reserves, down from $30B since 2011. But, it also owes money to a bunch of countries – to the tune of $4.7B – with those payments coming due in October. It has a bunch of reserves in gold, experts say, which boost its overall “value,” but that has also been frittered away to repay debts.
Which, experts say, is why Venezuela is in the mess that it’s in. The country is obsessed with paying its debt, leaving it with no money to bring imports into the country. Bringing in those non-essentials like food and medical supplies now has its citizens contending with long food lines and shortages of medical treatment at hospitals. The two-day public workweek means that the time to get passports and/or other documents is extended from what was already an excruciatingly long timeframe. Passports, some say, may now take more than six months to get.
Fizzle times a couple billion.
Another day, another $70M hack, but who’s counting? This week’s report of the Bitfinex hack may turn it into Bitfinal since it is now known as the exchange that’s suffered the largest loss of bitcoins since Mt. Gox. The culprit is said to be the use of the BitGo wallet and the structure of the bitcoin accounts itself. Wallet holders took to social media to complain of their accounts being drained and ask a multitude of questions about the security and safety of other exchanges. Yeah, it’s a funny thing about those permissionless, non-governed, non-regulated currencies – there’s no one to turn to. But, don’t you worry, it’s all math-based so nothing can go wrong, so keep clinging to that.
It’s hard to imagine anyone left standing who truly believes that bitcoin as a proxy for the movement of trillions of dollars around the world is anything but ridiculous.
Bitcoin’s Big Summer Fizzle
It had really looked like Lending Club would be the undisputed winner of the Fizzle Cup at the end of the summer – if for no other reason than the sheer volume of appearances it’s made on the Sizzle/Fizzle list this season, all on the Fizzle side. But this week bitcoin threw in its hat with a contribution of its own – everyone’s favorite virtual currency may not have Lending Club’s persistence, but there is something to be said for its spectacular belly-flop.
Things had been trending so well for bitcoin this summer – pushed by the halving in the coin supply in July, worldwide economic uncertainty pushed by the Brexit and across-the board increases in demand in Asia, bitcoin’s price was on a big upswing — peaking around $750 per bitcoin, its highest price in 2 years (though still well short of its late–2013 $1,300 high).
This most volatile of currencies didn’t maintain that price — by late July the price of bitcoin had dropped to just north of $600 — but over the last few weeks the price was steadily climbing and mostly hovered above $650 per bitcoin.
Until the hack that is.
Between Saturday and Tuesday the price of bitcoin fell from just under $655 a unit to a little over $552 per coin, pushed by the announcement that Bitfinex, a Hong Kong-based bitcoin exchange, had been hacked. Though the price has recovered some in recent days, the concerns are swirling that Bitfinex, the latest bitcoin exchange to be targeted and looted by cybercriminals, is symptomatic of a larger problem with the digital currencies on whose rails the blockchain technology rides. The coins themselves may be totally secure – insofar as they are uncopyable, unforgeable.
But those wallets and the exchanges?
Not so much, as evidenced by their repeated hackings. And, once those bitcoins are gone, they’re gone — the same features that make them hard to copy also make them hard to recover.
And that problem may not be easily or efficiently solvable anytime soon.
What Went So Wrong.
The full extent of the Bitfinex hack remains under investigation – but the best current data indicates that $65 million worth of the virtual currency disappeared into thin air (or 119,756 bitcoins, worth about $72 million before the hack).
The exchange has publicly confirmed that it will settle hacked accounts at pre-hack prices.
“As we account for individualized customer losses, we may need to settle open margin positions, associated financing, and/or collateral affected by the breach,” Bitfinex said in their blog post confirmed the attack.
It added that customers’ losses would be addressed “later,” though no specific timeline has been disclosed.
A less than reassuring proclamation for those like this Reddit user who posted after the hack: “My entire life savings for last 12 years are/were in btc balance on bitfinex… Looks like I could be financially ruined.”
And while that is terrible news for that investor — who will likely in the future view T-Bills in a whole new light — it is neither the biggest nor the worst hack in bitcoin’s history.
Since January 2015 five different exchanges have been hacked from bitcoin exchanges – Bitstamp got taken for 20,000 bitcoin worth $5 million. Bitfinex, the victim of the current $65 million – $71 million hack, was also hacked last May, though for a bargain priced $3.9 million. In June, $50 million of Ethereum – a competing digital currency – was also boosted by hackers.
And then there is are the granddaddy of bitcoin hacks – the Tokyo-based Mt. Gox that lost several hundred thousand bitcoin at the top of its value (translating into over $100 million lost).
But despite the breaches – and now over $200 million in funds stolen from virtual exchanges – bitcoin boosters like Jack Liu remain unphased.
Liu, who is the chief strategy officer at OKCoin, a large digital currency exchange, says he is not concerned about his site’s security – but he is eager to see best practices adopted.
“We care about the health of the ecosystem,” he said, although he emphasized that nobody should be dictating how bitcoins are secured. “Hackers are only getting better and so adoption of the same solution may not be the safest for the industry.”
So no one should mandate protections — since hackers will hack them — but protections should be undertaken.
Clear. As. Mud.
The Cold Storage Conundrum
Bitcoin – the digital currency itself – has never been successfully hacked, such that the underlying code has been broken in a way that allows users to fake them or steal them directly. But the bitcoin user has to input a series of complicated keys, and bitcoin exchanges like Bitfinex (to make bitcoins easier to use and more accessible for trading or retail purposes) managed the underlying keys and bitcoin themselves. Users are given accounts that allow them to track their bitcoin balances.
Those exchanges in theory have greater experience and ability to protect those keys, but, as the string of hacks shows, the bitcoin are only as secure as the exchange they are on.
A favored solution — for both the storage of individual keys and for the proper protection of large bitcoin vaults — is cold storage, or putting the caches offline. Hackers cannot gain access to a computer that is not connected, or at least not without direct access to the machine that holds them.
Bitfinex, it is worth noting, had been using the cold storage method for large pools of its bitcoin holdings, but ended up being fined over it by the U.S. Commodity Futures Trading Commission (CFTC) for breaking rules about margin financing for commodities. Essentially storing users coins in cold storage violated rules about immediate payment in microtrading.
They had since switched to a “multi-signature,” security platform which meant instead of keeping bitcoins in a mass pool in an offline wallet, they created multiple points of individual entry (wallets) that came with more than one private key to access them. Bitfinex held two keys, while the multi-sig security provider, a company called BitGo, held a third. To gain access to funds, hackers would have had to have gotten two out of three keys. BitGo has asserted it has not been hacked, and thus far none of its other clients have shown any evidence of hacking.
However, that would mean that both keys had to come from Bitfinex, which is also hard to explain since at least one of their keys is stored offline at all times.
So for those keeping score at home, the best way to protect the most sophisticated digital storage in history is to store the keys to accessing it on a hard drive not hooked up to the internet — or with the 5,000-year-old method favored since ancient Sumeria: writing the key information down on a pad of paper and storing it in a desk.
And that method might not always work.
The Coming Wallet Flight?
The issues, according to an increasingly loud contingent of bitcoin fans, is the bitcoin exchanges themselves, which are creating targets for hackers that are just too desirable. By putting mass numbers of bitcoins into giant pools, someone will always be trying to access those pools.
“While it can be comforting to think, ‘I keep my bitcoin with a company’, in reality, you’re simply adding your money to an already large jackpot for hackers,” Reddit user “bitjson” wrote in one highly rated post. “No company is immune, and the bigger the target, the more complex the hacking attempts can get.”
That has led to a movement among some bitcoins fans to store their funds inside wallets on their own computers instead of on websites like Bitfinex in order to keep their caches away from thieves.
Other social media commentators have noted there is something odd and ironic about this position.
“You can’t store the “Internet of Money” on an internet connected computer!” noted one.
Will this be the blow that kills bitcoin?
Doubtful. If we’ve learned nothing else over the last few years, it is that bitcoin is unkillable – or at least the Kool-Aid that believers drink isn’t.
But will the blockchain riding the bitcoin rails ever be the tool of choice for moving trillions of dollars around the world and something that bankers will ever get behind?
You can bet your bitcoins that they won’t.
Recommended for you