Community

This chap really is good value - highly recommended!

A while ago he published a paper arguing that the financial crisis was best understood as a more or less inevitable consequence of complex adaptive systems - every so often "chaotic" events occur.  My simplistic understanding of this is by analogy with the well known scenario of a butterfly beating its wings on one side of the world and eventually causing a hurricane in another.

Now he extends the argument to suggest that the best hope of mitigating fututre financial crises is to simplify the global banking system by breaking it up into smaller, simpler manageable chunks. 

Despite the huge volume of analyses of the financial crisis it's still a bit of a mystery.  This systems approach is the one which makes most intuitive sense to me.

Sorry Nick, but I agree with Stephen on this.  Horses for courses.  Voice verification is great for particular applications like telephone banking balance enquiries, but for more risky mainstream financial transactions, in both the physical and virtual world, Chip & PIN seems to me hard to beat.  Remote Chip Authentication (RCA) is already being widely used for secure online banking and the next step will be to combine it with 3D Secure for secure online shopping (ie you use the "humble CAP reader" to generate a dynamic MasterCard SecureCode or Visa VbV).

Nice blog!  I've often wondered how the banks got saddled with lender liability for credit cards, and I agree with you, it would be ridiculous if that was extended to debit cards as well.

Yes, it's an important distinction.  I wrote a couple of white papers on this subject about 10 years ago, based on experience with technology developed by Stanford Research Institute (SRI) and commercialised by their spin-off, Nuance - see www.ncollin.demon.co.uk/Future/fin_futures.htm .

At the time, voice recognition was, if anything, more advanced than voice verification, so I'm surprised when you imply it's unreliable.  As far as I'm aware, when used with carefully designed dialogues, voice recognition is now increasingly deployed in a number of appropriate mainstream applications.

I've always thought that the holy grail would be a combination of the two technologies so that you could call up your bank or whatever, give a simple instruction ("this is Nick Collin - what's the balance on my current account?"), and be safely authenticated, all in one streamlined transaction.  Maybe we've reached that stage - any comments?

It does sound a bit unnecessary.  Which bank is it?

Nick

Andrew,

More of a nibble than a bite :-).  Interesting!  So you envisage a new infrastructure with new cards and new terminals?  But surely no-one's going to stop us from using our existing EMV bankcards on that infrastructure, so the terminals will have to be EMV compliant, so you might as well build the whole thing on the back of the EMV infrastructure in the first place.

I'm surprised no-one's commented on this yet. The consultation document is actually quite good, and the vision of an integrated, interoperable, smart ticketing and transport system is entirely sensible and worth investing in. However, there are some curious gaps when it come to questions like the involvement of banks and existing payment systems, and particularly the importance of the EMV standard. I'm biased of course, given my background in bank cards, but I've always envisaged the evolution of smart ticketing solutions as added value applications on top of the existing EMV chip & PIN infrastructure - with obvious benefits in terms of economies of scale of both cards and terminals, interoperability, and integration with existing bank payment systems. The government seems to have an upside down version of this vision, with a new infrastructure based on ITSO, and the EMV standard and EMV-based payment as optional extras - almost an afterthought. What do people think?

A very thoughtful article!  Like you, I'm doubtful about mobile solutions.  Remote Chip Authentication leveraging the security embedded within the EMV infrastructure looks like the best long term solution.

Good rant Alan!  Why do banks keep making this mistake?  Well, corporate stupidity, obviously, but I think we can be a little more specific:

- Self-interest on the part of IT.  Clearly it is much more fun to develop a new state-of-the-art system than maintain someone else's - and it looks good on your CV.

- Lack of understanding of IT on the part of the main board.  Not detailed technical knowledge - just enough experience and guts to say No.

- Hubris on the part of everyone.  Both in terms of the "we're different from everyone else argument" (they're not), and the "we'll earn a fortune from selling the package to others" (they never do).

And it's not just banks - I've seen it happen in many industries.  I'm a little out of touch, but people used to write books about how to manage the IT function, and the recommendation was usually to make sure the IT director was on the main board - a little counter-intuitive, but it makes sense when you think about it.  My impression is that this is a lesson many banks have still not learnt.  Any comments?

Postscript.  What should I find in this morning's FT but a good article by Gillian Tett on precisely this subject.  Very encouraging!