The Canadian Border Services Agency (CBSA) has started down a slippery slope by introducing Facial Recognition for Nexus users.

Surveillance cameras in Tiananmen Square, Beijing.

China deploys hundreds of millions of cameras to watch over every aspect of their citizens lives.

Tell our Privacy Commissioner we do not want such a massive invasion of our privacy in this country.

There is a much safer way to use biometrics for verification to protect our border entry points. Europe, where the protection of personal privacy is taken more seriously than in China and apparently now more seriously than in Canada, Self Sovereign Identity (SSI) is used to allow authorities and individuals to better protect their personal identities while permitting individuals to verify their identity to authorities as required.

Canadian Border Service Agency (CBSA) wants to use facial recognition templates and potentially breach our privacy while risking the exposure of Canadian’s Biometric identities. Write you MP or the Canadian Privacy Commissioner to ask that the Privacy Office stand up to the CBSA and insist that they abide by Self Sovereign Identity (SSI) principles. Below is the concern I have submitted to the Office of the Privacy Commissioner

“I was informed by NEXUS this morning that they would be introducing FACIAL RECOGNITION for screening Nexus clients at Canadian Airports. NEXUS assured us that they will be protecting the privacy of individual travellers by not storing personal information on the local Kiosk and rather would be storing personal information on secure cloud servers operated by CBSA. I don’t believe for a moment said servers will be truly secure and neither should you or CBSA. I object to the Canadian Border Service Agency unnecessarily infringing on my rights to privacy and exposing my biometric identifier. As a minimum CBSA should be setting an example by enforcing Self Sovereign Identity (SSI) which is being promoted and gaining acceptance in Europe, where the protection of privacy is more enlightened than here in Canada.

The slow process of restoring privacy and ensuring cash acceptance.

This past month has seen several unexpected events; Mark Zuckerberg advising more Government regulations on technology companies to protect privacy, Singapore enacting legislation to restrict fake news and the city of Philadelphia becoming the first major American city to make it illegal for any retailer not to accept cash. One of the nicest attributes of cash is that it is anonymous. Let’s not get crazy and start assuming that anonymity is somehow a criminal trait. Anonymity strongly correlates to individual privacy and freedom.

Even Sweeden until now considered one of the Nordic leaders in the movement towards a Cashless society is having second thoughts. Governments are realizing that markets with pure digital transactions (networks) lack inclusiveness and can be easily disrupted by natural disaster or state sponsored cyber warfare, which could leave hungry citizens with no means to purchase groceries. Seventy percent of Swedes want the surety of always have an option for cash payments. Sweeden

Wonderful to see MasterCard, therefore, at least recognizing privacy has become a major societal issue. MasterCard People do not want explicit details of every single transaction they make being recorded only to see this consumer data monetized by sharing with advertisers, where, when, who, what and how much was purchased and just as likely be part of yet another major data breach endangering their privacy and facilitating ID theft. I believe MasterCard is taking their que from Apple who have quickly learned from Facebooks’ own troubles surrounding breaches of privacy.

I’d say eliminate KYC and legislate privacy with Self Soverign Identity (SSI) or we should all move back to using cash which by the way can now be digitized or converted into digital form as YodoPay does so elequently.

Crypto Scams continue unabated

It is truly shameful that thieves and scammers have ruined the prospects of blockchain creating a fundamental sustainable shift towards democratic money. Having a decentalized trust method to exchange digital assets does nothing to prevent criminals from operating illicitly on the edge.

The problem being that in order to potentially benefit from the blockchain, at some point real people with real money (fiat currency) must buy Crypto assets . This “edge” is the chasm between historic or what we might refer to as normal monetary systems and the new age crypto systems. Having a decentralized, anonymous, low friction and fast means to move digital money fails us miserably because once in digtal form digital money has no reliable auditable method to track and recover stolen weath. It can simply disappear into thin air as just happend to my Ethereum holdings.

While comtemplating how to use the blockchain for Ayodo Foundation’s altruistic intentions of providing non-profit payment and money transfer processes and thus enhancing financial inclusion (Remittance Services) to help alleviate poverty, I needed to learn about blockchain through perosnal experience. I therefore was caught up in Quadrigacx “flame out” having lost my entire Ethereum holdings on this Vancouver exchange. Fortunately for me, unlike this poor victim who lost more than $500K QUADRIGACX my entire holdings represented about $10 worth of crypto.

If you read my earlier posting below on what a terrible year 2018 has been for most holders of Crypto currencies, I failed to mention the ModernTech fradulent ICO which neted the backers more than USD 600 million, which was stolen as the organizers disappeared with the funds. That scams of this magnitude can be perpetuated from jurisdictions, or regions (Singapore & Dubai) who are encouraging the Fintech industry and are adopting more “Open Banking” due to human greed is truly discouraging. These bad actors, through their criminal actions and their human greed, are preventing the evolution of digital money which could serve humanity well. Note these dangers occur at the “edge” – either on an Exchange where cryptos are traded with either a data breach by unknowns or when the backers themselves disaapear with the money or via an ICO . If regulators really wanted to protect society then they would accept the blockchain for what it real is and focus on passing new legislation to control the Exchanges and the ICO and in particular Cash In and Cash Out (CICO) and if you also have read any of my previous posts this shouild not be through stronger or more KYC regulations, as when criminals walk away with $660 millioin dollars from 32K purchasers, the accounts are NOT balance limited. On average each purchaser, or each account represented $20,625.


The importance of CICO

Can’t overstress the importance of the deregulation of Cash In and Cash Out (CICO) for Financial inclusion. Ayodo’s own merchant centric mobile money service YodoPay is reliant upon the CICO services being provided by small merchants worldwide. The Consultative Group to assist the poor (CGAP) fully recognizes the importance of CICO in reaching the poor who are often marginally or totally unbanked. Still 70% of the adult population in emerging SE Asia (excluding China) remain unbanked.

Eight hundred million Indians remain marginally banked transacting primarily in cash or fiat currency ( INR) so why not leverage the 15 million small merchant there with established cash handling practices to allow CICO and penetrate into this market to finally and fully enhance financial inclusion. As much as the Governments of developing countries may like to emulate the developed world, univeral western style banking may not be a preferred model for poor people who are eking out a living on a few dollars a day income. Pragmatically speaking these people have no real need for most banking services and with the unintended costs and problems of Identity theft perhaps the developed world should be reconsidering our over reliance on a credit/debit for payments and search for better solutions founded on blockchain solutions. The real poor require minimal financial services, mostly for money transfers and micro loans, two area banks have proven incapable of providing in a secure affordable fashsion. Poor people and even some weathly people trust and prefer to transact in cash. CGAP has been trying to enhance financial inclusion for more than a decade, and the experience has taught them the necessity of deregulating CICO. Here are a few links to articles and posts by CGAP staff on CICO.

The importance of CICO by CGAP’s financial sector leads.

UPHOLD Data Breach

Malicious Actor

Another day another data breach. I received a report of a data breach at UPHOLD yesterday on June 6, 2018. This follows last week’s report of the major data breach at Marriott Hotels and of course the earlier massive Equifax breach wherein the personal data of more than 145 million people was compromised Equifax . The one part I whole heartedly agree with is that financial institutions have been facing phishing attacks of unprecedented sophistication. Do not be so naïve to assume your bank or your financial service provider can protect the information you provide.

I have an UPHOLD account for trading Cryptos and as per financial regulations in order to open my account at UPHOLD, I was required to submit in my application personal information to meet KYC regulations.  This requirement included a copy of a government issued photo ID so I provided my Driver’s License along with information on my financial accounts.  UPHOLD operates a so called on/off ramp to fiat currency by linking UPHOLD accounts to regular bank debit cards/ accounts to allow users to cash-in and cash-out of various Crypto currencies.  I was attracted to UPHOLD for this reason and for UPHOLD’s clever business process through which they largely mitigate volatility of account assets. Great, now please just provide me the services without losing all my identity data.

Didn’t quite turn out the way I expected and as a result another “Malicious actor”, their words not mine, has at a minimum my name and my email address. Seems suspect to me that the same Malicious actor would stop after penetrating UPHOLD’s database for account holders’ names and email addresses only, but let’s give UPHOLD the benefit of the doubt and assume they are being honest with me in reporting this breach. The point I am making is that KYC continues to be a dramatically powerful enabler of identity theft.  We need to reduce the amount of personal information KYC compliance is forcing service providers to acquire from their customers. As has so often and repeatedly been demonstrated a failure to protect our sensitive personal identities. Providers in the financial services industry, who should be at the pinnacle of cyber protection practices, appear totally inadequate in protecting our sensitive data.  The obvious question everyone should be asking is why we so gleefully and willingly surrender online our electronic identities and is there not a better way to fight money laundering and crime then subjecting so many millions of law abiding citizens to the dangers of ID theft?

Dear Uphold Member,

We experienced a security incident on November 21st and have now completed our investigation. I write to explain what happened, how we handled the situation, and how we can work together to defeat such attacks in the future.

What happened

As you may have read in the media, financial institutions have been facing phishing attacks of unprecedented sophistication in recent months. Uphold is no exception.

First, I’d like to reassure you that Uphold was not hacked and no customer funds were stolen. Your accounts remained safe throughout the incident and our security measures worked as planned.

The incident resulted from an attack on our account at a third-party email services provider. We were one of several companies affected. A malicious actor created a fake newsletter titled, ‘Black Friday 15% discount on BTC’ and sent it to Uphold customers. The communication looked like an Uphold email, and owing to the exceptional nature of the breach, came from Uphold’s email address.

We are deeply sorry for the incident and have been busy conducting a review of our security controls and procedures. Keeping your information secure is of paramount importance. As a result, we’ve introduced a series of measures to reinforce our position as one of the most secure financial platforms.

Marriott Data Breach

Listen up world. KYC is costing us billions.

Marriott International, one of the largest hotel chains in the world revealed that the names, email addresses, passport numbers and payment card details of up to 500 million guests has been compromised.

Marriott Data Breach



Next time you use your credit card plus any part of your personal identity (ID) to book a hotel or make a payment, any payment, take a moment to ponder the ramifications of this act.

Aside from the very real costs of more than $500 billion we pay the banks and card companies for the convenience credit cards, due to a fundamental requirement to know to whom credit is being extended, we are creating the ideal vehicle for identity theft. Identity theft is one of the fastest growing most profitable crimes in the world.

Ask yourself, would you rather see a fraudulent $200 processed on your card by a criminal or see your identity stolen?  A US Department of Justice study reported the average cost of identity recovery (2014) was $1,343 per victim.  Remember it is not only the direct financial fraud perpetuated with stolen identities but it is also the legal fees, overdraft charges and the time and cost of replacement of your stolen identity credentials.  Javelin research indicated in 2016 over 6% of consumers experienced losses due to identity theft. Hidden costs of ID theft   We collectively suffer more than 100 billion dollars in losses due to ID theft each year. This is money you and I pay each year so it may surprise you that a root cause of identity theft is an over reliance upon Know-Your-Customer (KYC).  At the outset KYC may have seemed a logical way to prevent money laundering,  before social media hacks like Cambridge Analytica or State sponsored cyber hacking but for certain  KYC has become an enabler of Identity Theft and its wide spread use should be questioned in our mobile internet age.

Ayodo Foundation and Yodo Inc. believe a better less costly approach, just as effective in preventing money laundering and terrorist financing, would be to Know-Your-Merchant (KYM). Technologies now exist to positively identify both every customer and every merchant to any payment transaction without the arcane and silly practice of KYC, where we voluntarily submit our names, addresses , dates of birth, social insurance number and even passport numbers to merchants. Ayodo and Yodo Inc. our for-profit payment arm, subscribe to best industry practices for security and authentication without KYC.  We believe fundamentally that your identity, from your date of birth to your biometric identifiers, belongs to you alone and as individuals we all need a society and global governance to better  protect this information. Arcane rules and regulations for the financial service industry do exactly the opposite.  KYC only aids criminal organizations by forcing us to expose our identities to these organizations through mismanagement (e.g. Marriott, Target etc) who are then only too willing to exploit the compromised information. Victims of identity theft express not only anger and rage (65%) but fear (69%) in the lack of security of their financial instruments and sleep disruption (40%).   Don’t we have enough to worry about without regulatory imposed rules which actually enhance the risk of ID theft?  If we were not forced to provide personal information to use financial services like bank accounts or payment cards, than the information could never be compromised.  A good example of what we should be doing to regain control of our identities is the Self Sovereign Identity (SSI) movement in Europe now being adopted by several enlightened banks. Let’s recognize the problem and move beyond KYC towards KYM and SSI for a less worrisome troubling payment industry.

KYM Know-Your-Merchant.  Merchants are known, often of fixed physical address, trusted by local consumers,  have business licenses and most often incorporated and with bank accounts. KYM is enough. Stop the practice of KYC!


Cash is still KING

For those indiviuals who have for the past decade been predicting the demise of fiat cash,  and to those governments who believe completely displacing cash will result in both better fiscal management and enhanced financial inclusion, consider the following. The latest World Pay  report on payments has found fully 40% of all retail payments in Singapore during 2017 were cash payments!  This is relevant because Singapore is a modern city state with perhaps the best mobile telecom infrastructure having 100% penetration and best LTE coverage in the world, the most e-wallets of any market PLUS is home to Asia’s  safest and the world’s best digital bank DBS. What the regulators and the service providers continue to ignore (or dismiss) is that general public trust in fiat cash exceeds any e-payment product and the costs of accepting cash remain lower  than any digital cash alternative. Look at the red sign posted at this small Singapore based merchant who accepts several different types of digital payments. It reads “Sorry to inform you that Cashless Payments is only available for transactions above $10. Thank you for your understanding”.

I see similar signs as this in Canada and in most highly developed markets. Ayodo advocates for and provides through our partnership with Yodo a CASH BASED alternative with the same low costs of acceptance and the same trust as fiat cash. Small merchants in Singapore clearly prefer Singapore dollars,  just as merchants in India prefer Rupees,  merchants in Mexico prefer Pesos and small merchants in Peru prefer Sols. They do this not because they are money launders or financiers of terrorism but simply to make the the small businesses they and their family rely upon for subsistance can reduce transactional costs and eeek out a better livihood. It leaves little to the imagination to realize that if cash is dominant in markets such as Singapore that it is even more dominant in other less developed countries. The World Bank report on payments indicates fully 65% of global payments remain cash based. Isn’t it time governments and not for profits doubled down on solutions that leverage modern cloud and blockchain technologies to perfect cash

Fresh n Spiky