Author Archives: Brian J. Doyle

About Brian J. Doyle

Brian Doyle is the founder and executive Director of both Ayodo Foundation and the companion "for profit" entity Yodo Inc., which has developed a sophisticated mobile payments platform designed to remove the cost impediments of credit and debit payments and enhance the merchant-customer relationship, but more importantly to enhance financial inclusion through a non-profit remittances service operated by the Foundation. Yodo is a "fourth sector" company recognizing free enterprise capitalism should operate on a triple-bottom-line basis, serving shareholders, stakeholders (consumers) and the environment equally never compromising the latter for increased profits to the former.

Financial Inclusion

PayPal one of the largest payment networks in the world with more than 25 million merchants and more than 300 million accounts has announced a partnership with New York located and financially regulated PAXOS https://www.paxos.com/ to allow all PayPal account holders to trade cyrptos and to accept or make crypto payments. PAXOS own website advertises “hold US dollars without opening a US dollar Bank account”

https://www.bbc.com/news/technology-54630283

You may find it surprising that Ayodo Foundation, with its mandate for Financial Inclusion, would be supportive of PayPal’s initiative. Consider the diagram below and Imagine all Yodo Merchants being fully vetted and strictly regulated (KYM) and further assume a PayPal account is required of each registered merchant. Everyone below the red-dotted line in the diagram, the YodoPay mobile customers, would transact in fiat cash, transformed of course into “cloud money”. The required Merchant Settlement could be performed using the merchants’ own PayPal accounts. Originally Ayodo was planning to perform this settlement function using a product such as the Stellar.org block chain project Centarus but deploying with PayPal could accelerate the product development cycle and be mutually beneficial.

Ayodo was not supportive of Facebook’s earlier attempt to launch Libra, due largely to Facebook’s proven inability to protect user’s personal data. You may also remember PayPal was initially a major supporter of Libra prior to backing out when several regulatory bodies voiced their concern. The difference here is PayPal has payments ( think bank-security) in its DNA, and both PayPal and PAXOS are already established regulated financial entities. Additionally Paxos offers a white labelled Stable Coin (USD backed) so when it comes to using the virtual coins, the Yodo merchants settling with PayPal could effectively still be transacting on a cash basis. ” PayPal will convert the cryptocurrency into the relevant national currency, so the company being paid will never receive the virtual coins – just the correct amount of pounds or dollars”. Effectively combining the efficiencies of the blockchain, the stability of fiat-backed cryptos plus instant automated Cash-In Cash-Out to the merchants, which has often been a major hindrance to greater Financial Inclusion.

Dependent upon PayPal’s fee structures, this development could represent a positive outcome for Financial Inclusion, especially if applied to Yodo’s global merchant settlement. PayPal’s intentions, of course, are to roll out the service to all PayPal account holders, whereas Ayodo believes it would be better for the service to be rolled out first to registered merchant account holders. A global service permitting registered merchants to hold, trade and settle with each other via their PayPal accounts using a stable coin and a block chain could be mutually beneficial and more accommodating of regulator angst. The majority of customers, especially those living on modest incomes, are not interested in holding, trading or paying with crypto currencies and similarly the small merchants they patronize, would likely prefer to accept cash. The nearly 2 billion unbanked adults would not use a PayPal account for the same primary reason Findex has consistently found – they do not have a bank account for lack of financial resources. This won’t change simply by offering PayPal in a Crypto version. Worldwide small Merchants, busy running their businesses, are themselves often not financially sophisticated, nor prepared to suffer a potential loss due to the high volatility of crypto values. They may, however, be quite accepting of the use of a stable coin and prepared to entrust PayPal to settle, or pay them in local fiat currencies, when it would help build their customer base and introduce business and cost efficiencies to their payments practices by accepting not-for-profit payments schemes such as mobile YodoPay.

Interesting also, therefore that recent Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) changes, effective June 1, 2020, include entities trading in virtual currencies under FINTRAC’S purview to align with FATF Regulation 16 . https://www.sygna.io/blog/fintrac-canada-virtual-currency-crypto-regulations-2020-2021/ Wisely the guidelines only apply on Crypto transactions exceeding $1,000 which is similar to the “carve out” to the rules for pre-paid products, the exemption which has allowed YodoPay to remain an anonymous mobile payments product since inception. Assuming merchant settlements are timed to automate at values below this $1,000 threshold, PayPal’s new service may represents an ideal system for Ayodo’s own vision of Global-Yodo-Merchant-Settlement (GYMS).

Especially in the developing world, small merchants are most often long term, well known licensed members of their communities. Merchants are of fixed physical location and more likely than their customers to be themselves banked. Perfecting a cash based Merchant centric paradigm would allow the bar to be raised on monetary transactions, preserving necessary KYM requirements on the merchants. All significant movement of funds would occur at the top of the pyramid on fully regulated channels and even here could be limited to amounts less than one thousand dollars in each instance. Know-Your-Merchant (KYM) requirements, with only balance and velocity constrains on individual pre-paid customer accounts, would ease the regulatory compliance costs while allowing individuals to transact digitally. Merchant settlement effectively aggregates the flow of cash through the regulated channel (PayPal) which can result in cost efficiencies. Replace difficult to implement and enforce KYC with easier to implement and enforce KYM. By regulating and monitoring Merchants themselves, while allowing individuals to transact digitally on essentially fiat cash yet in a fully digital form, will create a more inclusive financial system.

Equifax data breach postmortem.

So what if you and up to 150 million other people lost their identity, including credit card numbers, to identity theft.

 

equifax breach

It’s been more than 3 years since Equifax belatedly reported their totally irresponsible, almost incomprehensible, data breach. You would think that when 148 million people had their sensitive personal data, including their names, driver licenses, date of birth, phone numbers, email addresses and social security numbers stolen,  good people everywhere would begin to demand changes in our Credit Rating Agencies’ practices AND question the value of Know-Your-Customer or KYC. This is not the first time I have posted on the diminishing value of,  or the dangers of KYC,  yet so very little has changed  Equifax postmortem  . The whole credit industry,  which relies upon knowing explicitly and well the person to whom credit is being extended needs to be revamped and our legislatures need to force changes in the law which will prevent these types of data breaches. There are technologies available now,  such as Self Sovereign Identity (SSI) Sovrin.org which could easily prevent such major breaches provided institutions do not subvert the intended practice by storing the ID credentials to enhance marketing practices.  Physical credentials, such as a Drivers License for example, could be presented and verified by a Bank employee who will issue a digital credential while NOT storing a plain text record of the actual credential.  When will legislators wake up to the problems inherent in KYC and amend our laws to better protect citizens from identity theft ? In case you believe it is only private companies who exhibit such poor custody of your personal identity;  Governments, the very people making the laws and failing to protect our privacy by forcing KYC upon us, are every bit as guilty of exposing your identity to nefarious criminals.  Government data breaches .

Speaking of Government they are not only failing to properly protect your data, they are often the perpetuators of the breach.  Equifax data was in fact,  breeched by the Chinese government, as an act of espionage!  That is to say not by criminal “black hats” intent upon financially benefiting from the personal data and Credit card numbers stolen. Chinese Government Hack

FINCEN FILES

Many of us will be surprised to learn who facilitates the most money laundering and terrorist financing. It appears of course, to be some of the world’s largest banks such as HSBC, Deutsche and JPMorgan Banks. These Banks have facilitated more than $2 Trillion in illicit fund transfers on behalf of Drug Cartels, Organized Crime, Ponzi schemes and Terrorist Financiers over the past decade despite repeated warnings and fines which have failed to limit these illicit money flows.

https://www.bbc.com/news/uk-54226107

https://www.icij.org/investigations/fincen-files/global-banks-defy-u-s-crackdowns-by-serving-oligarchs-criminals-and-terrorists/

It makes an absolute mockery of multinational banks, efforts to limit the spread of “Open Banking” initiative based on grave warnings that opening Bank APIs to Fintech startups would endanger society and impair the use of legal channels for the transfer of money. https://www.openbanking.org.uk/customers/what-is-open-banking/

The truth is many Fintechs, such as Ayodo Foundation a registered not-for-profit with a mandate to alleviate poverty by enhancing financial inclusion, provide services to essentially marginalized individuals, who’s net worth is so abysmally low, that the money transfer services Ayodo does provides are typically in sums less than USD 500, which is less than half the proscribed limits under the regulatory guidelines developed for prepaid products, an exemption Ayodo relies upon to not be deemed a Money Service Business (MSB) and to therefore avoid costly KYC, which is both difficult and unnecessary for our client base, many who remain unbanked, transact mostly in fiat cash and do not have proper government issued id anyway.

NEXUS

The Canadian Border Services Agency (CBSA) has started down a slippery slope by introducing Facial Recognition for Nexus users.

Surveillance cameras in Tiananmen Square, Beijing.

China deploys hundreds of millions of cameras to watch over every aspect of their citizens lives.

Tell our Privacy Commissioner we do not want such a massive invasion of our privacy in this country.

https://www.priv.gc.ca/en

There is a much safer way to use biometrics for verification to protect our border entry points. Europe, where the protection of personal privacy is taken more seriously than in China and apparently now more seriously than in Canada, Self Sovereign Identity (SSI) is used to allow authorities and individuals to better protect their personal identities while permitting individuals to verify their identity to authorities as required. https://sovrin.org/

Canadian Border Service Agency (CBSA) wants to use facial recognition templates and potentially breach our privacy while risking the exposure of Canadian’s Biometric identities. Write you MP or the Canadian Privacy Commissioner to ask that the Privacy Office stand up to the CBSA and insist that they abide by Self Sovereign Identity (SSI) principles. Below is the concern I have submitted to the Office of the Privacy Commissioner https://www.priv.gc.ca/en

“I was informed by NEXUS this morning that they would be introducing FACIAL RECOGNITION for screening Nexus clients at Canadian Airports. NEXUS assured us that they will be protecting the privacy of individual travellers by not storing personal information on the local Kiosk and rather would be storing personal information on secure cloud servers operated by CBSA. I don’t believe for a moment said servers will be truly secure and neither should you or CBSA. I object to the Canadian Border Service Agency unnecessarily infringing on my rights to privacy and exposing my biometric identifier. As a minimum CBSA should be setting an example by enforcing Self Sovereign Identity (SSI) which is being promoted and gaining acceptance in Europe, where the protection of privacy is more enlightened than here in Canada. https://sovrin.org/

The slow process of restoring privacy and ensuring cash acceptance.

This past month has seen several unexpected events; Mark Zuckerberg advising more Government regulations on technology companies to protect privacy, Singapore enacting legislation to restrict fake news and the city of Philadelphia becoming the first major American city to make it illegal for any retailer not to accept cash. One of the nicest attributes of cash is that it is anonymous. Let’s not get crazy and start assuming that anonymity is somehow a criminal trait. Anonymity strongly correlates to individual privacy and freedom.

Even Sweeden until now considered one of the Nordic leaders in the movement towards a Cashless society is having second thoughts. Governments are realizing that markets with pure digital transactions (networks) lack inclusiveness and can be easily disrupted by natural disaster or state sponsored cyber warfare, which could leave hungry citizens with no means to purchase groceries. Seventy percent of Swedes want the surety of always have an option for cash payments. Sweeden

Wonderful to see MasterCard, therefore, at least recognizing privacy has become a major societal issue. MasterCard People do not want explicit details of every single transaction they make being recorded only to see this consumer data monetized by sharing with advertisers, where, when, who, what and how much was purchased and just as likely be part of yet another major data breach endangering their privacy and facilitating ID theft. I believe MasterCard is taking their que from Apple who have quickly learned from Facebooks’ own troubles surrounding breaches of privacy.

I’d say eliminate KYC and legislate privacy with Self Soverign Identity (SSI) or we should all move back to using cash which by the way can now be digitized or converted into digital form as YodoPay does so elequently.

Crypto Scams continue unabated

It is truly shameful that thieves and scammers have ruined the prospects of blockchain creating a fundamental sustainable shift towards democratic money. Having a decentalized trust method to exchange digital assets does nothing to prevent criminals from operating illicitly on the edge.

The problem being that in order to potentially benefit from the blockchain, at some point real people with real money (fiat currency) must buy Crypto assets . This “edge” is the chasm between historic or what we might refer to as normal monetary systems and the new age crypto systems. Having a decentralized, anonymous, low friction and fast means to move digital money fails us miserably because once in digtal form digital money has no reliable auditable method to track and recover stolen weath. It can simply disappear into thin air as just happend to my Ethereum holdings.

While comtemplating how to use the blockchain for Ayodo Foundation’s altruistic intentions of providing non-profit payment and money transfer processes and thus enhancing financial inclusion (Remittance Services) to help alleviate poverty, I needed to learn about blockchain through perosnal experience. I therefore was caught up in Quadrigacx “flame out” having lost my entire Ethereum holdings on this Vancouver exchange. Fortunately for me, unlike this poor victim who lost more than $500K QUADRIGACX my entire holdings represented about $10 worth of crypto.

If you read my earlier posting below on what a terrible year 2018 has been for most holders of Crypto currencies, I failed to mention the ModernTech fradulent ICO which neted the backers more than USD 600 million, which was stolen as the organizers disappeared with the funds. That scams of this magnitude can be perpetuated from jurisdictions, or regions (Singapore & Dubai) who are encouraging the Fintech industry and are adopting more “Open Banking” due to human greed is truly discouraging. These bad actors, through their criminal actions and their human greed, are preventing the evolution of digital money which could serve humanity well. Note these dangers occur at the “edge” – either on an Exchange where cryptos are traded with either a data breach by unknowns or when the backers themselves disaapear with the money or via an ICO . If regulators really wanted to protect society then they would accept the blockchain for what it real is and focus on passing new legislation to control the Exchanges and the ICO and in particular Cash In and Cash Out (CICO) and if you also have read any of my previous posts this shouild not be through stronger or more KYC regulations, as when criminals walk away with $660 millioin dollars from 32K purchasers, the accounts are NOT balance limited. On average each purchaser, or each account represented $20,625.

BEWARE!

The importance of CICO

Can’t overstress the importance of the deregulation of Cash In and Cash Out (CICO) for Financial inclusion. Ayodo’s own merchant centric mobile money service YodoPay is reliant upon the CICO services being provided by small merchants worldwide. The Consultative Group to assist the poor (CGAP) fully recognizes the importance of CICO in reaching the poor who are often marginally or totally unbanked. Still 70% of the adult population in emerging SE Asia (excluding China) remain unbanked.

Eight hundred million Indians remain marginally banked transacting primarily in cash or fiat currency ( INR) so why not leverage the 15 million small merchant there with established cash handling practices to allow CICO and penetrate into this market to finally and fully enhance financial inclusion. As much as the Governments of developing countries may like to emulate the developed world, univeral western style banking may not be a preferred model for poor people who are eking out a living on a few dollars a day income. Pragmatically speaking these people have no real need for most banking services and with the unintended costs and problems of Identity theft perhaps the developed world should be reconsidering our over reliance on a credit/debit for payments and search for better solutions founded on blockchain solutions. The real poor require minimal financial services, mostly for money transfers and micro loans, two area banks have proven incapable of providing in a secure affordable fashsion. Poor people and even some weathly people trust and prefer to transact in cash. CGAP has been trying to enhance financial inclusion for more than a decade, and the experience has taught them the necessity of deregulating CICO. Here are a few links to articles and posts by CGAP staff on CICO.

The importance of CICO by CGAP’s financial sector leads.

https://www.cgap.org/sites/default/files/publications/slidedeck/2018_05-Slidedeck-Proximity-Matters-Five-Case-Studies-in-Closing-the-CICO-Gap.pdf

UPHOLD Data Breach

Malicious Actor

Another day another data breach. I received a report of a data breach at UPHOLD yesterday on June 6, 2018. This follows last week’s report of the major data breach at Marriott Hotels and of course the earlier massive Equifax breach wherein the personal data of more than 145 million people was compromised Equifax . The one part I whole heartedly agree with is that financial institutions have been facing phishing attacks of unprecedented sophistication. Do not be so naïve to assume your bank or your financial service provider can protect the information you provide.

I have an UPHOLD account for trading Cryptos and as per financial regulations in order to open my account at UPHOLD, I was required to submit in my application personal information to meet KYC regulations.  This requirement included a copy of a government issued photo ID so I provided my Driver’s License along with information on my financial accounts.  UPHOLD operates a so called on/off ramp to fiat currency by linking UPHOLD accounts to regular bank debit cards/ accounts to allow users to cash-in and cash-out of various Crypto currencies.  I was attracted to UPHOLD for this reason and for UPHOLD’s clever business process through which they largely mitigate volatility of account assets. Great, now please just provide me the services without losing all my identity data.

Didn’t quite turn out the way I expected and as a result another “Malicious actor”, their words not mine, has at a minimum my name and my email address. Seems suspect to me that the same Malicious actor would stop after penetrating UPHOLD’s database for account holders’ names and email addresses only, but let’s give UPHOLD the benefit of the doubt and assume they are being honest with me in reporting this breach. The point I am making is that KYC continues to be a dramatically powerful enabler of identity theft.  We need to reduce the amount of personal information KYC compliance is forcing service providers to acquire from their customers. As has so often and repeatedly been demonstrated a failure to protect our sensitive personal identities. Providers in the financial services industry, who should be at the pinnacle of cyber protection practices, appear totally inadequate in protecting our sensitive data.  The obvious question everyone should be asking is why we so gleefully and willingly surrender online our electronic identities and is there not a better way to fight money laundering and crime then subjecting so many millions of law abiding citizens to the dangers of ID theft?

Dear Uphold Member,

We experienced a security incident on November 21st and have now completed our investigation. I write to explain what happened, how we handled the situation, and how we can work together to defeat such attacks in the future.

What happened

As you may have read in the media, financial institutions have been facing phishing attacks of unprecedented sophistication in recent months. Uphold is no exception.

First, I’d like to reassure you that Uphold was not hacked and no customer funds were stolen. Your accounts remained safe throughout the incident and our security measures worked as planned.

The incident resulted from an attack on our account at a third-party email services provider. We were one of several companies affected. A malicious actor created a fake newsletter titled, ‘Black Friday 15% discount on BTC’ and sent it to Uphold customers. The communication looked like an Uphold email, and owing to the exceptional nature of the breach, came from Uphold’s email address.

We are deeply sorry for the incident and have been busy conducting a review of our security controls and procedures. Keeping your information secure is of paramount importance. As a result, we’ve introduced a series of measures to reinforce our position as one of the most secure financial platforms.

Marriott Data Breach

Listen up world. KYC is costing us billions.

Marriott International, one of the largest hotel chains in the world revealed that the names, email addresses, passport numbers and payment card details of up to 500 million guests has been compromised.

Marriott Data Breach

bigstock-Woman-at-counter-in-hotel-149727032-690x460

 

Next time you use your credit card plus any part of your personal identity (ID) to book a hotel or make a payment, any payment, take a moment to ponder the ramifications of this act.

Aside from the very real costs of more than $500 billion we pay the banks and card companies for the convenience credit cards, due to a fundamental requirement to know to whom credit is being extended, we are creating the ideal vehicle for identity theft. Identity theft is one of the fastest growing most profitable crimes in the world.

Ask yourself, would you rather see a fraudulent $200 processed on your card by a criminal or see your identity stolen?  A US Department of Justice study reported the average cost of identity recovery (2014) was $1,343 per victim.  Remember it is not only the direct financial fraud perpetuated with stolen identities but it is also the legal fees, overdraft charges and the time and cost of replacement of your stolen identity credentials.  Javelin research indicated in 2016 over 6% of consumers experienced losses due to identity theft. Hidden costs of ID theft   We collectively suffer more than 100 billion dollars in losses due to ID theft each year. This is money you and I pay each year so it may surprise you that a root cause of identity theft is an over reliance upon Know-Your-Customer (KYC).  At the outset KYC may have seemed a logical way to prevent money laundering,  before social media hacks like Cambridge Analytica or State sponsored cyber hacking but for certain  KYC has become an enabler of Identity Theft and its wide spread use should be questioned in our mobile internet age.

Ayodo Foundation and Yodo Inc. believe a better less costly approach, just as effective in preventing money laundering and terrorist financing, would be to Know-Your-Merchant (KYM). Technologies now exist to positively identify both every customer and every merchant to any payment transaction without the arcane and silly practice of KYC, where we voluntarily submit our names, addresses , dates of birth, social insurance number and even passport numbers to merchants. Ayodo and Yodo Inc. our for-profit payment arm, subscribe to best industry practices for security and authentication without KYC.  We believe fundamentally that your identity, from your date of birth to your biometric identifiers, belongs to you alone and as individuals we all need a society and global governance to better  protect this information. Arcane rules and regulations for the financial service industry do exactly the opposite.  KYC only aids criminal organizations by forcing us to expose our identities to these organizations through mismanagement (e.g. Marriott, Target etc) who are then only too willing to exploit the compromised information. Victims of identity theft express not only anger and rage (65%) but fear (69%) in the lack of security of their financial instruments and sleep disruption (40%).   Don’t we have enough to worry about without regulatory imposed rules which actually enhance the risk of ID theft?  If we were not forced to provide personal information to use financial services like bank accounts or payment cards, than the information could never be compromised.  A good example of what we should be doing to regain control of our identities is the Self Sovereign Identity (SSI) movement in Europe now being adopted by several enlightened banks. Let’s recognize the problem and move beyond KYC towards KYM and SSI for a less worrisome troubling payment industry.

KYM Know-Your-Merchant.  Merchants are known, often of fixed physical address, trusted by local consumers,  have business licenses and most often incorporated and with bank accounts. KYM is enough. Stop the practice of KYC!

 

Cash is still KING

For those indiviuals who have for the past decade been predicting the demise of fiat cash,  and to those governments who believe completely displacing cash will result in both better fiscal management and enhanced financial inclusion, consider the following. The latest World Pay  report on payments has found fully 40% of all retail payments in Singapore during 2017 were cash payments!  This is relevant because Singapore is a modern city state with the best mobile telecom infrastructure, among the highest number of banked individuals (98%) , the most e-wallets of any market PLUS is home to Asia’s  safest and the world’s best digital bank (DBS). What the regulators and the service providers continue to ignore (or dismiss) is that general public trust in fiat cash exceeds any e-payment product and the costs of accepting cash especially for small value transactions remain lower than for any digital cash alternative. Look at the red sign posted at this small Singapore based merchant who accepts several different types of digital payments. It reads “Sorry to inform you that Cashless Payments is only available for transactions above $10. Thank you for your understanding”.

I see similar signs as this in Canada and in most highly developed markets. Ayodo advocates for and provides through our partnership with Yodo a CASH BASED alternative with the same low costs of acceptance and the same trust as fiat cash. Small merchants in Singapore clearly prefer Singapore dollars,  just as merchants in India prefer Rupees,  merchants in Mexico prefer Pesos and small merchants in Peru prefer Sols. They do this not because they are money launders or financiers of terrorism but simply to make the the small businesses they and their family rely upon for subsistance can reduce transactional costs and eeek out a better livihood. It leaves little to the imagination to realize that if cash is dominant in markets such as Singapore that it is even more dominant in other less developed countries. The World Bank report on payments indicates fully 65% of global payments remain cash based. Isn’t it time governments and not for profits doubled down on solutions that leverage modern cloud and blockchain technologies to perfect cash  http://blog.sunmi.com/?p=203

Fresh n Spiky