Ross Anderson paper on fraud, risk and nonbank payment systems

2007-05-12 Thread Steve Schear
[Read the paper here: 
http://www.cl.cam.ac.uk/%7Erja14/Papers/nonbanks.pdf  Very interesting 
stuff, but not likely new to most here.]



The Federal Reserve commissioned me to research and write a
paper on fraud, risk and nonbank payment systems. I found that
phishing is facilitated by payment systems like eGold and Western
Union which make the recovery of stolen funds more difficult.
Traditional payment systems like cheques and credit card payments
are revocable; cheques can bounce and credit card charges can be
charged back. However some modern systems provide irrevocability
without charging an appropriate risk premium, and this attracts
the bad guys. (After I submitted the paper, and before it was
presented on Friday, eGold was indicted.)

I also became convinced that the financial market controls used
to fight fraud, money laundering and terrorist finance have
become unbalanced as they have been beefed up post-9/11. The
modern obsession with 'identity' - of asking even poor people
living in huts in Africa for an ID document and two utility
bills before they can open a bank account - is not only ridiculous
and often discriminatory. It's led banks and regulators to take
their eye off the ball, and to replace risk reduction with due
diligence.

In real life, following the money is just as important as following
the man. It's time for the system to be rebalanced.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Ross Anderson paper on fraud, risk and nonbank payment systems

2007-05-12 Thread Allen



Steve Schear wrote:

[snip]


In real life, following the money is just as important as following
the man. It's time for the system to be rebalanced.


In fact, I believe, it is even more important because it is the 
snail trail that connects the people involved. Significant sized 
anti-social activities are very rarely one-man bands.


Given this, rather than requiring proof of identity to open bank 
accounts, etc, we should encourage transactions through the 
normal channels in order to better follow the money, if we are 
truly after criminals. All the extra controls do is force 
ordinary people who can't, for whatever reason, meet the proof of 
identity standards to create covert channels to transact their 
business. These then become the means the real crooks then use to 
commit whatever it is they do.


The best parallels I can think of are Prohibition and the War on 
Drugs. Look at the total chaos brought on by Prohibition. 
Fortunately we were wise enough to put a stop to that relatively, 
for social controls, quickly. The War on Drugs; however, we have 
not been as smart about, and now, just over 100 years later we 
are spending multi-billions to bring forth an occasional mouse 
displayed in screaming headlines.


Both Prohibition and the War on Drugs responded to each new 
general control by creating covert channels for transacting 
business. The $10,000 alert system created smurfing where 
deposits were always less. Now that they have instituted controls 
on transfers of $5,000 or more, guess what? I think you can see 
the trend. In addition by imposing general controls what they do 
is spread the work around. The crooks have to hire more people to 
do the work which creates a mindset in a larger number of people 
that laws oppress and that you are better off living outside the 
law.


To bring it back to encryption, what are the goals we are trying 
to achieve by using encryption? Are they goals whereby we create 
barriers between people? Or are the goals to assist people in 
creating connections that are secure and enhance trust? The tools 
themselves are neutral.


Best,

Allen

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]