Thought$ On The Future of Digital Curren¢y For A Better World

In the old days the gold standard was the way global economies secured their financial backing yet over time that got to be too costly to secure and too heavy to move. In all reality inflation and population growth far exceeded the amount of gold available for it to be widely used so nations moved away from the gold standard and adopted their own currencies and financial regulatory systems – for better or worse. Yet with growing curiosity around digital currency in conjunction with the decline of traditional cash usage I offer my commentary at an increasingly relevant time.

Figs. 1. and 2.
blog post small

Governments are wrong to assume all or most forms of digital currency are associated with illicit activity. We all know there have been bad actors out there in the digital currency space, and we know that some platforms like Silk Road have been attractive to them. Yet we must not forget that most bad actors use normal currency more often, and more importantly, the form of the currency is not as important as what the actor does with it.

Since we are at the beginning of the digital currency revolution it scares big governments who use traditional currencies to govern and collect taxes, and in some countries like Venezuela, Rwanda, Iraq, and Libya, they commit war crimes, financial fraud, and they steal from their citizens under the auspice of a legitimate financial system. In these countries, could a new more secure digital currency inspire a government revolution showing more transparency in currency movement and tax records sustaining democracy, human rights, and economic growth? The point here is that governments have abused their power to collect taxes and regulate financial services since the beginning of time. Didn’t the United States fight the Revolutionary War to stop excessive and unjust taxation from the British, and prior to the formation of the United States (July 4, 1776) the Thirteen Colonies had their own contradictory currencies, used the Spanish dollar, and counterfeiting was widespread by government and non-government people alike. Indeed governments should discourage immoral activity via legislation but not innovation in payment methodologies because lots of good can come from these new technologies. We as a world must think harder, longer, and we must inspire debate among global leaders for a better currency form in the future as paper cash is too darn simple and will soon grow more insecure due to better printer technologies observing the endless capabilities of the 3d printer.

Figs. 3. and 4.
Bit Coin Apple Pay
Conservative Wells Fargo led the industry in a surprise joint effort with Apple for the iPhone Apple Pay application in Oct. of 2014, setting a new standard with a mobile digital currency that has great security. Wells Fargo’s move to Apple Pay is a step closer to a digital currency and it is gaining traction and according to Forbes.com 10 major banks have now signed up for it (http://www.forbes.com/sites/roberthof/2014/12/16/apple-pay-gets-more-bank-support-but-it-still-needs-a-lot-more-stores-to-succeed/). Yet like most new technologies it takes time for others to upgrade to it, and in this case that means retailers need new software and terminal equipment that will accept the mobile payment platform. Although this takes time and money, every new technology does, and over time I believe it will save retailers money and time. Imagine a busy retailer two years from now who has no ability to take mobile payments during a busy holiday rush, they will have to staff more people, suffer more human error via cash transactions and manually entered credit card transactions, risk employee theft of unmasked credit card numbers, and customers will leave feed up with how long it takes to be serviced. Conversely, imagine a busy retailer two years from now who has the ability to take mobile payments, they will staff less people, customers can check themselves out and the risk of human error is reduced while security has the potential to be better. Moreover, in a hyper competitive retail market this can bring prices down and service levels up to the benefit of the customer, the community, and the technology sector. This is where innovation is born and some Subway franchise owners have taken the lead as of Nov. 2013 (http://www.cnbc.com/id/101211284). Economic policy makers must not hide from this better future and should take note from the private sector.

Fig. 5. Subway entrepreneur using Bitcoin:

It is likely less costly to make and secure digital currency than it is to make and secure cash and coins. Every time the U.S. Mint releases a new version of its bigger bills it takes years to develop, billions to make, billions to secure, they have to burn and shred billions of old bills, and a credible 2013 Market Watch Report backs this up by saying, “the new hundred dollar bill costs 60% more to make than the prior version” (http://www.marketwatch.com/story/new-100-bill-costs-60-more-to-produce-2013-10-08). With this type of growth rate how can these costs be sustainable especially as the population grows and paper resources become sparser?

Fig. 6.

New 100 Bill

Conversely, we know that technology costs go down or stay even when balanced for inflation over time. We also know that RAM memory, CPU speed, CPU size, fiber optic cable connectivity, and data encryption have made exponential leaps in the last five years thus making the environment for digital currency ripe. After all, many governments including the U.S. claim to have cloud, server, metadata, and predictive analytic technologies that manage to monitor and track all the internet transactions in most of the world, and the private sector would agree with this. If technology is this good why then can’t we have digital currency?

The answer is that change takes time and government bureaucrats have insulated themselves with yes lobbyists who support the current status quo. Supporting the current status quo is big business after all there are secured vehicle companies, printing companies, risk management companies, and many other companies that make money off the current financial regulatory system; lots of jobs and money are at risk if the current model would change. A good example of this is what happened to the film based camera company Kodak when it failed to respond to digital, but with digital currency its worse because we are dealing with big government and elected leaders who are at best imperfect though at times well intentioned. Yes there are some true leaders out there like Congressman Steve Stockman (R-TX 36th District) who took Bitcoin donations on his campaign and introduced the Virtual Currency Tax Reform Act (http://www.forbes.com/sites/perianneboring/2014/04/08/breaking-rep-stockman-to-introduce-first-bitcoin-bill/) to get the dialogue on Capitol Hill started but the bill has not yet passed and more work and research needs to be done. We as business/tech people need to be a loud part of this research and discussion and then more elected leaders will support it.

Lastly, digital currency moves the world closer to a one world currency where foreign exchange risk is significantly reduced or eliminated. Thus tariffs and geopolitical economic sanctions will be easier to see, prevent, and private sector companies that do a lot of international trade can benefit from that. Are there too many currencies throughout the world and would one global currency be better? Well it would be better in that there would be fewer economic highs and fewer economic lows but it would be worse in that highly valued companies and individuals would be greatly devalued in the developed world and some in the U.S. would argue that violates the free market principles of the constitution and discourages private sector competition. Moreover, a one world currency would be impracticable to support and would violate state sovereignty across the world yet that didn’t stop China from advocating for it in 2009 and subsequent years according to this credible source (http://usa.chinadaily.com.cn/world/2014-01/29/content_17264069.htm).

In sum, I don’t think a one world currency is the answer as I do think it would violate free market principles. Yet I do think a leading digital currency is needed when it can have transparent transfer rates, a secure audit trail, and can enable some cross-border economic development to balance out the third world so they don’t have to go to loan sharks for their crop loans. Cheers to our digital future!

If you want to hire me to speak at your next event or consult for your company on these and related topics concerning financial services risk, process improvement, project management, and related areas please contact me.

Lessons Learned From The Target Data Breach: Part 1

In the holiday shopping rush of December 2013 Target (TGT), the 1,778 store middle market retailer, had one of the biggest data breaches in American business history.  The breach apparently affected more than 70-100 million customers over 40 million cards (varying estimates exist) across all U.S. stores but excluded Target.com and stores in Canada.
target date leakThe general consensus is that a HVAC contractor for Target, Fazio Mechanical Services, who had access to Target’s networks got their own networks hacked via an e-mail phishing attack, normally an elementary attack method; yet that attack installed malware that then got onto Target’s network and installed more malware that copied personal data from Target’s payment processing terminals when it was in the “working memory area” or “cache” of the software/system – that is before it gets encrypted to be sent to the bank to be authorized.  This is part of the reason why it was not detected so fast and yes these hackers were smart.

Yet Target also did a bad job separating their networks and servers while they were trying to save money by having less networks and broader access for those who needed them.  Yet I don’t see why an HVAC contractor would need to be so close to the networks that work the registers.  This is simply poor design.  I am sure the HVAC company could have done their job without access to the Target network.  Let’s not hope they just wanted to upload HVAC reports and browse the network.

According to a recent Business Week article, “Target had a team of security specialists in Bangalore to monitor its computers around the clock.  If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.  On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route.  As they uploaded exfiltration malware to move the stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis.” (http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data)
target date leak2Yet Target did not take this alert seriously but why?  Fear of change, ego, poor leadership, and too much bureaucracy got in the way of the costly software’s effectiveness.  At the time of the breach FireEye was a new software tool for Target’s technology group and what I know about new technology is that people delay embracing and learning new systems of out of fear that those systems will be buggy or not as good as the old ones.  I understand this very well having worked part time in the P.C. dept. at Best Buy for more than 3.7 years representing Intel and related software makers Microsoft, Symantec, Trend Micro, and Adobe.  When Windows 8 came out all kinds of people were doubting it not because it was bad but because it was more work to get to know, and if they saw something really different about it, they were inclined to think it was a bug when in fact it was a useful design feature they didn’t yet understand.  The same bias can be applied to Apple computers.  People falsely think that they are immune from viruses because Apple designs them that way.  What a joke.  Apple computers are only as secure as their understanding of the latest virus.  Yes it is true the Apple operating system is not targeted as much for viruses but it is also not used as much and it is hardly used by large companies and governments.

Moving on, the CIO really needs to get behind any major software change like this, and if Target’s former CIO Beth Jacob was really behind FireEye she probably would have done something about the alerts they were giving her.  You would think as CIO she would want to immediately act and reduce any risk.  What was she doing at the time, giving some speech about how she was such a great leader in the industry while some high buck corporate partner pays for her three-course lunch?  Clearly, her eye was not on the ball or even on Target (no pun intended), and she had a big enough ego to think she was smart enough and had put the right people on her team to take care of this.  Yet what an epic fail.  It is also likely that there were people some layers below Jacob that tried to inform others to the alert but I am sure their voice of concern and reason got squashed by Jacob’s massive ego, after all you can’t doubt a CIO – right?  I highly doubt everyone in Target’s IT security team was going to ignore these alerts but it is too many layers of bureaucracy that got in the way of Target’s safety.  Target is better off with a more open style of bureaucracy where concerns can be heard at all levels and tools and processes are shared for innovative solutioning – Google’s culture is a good example of this.

Target has also grossly underestimated the costs associated with the data breach to keep their stock price up but of course they would never say it like that, however I am not alone in thinking Target’s $147 million figure is too low.  According to one analyst, “costs would rise even more over time. “I don’t see how they’re getting out of this for under a billion, over time,” he said, adding, “$150 million in a quarter seems almost like a bargain.” (http://www.nytimes.com/2014/08/06/business/target-puts-data-breach-costs-at-148-million.html?_r=0)

Those who have the stolen data are likely outside of the U.S. and when and if they use the data to commit fraud the ability of a U.S. corporation or court to go after them is diminished, timely, and costly.  Moreover, since the U.S is the midst of negative geo-politics with parts of Europe, particularly Russia where some sources have traced the hack, those who have the data are likely to be bold in how they use it and that’s where the cost to Target will add up.  The other areas where the costs will grow is in Target’s own internal policy and procedure changes as well as the growth of their IT security staff and tools, but most importantly their investment in training must grow.  At present Target has over more than 90 lawsuits against them regarding the breach and that number is likely to grow so the costs here are going to be huge overall.

Lastly, I am not all negative on the Twin Cities’ favorite corporate hometown hero as I shop at Target often, have the REDCard, have been to their diversity events, and I have also seen a lot of concerts and sporting events at both Target Field and the Target Center.  However, the mere fact that Target has the money and lobbying power to get their name in the community does not mean they are a true leader in the community.  As the data security community increases consumer awareness retailers like Target will continue to be challenged to innovate and that’s better for all people.

By Jeremy Swenson