Telecom Providers and Mobile Banking - Christmas a cum me wah me llama

Christmas a cum

Me wah me Llama

Christmas a cum

Me wah me Llama

Jamaican Folk Song sung traditionally at Christmas Time

The Big Three (3) in Banking, namely RBTT (Royal Bank of Trinidad and Tobago), NCB (National Commercial Bank) and BNS (Bank of Nova Scotia) took a body blow when the JDX (Jamaica Debt Exchange) declared as successful in the article “JDX ENDS AT 99 PER CENT; MINISTER SAYS THANKS”, published Thursday, February 25, 2010, The  Jamaica Observer struck.

Overnight, it wiped out their profits and they slowly resigned themselves to an end to the heyday of record profits and a return to the traditional business of banks: Savings, Loans and investments, both Fixed Income and Money Market. Governor of the Bank of Jamaica, Mr. Brian Wynter as stated in the article “Credit Rating bureau needed quickly – Wynter”, published Friday January 22 2010, by Alicia Roache, The  Jamaica Observer.

The BOJ then made a declaration that players in the Banking Sectors wanted to hear that would make Loans seamless, transparent and convenient, which was a urgent call for a Credit Bureau Database in keeping with the Credit Reporting Bill that is yet to be full ratified in Parliament, still distracted by Christopher “Dudus” Coke related matters, when the focus should be on getting growth going.

The Commercial Banks, namely RBTT, BNS and the NCB seem reluctant to lower their Interest Rate spreads, as the losses incurred due to the JDX possibly still hurt and they are at least trying to ride out the difference between their rates to make up for the short term losses due to the surrender of their short term (read 30-day, 90-day, 180-day) Government of Jamaica Bond instruments, as those days are over for them as well, as it is back to the traditional business of Banks – loans and borrowing.

Oh, how the mighty have fallen……..indeed. At this point it is good to note that the Credit Unions are not squealing

Then Light at the end of the Tunnel flashed glimmers of what lay ahead for the Big Three (3) Banks. First signs of growth were reported by Jamaica Exporters Association (JEA) president Titus Evans in the article “JDX MAKES EXPORTING MORE ATTRACTIVE”, published Wednesday, April 21, 2010, The  Jamaica Observer.

Based on an increase in queries mostly relating to the production of farming produce for export, as this was a ready earner of foreign exchange, postulated that encashment of Government Paper was occurring with investors [Banks representing customers] began liquidating their assets to reinvest in growth areas as the Jamaican Dollar was still approximately JA$95 to US$1.

Corroboration of this statement can be seen in the unusual level of borrowing and possibly investment noticed in the Micro and Small Business Sector, collectively called MSE (Micro and Small Enterprise), “micro” being defined as having less than ten (10) employees and “small” being defined as having between ten (10) and fifty (50) employees as published in the latest exciting issue of the Economic and Social Survey of Jamaica (ESSJ) as stated in the article “Small businesses post JA$96 billion sales decline – Firms borrowing more and commerce worsens”, published Sunday June 2010 by Avia Collinder, Business Writer, The Sunday Gleaner.

The statistics indicated borrowing from Private and Public Sector lending agencies in excess of 100 percent moving from JA$753.1 million in 2008 to JA$1.622 billion in 2009, with the bulk of borrowing being gender and age centric, with JA$98.6 or 65.9% being female borrowers and persons over the age of 36 years old borrowing 67% percent of loans on offer, compared to 33% of persons in the age range 18 to 35. A glimmer of hope pre-JDX or is this a trend set to increase? It was, however, an indication of my previously stated views: Banks are going back to their traditional business, albeit slowly.

This would explain the increased level of confidence shown by the Governor of the Bank of Jamaica, Mr. Brian Wynter in lowering on a monthly basis, the Interest Rates into single digit territory, signaling further rate cuts in the coming months as stated in the article “Interest Rate cut signal BOJ optimism” published Sunday June 2010 by Sabrina Gordon, Reporter, The Sunday Gleaner, with all that is needed being a CBD (Credit Bureau Database);

Thus necessitating the need for a Credit Reporting Bill, heralding the coming of a Cashless Society where all financial transactions do not involve physical cash and instead are merely transferring cash between Debit and Credit Card accounts involving intra-Branch Monetary Transfers, inter-Branch Monetary Transfers and Inter-Bank Monetary Transfers on a common Platform, be it one based on Mobile smart phones using the Square App or increased usage of the ABM (Automated Banking Machines) to conduct transactions.

This reduces the cost of conducting financial Transactions by cutting back on the cost of operating Banks and aiding the Telecom Providers to retail more Mobile phones by giving customers a Mobile smart phone when they open a merchant account along with a Credit or Debit Card upon with which to conduct financial Transactions using Square as detailed in my proposal on my blog article entitled “CLARO and Square - the App of the Year 2010 and CLARO's Saviour”.

Credit and Debit Cards are easy marks and popular targets for online hackers as well as unscrupulous merchants who utilize skimmers to steal Debit and Credit Card information, as Credit Cards often have no PIN numbers.

Thus it would seem the security features being implemented by the Bank of Nova Scotia involving JPS customers who exercise the option to use the internet to pay their bills (voluntarily?) keying in their the credit card numbers on SSL (Secure Script Layer) websites as stated in the article “As Fraud Grows, Privacy erodes”, published Sunday March 21st 2010 by Avia Collinder, Business Reporter, The Sunday Gleaner.

Storing them in the Bank’s Database will not work.

This as if their Database Server is not a Oracle DB Database housed on a Sun Solaris Server running a Linux Distribution Operating System with access terminals also running a Linux Distribution with Open Source Firewalls and Biometric Security protocols for all Laptops for Database Administrators, Computer Terminals and Servers and having the Servers and Computer Terminals connected over a private network, they are very vulnerable to outside intrusions.

Both in terms of hackers remotely accessing their Servers, Laptops for Database Administrators and Computer Terminals or accessing the computer being used by the Credit Card holder over the internet via scam websites, key logging software and other “phishing” techniques.

Especially if the Bank of Nova Scotia is using Microsoft software, which is notoriously hacker friendly – which of course one assumes to be information that the Network and Database Administrators at BNS are well aware. The same level of security required for the Banks Databases is also required for the CBD.

But what of the Telecom Providers? Are their Networks secure? I would posit that they are not………

It seems Telecoms Providers may possibly be the Debit Card thief’s best friend in another way that most police may not have possibly foreseen but is so new that it has a new name: GSM snooping.

This new method is now made possible thanks to the work of a German security expert Karsten Nohl indicated at a Hackers convention press conference in German that he had decrypted the A5/1 codebook, which uses a 64-bit encryption key, as stated in the article “Q&A: Researchers Karsten Nohl on Mobile eavesdropping”, published January 1, 2010 4:00 AM PST author Elinor Mills, InSecurity Complex – CNET News.

For the layperson, this means that conversations on Telecoms Providers networks that still use the A5/1 codebook are not only interceptable but decodable. It is thus being hoped that local Telecoms companies have upgraded to the more secure A5/3 codebook, which Dr. Karsten Kohl, who holds a PhD in computer engineering from the University of Virginia, has yet to decrypt…….at least for now.

What Dr. Karsten Kohl research means is that for the first time, the almost 80 billion users in the world on the older GSM networks that have not yet gone 3G, Networks which uses the stronger (and supposedly more secure A5/3 codebook), can have their conversations intercepted and reliably deciphered using off-the-shelf, easily available computer hardware. What is even worse, this information is now circulating on the Internet, as Dr. Karsten Kohl did this project with assistance from volunteers and developers from the Open Source community.

In practical terms, this means that not only is the knowledge of the process of how the codebook operates and is produced widely known, Mobile conversations on older GSM networks still using A5/1 codebooks can now be easily decrypted. Decryption was possible years ago with the right gear, but this equipment was specialized and required security clearance and registration and was very expensive.

With this breakthrough, thanks to the Open Source Community, GSM Mobile conversations can no longer be considered private and confidential, as now embassies and politicians will soon realize that persons with laptops with the right gear can intercept their conversations as far as a kilometer away.

Thus, the layperson, armed with this information, is left to wonder where the real concern of the Bank of Nova Scotia should be focused: not the few hundred people, whose number admittedly are increasing, who do transactions online and often receive notifications via email and may mistake them as real when in fact they are part of a phishing scam.

But rather,  increasing thousands of people who are now using wireless POS (Point Of Sale) at Gas Stations and Convenience Stores island wide whose transactions are now interceptable and reliably decodable with equipment that is already easily available in Jamaica.

Eventually as Dr. Karsten Nohl and his Open Source team progress with their work, they will soon decrypt the formidable 128 bit A5/3 codebook, which is currently not in use on most GSM networks, inclusive of Telecom Provider CLARO, Telecom Provider Digicel, Telecom Provider LIME and Telecom Provider AT&T, which has so far resisting change to this new encryption schema due to it prohibitive costs as stated in the article “Cell phone codebook exposes security gaps”, published January 28, 2010 by Sami Lais, The Washington Technology, The Washington Post.

Thus it seems a solution is required for both the usage of ATM Debit and Credit Cards as well as Wireless POS device usage before the wholesale adoption of Mobile Banking, as unscrupulous people can easily intercept and steal money, this time by decrypting the transmission itself, a concern that should necessitate more discussion with the Telecom Providers. Otherwise, Christmas will see many a customer unable to buy their llama due to Debit and Credit Card Theft over Telecom Provider’s networks.

I would hereby propose the use of a 512 bit encryption schema upgrade, the so called A5/5 codebook, for all Telecom Providers worldwide, otherwise the increasing power and presence of 64-bit computers and higher bit computers could put a damper in the ambitions expressed by some Telecom Providers such as Telecom Provider Digicel as stated by Group CEO Colm Delves in the article “Digicel looks beyond to expand its 32 markets”, published Friday June 25^th 2010 by Al Edwards, The  Jamaica Observer to go into Mobile Banking as the mantra of the Big Three (3) is security.