Why The TSA (Probably) Doesn’t Give a Fuck: @Vice ‘Terminal Insecurity’ Video


In a Vice produced video, a security researcher demos how to, well, blow up airline security.

Bombs created out of Axe body spray, lighters and toy airplanes; Gun-like contraptions created from magazines, pringles cans and other items you can buy from any convenience store in the terminal.
The how-to is meant to illustrate just how unsafe we are at the airport, despite the uptick in pat downs, body scanners and shoe-less passengers endlessly weaving through serpentine lines.

On its face, this shit is terrifying. Yet the Transportation Service Authority probably doesn’t care.

In a Q&A interview with the Atlanta Journal-Constitution two years ago, John Pistole, administrator of the Transportation Security Administration and a former deputy director of the FBI, said as much.

(From AJC ‘New TSA chief wants ‘more informed’ screening‘)

I see my job and really TSA’s job as one of really managing risk. So my goal is to ensure that we provide the best possible security for the traveling public but doing it in a way that provides greater scrutiny to those that need greater scrutiny, and so we don’t use a cookie cutter approach for everybody. Right now we use somewhat of a blunt instrument to screen virtually everybody the same away. And my goal is to use intelligence in a more informed fashion so we can apply greater scrutiny to those who need it and keep up with throughput in that fashion.

That’s evidenced through TSA’s efforts with pre-check and general focus on intelligence, it most likely just doesn’t see these type of explosive devices as a priority.

In fact, it’s argued that the longer the lines are at TSA, the more time that under-manned airport security details have to focus on potential threats.

That doesn’t mean that I’m trying to make excuses for the TSA.

But, there are just too many physical holes in an airport to plug. I’d imagine that the TSA would posture that you could create as much chaos on an aircraft with your hands (choking a stewardess to death) as one of the IEDs that Vice displayed.


A Reason To Forget Branchless Banks… Long Holds on Personal Checks

The purpose of a branchless bank is convenience; The aim of a mobile remote deposit capture, the ability to deposit a check with the snap of a smartphone, is supposed to double the ease of financial services.

Yet, many of these up-and-coming services that tout their advantages over traditional players are actually more inconvenient when it comes to personal checks.

PayPal, six business days to move funds using mobile RDC. American Express’ fee-less Bluebird account, the same. Green Dot’s recently launched, GoBank… 10 business days.

The immaturity of these alternative players is partly to blame. These companies simply don’t have enough transaction data to make smart decisions about who is, and isn’t, a trustworthy customer.

A Green Dot executive defended the policy of holding personal checks deposited via smartphones for up to 10 days as a necessary anti-fraud measure. The company added that it believes the policy represents only a minor inconvenience to most customers.

Of course, government and business checks, which carry near zero risk for the bank, are instantly deposited.

And, to be fair, most people seldom deposit personal checks. ACH transfers, direct deposit and payroll checks make up a majority of the deposits.

Still, the holds these companies are placing on personal checks cut against their biggest promise: ease of use.

For me, the only time I would say, ‘It’s About Time,’ as a GoBank customer is when the check my mother wrote me for my birthday clears.

Read my original draft of this story after the jump…

Continue reading

What A Phishing Attack Looks Like

It’s easy to get taken advantage of by the bad guys.

The email looked real. It carried a serious message. And, alarmingly, it contained legitimate looking links.

But, no, by clicking what looked like a harmless itinerary of a flight you never booked, you’ve just exposed yourself to malicious software that could compromise your bank account and your identity.

phishing attack

From, Microsoft’s Security Blog;

Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installingmalicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

Any folks out there have other examples of these emails? 

Dwolla’s New Transaction Type

The cheaper. The faster. The better.

Dwolla says its FiSync system is as quick as a credit card payment, and as low-cost as moving money over the ACH Network.

The process works through a set of open APIs that the Des Moines company developed to connect user’s bank accounts.

But, there’s a problem.

The technology requires a network effect — for transfers to take place, enough banks must agree to use FiSync, properly integrate it into their core banking systems and accordingly market the capability to consumers.

The idea of bilateral bank transfers isn’t a new concept, either.

The Federal Reserve offers a same day ACH service that delivers on some of the speed Dwolla is promising with FiSync.

Australia’s central bank also offers a similar technology called the Electronic Funds Transfer at Point of Sale system.

You can read my @AmerBanker story, here.

From Dwolla:

I also conducted an on-camera interview with Dwolla’s chief executive and co-founder Ben Milne.

In this second @AmerBanker video, I discuss how Dwolla affects entrenched payment players:  

Facebook’s Payments Plans

When it comes to payments, I don’t think the social network wants to take on the risk of further establishing its digital currency, Facebook Credits.

So what does it want?

Facebook wants to gain transaction data to bolster its advertising business. And it wants to strengthen its core product, the social network, to bring more users to Facebook, more frequently.

Some of its other recent acquisitions suggest as much. In mid-April, it acquired the mobile rewards company TagTile. This San Francisco outfit offers merchants a cube-shaped device that people tap their phones against to get loyalty offers.

In the end, Facebook just wants to know everything about you. Payments happen to be the best way for consumers to show they really “like” a product.

You can read the rest of my @BankThink piece, here.  And some of my past coverage, here. 

Security On Small Screens

USAA is laser focused on security. It’s a tenant of its military history.

So, when it came time to update its smartphone app to include a feature that makes p-to-p payments through a user’s contact list, they made one point clear: They are not sharing.

Even USAA Federal Savings Bank, one of the most aggressive in its use of technology, is treading carefully in social media and mobile, where the slightest privacy snafu can spark a major outcry.

One of the most controversial smartphone features is the devices’ ability to access a user’s stored contacts. Though this feature is seemingly useful for things like social media and person-to-person payments, consumers are resisting it because it gives a third party access to their personal information.

To make use of a phone’s stored contacts, an app can send the contact list to a server controlled by the application’s creator. Several companies, including Path, Twitter and Instagram, drew complaints from users when this practice was revealed. In February, Apple (AAPL) updated its policies to require that app developers disclose to users how they use contact-list data.

You can read the rest of my @AmerBanker story, here.