Identity is money (your money)

As you may know, the United Kingdom leads the world in digital identity infrastructure and is a beacon to the nations when it comes to the use of new technology for identification, authentication and authorisation. Just kidding of course. Here’s the identity that I used at Money 2020 in Amsterdam last week when I was asked to prove who I was at the registration desk:

Money2020 Europe 

Yes, the gold standard for identity cards, the Southern Railway photocard, issued only to qualified commuters after rigorous KYC (you give them a photo and then write your name on the card yourself).

The truth is that we don’t have a digital identity infrastructure (or in fact any other form of identity infrastructure) and the shambolic approach to identity is manifest in a daily litany of frauds, frictions and fantasies (often from the government). Here is an absolutely typical example: a nightclub is issuing its own identity cards since it can no longer rely on any of the other forms of “identification” that are in use. The nightclub manager says that the number of people presenting fake IDs is  crazy, so the nightclub is going to issue its own identity cards with a picture on them. In order to get one of these cards, customers will need to present “two forms of up-to-date official ID” (not entirely sure what this means, since there is no “official ID” in the UK) and then in order to get into the club, customers will need either one of these club cards or a passport or a driving licence.

I’ve written about this at tedious length before, but the core of the issue is that the identification mechanisms that are in use (e.g., driving licences) are impossible to validate and requiring them to be used at all actually leads to more identity fraud because the analogue artefacts employed are stolen, forged and abused in a variety of different ways stop.

Before I continue with this specific example, let me make a general point about how I think these things should work in an always on, connected world. First of all, retailers and other service providers should all have their own virtual identity, or persona, for every customer because they need to be able to communicate and connect with those customers in order to deliver better services and products. In essence, every customer should have a loyalty card. The contents of that card should be unique to each service provider and any compromise of it should not lead to compromise with other service providers. In a digital identity world, this sort of thing is straightforward. You present a virtual identity from an organisation that is acceptable to the nightclub (e.g., a bank) and they send you back another virtual identity that contains things of relevance to the nightclub, such as your customer number and preferences.

In the virtual world, this makes sense because your mobile phone can store millions or billions of loyalty cards. In the “real” world, it will be really annoying to carry around thousands of loyalty cards with you wherever you go, but when those loyalty cards are (essentially) public key certificates then there is no problem.

So let’s go back to the nightclub and see how they might progress on a digital world, by creating a loyalty card based on digital identity infrastructure. Doing things this way has three distinct advantages. First of all, if you are a nightclub then your bar staff may well not be at MI5 levels when it comes to spotting a fake Romanian passport but they might be able to spot a fake version of your nightclub identity. (In practice, of course, they wouldn’t have to because the validity of the card will be checked by their phones). Secondly, by giving every customer loyalty card you are able to interact with them securely (in technical terms you can always send messages encrypted to that persona). Finally, as the nightclub manager himself notes, “we can also ban people and remove the card at our discretion, giving us more control and creating a safer environment”.

On a commercial note. you might wonder why organisations that already spend a lot of money on working out who people are (e.g., banks) don’t take this sunk cost and transform it into a revenue stream. I’ve more than once been told by a bank that there is no business for providing ID as a service to business customers, when clearly this nightclub (to pick just one example) is perfectly prepared to spend money on creating its own identity service when I’m sure the management would much rather that their efforts be directed towards running a nightclub.

Banks should be looking forwards by creating a digital identity infrastructure and then selling products and services based on the infrastructure to, for example, nightclubs. That way, the nightclubs could produce their own branded app (by adding a skin to a generic multi-bank identity app, for example) and pay the bank a pound to testify to the age of the holder rather than waste money having to do it for themselves.

Amazon bank no, Amazon neo-bank maybe

A while back, the Wall Street Journal ran a story about Amazon being in talks with major banks, including JP Morgan, about building what the Journal referred to as a “checking-account-like” product. This set off a storm of speculation about Amazon moving into the banking business, despite the obvious fact that you don’t need to be a bank to offer such a product.

One of the main reasons for the speculation growing was that consumers seem warm to the idea. Almost half of US consumers surveyed said that were “open” to the idea of Amazon as the provider of their primary bank account (according to LendEDU) which may seem surprising but I think is a reflection on consumer experiences of Amazon in practice. Yesterday I ordered some bottles of sparkling water and some bottles of Coke from Amazon, this morning they showed up. From the time I hit the “buy” button on Amazon I never gave the transactions a moment’s thought. It just works. Some commentators therefore began talking about Amazon becoming a bank. Any why not? They’ve become a book shop! I went into the Amazon store in Austin, Texas, just to buy a physical book from them because I could!


I don’t think they will, though. Why don’t I think Amazon will be a bank? Because, as was said in The Street, “I don’t think Amazon wants to be a bank in the way that JPMorgan is a bank”. Amazon just does not make money the way that banks make money. Look at their existing partnership with Bank of America to lend money to merchants. Amazon don’t care about making some small margin from interest payments, they care about helping merchants to increase Amazon’s overall sales.

If Amazon is going to distribute financial services but not be a bank, then what will it be? I think it’s time for another review of terminology and I’ve got a couple of suggestions. Let’s standardise this way: a “neo-bank” is something that looks like bank, but isn’t (eg, my Simple account when I first got it and before they were taken over by BBVA, which is an actual bank), whereas a “near-bank” is something that performs a function traditionally associated with banks but isn’t a bank and doesn’t look like a bank (eg, Transferwise). In this framework, Amazon would probably become a Neo-bank.

The neo-bank is not a new idea, by the way. In 1997, I wrote, with Consult Hyperion colleague Mike Young, an article for Internet Research (Volume 7, Number 2, p.120-128) called “Financial Services and the Internet”. In that article we wrote about the potential for the new technology to assemble a banking service depending on the customers’ needs explaining how the new infrastructure would allow customers to build their own financial services “with the underlying best-of-breed products originating from a wide range of suppliers” which the manufacturers of financial services (eg, banks) would “retreat to a small range of products that build on core competencies, but supplied to a global market”. Amazon is precisely the kind of organisation that can take these products (eg, unsecured personal credit) to that market.

In Europe, there is nothing that the banks can do to stop Amazon from becoming a neo-bank. PSD2 means that bank customers will give Amazon permission to access their bank accounts, at which point Amazon will become the interface between the customer and financial services. I’ve no reason to doubt Amazon’s potential for success if they go down this route. Time for some thought experiment scenario planning…


If Amazon were to provide something that looks like a checking account but is actually a prepaid account of some kind (as my Simple account was), would people use it? I think the answer to this is a resounding yes, especially if Amazon offer the usual array of discounts or cashback to go with it. They have plenty of margin to trade for data. Look at their credit card that gives you 5% back at Whole Foods, for example. If Starbucks can sit on a a billion (plus) in float just from people buying coffee, imagine the float that Amazon could sit on from people buying… well, everything.


If people begin holding $$$ in Amazon float that gives them a 2% discount on stuff instead of holding $$$ in a bank account that gives them a 0.2% interest rate, funds will begin to drain away from demand deposits pretty damn quickly. Now imagine how quickly that might happen in Europe, where Amazon can use PSD2 to get direct access to customer bank accounts in order to instruct credit transfers to load to Amazon accounts automatically, something like their US Amazon Cash service but using modern electronic instant payments transistors and laser beams instead of Federal Reserve bills. It could be seriously big business.

The token Saga

As I explained to the Financial Services Club in London recently, I have a theory that while Bitcoin isn’t the future of money, tokens might well be. In case you are interested, here’s the deck I presented to them: it’s in three parts, first of all a high-level explanation of what tokens are, then a discussion about using tokens to implement money and finally a model to help facilitate discussion around these topics.


Of course, I’m not the only one who thinks that the financial services mainstream should be developing their token strategies. At Money2020 Asia in Singapore I had the privilege of interviewing Jonathan Larsen, Corporate Venture Capital Manager at Ping An and CEO of their Global Voyager Fund (which has a $billion or so under management). Jonathan has already forgotten more than I will ever know about financial markets and as he is also Chief Innovation Officer at Ping An (and a very nice guy too), I take his views very seriously. When I put to him that the tokenisation of assets will be a revolution, he said that “tokenisation is a really massive trend… a much bigger story than cryptocurrencies, initial coin offerings (ICOs), and even blockchain”.

Dave Birch and Jonathan Larsen


Photo courtesy of

He went on to say that he had no doubt about the potential for tokenisation to “reduce friction across every asset class and to create fractionalization of assets where it does not exist today”. In fact, and I paraphrase only slightly here, he said that when the token market is properly regulated and the technology is stable then everything will be tokenised.


Why do people like Jonathan (as opposed to techno-deterministic utopians such as myself) think that tokens are such a big deal? I think it’s because tokens are the first viable implementation of the 1990s dream of digital bearer instruments with the “code is law” (sort of) management infrastructure. They allow for the exchange of assets in an auto-DvP (delivery versus payment) mode with no clearing or settlement which means for efficient, liquid markets.

Now, one of the first steps towards a regulated token market has come the Swiss regulators (who are important because of the Zug “crypto valley” that has become the home of many token plays). The regulator there, FINMA, has developed an approach based on the underlying purpose of the tokens that are created. FINMA categorises tokens into three types: Payment tokens (ie, money), Utility tokens (tokens which are intended to provide digital access to an application or service) and Asset tokens (which represent assets such as stakes in companies or an entitlement to dividends). Of course, hybrid forms are possible and in practice there are likely to be a few different configurations. One good way to think about this, I think, is to think in terms of combinations of these token types as a means to implement the “digital bearer instrument” (DBI) that has long been seen as the basis of the post-internet, post-crypto financial marketplace.

DBI Schema



This is a realistic vision of the future. DBIs as a synthetic instrument comprising regulated tokens, DBI trading that operates without clearing and settlement on shared ledgers and shared ledgers with ambient accountability to create marketplaces that are not only more efficient but better for society as a whole. I touched on this in my talk at the FS Club but then went on to focus on the specific implications for digital money, as it is interesting to speculate what digital money created this way might look like.

We might, for example, imagine that for tokens to be used as money in the mass market they should be much less volatile than cryptocurrencies have been to date. Hence the notion of “stablecoins” that are linked to something off-ledger. An example of this category is the “Saga” coin (SGA). SGA has some pretty heavyweight backers, including Jacob Frenkel, chairman of JPMorgan Chase International, Nobel prize winner Myron Scholes and Emin Gün Sirer, co-director at the Initiative for Cryptocurrencies and Smart Contracts at Cornell University, so it deserves a look. This is a non-anonymous payment token that is backed by a variable fractional reserve anchored in the IMF’s special drawing right (SDR) basket of currencies which, as the FT pointed out, is heavily weighted in US dollars. These reserves will be deposited with regulated banks through algorithms in the underlying smart contract system.

It seems to me that initiatives such as Saga are more representative of the future of money than cryptocurrencies such as Bitcoin, but even they represent only part of the spectrum of possibilities that will extend across many forms of tokens. As I wrote last year, in “Bitcoin isn’t the future of money, but tokens might well be”, tokens won’t only be issued by companies, of course. It seems to me that tokens that implement the values of communities (and, because they are “smart”, can enforce them) may come to dominate the transactional space (think of the Islamic e-Dinar and the London Groat). 

Banks and digital IDs*

In CapGemini’s “Top 10 Trends in Retail Banking 2018”, they highlight “banks leveraging digital IDs beyond authentication” as their third most important trend. As it happens, I was talking about this earlier in the week in Trondheim at Betalingsformidling 2018, where I was asked to give a talk about the open banking era and the potential responses from incumbent banks.

Trondheim 2018

Photo: Betalingsformidling 2018 / Wil Lee-Wright Photography.

Now, I suppose that to a great many of you this really won’t be any surprise, since anybody who thinks about the mechanics of commerce in a connected age must already have come to the conclusion that digital identity is core to the new economy. That’s a superficial and almost trivial point to make, but it masks great complexity because choices that are being made right now about how digital identity is going to work in the future will have a profound impact on the shape and nature of all of society.

Of course, I don’t what identity is going to look like in the future any more than anybody else does (even if I do flatter myself that I’ve made some reasonably well-informed guesses on the topic) but I do think we ought to apply a kind of precautionary principle here. Since we don’t know how digital identity going to work, surely we should want it do develop under the auspices of institutions that society can constrain and influence. This is why I’m so convinced that banks should be the institutions to play the leading role as we evolve the tools, techniques and even the etiquette of a reputation economy.

An obvious first step, and one that has been apparent for many years, is to federate bank identity so that it can be used in multiple places. We have many years of experience now and have seen how schemes ranging from bank ID in the Nordics to Aadhar in India (and our own dear gov.verify) have performed in practice so we can make some informed decisions about how digital identity ought to work. We shouldn’t start from the technology, from blockchains and biometrics, and then work backwards to see what the technologists will allow us to have or what corporations will impose given the technological constraints of the day. Right now we should be discussing what society wants from a digital identities and then working out what the best way to implement them might be.

To do this, we need a model that can help banks, regulators, service providers and suppliers communicate and connect so that they can develop concepts and propositions to make some form of bank-centric, potentially cross-border, privacy-enhancing, secure “Financial ID” a reality.

3DID Basic Colour ID Taxnomy Picture

Let’s start with the basic “three domain identity” (3DID) model to create a straightforward framework for understanding and discussing digital identity. Now let’s look at a real example of bank doing some interesting work in this field. BBVA, for example, use this kind of model to map “real”, virtual and digital identities to identification, authentication and authorisation processes. BBVA describe the domains as follows (I’ve added my interpretation of what they mean with reference to a standard Public Key Cryprography, or PKC, implementation):

  • Identification: definition of the attributes that confirm, beyond any shadow of a doubt, that the user is who they say they are and not someone different pretending to be them. BBVA mean this in terms of Know-Your-Customer (KYC) of course, so what this means in practice is that the private key must be bound to the correct individual(s).

  • Authentication: verification through credentials that the user is the customer they say they are (username and password, OTP, digital certificates and others).  Obviously with PSD2 this means implementation of some form of 2FA to comply with the RTS on SCA.

  • Authorization: the financial service providers (TPP) with a license to operate must be given authorization by the customers before they can access their accounts. They need to have proof of consent, which can be obtained through access tokens. I would generalise this point away from banking, as per the CapGemini comments, to talk about tokens for access to a wider range of services than simply bank accounts.

Earlier this week I posted about digital identities (as opposed to digitised identities) and made the point that we are interested in electronic transactions, transactions that take place between virtual identities (that is, identities that exist only in the imagination of computers) we are primarily interested in the Authorisation Domain. I’ll come back to this in a moment, but for now let us assume that that Authentication Domain is essentially a solved problem and we don’t need to come back it in this discussion. My assumption is, that banks have strong authentication in place and that they use appropriate standards (eg, FIDO) so that they have device independence. In practical terms, in the world as it is now, this means that I can authenticate my bank Digital Identity (that is, I can demonstrate ownership of that private key) using any smartphone.

The problem then all comes to down standardisation and mutual recognition of credentials in the Authorisation Domain. Let’s take a simple example has been discussed many times recently: IS_OVER_18. Suppose I want to log on and join a Wine Club. The wine club needs to know that I am over 18, so it wants to see a virtual identity that includes the IS_OVER_18 credential (that is, an IS_OVER_18 attribute digitally-signed by someone that the Wine Club trusts – and by “trusts” I of course mean “can take legal action against and recover damages from if the credential is incorrect). The Wine Club would obviously trust banks, so this should be straightforward: provided that we have standardised the Virtual Identity (an X.509 certificate, for example, or an Evernym DID) and that we have standardised the attribute (let’s assume there is an XML dictionary somewhere that defines IS_OVER_18) and that can can recognise the digital signature from an organisation that is on our list of trusted organisations.

As I pointed out in Trondheim, this is a way for banks to participate in transactions, providing a useful service that is unrelated to payments or transaction fees. I, of course, understand that this means it will take sector-wide progress in the Identification Domain, practical implementation in the Authentication Domain and some commitment and co-ordination to get a working set of services in the Authorisation Domain. My question is why haven’t banks taken on board what Cap Gemini said in their report (and I’ve been saying with exhausting repetition for more than a decade) to come together to create the standards and definitions to move forward?

Or, to put it another way, where is the MasterCard or Visa for identity (and is it MasterCard or Visa?).

To the Mooooooooon!


I’ll be testing my assumptions and asking these kinds of questions in Singapore at Money2020 Asia, by the way, as I’m chairing the session on Exploring Digital Identities on 15th March and welcoming some old and very well-informed friends – including Victoria Richardson from AusPayNet, Shamir Karkal from Omidyar, Teppo Pavlova from BBVA and Andy Tobin from Evernym – who will help me open up the topic for the audience. Do come along to “The Moon” at 11am and join us.

* Again.

Noted author talks fraud at Royal Institution

What a piece of luck! I was giving a talk at the CallCredit Fraud Summit at the Royal institution in London and I chose to talk about just how broken our identity infrastructure is. Hardly an original theme, but one that is worth amplifying. As Chris Green (CCO at Call Credit) noted in his introduction to the event, identity fraud is heading towards £200 billion per annum and identity theft is an epidemic.

Pretty bad. Worse still, it looks to me as if no one knows what to do about this, particularly the Government. Given that the Social Market Foundation (SMF) had just issued their report “A Verifiable Success — The future of identity in the UK” (August 2017) which noted that identity verification processes in the UK have not kept up with either technological or social change and says that “the case for change is founded on the dramatic increase in identity fraud, the inconvenience of identity verification and the correlation with social (and therefore financial) exclusion”, I thought I’d talk about how to actually do something about identity in the mass market.


I illustrated the point about just how unsuited our ramshackle infrastructure is with the example of spies, referring to last year’s Financial Times interview with Alex Younger (“C”,  the head of MI6 which is James Bond’s department of the British intelligence services) who explained just how hard it is to be a spy these days. In the old days, it was easy. Just grab a fake passport out of the draw and off you go. But, as the chief spy pointed out, today social media means that it is far more difficult to create a plausible alter ego. Sure, it’s easy to create a fake social media account. It’s easy, but not very useful to a spy. To be plausible, a fake identity needs a reputation. Reputation, unlike identity, is hard to fake. It has a time component. It takes years to build up a reputation that will stand up to scrutiny! If you wanted to pretend to be someone now, you would have to have started building the fake LinkedIn profile a decade ago. The point is that it’s hard for James Bond to pretend to be me, but seemingly easy for me to pretend to be a James Bond on internet dating sites. This is a fun and interesting way to think about some of the issues around identity and I think the audience liked it!

So what was the piece of luck I referred to at the beginning? Well, I turned up at the event, along with the bestselling author (and former politician) Lord Jeffrey Archer. As we had some time spare, I thought I would be helpful and give Jeffrey a few tips on writing books, having just published one myself.



 I think Jeffrey really appreciated my hints and suggestions but unfortunately had to leave for an urgent meeting so I wasn’t able to go into too much detail with him. Before my talk I went off to grab a cup of coffee and picked up the day’s Times to read. It had the very perfect story for me featured prominently. Hence I was able to whip out a copy of the day’s Times and wave it around to great effect at the appropriate point in my presentation!


The point that I was making, of course, is that identity is not just broken but optimally broken, in that it helps the bad guys but not the good guys. We need someone to stop forward with a vision for a better identity future! Where is this person! I heard the Minister for Digital Stuff (this may not be his exact title) talking on BBC radio a few weeks ago in a report on the government’s introduction of mandatory age verification for adult sites. When asked how members of the public could gain access to adult services, the Minister said that people could use credit cards (which is a terrible idea, see for example Ashley Madison) or show their passport to adult sites (which is an even worse idea). I confidently predict that the widespread adoption of either of these solutions will push identity theft even higher.

So why is identity not fixed yet?

As I tried to persuade the audience, if we are going to make any progress we need to have a very different mental model of what identity is. Not some Victorian notion of identity as an index card in a filing cabinet but as the cornerstone of digital relationships and therefore reputation in an online world. We need to develop the strategy based on digital identity, the bridge between the real and virtual worlds. I explain this using the three domain model, as shown on the slide below, and hopefully demonstrated just how powerful this view of identity is.

3DID Basic Colour


We need to move our transactions into the authorisation domain as soon as possible. Let’s go back to example in the newspaper to see why. Imagine I go to the dating site and create an account. As part of this process, the dating site asks me to log in via my bank account. At this point it bounces me to my bank where I carry out the appropriate two factor authentication to establish my identity to the bank’s satisfaction. The bank then returns an appropriate cryptographic token to the Internet dating site, which tells them that I am over 18, resident in the UK and that I have funds available for them to bill against. In this example my real identity is safely locked up back in the bank vault but it has been bound to a virtual identity which I can use for online interactions. So my Internet dating persona contains no Personally Identifiable Information (PII), but if I use that persona to get up to no good then the dating sites can provide the token to the police, the police can see that the token comes from Barclays and Barclays will tell them that it belongs to Dave Birch. This seems to me a very appropriate distribution of responsibilities. When the Internet dating site gets hacked, as they inevitably do, all the criminals will obtain is a meaningless token: they have no idea who it belongs to and Barclays won’t tell them.

One of the key attractions of this architecture, and I’m sure that I am not the only person who thinks this, is that it gives an expectation of redress in the event of inevitable failure. Things always go wrong. What’s important is what the structures, mechanisms and processes for dealing with those failures is. If some fraudsters take over my bank account and use my identity to create a fake profile on a dating site, then I’d expect the bank to have mechanisms in place to revoke the tokens and inform both the dating site and me that such revocations have taken place without disclosing any PII.

This is important because PII is in essence a kind of toxic waste that no companies really want to deal with unless they absolutely have to. Under the new provisions of the General Data Protection Regulation (GDPR), the potential fines for disclosing personal information without the consent of the data subject are astronomical. Hence the complete cycle needs to be thought through because it will be crazy to have an infrastructure that protects my personal data when the system is operating normally but gives it up when the system fails, or when we attempt recovery from failure.

Digital identity gives us a vision of how to do this in our new online world. It is how we keep our real identity safe and sound while we explore the online world in safety using our virtual identities. A huge thank you to Call Credit for asking me along to share this vision with their audience.

The Taylor report is right: we should get cash out of the “gig economy”

The Taylor Report was released today. It’s a report about the “gig economy” and contains a number of proposals for reform in the labour market to modernise the various systems (e.g., tax and benefits) and improve the lot of workers. I don’t propose to comment on any of those proposals, also having recently entered the gig economy myself, I can attest to both benefits and annoyances, but I do want to comment on one point made by the report that was picked up in the media. 

Cash-in-hand payments to builders, window cleaners, plumbers and other trades people should be discouraged through a technology revolution to collect up to £6 billion more in tax, a Government-commissioned review urged today.

From Abolishing cash-in-hand jobs ‘would raise £6bn in tax and benefit workers’ | London Evening Standard

The report notes, entirely correctly, that allowing people to exist in a cash-in-hand economy is not only bad for them (because law-abiding employers get undercut) but that it is bad for the rest of us too. Here’s a short extract from my new book Before Babylon, Beyond Bitcoin on this point:

Professor Charles Goodhart (London School of Economics) and Jonathan Ashworth (UK economist at Morgan Stanley) have studied the subject in some detail. They note that the ratio of currency to GDP in the UK has been rising (as you will recall from Figure 7) and argue that the rapid growth in the shadow economy has been a key cause. In their detailed examination of the statistics, the authors make a clear distinction between the “black economy” (e.g., drug dealing and money laundering) and the “grey economy” of activities that are legal but unreported in order to evade taxation. When your builder offers you a discount for cash and you pay him, you are participating in the grey economy. When your builder offers you crystal meth and you pay him, you are participating in the black economy. They define a total “shadow economy” as the sum of the black and grey economies.

…Two rather obvious factors that do seem to support the shape of the Sterling cash curve are the increase in VAT to 20% and the continuing rise in self-employment, both of which serve to reinforce the contribution of cash to the shadow economy. The Bank say that there is “limited research to confirm the extent of cash held for use in the shadow economy”, but Charles and Jonathan make a reasonable estimate that the shadow economy in the UK could have expanded by around 3% of UK GDP since the beginning of the current financial crisis.

…According to Tax Justice UK, that expansion means that there were £100 billion in sales not declared to UK tax authorities that meant a tax loss of £40 billion in 2011/12 and that will rise to more than £47 billion this year. The IMF have noted that while Her Majesty’s Revenue and Customs (HMRC) is not good at estimating losses outside the declared tax system, which is why their latest estimates for the tax gap are low at £33 billion for 2011/12. And while we all read about Starbucks and Google and other large corporates engaging in (entirely legal) tax avoidance, half of all tax evasion is down to SMEs and a further quarter down to individuals (according to HMRC).  There are an awful lot of people not paying tax and simple calculations will show that the tax gap that can be attributed to cash is vastly greater than the seigniorage earned by the Bank on the note issue. Cash makes the government (i.e. us) considerably worse off.

The suggestion made in the Taylor report should be uncontroversial. However, there are people out there who think that forcing law-abiding persons such as myself to subsidise money launderers, drug dealers and corrupt politicians is a reasonable price to pay because the alternative is unpalatable.

In a world without cash, every payment you make will be traceable.

From Why we should fear a cashless world | Dominic Frisby | Opinion | The Guardian

My old friend Dominic Frisby is of course, completely mistaken about this.  Whether the electronic money in your pocket is completely traceable, completely untraceable, or somewhere in between, is a design decision. As I point out in my new book (did I mention that I had a new book out?) where exactly that dial is set between anarchy and totalitarianism is something that our elected representatives should decide and then ask technologists to deliver. This is subject that I know a rather a lot about and so I can assure you that the technology that we already have is perfectly capable of delivering electronic money anywhere on that spectrum.

My own prediction is based on William Gibson’s prediction in the pages of Count Zero. There, one of the characters in this future fiction notes in passing that “it wasn’t actually illegal to have [cash], it was just that nobody ever did anything legitimate with it”. Therefore I expect to see a variety of different kinds of anonymous electronic value transfer systems that are used to deliver pseudonymous electronic money systems and I expect some of those pseudonymous electronic money systems to be used by banks and others to deliver the special case of wholly traceable payment systems.

That, however, isn’t the point of this post. The point that I want to make is that we need an intelligent and informed debate on what we want to replace cash, since it’s going to happen. It should be society that determines how it wants electronic money to work. Whether cash is going to burn out or fade away, we should be planning its 21st-century replacement now. It’s an interesting question to ask whether that means Bank of England Bitcoins or not!

Csfi jun audience

On which topic I was invited along to take part in the CSFI roundtable on “‘Formal’ digital cash: The currencies of the future?” with Ben Dyson from the Bank of England and Hugh Halford-Thompson of BTL Group last month. The event, held at the London Capital Club, was hugely oversubscribed, which I took to be evidence of renewed City interest in the general topic of digital cash and the specific topic of digital currency.

My good friend Andrew Hilton, long-standing captain of the good ship CSFI, framed the discussion in his invitation ask the basic “what if”. “What if some central bank issued a digital coin that was as widely accepted as a bank note? Or, if not a central bank, what if a group of banks or payments operators issued a similar digital coin?”.

For me, the roundtable was both an opportunity to plug my new book (did I mention that I have a new book out by the way?) and an opportunity to learn in the best possible way: by answering hard questions from smart people. I won’t attempt to summarise the discussion here except to say that there seems to be a lot of confusion about what form a central bank currency might take and it wasn’t limited to the people in the room.

“Such risks could be reduced if central banks offer digital national currencies, which the IMF defines as a ‘widely available DLT-based representation of fiat money’.”

IMF urges central banks to study digital currencies |

Now, why the IMF would define digital national currencies this way is unclear. A national digital currency, or e-fiat for short, may be implemented in any number of different ways. A “widely-available DLT-based representation” would be only one such option and even then it is not entirely clear what “DLT-based” actually means in this context. For that matter, it is not entirely clear what “DLT” means in this context either.

It’s important to separate the topics to move the conversation along: do we need e-fiat and if we do, then how should it work? To the first point I think the answer is probably yes. To the second point, the answer is “well, it depends”. It depends on what we want the e-fiat to do. Should it deliver anonymity or privacy, for example. Should it work like M-PESA or Bitcoin? That’s a fun discussion. How much would it cost to set up “Bank of England PESA”? It wouldn’t even have 100m accounts and Facebook has a couple of billion. If they were to look at some form of shared ledger solution, where copies of the “national ledger” are maintain by regulated financial institutions (e.g., banks – whereby taking part in the consensus-forming process would be a condition of a banking licence) and the entries in those ledgers related to transfers between pseudonymous accounts (i.e., your bank would know who you are but the central bank, other banks and auditors would not) then it would be a permissioned ledger (without proof of work) that could work pretty efficiently. Either way, my point is that it’s doable, so we ought to do it. 


After the euro, the digital euro

Hello. It looks as if the number of currencies in the world is set to go up again. Across the English Channel, satisfaction with supra-national monetary arrangements is waning.

[Marine le Pen] said she could see the EU setting up another currency like the ECU, or European Currency Unit, which the bloc used for internal accounting purposes before the euro was introduced in 1999.

From China Media Warn Trump of ‘Big Sticks’ If He Seeks Trade War

Now, younger readers may be unfamiliar with the ECU, but I’ve written about it more than once on this blog. The idea of restoring the Franc while simultaneously creating a new pan-European currency actually makes sense and I’m rather in favour of it. Which makes we wonder how she got hold of the draft manuscript for my forthcoming book “Before Babylon, Beyond Bitcoin: From Money We Understand to Money That Understands Us” that the good people at the London Publishing Partnership have agreed to publish in June? Oh well, since the cat is out of the bag, I may as well give you a sneak preview…

I remember hearing the Chancellor of the Exchequer talking on the radio during the great financial crisis. He referred to the difficulties of currency union and spoke about the problems in Ireland, Greece, Portugal and Cyprus. He spoke about the problems of maintaining monetary policy across currency unions between economies with different fundamentals. All true. But he didn’t explain why this is different for the UK. How is the insanity of trying to maintain a currency union between Germany, Luxembourg and Greece any different to the insanity of trying to maintain a currency union between England, Wales and Scotland? The fact that they are in a political union does not alter the facts on the ground: they have fundamentally different economies. The Chancellor was arguing that if Scotland opted for independence, it would be impossible to maintain a currency union between England and Scotland. But surely that is true now! The best monetary policy for England is not necessarily the best monetary policy for Scotland, and technology means that what was optimal for commerce at the time of the Napoleonic Wars may no longer best for the modern economy.

If the argument for currency union is only about transaction costs within economic zones, then former Chancellor of the Exchequer John Major set out a potential way forward in 1990 (although the idea dates from 1983) with his alternative to the euro, which was at the time was labelled the “hard ECU”. The ECU was the “European Currency Unit”, a unit of account set using a basket of currencies, that was intended to help international business by minimising foreign exchange fluctuations. Major’s idea for the hard ECU was a fully-fledged currency with a “no devaluation” guarantee (Hasse and Koch 1991). Whereas the ECU reflected the weighted average of inflation rates in the countries concerned, the hard ECU would be linked to the strongest currency (which would have been the Deutschmark, of course). This guarantee would be backed by a commitment from participating central to buy back their own currency or make good exchange losses in the event of devaluations.

Imagine what that kind of parallel currency might look like today. It would be an electronic currency that would never exist in physical form but still be legal tender (put to one side what that means in practice) in all EU member states. Thus, businesses could keep accounts in hard ECUs, even in a post-EU England, and trade them cross-border with minimal transaction costs. Tourists could have hard ECU payment cards that they could use through the Union without penalty and so on. But each state would continue with its own national currency (you would still able use Sterling notes and coins in British shops) and the cost of replacing them would have been saved.

The reason for doing this is to minimise the costs of doing business across Europe while giving each country control over its own currency. But the more general point that I want to make is that the advance of technology gives us new choices in the way that money works. The way that money works now is not a law of physics: it is a set of institutional arrangements that could be changed at any time. Thus, if anything, Ms. le Pen is not being radical at all. Why have nation-state control over money? Why not allow regions to have their own currencies? Why not use Google Money? Or Islamic e-Dinars?

I’m not the only one who thinks this, by the way. Check this out from “The Futurist Magazine” in September 2012, where as part of a compilation of pieces envisioning life in 2100, the article asks if we will still have money in 2100, and speculates on what form it may take if we do:

It is quite likely that we will still have money in 2100, but it may not be issued by governments any longer.

[From European Futures Observatory]

I couldn’t agree more. But if not governments, then who? One of the things I discuss in my book is my “5Cs” model for thinking about future issuers: central banks, commercial banks, companies, cryptography and communities. My good friend Rob Allen from PwC was kind enough to use this model in Sydney this week and, frankly, if people like Rob are taking it seriously then I know I’m on the right track.

It’s time to start thinking about the future of money and not just because I have a book about it coming out in June (did I mention that before?) but because the current industrial age monetary arrangements do not support the post-industrial economy.

Book review: Demystifying communications risk

Demystifying Communications Risk: A guide to revenue risk management in the communications sector.
Mark Johnson (Gower: 2012).

In telecommunications, just as in banking and retailing and most other businesses as far as I can tell, fraud is an ever present cost of staying in business and managing that fraud down to acceptable levels is one of the most important roles of operational management. That’s easy to say, but hard to execute. I picked up Mark Johnson’s “Demystifying Communications Risk” (recently published by our friends at Gower) by Mark Johnson from The Risk Management Group hoping for a few ideas on this front and I wasn’t disappointed. I’m not an expert on the operational management side of telecommuncations, but I think for someone entering the field Mark’s layout, examples and checklists combine to make the book a very useful starting point.

The overall message of the book, for me, was (as always) isn’t hackers who are the problem, but the staff. Here I found Chapter Four the most relevant. It is fascinating discussion on managing insider fraud, written by Nick Mann of Nick Mann Associates, which shows just how hard this is, partly because of the variety of the frauds and partly because of the statistics. Basically, most employees are potential fraudsters! He gives a case study of an internal fraud that was uncovered after $6 million in losses, yet not a penny was recovered., highlight the point that prevention is better than cure. Actually, I thought Michael’s use of specific case studies was very helpful throughout the book and in some cases very surprising (for example, the clock drift on a switch leading to incorrect rating). I found his discussion of prepaid frauds especially interesting, partly because they are so simple and partly because I think the growth in prepaid will continue over the coming years.

I rather liked Michael suggestion of a risk management “dashboard” of relevant key performance indicators. We do a lot of risk management work in the digital money and digital identity fields, and help clients to devise and implement appropriate countermeasures, and I will be certainly using the dashboard idea in the future.

Mark covers many of the areas that will be familiar to risk management practitioners including computer and communications security, countermeasure return on investment and revenue assurance control points but he also introduces management techniques that strike me as being pretty helpful to newcomers (looking at risk strategy as the interconnection between risk management cycles, for example). I think he will open many people’s eyes to some wholly new categories of risk that will need managing in the modern communications service provider. He gives over a whole chapter to the specific headache of dealing with anti-money-laundering and anti corruption controls that are unfortunately part of the customer billing and management world now: a very valuable summary.

All in all, this book distills a great many years of practical experience in a presentable and practical form and is sure to be useful to those entering the realm of revenue management.

In the future, everyone will be famous for fifteen megabytes


Barclays have started a new service whereby you can upload your own image and get a personalised debit card. This sounded like a really fun idea, so I thought I’d give it a try. Unfortunately, Barclays rejected my chosen image because it “has not met our image guidelines”. So I thought I’d better read them before I send another image. The guidelines are that the image must not contain any of the following:

  • Trademarks or company names (e.g., images marked with ® or ™ signs);
  • Images or text protected by copyright (e.g., images marked with © or other watermarks or notations);
  • Slogans, tag lines, branding, marketing or promotional products, services or images of companies;
  • Images of, or the name or nickname of, celebrities, musicians, sportspersons, entertainers, public-figures, film stars, cartoon characters, members of the Royal Family or other famous people;
  • Contact information (e.g., telephone numbers, online usernames, account numbers, addresses or e-mail addresses);
  • Political statements, or images relating to ethnicity or religion;
  • Images of flags;
  • Images, signs, symbols or text relating to money, currency, drugs, tobacco, alcohol, gangs, hatred, graffiti, betting, gambling, or financial products or services;
  • Provocative, lewd or sexual images or content;
  • Nudity;
  • Offensive material (e.g., images, signs, symbols or text relating to violence, death, injury, racism, cruelty, profanity, obscenity, weapons, firearms, ammunition or terrorism);
  • Anti-social or obscene behaviour, or socially unacceptable groups;
  • Content where drinking (or being drunk), smoking or gambling is the focus;
  • Text unless benign and in the English language;
  • Any image that might reflect poorly or might engender hostility toward company brands (including MasterCard®, Visa® or Barclays);
  • Any reference to the Olympic Games, World Cup or any other international branded event;
  • Reference to any bank, building society or other monetary institution;
  • Any inappropriate content;
  • Weapons may only be included if they are being shown in a ceremonial context.

Having scoured the contents of my hard disk I’ve been unable to locate a single image that doesn’t fall foul of these guidelines, so I’ve had to abandon the experiment.

Interestingly, my existing Barclays debit card appears to fall foul of these guidelines because it makes reference to a bank and shows my account number. I will call the help desk to warn them.


In the future, everyone will be famous for fifteen megabytes

Mobile data paradox

My chum Tony Poulos interviewed an analyst from Ovum about mobile data pricing recently. I was listening to this, and it reminded me about a huge telecommunications conference that I attended a couple of months ago. There were hundreds of people and operators from all around the world. At one point during the event, the wifi went down. At this point, not only did people stop blogging, twittering and otherwise recording what was going on but actually stopped looking at and listening to the speaker. Basically, at an event full of people from telcos, no-one had data roaming turned on.

The mobile operators have priced mobile data roaming so insanely that they are encouraging their customers and their own employees to seek alternatives. Instead of making a reasonable amount of money from them, they make none, and are actively training the customers to reduce future revenues. I don’t need my e-mail every second – it’s not like I’m a heart surgeon waiting to hear about a transplant – and people can text me if there’s anything urgent. So I leave roaming turned off and wait until I walk part Starbucks or wherever.

If they keep this up, they may be able to persuade to turn off mobile data completely.


In the future, everyone will be famous for fifteen megabytes