Japan is another rich developed country where Bitcoin is becoming respectable


Respectable is a prelude to mainstream. Bitcoin needs to seem normal, legal and safe before it can go mainstream. In this post we look at the signs of that happening in Japan.

Switzerland is another example of a rich developed country where Bitcoin is becoming respectable. Switzerland and Japan also have strong currencies. This is the opposite of the theory that Bitcoin adoption would happen first in countries with failing currencies. Many people were drawn to Bitcoin by dreams of stateless trust based on math replacing more authoritarian governance. So the meme got established that Bitcoin would first go mainstream in countries like Argentina; we debunked that theory here.

Japan is the third largest economy in the world (after America and China), so Bitcoin adoption here is a big deal.

Japan is where we go for some of the early history of Bitcoin. Magic The Gathering Online Exchange became MTGox. From trading cards beloved by nerds, they went to trading a currency beloved by nerds. When MTGox went bust and lots of people lost lots of money, it became a byword for the lawless dangerous world of Bitcoin.

That could be the end of the story, but it turns out it is only the first chapter. In chapter two, Japan has made three moves to encourage Bitcoin adoption:

  • Regulated Exchanges
  • Legal currency status
  • Elimination of sales tax

This has led to some good business results:

  • No 2 in trading volume
  • 5,000 merchants accepting Bitcoin
  • Strong VC funding (in a generally weak environment)

Regulated Exchanges and Insurance

The MTGox failure was explained by a simple old fashioned problem – commingled accounts. When you buy IBM shares on NYSE, you don’t worry that the NYSE can get your IBM shares. That is an easy fix; but it still needs to be policed/regulated.

In 2016, Japan passed a bill that mandates that virtual currency exchange operators have to register with the Japanese Financial Services Agency and submit to on-site inspections and KYC practices.

This level of regulation encourages insurance companies to step up the plate and offer insurance to bitcoin exchanges (a subject we first covered in this post).

Mitsui Sumitomo Insurance cover ranges from ten million yen (US$88,500) up to one billion yen (US$8.85 million). It also covers loss from internal and external threats, including employee theft, mistakes, cyberattacks, and other unauthorized access.

The first customer is Japan’s largest bitcoin exchange, Bitflyer. By working with a highly professional exchange, Mitsui Sumitomo Insurance can also offer best practice advice. After a number of bitcoin exchange blow ups, the best practices are now well established. If a bitcoin exchange follows these, the risk of loss goes down (which is good for the Insurer) and being insured will help bitcoin exchanges to gain consumer confidence.

Fear of getting ripped off is no longer a deterrence to bitcoin trading. Now it comes down to standard risk/reward calculations that traders make every day. Today bitcoin offers two things that traders love – volatility and wide spreads. However, none of this could happen until the exchanges became safe.

Legal Currency status

The new law defines bitcoin as a legal currency that can be used to make payments and an asset that can be transferred digitally. That is simple but game-changing. You may pay for illegal things using bitcoin, but the currency itself is just as legal as a suitcase full of cash in a parking lot.

No sales tax

Later in 2016, Japan defined plans to drop sales tax on Bitcoin.

This is not yet a done deal, but could take effect as early as July 2017, according to CoinDesk. This means customers don’t have to pay tax for each transaction. This is similar to the early days of e-commerce when no sales tax was levied. This will make paying with bitcoin more attractive, by making it cheaper for the buyer and lower admin for the seller.

So much for what has been done to encourage adoption, here are the signs are that adoption is happening:

  • No 2 in trading volume
  • 5,000 merchants accepting Bitcoin
  • Strong VC funding (in a generally weak environment)

No 2 in trading volume

While China is easily the leader in Bitcoin trading volume, Japan is the silver medalist. As in China, a lot of the volume can be attributed to the fact that Bitcoin trading on exchanges is zero cost in China and Japan, encouraging frenetic trading that does not mean that much. Many say that real volume is less than 30% of headline volume.

While the trading volumes may be misleading, there is a wall of money ready to move into bitcoin trading if Mrs Watanabe steps seriously into the game. Mrs Watanabe is the archetypical retail investor in Japan. Culturally, Japanese retail investors have sought safe investment options. However, perpetually low interest rates since the 1990s led many to become active in the carry trade (in which investors borrow a low-cost currency like the yen and buy high-growth currency, netting a profit). It is a short step from that to trading in bitcoin, which is attractive to traders because of volatility and wide spreads.

The real proof of the bitcoin pudding is whether it is being used to buy and sell goods and services.

5,000 merchants accepting Bitcoin

Today more than 5,000 merchants and websites in Japan accept Bitcoin as payment.

We still cannot see merchant transaction volume, a subject we covered in our latest bitcoin ecosystem health check.

Some speculate that the Olympics, due in Tokyo in 2020, will give bitcoin a boost as visitors can pay in bitcoin rather than converting to Yen. This is where the sales tax could be critical.

Strong VC funding

In a generally weak environment for bitcoin VC deals in 2016, Japan saw two significant deals – bitFlyer and Techbureau.


The third largest VC investment in 2016 happened at the end of April for US$27 million to Tokyo-based Japanese bitcoin exchange bitFlyer. It was a Series C round, bringing their total funds raised to $33.94 million. Investors include Venture Labo Investment and SBI Investment.


TechBureau, which operates a bitcoin exchange called Zaif and a permissioned blockchain platform named Mijin, raised $6.5m in a Series A. Participants in the round included Arara, a financial services firm; online information portal OKWAVE; VC firms Nippon Technology Venture Partners and Hiroshima Venture Capital; and FISCO, a corporate analysis firm. TechBureau bill themselves as a ‘Crypto-FinTech Laboratory.’ Many Japanese startups and projects were born in the lab including the popular Zaif bitcoin exchange.

Regulation does matter – ask Coinbase

Compare Coincheck which has the lion’s share of bitcoin merchant processing in Japan to Coinbase which has that position in America.  While Coincheck operates in a relatively benign regulatory environment, Coinbase is in legal battles with the IRS.

The key part of merchant processing is off ramp ie converting to Fiat. This a function of an exchange. Lots of traders also make for liquidity and price discovery which will be good for merchant adoption and mainstream use. So the Japanese focus on exchanges makes total sense.

Image Source

If you want to see these insights before your competitors, join over 16,000+ of your global peers who subscribe by email and see these trends reported every day. Its free and all we need is your email.


Another bitcoin ecosystem health check as we slide into 2017


Gute rutsch is the Swiss greeting for New Year. Translation = good slide. I hope y’all had a good slide into 2017.

 Now for all those resolutions – like going for regular health checks.

As we try to determine the health of the bitcoin ecosystem, some regular health checks are called for.

We have done two bitcoin ecosystem health checks in the past –  in June 2015 and April 2016. We publish those today for reference. All the data we use is in the public domain and we publish our methodology, so anybody can run these tests at home – no expensive medical equipment or training needed. All we ask is that you tell us if you see a way to improve the testing methodology.

Yes, the image is of only one health check, which is price, but the reality is that the price is what gets people’s attention and the price is rising. The biggest barrier to traction is being ignored and we can see the Google Trends and price of bitcoin correlate well. A rising price gets attention and that may impact the other metrics.


We look at 4 indicators

  • Indicator 1 = Price. What do investors/traders think? This shows the wisdom of the crowd with skin in the game. Yes, we can also see the madness of crowds in the chart, which is why our health check looks at 4 indicators not one.
  • Indicator 2 = Merchant Transaction Volume. Is bitcoin being used as a currency in the real world? What do merchants and their customers think? This is a good forward indicator – like a blood pressure check. The problem is that this data is tough to get.
  • Indicator 3 = Cost Per Transaction. It ain’t free, but we hope it is cheaper than credit cards. Entrepreneurs will markup cost to provide valuable services, but what is the cost?
  • Indicator 4 = Transaction time. Is this approaching the “human real time” (a few seconds) that consumers expect from digital services? Or will we have to trust centralized intermediaries to make it look like human real time (rather ruining the core proposition of bitcoin)?

For data we mostly use Blockchain.info

Note: in order for this doctor to have a holiday, the health check took place in December 2016.

To discuss and improve the methodology, please go to this thread on the Fintech Genome. We are open sourcing our methodology in order to get contributions from the community to improve it.

Why 4 indicators are needed

If your doctor only ran one test, they would be negligent. The bitcoin ecosystem is complex and therefore also requires a number of tests. I am using this analogy to debunk three memes that took hold in 2016:

  • Meme # 1: Don’t worry about the bitcoin currency use case. The thesis is that bitcoin is just a store of value like Gold (so price is the only thing that matters). This is mostly said by people who own a lot of bitcoin “talking their book”. It is also said by bankers who find the idea of a currency outside their control to be deeply disturbing. It is far from certain that bitcoin will gain mainstream traction as a currency, but I am absolutely certain that bitcoin cannot be a reliable store of value if it fails to become a mainstream currency. It is hard to imagine a store of value (as opposed to a speculative instrument) that you cannot also use as a currency. Tulips is not a good case to cite. Gold is both a store of value and a currency; prudent people use it as a hedge against Fiat currency failure on the assumption that people will accept Gold in return for goods and services if everything goes pear shaped . Speculators will do what you see in that price chart spike in 2014 – if you bought at the bottom and sold at the top, well done; most people did not do that in which case the spike and crash was meaningless. Long term wealth protection clients look for something a bit less volatile with some fundamental value. So, they will also want to see thar the other 3 indicators are healthy. It is hard to imagine the price of gold going to zero. It is not hard to imagine the price of bitcoin going to zero if the other 3 indicators show sickness. Great cholesterol numbers are no consolation if you have cancer.
  • Meme # 2: bitcoin is just the first application use case for Blockchain technology and it is OK if bitcoin fails. If Indicators 3&4 are weak, then it means that all consumer Permissionless applications will fail. Without consumer Permissionless applications, the Permissioned enterprise Blockchain stuff will just get rolled up into the Oracle stack and be a footnote in enterprise technology history.
  • Meme # 3: Cyber currency is inevitable, it just might not be bitcoin.If bitcoin fails, after so much hype, it will take a really, really long time before another Cyber currency gets past the resultant skepticism. This brings to mind the famous quote by John Maynard Keynes in 1923:

“The long run is a misleading guide to current affairs. In the long run we are all dead. Economists set themselves too easy, too useless a task if in tempestuous seasons they can only tell us that when the storm is past the ocean is flat again.”

Indicator 1 = Price

Look at this long term price chart:


The 2014 spike is pure speculation. The 2016 price chart looks more suitable for investors – as long as the other health indicators come out OK.

One of our 2017 Predictions is:

“bitcoin price will go past its all time peak of $1,242 (from 2014) and then settle back just below $1,000 for most of 2017.”

If that prediction is true, then bitcoin will be seen as best performing currency of 2017. That will bring in mainstream investors.

The problem is that you can assess bitcoin as a store of value in three ways:

  1. currency
  2. commodity
  3. startup stock

The latter is where we get the wild forecasts of a single bitcoin being worth $100,000 or $1,000,000 (from about $966 as I put key to pixel). Before dismissing that as crazy, consider the fact that one share of Berkshire Hathaway is worth about $250,000

Like a stock, the supply of bitcoin is fixed. In the case of bitcoin, it is fixed at 21 million. If you own 210,000 bitcoins you own 1%. That is why bitcoin people talk about market capitalization (which is not how you talk about currency).

Bitcoin as an asset class is gaining some momentum. For example, Polychain capital, a hedge fund investing in digital assets has managed to raise $15m from top tier VC such as Andreesen Horowitz and Union Square Ventures.

The near zero correlation to other asset classes is attractive. Volatility and liquidity look fine.

This is where the other tests matter. Investors will happily take a punt on a big upside if the downside risk is protected. If you bought bitcoin in 2009 it was like buying founder stock – you have no downside. If you buy bitcoin in 2017, you spend real money. For downside risk to be protected, bitcoin must be more than tulips. It must be a real currency. Which brings us to Merchant Transaction Volume.

Indicator 2 = Merchant Transaction Volume

We want to track this because we need to see how much are people paying for goods and services using bitcoin. In short, is bitcoin being used as a currency?

To track this we need to subtract the transactions done for speculation or money laundering.

This data is surprisingly hard to find. One data point on Blockchain.info that is helpful is Number of Transactions Excluding Popular Addresses.

This does show some reasonable growth and excludes speculative bursts around events such as Brexit.

Hard data is hard to come by, but we see anecodatal evidence such as (from Techcrunch) that Airbnb CEO Brian Chesky asked for product suggestions for 2017, and accepting Bitcoin payments was the number one most requested feature for the company.

Is there a better data point to track? I imagine that big payment processors such as Coinbase, Bitpay and Circle have this data, but do they put this in the public domain?

Indicator 3 =Transaction time

The Average Transaction Confirmation Time shows this. There is nothing dramatic about this chart, it looks stable as one would expect unless there had been a significant change to the protocol. The problem is simply the numerator, which is in minutes.

This is where we expect to see a lot of change in 2017 as Segregated Witness and Lightning Network roll out. For background on these scalability issues please read this post.

Indicator 4 = Cost Per Transaction

Blockchain.info shows this. The data problem is that this chart is in USD, so the exchange price gets in the way. What we need is cost per transaction in bitcoin (just like we use transaction volume in bitcoin). If anybody knows where to find this, please tell me. Maybe one could compute this from a mix of things like Hash Rate and Difficulty. However, that is a nuance. The big picture is that small transactions are not economic today. Which means some combination of offchain centralized processing and/or use of Sidechains. This is another area where Segregated Witness and Lightning Network rolling out in 2017 will have a big impact.

Past checkups

As you can see, the methodology is evolving.

April 2016

June 2015

Image Source

If you want to see these changes coming before your competitors, join over 15,400 of your global peers who subscribe by email and see these trends reported every day. Its free and all we need is your email.

Strong user authentication could enable big companies to get insurance from cyber crime


This is day 4 of Digital Identity Week.

This post is about the theory of the “insured Internet”.

Most people who track cybersecurity agree on: 

  1. Anything that is digital can be hacked. Nothing is secure. It does not matter whether you are a Fortune 500 company, Government, US Presidential candidate, mega Bank or payment network. You will get hacked. It is an arms race that the good guys are losing because every solution, no matter how clever and expensive,  has a shelf life until the bad guys find a way around it (and the payoff for the bad guys is big enough and the Crime As A Service networks use the full power of digitization). Your identity can be stolen with ease and with a valid but stolen identity all the KYC & AML processes are useless.
  1. This is a Board level issue in big companies. They are willing to spend whatever is needed because the cost of a breach is so high. This is an existential threat for the biggest companies on the planet.
  1. User authentication is the key. Eliminating static passwords is essential. That is why the biggest tech companies in the world came together to create the FIDO Alliance. This is too big for one company and is critical to all.

The idea of the “insured Internet” is that the security of a customer’s data is protected to a level that it can be insured at a reasonable price.


The company who can deliver this fully secure authentication with one time passwords today is Trusona (one of the members of FIDO Alliance).

You can see their demo on their home page, which only takes a few seconds. They unveiled this at Finovate Fall 2016 (where they won Best of Show). The founder was able to give the demo 4 times during the 7 minutes allocated by Finovate, while still leaving room for a relaxed, jokey talk to make the point about how easy this will be for every mainstream user. This is grand-parent friendly.

For the story behind the dongle based technology, which is free to users, read this post on NetworkWorld.

“The TruToken dongle is the miniaturization of anti-ATM-card cloning technology made by MagTek that reads not the digital data recorded on cards’ magnetic strips but rather the arrangement of the pattern of the barium ferrite particles that make the strips magnetic. The particles are so numerous and so randomly placed that no two strips have identical patterns, says Ori Eisen, Trusona’s CEO. That also makes the strips unclonable, he says.

In order to use the authentication system, the Trusona app on the user’s device connects to Trusona’s cloud. The user plugs in the dongle, and if the dongle ID and device ID have been paired, the user is prompted to swipe a card with a magnetic stripe that has also been paired with the user. That can be a credit card, driver’s license, library card, etc. The barium ferrite particles must match.”

Before starting Trusona, Ori Eisen was worldwide fraud director at American Express. So he knows why credit card companies have to charge so much – combatting fraud is expensive.

This is particularly important in America as it makes the transition from mag stripe cards to EMV (we covered the implications in our August 2015 post).

I imagine the Trusona sales pitch to SWIFT will be well received after the hacks they recently suffered (which we covered here).

Over a year ago we wrote that the only way out of the cyber security nightmare is to move off centralized data centers to a fully decentralized Blockchain based network.

“For Banks to seize this opportunity, they have to discard the notion that centralization = secure. Putting it all in one place with a great big lock has been the accepted way since banks started. Decentralization sounds wild, almost hippy, with echoes of anarchic P2P services such as Napster.”

There are many reasons why the Internet will return to its decentralized roots, but telling a Fortune 500 board that their only hope is to move off centralized data centers to a fully decentralized Blockchain based network would get you some odd looks. A Trusona pitch would be much easier.

Swiss Grand Parents may be first

If you live in Switzerland, you may already use a dongle with one time passwords. Many Banks insist upon it. But each dongle is bank specific and can be rather unfriendly to use, making onboarding harder. So the mass market rollout could happen first in Switzerland.

Not only is it easier for onboarding, but as the Network World article explains, the Trusona dongle adds an additional layer of security.

“The way the card is pulled through the card reader on the TruToken is also a unique identifier, Eisen says. People pull them through at different speeds, at different angles and from different directions in a manner that is readable and unique, he says.”

John Le Carre can explain

In October 2015, we wrote about how tokenization could be the trojan horse that will break the credit card rails.

“tokenization enables the one time password that a student of cold war espionage stories would recognize. If you steal the token/one time password, you can steal the contents of that message/payment and only that message. That is fundamentally different from stealing the Primary Account Number (PAN). If you steal the PAN (by physically stealing a card or reading the mag stripe encoded data from a merchant) you can steal a lot of money.”

Implications for InsurTech

This affects everything that happens online. If customer data is insecure, all the business models based on social, media, analytics, cloud and ecommerce are threatened. Securing data through strong user authentication makes the Internet viable. It is as dramatic as that.

Trusona happens to be first to market with some clever technology, but secure user authentication is much bigger than one company. That is why FIDO Alliance is backed by the biggest global Fin companies and the biggest global Tech companies.

One of the Board Members of FIDO Alliance is Abbie Barbir, who is a Senior Security Adviser at Aetna.

As this article in CIO points out:

“Cybersecurity insurance transfers some of the financial risk of a security breach to the insurer. But it doesn’t do a good job of covering the reputation damage and business downturn that can be triggered by a security breach. “

Also the cost of Insurance is totally dependent on your level of security. Imagine your car insurance premiums if you had to tell the Insurance company that you always left the doors open with the key in the ignition (and the title deeds in the glove box).

As CIO puts it:

“Cyberthreats are so broad that the cost of protecting against them all would be prohibitive.”

This will be a big market for insurance and, being new and tech enabled may leave room for an InsurTech innovator.

Image source

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge platform.


Capital Markets and IDs


In theory, we have been able to design Digital Identity solutions for a while now. However, the costs were prohibitive and interoperability issues needed to be solved.

Today, we can implement technology (hardware) that is cheap and this allows us to experiment and target opportunities that couldn’t be exploited before.

It is cloud computing, cryptography, public key encryption and peer-to-peer networking protocols that are the critical “cooking ingredients” for recipes that can solve costly and basic problems in Capital markets, like provenance, authentication and reconciliation.

In this post, we zoom into the Digital identity issue (whether for an end-user or a corporate entity) in Capital Markets. In traditional financial lingo, this is coined as KYC and it shifted on the very top of the stack of issues that keep up managers at night, mainly after Sep 11.

Currently in Capital Markets we are looking for the following qualities in a Killer Digital Identity solution:

  • Cheap
  • Ability to be accurately updated
  • Accessible and Granular = Interoperability and Granularity
  • Immutable

The last two qualities are critical and encapsulate the practical difficulties of such a service. A Killer Digital Identity solution should offer both individuals and organizations the ability to authorize actions on their behalf. This can range from settling a trade, to registering for a financial product or service like an investment product or a loan.

At the same time, it has to be granular so that only the pertinent bits of the Digital Identity are used.

This is what Pascal Bouvier has been pointed out for a while. It is critical because it enables individuals and corporates to choose how to interact with a merchant or a supplier or a client. Being able to have a secure way to divulge only the granular bits of information is the key. It is also the enabler to be used in different contexts without having to go through the whole process again.

Imagine a world that any individual can open a bank account for their consumer banking needs, a telco account, an investment account, a brokerage account …. with different institutions securely, with all updated info, without having to repeat the whole process (e.g. they all need a copy of passport or a digital picture but the telco account needs much less information than a brokerage account that allows me to trade options and futures and buy stocks on margin). In addition, in order to register a corporate entity for a business, imagine a world where one can avoid repeating the process that overlaps with all the above, the registry is able to obtain accurate Social KYC information around the shareholders and directors of the company (updated real time), and have access to any particular cross-border information necessary.

There is one Fintech based on the Isle of Man that has been focused on developing such apps using blockchain technology. Credits, has been working with the government on the Isle of Man to develop “The Federated Know your Customer” app that was demoed at the recent Misys World Trade Symposium. This sits on the cloud and has the four elements mentioned above. Credits is also in conversations with the UK government for use cases in regulatory reporting and healthcare. Credits has not been at all focused on creating some cryptocurrency or some decentralized app. They have been thinking differently, in that they are focused on solving specific problems in the infrastructure of capital markets. Digital ID has been their first use case.

We are in the very early stages leading towards an invisible ID for individuals and corporates for the variety of functions in Capital Markets.

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge Network. Efi Pylarinou is a Digital Wealth Management thought leader.

Introducing Digital Identity Week on Daily Fintech


Are you really sure I am not a dog? Maybe I am a really smart dog with an AI implant pretending to be a human. Disclosure, Daily Fintech is written by a stealth mode AI venture as a proof of concept.

Seriously folks, you cannot know my Identity. To read a free post you don’t care. If you are going to send me money, you do care. You do not want to send money to my dog.

This week on Daily Fintech is all about Digital Identity (KYC as seen by the bank). This is part of a series where we look at the impact of different disruptive technologies on Finance. In the past we have covered Blockchain, Artificial Intelligence, Regtech, ChatbotsXBRL, Wearables and Open API.

Digital Identity touches on almost everything Fintech. It is the foundation of trust and trust is the foundation of value exchange. In it’s KYC guise, it is core to RegTech. 

Do you hate the trade-off between security and productivity involved in passwords? You can do it properly (long complex passwords that are different for each service and that you change regularly). which gives you security but is too much of a time suck for most humans. Or you can leave your digital door wide open to hackers. 

Do CAPTCHAs annoy you? Ever wonder how secure they really are? 

Do you find the easy way out of entrusting your identity to some big social media service that becomes your gateway to the Internet and knows your most intimate secrets a bit disturbing?

If so, you are not alone. Welcome to the world of Digital Identity, which is trying to find a solution for you.

Today is the briefing about Digital Identity. Then we resume normal programming by focusing each day on use cases within different customer segments:

Tuesday = Wealth Management and Capital Markets

Wednesday = Small Business Finance

Thursday = Insurance 

Friday = Consumer Banking & Finance.

Government Issued Identity Artefacts

In the West we are used to proving our identity with simple artifacts such as driver’s license, passport or social security number. In the Rest (Of the World), verifiable identity is the on ramp to financial inclusion. This was brought vividly home to me when waiting in line at a Post Office in NYC and witnessing the desperation of a homeless person being refused a PO Box because she had no physical address. Without that PO Box she would be refused the job she had applied for. She would be an unperson without any official identity.

What if you are a refugee or live in a failed state? What if a Government Issued Identity Artefact is simply not an option?

In India they are tackling this through the Unique Identification Authority of India also known as Aadhaar. This an example of “first the Rest then the West” (leapfrogging old technology). The Indian Aadhaar system does two key things:

  • first, enrolls people by taking 13 biometrics (10 fingers, 2 iris scans and a photo).
  • then, issues a unique 12-digit random identifier (11 random numbers and one check digit to be precise)

When a person uses their Ardhaar Number (for example to access a bank account), they present their 12-digit number and then the entity they are interacting with does an authentication step (to prove they are indeed the person the number they are presenting points to).  This authentication step then replies back yes/ no (the presented biometric either matches the one on file or it doesn’t).

This is far more secure than something like a Social Security Number in America which is easily hacked by identity thieves.

Biometrics – “what part of your anatomy does Sir/Madam wish to use?”

Biometric security, which aims to replace passwords and CAPTCHA, comes down to a simple question. Which body part do you want to use to identify you?

– Finger. This one scares me. It is hackable, by simply recording somebody’s fingerprint and putting that on thin film. I can change my password if I am hacked, but I cannot change my finger.

Eye: Iris recognition does not seem ready for prime time yet.

Voice. This has a nice old-fashioned ring to it. Voice recognition is like the banker who recognized your voice. The tech has been brewing for a while and seems ready for prime time. VoiceVault and Nuance are the two leading contenders. Voice is probably better for high value transactions than getting a coffee or paying for a subscription. Talking to my phone in the line for my coffee seems too much like the movie Her.

Typing rhythm. I never understood why BioPassword did not do better, it seemed so simple and elegant. Maybe mobile changed typing rhythm and created new rhythms around swipe.

There may be something new that emerges out of smart watches, such as pulse recognition, but that hits the universality problem ie not many people have smart watches.

That is why the Indian Ardhaar system takes 13 biometrics. It also uses low cost, robust/proven technology. This is not a laboratory experiment. It is a mass market deployment where every fraction of a penny counts.

FIDO – authentication with low friction

No, this is not your faithful dog.

The FIDO Alliance is an Identity Management consortium with 250+ members that are famous names in banking, insurance, e-commerce, authentication technology, payments, cellphone SIM suppliers and consumer electronics. The FIDO Alliance develops protocols and standards to authenticate users via their personal devices, so that users can get rid of passwords.

FIDO uses a hardware cryptographic device called Universal Second Factor (U2F), which generates a new key pair for every service that you connect to.

U2F does not rely only on biometrics. That is why it can claim the title Universal.

FIDO is designed to get the balance right between security and friction/ease of use. So FIDO allows for any of the factors of authentication to be used, such as:

– cryptographic tokens (think of this as something your device does for you to help authenticate you)

– biometrics

– somewhere you are (based on a geo-location service)

– something you know – a one-time password that is cryptographically created (and as any cold war espionage buff will tell you, one time passwords work very well).

The U2F protocol does not identify a user, it merely proves that someone has the device with control over a registered key.

Device based authentication from the past has major issues:

  • Magnetic strip card. This is your conventional credit card. These are fading out because they is so open to fraud. It only costs about $50 to buy a mag strip writer, and it’s easy to get your hands on cards to copy them.
  • Proximity card or RFID. These cards transmit stored information via RF (Radio Frequency). It is used more for identifying products (for example in a supply chain) than for people. For people there are privacy issues. For example, a Passport with RFID tags could be used by governments to remotely identify citizens of a given country by physical location (and in the wrong authoritarian hands that is dangerous).
  • Chip Cards. These are sometimes called Smart Cards or more technically Challenge/Response cards and Cryptographic Calculators. They perform a cryptographic calculation. Sometimes the card will have memory, and sometimes it will have an associated PIN (“Chip & PIN”) and sometimes not (“CHIP and Signature”). They are not fully secure on their own – being vulnerable to power-analysis attacks. The mobile money revolution can be seen as chip cards moving from plastic to just another service on your phone (which of course has a chip).

Authentication is not the same as Identification. You still need to identify yourself – for example, key in a 12-digit number if you are Indian. That is a pain point for new services that want to entice you in. You won’t key in a long identifier for a service you don’t know much about. That is why we need Identity Portability.

OpenID Connect – Identity Portability

OpenID Connect is about being able to use a common identifier across multiple sites (identity portability). As Open ID originated pre FIDO, they also did some authentication, but it now we can see FIDO as the solution to authentication and the two should be seen as complementary.

You have come across the idea of identifier portability when you log into a website using a service such as Facebook, LinkedIn, Twitter or Google (referred to as an Identity Provider service in this context). This approach lets users leverage one account across a multitude of sites across the web and gives people control over which attributes of their identity are asserted and to whom in a secure and privacy-controlled fashion.

OIDC doesn’t authenticate the user but rather conveys that authentication across the network. This is where FIDO plus OIDC is so powerful. The user can protect their primary identity using FIDO and use it all over the web using OIDC.

Something You Are and the privacy challenge

Digital Identity is such a thorny problem, fraught with technical, legal, societal and political issues, because your Personally Identifiable Information (PII) aka your digital exhaust (the trails you leave on the Internet) will define how you live your life (whether you get financing, get a job, get citizenship and so on).

This is what can change society and business at a fundamental level. There is a reason why Microsoft worked so hard to get Passport established – the upside is massive. There is also a reason why any company that gets close to this prize – whether it is Facebook or Apple or Microsoft – eventually gets consumer pushback.

As Ethereum’s Vitalik Buterin points out:

“10 years from now it may be harder to change identity providers than it is to change countries”

PII is so critical because this data determines your access to:

  • capital (how credit-worthy you are).
  • a job or customers (what you have done)
  • friends (who you know)
  • Your access to healthcare (your medical records).

The problem with your PII stored in centralized data centers is that data can be hacked and your identity can be discovered through data science technology. For example, one service provider may store your medical records and another your financial records and in both cases your identity may be masked from the service provider, but it is technically possible to identify an individual person from this data.

Maybe that data should be stored somewhere safer such as the Blockchain.

Sovereign Woman on the Blockchain

Blockchain technology can meet two fundamental needs:

  • Trustless and decentralized. Your Identity is not under the control of any institution (either Government or commercial).
  • Immutable. Nobody can change a record; they can only append a new record.

In this vision of the future, the human is sovereign and is in charge.

Consumer control over Identity enables granularity – you can have my driver’s license but not my passport or medical records and you can only have it for this one transaction. This could enable the Doc Searls vision of Vendor Relationship Management (VRM). I have been fascinated by VRM since I wrote about it for ReadWrite back in 2007. Some tech disruptions have to wait for a trigger to turn inevitable into imminent. The blockchain based identity systems may be that trigger. A similar vision is articulated in the book called Pull by David Siegel. This is a fundamental reordering of commerce. For all the talk of “customer first” a world where customers are really in charge will be a wrenching transformation for most companies.

This will challenge all the business models driven by big data. Translation of big data:

“We will assemble data about you so that we (or our customers) can sell to you in a way that suits us and maximizes our profit”.

The reordering of commerce enabled by consumer control over PII changes that to:

“I will buy from you when and how it suits me”.

It is also a fundamental change in our relationship with government. We are used to a world where our identity is granted to us by government. If humans control their own ID our relationship with government also changes.

This fundamental reordering could be made possible by Blockchain technology.

Finally, my thanks to Kaliya Hamlin aka Identity Woman, who helped me come up the learning curve on this subject (but any mistakes and misconception are entirely mine). If you want to really learn about Digital Identity, her site is a gold mine of intelligence.

Image Source

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge platform.

Watch Season II of the Swiss Bitcoin Reality, with EY leading.

EY ATM.png

In the first season of the Swiss Bitcoin Reality show, we saw SBB announcing the introduction of Bitcoin ATMs by using its existing extensive network of ticket dispensing machines. We covered this in The radical change coming to Financial Services & Fintech in Switzerland and Matthias Muller, group innovation manager at SIX, used the witty analogy of The Monkey Business illusion in “Did you notice the Gorilla on stage?” as he (along with all of us) was surprised by this move.

EY 2017: from talk to walk

In the second season of the Swiss Bitcoin Reality show, which starts early 2017, we will be watching another bold move by EY in Switzerland! The plan cannot be seen as an under-the-radar screen move or lets get our feet wet, or lets be trendy.

EY Switzerland is already bold in the first phase already, of the strategic move.

  • A new Bitcoin ATM machine installed in their public office building in Zurich
  • A digital wallet app for all Swiss branch employees
  • EY clients in Switzerland, can pay for consulting services with Bitcoin

The Bitcoin ATM machines can of course, be used by all EY employees but also from any individual passing by.

Any EY employee in Switzerland will receive an “EY secure digital wallet app” that can be used to pay with Bitcoins. This is much like, receiving a corporate email address once joining a company that is secure within the corporate environment. EY is providing all its employees in Switzerland with a specially developed EY digital wallet app (I suspect in collaboration with Bitfury who is their partner on the innovation lab, but have not been able to confirm this) to load on company smartphones.

EY is leading the movement of “Bitcoin goes mainstream” in the both the advisory sector and as a large publicly traded entity that accepts crypto currency payments for its services. It is surpassing Deloitte, who has also installed a Bitcoin ATM machine in the Toronto office of the building housing the Rubix team (Rubix is the team and platform focused on blockchain solutions). Not only because EY’s ATM is in the main office building, and the welcoming – standard employee kit includes EY’s digital wallet app and EY corporate email; but also because EY is accepting compensation for advisory services from its clients in Bitcoin.

EY advisory services in the most recently reported financial year (July 1, 2015-June 30, 2016) have grown 21.7% and reached 210.8 million CHF with total gross revenues were 661.2 million CHF. By inviting clients to pay for EY consulting services in Bitcoin, EY signals its commitment to the digitization underway, its strategic decision to make crypto-currencies integral part of the business offering.

This latter part makes the EY Garage-Lab, not just another safe playground for clients to experiment with blockchain but a safe platform to experiment within a company who is putting its money where its mouth is.

On cryptocurrencies, EY is putting its money where its mouth is!

On cryptocurrencies, EY is boldly moving from Talk to Walk!

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge Network. Efi Pylarinou is a Digital Wealth Management thought leader.

Insurance helps Bitcoin become safer for mainstream consumers

Bank depositors get tax-payer funded insurance in many jurisdictions (such as FDIC in America) in case a bank goes bankrupt. Your Bitcoin in Mt.Gox or BitFinex….buyer beware.
People paying by Credit Card can fight back against a fraudulent charge. Once you send those Bitcoin it is like handing over cash…buyer beware.
Bitcoin early adopters and true believers are technically savvy enough to protect themselves in these kind of situations. For 99.99% of the world, a bit more reassurance is needed.
That sounds like a job for Insurance – pay some money for peace of mind. This post looks at how Insurance companies are stepping up to the plate.
The most high profile Bitcoin exchange failure was Mt.Gox, based in Japan. So it is no surprise that the first major rollout of Insurance for Bitcoin exchanges comes from Japan
Mitsui Sumitomo Insurance offers insurance to bitcoin exchanges globally. This is not exactly new, but in the past each deal was very custom negotiated. Mitsui Sumitomo Insurance seems to want to make this a more routine line of business.
Brave New Coin has the details, which is useful as the Mitsui Sumitomo Insurance offering to bitcoin exchanges is still only in Japanese.
The plan’s total theft cover ranges from ten million yen (US$88,500) up to one billion yen (US$8.85 million). It also covers loss from internal and external threats, including employee theft, mistakes, cyberattacks, and other unauthorized access.
The first customer is Japan’s largest exchange, Bitflyer. By working with a highly professional exchange, Mitsui Sumitomo Insurance can offer best practice advice. After a number of bitcoin exchange blow ups, the best practices are now well established. If a bitcoin exchange follows these, the risk of loss goes down (which is good for the Insurer) and being insured will help bitcoin exchanges to gain consumer confidence.
This is a critical plank in Bitcoin growing up and becoming mainstream.
The Bank like Bitcoin platforms
For a while we had very distinct companies in each Bitcoin segment – wallet, exchange, payment processing. However, as Bitcoin grows up we are seeing more Bank like Bitcoin platforms in the sense that they offer a full suite of services. These full service Bitcoin platforms such as Coinbase, Xapo and Circle already have insurance. Mainstream insurance offerings will let new players get consumer confidence – just like a small bank being able to offer deposit insurance.
Xapo pioneered the use of insurance because secure storage is their core proposition, using A.M. Best rated insurance providers.

Taxpayers and regulators  should breathe a sigh of relief

There is no possibility of bailout in Bitcoin-land. Private sector Insurance becomes the alternative. This will raise the professional bar for all Bitcoin players. To get Insurance they will have to meet basic standards and without Insurance they won’t get consumer confidence. Regulators and their political masters may then relax a bit more because the risk is left to the private sector to manage. Taxpayers will never be on the hook again in a bailout.

Image source

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge platform.