“Mind The Gap!” – The life and times of a man on the move Episode 87

It is the civic duty of the hip urban Starbucks frequenters to do their bit to protect those who don a beige cardigan in the morning as hacks and phishing attacks on FinTech and online financial firms are in full force

In this weekly series, I look back on what stood out, what was bemusing, amusing and interesting during my weekly travels, interesting findings within the FX industry and interaction with an ever-shrinking big wide world. This is purely observational and for your enjoyment

The whole business environment is rapidly changing at a rate which I have never known in my entire 29 year career in this industry, itself a very highly technological, leading edge and forward thinking business compared to many other industry sectors globally.

For this reason, we must not only embrace the change and be innovative, but also bear in mind some of the caveats that could trip us up as we continue to think of clever solutions which will work in what is soon to become an entirely new chapter in the global business world.

Last week, I waxed lyrical about how there will be a huge emphasis on online business from now on. Those forced to use online solutions for activities that they would otherwise physically perform, such as grocery shopping or sending products to clients, will quickly get used to it and continue.

Online commerce is, after all, over 20 years old and whilst most working-age people have taken to it, many people in the world still did not use online methods until they were forced to do so. I have seen elderly people here in London very quickly get used to using mobile devices to order what they need, and very soon we will be forced into a mobile-first commercial scenario for a wide range of products and services.

Even people’s social lives have gone permanently online. I personally think this is absolutely detrimental and reminiscent of many dystopian novels of the 1940s and 1950s which painted a grim picture of the future of the world – around about the time we live in now – as being isolated people living in glass pods, totally controlled by a faceless government which speaks to the population which have no names, just serial numbers, via a voice synthesizer, toward which disobedience would not be tolerated.

Whilst this appears to have been a relatively accurate look into the future, we have sophisticated technology. Without a variety of internet-based services for retail clients of every industry sector globally, there would be an even worse global affront to humanity than that being enforced now.

When we look at some of the less technologically advanced nations, they are really suffering right now, and it is heart rending to watch.

However, those who live in the very few free democracies that exist are subject to other risks. The hackers are out in force, more than ever.

Watch out, there are hackers about!

Whilst people concentrate on the endless repetitive drone of the news channels – I do not watch or listen to the news, it is like an over emphasized version of Groundhog Day – and whilst people take to their new reality of internet-based living, the hackers and cheats are out in force and are having a field day.

Last week, a parody of the British government’s website was made and its logo and content sent via an SMS message link to random UK citizens, telling them that they had been seen breaking the ‘curfew’ (when there is no curfew like there is in some nations) and that they must pay £250 or face prosecution. This is a total cheat, and, rather ironically, eminates from South East Asia.

Perhaps more alarming still is that the FinTech world is experiencing a tremendous array of attackers and DDOS chancers right now.

Retail bank and credit card websites are now overloaded with users who would ordinarily perhaps pay their bills the traditional way by mail, or at a post office, but are now using internet banking. Wait times are over 2 hours to speak to any bank in the United Kingdom about any subject at the moment, and people’s minds are on survival and being able to make their rent and mortgage payments whilst they languish at home under the utterly treacherous rules of a lock down, rather than considering protection against hackers.

I did some research on this matter this week, and found that some websites, especially those representing lesser known financial services companies, are out of action because they have been hacked and security has been breached, opening their confidential databases to home-bound ne’erdowells who will then nefariously use customer data, or even worse, make transactions on people’s accounts.

Most of these sites have been taken offline and remain so for some time, however this does show the utterly Dickensian times that urban humanity is now returning to.

With regard to this, it is worth taking time to secure your brokerage even more than it already is. We are among the world’s most astute in terms of cybersecurity in our industry, partly due to regulatory clampdowns on the security of client assets, and partly due to the forward-thinking and downright clever methods put in place by the astute leaders of our industry, who should certainly afford themselves a degree of proudness.

We must be vigilant, however.

Tim Thompson, CEO of British payment payment service provider and risk management technology company NOIRE explained to me recently that FX brokerage accounts had until recently in many cases been accessible online needing only a username and password in order to gain access to sensitive data and exposure to fraudulent withdrawals.

“The way fraudsters access accounts can start in a number of ways” explained Mr. Thompson. “These methods include fraudsters phishing customers details, through emails pretending to be from the broker and telephone calls, Trojan malware programs often downloaded for trading platforms which look legitimate but could be obtaining customers’ login details and passwords. Fraudsters do this on an industrial scale and gain access to many customer accounts across many businesses.”

Mr. Thompson explained that in many cases, fraudsters have been able to successfully make withdrawals from trading accounts, their requests being so authentic that they have been passed by even the most diligent of compliance departments. The ability to access accounts by phishing and sending in Trojan horse malware programs in order to ’emulate’ the real customer would be avoided with the right anti-fraud security systems.

Some seven years ago, Jeff Wilkins, Managing Director of Michigan-based IS Risk Analytics a well recognized industry expert with regard to electronic risk management, explained to FinanceFeeds during a meeting in Cyprus that within networks used in the FX industry, points of presence, which are dedicated connectivity solutions between venues, trading companies and hosts, had been gaining popularity, and that distributed points of presence connectivity allows protection against denial of service attacks, confirming that ThinkLiquidity at that time always advised that this type of infrastructure is put in place.

Three years after that, the institutional sector began in some form to adopt such systems. Venue-neutral Canadian infrastructure provider TMX Atrium put in place points of presence between Paris, London, Frankfurt and Moscow during 2013, however this venue-based connectivity has not filtered its way into the OTC retail sector on a widespread scale, a likely reason being the cost of implementing dedicated infrastructure to many smaller retail firms being high, especially when margins are low once spread, IB commission, client acquisition and retention costs and operating expenses are taken into account.

And where are TMX Atrium these days anyway? We seem to live in a hosting monopoly, with Equinix overshadowing everyone including my previous employer BT Radianz where I started my career in 1991 in their financial markets infrastructure division before the Radianz acquisition!

Four years ago, a spate of connectivity outages began affecting internet access for hosted customers of several MetaTrader 4-based brokerages, from Australia to Japan, and across the APAC region, largely as a result of attempted DDOS (Distributed Denial of Service) attacks.

In these cases, most of the attacks function by bombarding the server with a high volume of messages in order to either slow down the server, or to prevent it functioning at all, creating tremendous potential damage to brokerages, and subsequently, their clients.

The brokerage business is well on top of this, and dialogs that go back as far as these are clear testimony that the specialists within this industry are able to dedicate resources to ensuring safety of data, funds and to stop malicious attempts to damage rival businesses.

However, whilst our industry, especially in the retail sector, is very much committed to research and development and is in many cases responsible for driving forward new developments that eventually make their way into the wider financial and technology sectors, the banks are the entities with the time, the dedicated departments of several hundred technicians and eventually, whilst often slower at bringing new developments to market than the non-bank world, they get it right and have top quality solutions once they are approved for mainstream use.

Lloyds Banking Group, one of the firms that is under tremendous load this week with a deluge of customers panicking and calling them on the business and retail side, has emulated some of Silicon Valley’s large internet firms by creating its facility in London in the same vein as a technology development firm rather than a belt-and-braces bank department.

The digital office seems more suited to the likes of Google or Facebook than one of Britain’s oldest banks. It is full of brightly coloured, coffee-stained sofas, garish green wallpaper and groups of young men clad in T-shirts and jeans talking excitedly in huddled groups over computer screens.

This bears a stark contrast to the 18 years of my 29 year career in electronic trading as a connectivity, software deployment and server engineer within many of the Tier 1 banks. Back in the early 1990s, the in-house development and R&D divisions of bank technology divisions were ultra-conservative, and whilst absolutely ground breaking in terms of the understanding of technological topography, not to mention a continually fascinating and sophisticated environment in which to have the privilege to spend a large part of one’s career, very beige cardigan, and not very Starbucks.

And today, it’s the Starbucks frequenters that have the upper hand over the beige cardigan when it comes to cyber attacks in this internet-dependent world.

However, it is the civic duty of the Starbucks frequenters to do their bit to protect those who don a beige cardigan in the morning as we have been forced to be socially responsible toward each other at a time during which the customer service lines are jammed solid and support staff are either out of the office or working from home.

Let’s do our bit to make people aware, and safeguard what will be left after this economic Armageddon.

 

Read this next

Digital Assets

Zumo launches B2B ‘Crypto-as-a-Service’ solution for brokers

The new product, Zumo Enterprise, also features an embedded ESG and net zero strategy.

Technology

Top Tools to Add to Your Trading Platform to Delight and Retain Traders

The online trading boom that started during the pandemic-led lockdowns is abating. This is in part due to sustained market volatility which seems to be discouraging new investors. For example, day trading volumes in the US for retail investors declined in the last 2 quarters of 2021.  

Technology

Embedded finance platform Alviere taps Marqeta for branded card issuance in Europe and UK

Alviere has recently raised $70 million to fuel the ongoing expansion across the European region and the United Kingdom.

Retail FX

Overcharts partners with dxFeed for CME Group Market Depth

“More and more traders are using Market Depth while conducting volume analysis. Its primary function is to help traders identify potential support and resistance levels.”

Digital Assets

CoinGecko expands collaboration with CER.live security rating

CoinGecko, one of the earliest crypto data aggregators, has integrated the security score data from the CER.live rating. The trust assessments given to crypto projects will be integrated into their pages on CoinGecko website to draw users’ attention to the importance of security.

Metaverse Gaming NFT

Klaytn taps Parity Technologies to build infrastructure for Klaytn-Substrate

Klaytn has initiated a collaboration with blockchain infrastructure company Parity Technologies to strengthen its tech stack and meet the demands of enterprises looking to harness the crypto technology.

Retail FX

US Retail FX brokers suffer steep fall in client deposits, Trading.com racked up $46K

Retail FX deposits at US brokerages, which have been struggling to eke out a profit in a strict regulatory environment, dropped in March 2022 by $35 million, CFTC data showed.

Retail FX

eToro supports Immutable X (IMX), Livepeer (LPT) and Cartesi (CTSI)

Israeli social trading network eToro has added support for trading three new tokens. Immutable X (IMX), Livepeer (LPT) and Cartesi (CTSI) are the next coins to join eToro’s list of featured digital assets.

Executive Moves

LiquidityBook hires Fintech veteran Jonathan Cross to lead EMEA business

LiquidityBook, a provider of FIX and OMS trading solutions for both the buy and sell-side, has added Jonathan Cross to its business team for the EMEA region.

<