The Financial Crisis in Charts

Thought I’d offer a brief history of the financial crisis as seen through Google Insights, which measures the popularity of a search term over time.

image

Interest in the word subprime spiked a couple of times in 2007 (above) before we figured out it was all about toxic debts (below):

image

and credit crunches:

image

Then we realised suddenly we had to learn a bit more about Freddie Mac and Fannie Mae:

image

and even basic terms like liquidity:

image

Useful information. And it wasn’t just an economics lesson. We had to gen up on countries that we had recently given little attention to, like Iceland:

image

Although it’s worth keeping it all in perspective. Search for the word meltdown, a commonly used term to capture the excitement of the past few weeks, and you get this. Clearly rising interest, but that spoke in 2005? It’s linked to Ice Age: The Meltdown, which grossed $70 million at the box office in its debut week:

image

Teaching Kids to Get into Interactive Debt

Next mealtime, expect your kids to pester you to take out a loan on a new Scion. They’ll probably have filled in the forms for you.

A month ago the NYT wrote about how a kids’ virtual world website, Whyville, was cutting a deal with Toyota to promote the Scion, allowing the youngsters to buy a virtual car in exchange for clams, the Whyville currency they earn by solving puzzles (read Heather Green’s piece over at BusinessWeek for a good overview of Whyville). If you’re having trouble following this, join the club: Think product placement in a kids’ version of Second Life. The idea here is that the 8–15 year olds who inhabit this virtual world would get all excited about the “small, boxy” Scion, buy it to zip around the virtual island and then start pestering their parents to buy a real one.

The idea worked. The NYT says that visitors to the site mentioned the word Scion more than 78,000 times. A month later, the term “Scion” has been used another 120,000 times and Whyvillians — the kids playing the online game — have purchased more than 1,200 Scions and gone on 140,000 rides in their cars.  As NYT quoted the chief operating officer for Whyville, Jay Goss: “By definition, this is a sponsor of Whyville that can’t have as its customers the kids who visit the site. But they know that kids influence parents, and kids grow up.”

Now apart from the general creepiness of how much the folks who run Whyville know about what their citizens are up to, and the extension of the old Pester Factor from kids urging parents to buy them toys to urging them to buy new whole cars, get this: As of today, they can buy a virtual Toyota Scion xB on credit, “learning in the process about interest rates, down payments, credit and leasing and their applications in real life”. This from a press release:

“Whyville Scion Solutions is a perfect example of motivated, engaged learning,” explains Dr. Jen Sun, President of Numedeon, Inc., Whyville’s parent company. “The Scions are a huge hit with our kids. They want cars! But most citizens just don’t have enough clams.  We’ve set up the motivation for them to learn what it means to take out a loan.  They’ll learn about interest rates, down payment, credit history, and, perhaps most important of all, being responsible.  If you default on your loan, you’ll lose your car, and your credit history will be ruined so that you can’t take out another loan.  Educators and researchers know that students learn best when they really care about the topic.  That’s exactly what we try to do in Whyville.”

This is all done via more product placement, this time by a virtual Toyota Financial Services advisor “who walks them through the loan process and helps them learn about their “WhyCO” scores.  The WhyCO is designed to emulate the FICO® in real life.  A Whyvillian’s WhyCO score depends on a number of factors including his virtual income, ownership of a Whyville house or business, number of log-in days in Whyville, and leadership roles in the community.  Based on these factors, a loan application is approved or rejected. Citizens who do not qualify for a loan by themselves can get loans if they are co-signed by wealthier friends. The Toyota Financial Services advisor will also point applicants to on-line resources to help applicants understand the details of financing, leasing, interest rates and credit.”

On one hand I applaud the idea. Why shouldn’t kids learn about buying on the Never Never, plunging into debt, meeting the Repo Man, getting thrown out of their house and generally living beyond their means? But is the idea of buying things you can’t actually pay for the sort of lesson one should be teaching kids? My grandad would be turning in his grave. But not for Whyville — in only a few days since opening, the Scion Solutions office has already approved several thousand loans — and not for Toyota Financial Services, which whose “interactive marketing manager”, Maria Tirado, says

“We’d like to have educated customers down the road, and this program is a terrific opportunity to help tweens understand the process of financing a vehicle, everything from interest rates to FICO scores to repaying the loan.”

Does this mean kids, now thoroughly familiar with the credit process, will now pester their parents to buy a new car with a loan? Is this the world we’ve been working towards?

How Long Did The ‘Biggest Data Theft In History’ Go Unreported?

I continue to be intrigued, but somewhat perplexed, by the CardSystems security breach that happened nearly two months ago now. Who knew it first, and who told who, and when? And why did it take so long to tell the rest of us?

A U.S. company claimed it was its software that first spotted the breach last year, in a press release issued July 13:

ACI Worldwide (Nasdaq: TSAI), a leading international provider of enterprise payment solutions, today announced that its ACI Proactive Risk Manager™ software helped National Australia Bank (NAB) detect the recently revealed security breach at CardSystems Solution before any other bank or financial institution.

But did it? The press release from ACI quotes Australian Treasurer Peter Costello as having “recently told Parliament that National Australia Bank was actually the first bank in the world to uncover the fraud”:

“It was the NAB that uncovered this fraud out of all the domestic and international banks of the world and reported it to MasterCard and Visa in September 2004,” said Costello.

Wow. That’s eight months before anyone else, since CardSystems didn’t announce the fraud until May 22 2005. So what did the Australian media say about this?

AAP reported June 22 (sorry no links for these, they’re from Factiva) quoted Costello as saying:

“It was the NAB that uncovered this fraud out of all the domestic and international banks of the world, and reported it to Mastercard and Visa in Sept 2004,” he said. Mr Costello said the US Federal Bureau of Investigations began investigations soon after the fraud came to the attention of Visa and Mastercard.

He said the FBI declared the issue a crime scene only on June 1 this year. “During this investigation organisations were told by the FBI not to say anything publicly, and the FBI only allowed public comment on Thursday or Friday last week,” he said.

A Reuters report, covering the same press conference (or whatever it was; neither wire is clear on where Costello was speaking) quoted Costello as saying December, not September. An updated report from Reuters the same day adds comments from MasterCard and Visa that shed further light on this:

MasterCard spokeswoman Sharon Gamsin said, “We said from the beginning that it was reports of fraud from issuers that enabled us to do the analysis that led to CardSystems and led to the scope of this incident. One report of fraud would not necessarily have gotten us to that point.”

Visa spokeswoman Rosetta Jones said that when her company detects fraud, “banks are notified and accounts are closed. In this case, the National Australia Bank may have detected fraud late last year, but there was no clear indication that this fraud was part of a larger data compromise at that time.”

Finance Minister Nick Minchin said in an address to Australia’s parliament that Australia & New Zealand Bank Ltd. , Commonwealth Bank Ltd. and NAB had each been monitoring the fraud since December and had canceled and reissued cards where transaction were suspect.

An AAP story two days later adds further detail:

As long ago as December last year, round-the-clock fraud squads at the four big banks had picked up on a pattern of unauthorised transactions on their customers’ credit cards, originating out of the United States.

Treasurer Peter Costello told parliament this week that National Australia Bank was actually the first bank in the world to uncover the fraud, which has been traced to a security breach at a US company that processes transactions.

The Australian banks contacted about 2,000 affected customers and issued them with replacement cards months before MasterCard’s announcement this week.

This raises a host of issues that I’ve not seen addressed elsewhere. If the Australian banks saw this fraud so early, why did it take so long? The Australian Financial Review (subscription required) today pointed out these inconsistencies and the fact that California credit card holders have filed suit in San Francisco against CardSystems, Merrick Bank, Visa and MasterCard, claiming “the companies should take responsibility for the security data breach”:

CardSystems has claimed it did not discover the security breach until May 22, 2005. But it is now known MasterCard and Visa were alerted to fraud resulting from the data breach as early as January. The complaint also alleges Visa and MasterCard failed to take “prompt remedial action” or take steps to notify affected consumers.

“Defendants, by failing to timely disclose the security compromise or data theft to affected consumers and merchants, are attempting to shift the burden of discovering resultant fraud away from themselves, even though they are responsible and are in a better position to discover and prevent fraud to consumers and merchants.”

Visa and MasterCard have defended their handling of the incident, saying they had to be sure CardSystems was the source of the data spill before going public.

So, as far as we can deduce from this, NAB, via its fancy software, spotted some kind of fraud taking place. That information was passed on to Visa and MasterCard sometime between September 2004 and January 2005. The FBI passed this information onto CardSystems at some point, although why everyone decided to sit on the information is unclear. Their initial statements, which I illustrated in the original post, will probably require some finessing at some point as the suit passes through the legal system.

Wiretapping Your Way Into Credit Card Fraud

If you think the Internet is a scary place for stealing your sensitive bank data, try your local gas station.

The Star Tribune in Malaysia reports that criminals there are increasingly intercepting the transmission of credit card data between the point of sale machines that swipe your card and the bank. This data, incredibly, is being sent in unencrypted text form so all a criminal has to do is ‘wiretap’ the phone line and capture the data — usually onto an MP3 player.  All they need to do is find the phone line, either in the outlet’s Main Distribution Frame room, or that of the bank itself and record the gurgling modem sound. A special decoder can then convert that noise into data. Your data.

The banks are finally getting onto this. Malaysia’s central bank has ordered all credit cards in the country to be EMV(Europay/MasterCard/Visa)-compliant by end-2005 (this means smart, and supposedly fraud-proof). But for now, The Star Tribune says, the banking industry is trying to encrypt data. Unfortunately, so far nothing has been agreed on.

At the risk of sounding appalled, I’m appalled. How can such data be transmitted without a modicum of encryption? This means that when we’re typing our credit card number into a web page it’s actually more secure than if we give it to the guy at the gas station or restaurant?

I was never that happy anyway doing the latter, given the prevalence of skimming — where a crooked employee would either double-swipe your card, or swipe it into a separate device that stored your details — but now, it seems, the data is up for grabs even when it’s being transmitted to your bank for verification. Yikes.

News: Come To Australia, Skim Central

Looks like Australia is becoming a haven for credit card fraud, or at least a part of the business. An article on News Interactive says that losses by Australian banks to credit card skimming have risen by more than 400 per cent in the past year, according to The Australian Crime Commission (ACC). Organised groups have used portable card skimmers to obtain credit card data at gas stations, restaurants and in taxis, before selling this data to gangs in Malaysia, Indonesia, Hong Kong and Thailand, where it was transferred to plastic cards bearing the logos of Australian banks, before making fraudulent purchases.

Credit-card skimming involves the unauthorised copying of electronic data from a legitimate card. It is often done by dishonest shop assistants. Stolen data can then be encoded onto a counterfeit card, with the original card holder none the wiser until details of unauthorised spending start appearing on his or her statement. Current laws still allow the importation of skimmers, embossing machines and credit card blanks, but the ACC is calling for closer co-operation with police.“From some of the material [the ACC] has gathered so far, it would seem that since 2001, the problem of card skimming and card fraud has migrated to Australia”, ePaynews.com quoted cybercrime co-ordinator Scott McLeod as saying.

Software: Money, Money, Money

Microsoft has just released a new version of its Money software, 2004. New features:
— An extensive Credit Center provides a free credit report and one year of ongoing credit monitoring, in addition to a summary of debt accounts, educational content, access to “what-if” scenarios and information on credit protection.
— Money 2004 Premium offers an exclusive collection of valuable financial services, a $365 value, including two years of MSN(r) Bill Pay, capital gains tax optimizer from GainsKeeper, one-time free federal online tax preparation and filing from H&R Block, one free credit report, credit alerts and one year of ongoing monitoring from Experian Consumer Direct, and a complimentary initial personal financial consultation with American Express.
— Money 2004 is the only personal finance management software to offer the GainsKeeper service, which helps consumers better monitor and minimize the tax implications of their investment decisions.
The software further ties in with the MSN Money Web site to provide convenient, timely access to relevant and current information, including world-class financial news, information, tools and services.

You can download a trial version from here. I’ve been disappointed with previous versions which seem to add features but not to address existing bugs. Sound familiar?