Masha Borak of Biometric Update is writing about FaceKom again.
I discussed Borak’s previous article on FaceKom, which noted the alleged ties between FaceKom and the Hungarian government. The whole thing is a classic example of BENEFICIAL ownership, in which someone who is not the legal owner of a company may still benefit from it.
Borak returned to the theme in the current post:
“FaceKom, the identity verification company used by the Hungarian national digital identity program, has been acquired by major local IT and telecom group, 4iG Informatikai (4iG IT). The deal is now attracting attention among media outlets and political watchers due to the companies’ relationship with Prime Minister Viktor Orbán….
“Recent 4iG’s purchases, however, have been raising questions over the company’s reported links to the Hungarian government, which has been accused by critics of enriching political allies, family, and loyalists through state resources and public contracts.”
“4iG chairman and majority investor Gellért Jászai is known for his ties to Orbán and was invited as part of his entourage to Donald Trump’s Mar-a-Lago resort after the 2024 U.S. presidential election.”
“[FaceKom’s] previous owner is Equilor Fund Management, owned by the Central European Opportunity Private Equity Fund (CEOM)….While CEOM has no direct links with Orbán, local media investigations have discovered links with companies owned by the Prime Minister’s son-in-law, István Tiborcz.”
Mere links do not necessarily indicate illegal activity, and Hungarian law may differ from laws in other countries, but FaceKom is being watched.
Another SoCal Tech Forum presentation on Saturday, this one on banking technology from Carey Ransom of BankTech Ventures.
FoundrSpace.
Only a small reference to financial identity, but excellent nonetheless. While I live-posted the event here on my personal LinkedIn account, I wanted to summarize my three main takeaways from Bredemarket’s perspective.
One: Differentiate
Yes, community banks need to differentiate. Perhaps back in the 1980s before the advent of national banks, community banks could offer a standard suite of services for their communities. But now they’re competing against national banks that do business in their prospects’ communities, and in their prospects’ phones. (We will get to phones in a minute.)
One example Ransom gave: why do community banks offer credit cards? Are their credit cards better than the credit cards from the Really Big (Banking) Bunch? Probably not.
But unlike the Capital Ones and Chimes of the world, community banks know their communities. And they know what local businesses need, and are ideally suited to deliver this. (We will get to services in two minutes.)
Yes, I know that Bank of America may have someone attending and sponsoring your local events, but that person is not Brian Moynihan. And if you don’t know who Moynihan is, your prospects don’t know him either.
But John, you may be saying to yourself, you can’t bank on a phone. How do you deposit checks? And how do you get cash?
Well, let’s look at this:
Bredemarket hasn’t received a check in over three years, but when one of my clients was paying me by check, I would use my phone to take a picture of it and deposit it.
And as for cash, this is needed less and less, especially since many merchants take Apple Pay and Google Pay.
In fact, bank branches are so irrelevant to today’s—and tomorrow’s—bank prospects and customers that Ransom referred to a $3 million dollar bank branch as a really expensive billboard. Probably none of the people who are reading this post WANT to go into a bank branch.
And those that do? Here’s a little secret: if the average age of the people who bank at your bank is in their 70s, they will…um…not be long-term bank customers. The 18 year olds that will bank for decades? They’re opening accounts on their phones. Can they use a phone to open an account at your bank? And why would they do so? (See the differentiation discussion above.)
Three: Supplement
One way a bank can differentiate is via the services they offer.
At the most basic level, a bank can make money by loaning the funds they receive from deposits.
But they can offer many more services to 21st century clients, thanks to legislation such as the Gramm-Leach-Billey Act that allow financial holding companies to own financial or complementary firms.
And not just investments and wealth management.
Ransom provided an illustrative example: cybersecurity.
Banks need to have expertise in cybersecurity to stay alive, and to comply with Know Your Customer and other financial regulations.
So why not offer cybersecurity services to their customers?
This not only gives the banks another revenue stream, but also reduces the risk that their own customers will experience fraud from hacks.
Four: Market
I know I said there were three takeaways. I lied.
Ransom also noted that CapitalOne spends 20% on marketing, including everything from TV ads to cafes. Your typical community bank spends much less, maybe 1%.
How are your prospects going to know what differentiates your bank if they don’t have awareness of those differentiators?
Or perhaps you need proposal or analysis services.
Bredemarket, a provider of content, proposal, and analysis services to technology (and identity) firms, can work with you to create the words you need. Learn about my offerings and book a free meeting here.
I’m preparing to promote four of my Identity Assurance Level 3 (IAL3) Bredemarket blog posts on my social media channels. You know, the posts that discuss in-person and remote supervised identity proofing. But I said to myself, “Self, why not re-promote them on the blog also?”
12/3/2020 IAL3 post
From the Bredemarket blog, December 2020:
“The U.S. National Institute of Standards and Technology has defined ‘identity assurance levels’ (IALs) that can be used when dealing with digital identities. It’s helpful to review how NIST has defined the IALs.”
“If we ignore IAL1 and concentrate on IAL2 and IAL3, we can see one difference between the two. IAL2 allows remote, unsupervised identity proofing, while IAL3 requires (in practice) that any remote identity proofing is supervised.”
“I’ve talked about Identity Assurance Levels 1, 2, and 3 on several occasions…..But as usually happens, IAL2 is yesterday’s news. Because biometric tech always gets harder better faster stronger.”
“Governments aren’t the only entities that need to definitively know identities in critically important situations.
“What about banks and other financial institutions, which are required by law to know their customers?
“Now the bank assumed a level of risk by [accepting a Bredemarket client check in a remote unsupervised manner] especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.
“But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check.
“What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do?
“It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers.”
Who can provide remote supervised identity proofing?
“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3.”
And there are others who can provide the equivalent of IAL3, as we will see later.
How do you supervise a remote identity proofing session?
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times.”
But that doesn’t matter with me now. What matters to me is WHEN we need remote identity proofing sessions.
Governments aren’t the only entities that need to definitively know identities in critically important situations.
What about banks and other financial institutions, which are required by law to know their customers?
Now it’s one thing when one of my Bredemarket clients used to pay me by paper check. Rather than go to the bank and deposit it in person at a teller window (in person) or at an ATM (remote supervised), I would deposit the check with my smartphone app (remote unsupervised).
Now the bank assumed a level of risk by doing this, especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.
But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check. Actually, none of my clients has ever written me a million dollar check. (Perhaps I should raise my rates. It’s been a while. If I charge an hourly rate of $100,000, I will get those million dollar checks!)
So how do financial institutions implement the two types of IAL3?
“If you need to initiate a funds transfer payment, an authorized signer for your account may also initiate funds (wire) transfers at any Chase branch.”
Note the use of the word “may.” However, if you don’t want to go to a branch to make a wire transfer, you have to set up an alternate method in advance.
Remote supervised
What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do? Every breath you take? And every move you make? Etcetera.
It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers. For example, Incode’s Developer Hub includes several references to a video conference capability.
To my knowledge, Incode has not publicly stated whether any of its financial identity customers are employing this video conference capability, but it’s certainly possible. And when done correctly, this can support the IAL3 specifications.
Why to use IAL3 for financial transactions
For high-risk transactions such as ones with high value and ones with particular countries, IAL3 protects both the financial institutions and their customers. It lessens the fraud risk and the possible harm to both parties.
Some customers may see IAL3 as an unnecessary bureaucratic hurdle…but they would feel differently if THEY were the ones getting ripped off.
This is why both financial institutions and identity verification vendors need to explain the benefits of IAL3 procedures for riskier transactions. And do it in such a way that the end customers DEMAND IAL3.
To create the content to influence customer perception, you need to answer the critically important questions, including why, how, and benefits. (There are others.)
And if your firm needs help creating that content, Underdog is here.
Visit https://bredemarket.com/mark/ and schedule a time to talk to me—for free. I won’t remotely verify your identity during our videoconference, but I will help you plan the content your firm needs.
As I’ve said before, you should write a proposal that resonates with the people who read it. In marketing terms, you write for the key personas in your target audience.
But what if your target audience never reads your proposal?
“A new minister in Albania charged to handle public procurement will be impervious to bribes, threats, or attempts to curry favour. That is because Diella, as she is called, is an AI-generated bot.
“Prime Minister Edi Rama, who is about to begin his fourth term, said on Thursday that Diella, which means “sun” in Albanian, will manage and award all public tenders in which the government contracts private companies for various projects.”
Imagen 4.
The intent is to stop corruption from “gangs seeking to launder their money from trafficking drugs and weapons.”
When people evaluate proposals
But how savvy is Diella?
Let me provide a proposal evaluation example that has nothing to do with corruption, but illustrates why AI must be robust.
A couple of years before I became a proposal writer, I was a Request for Proposals (RFP) writer…sort of. A Moss Adams consultant and I assembled an RFP that required respondents to answer Yes or No to a checklist of questions.
When the consultant and I received the proposals, we selected two finalists…neither of whom responded “Yes” to every question like some submissions.
We figured that the ones who said “Yes” were just trying to get the maximum points, whether they could do the work or not.
Imagen 4.
The two finalists gave some thought to the requirements and raised legitimate concerns.
Can Diella detect corruption?
Hopefully Diella is too smart to be fooled by such shenanigans. But how can she keep the gangs out of Albania’s government procurements?
Imagen 4.
Certainly on one level Diella can conduct a Know Your Business check to ensure a bidder isn’t owned by a gang leader. But as we’ve seen before in Hungary, the beneficial owner may not be the legal owner. Can Diella detect that?
Add to this the need to detect whether the entity can actually do what it says it will do. While I appreciate that the removal of humans prevents a shady procurement official from favoring an unqualified bidder, at the same time you end up relying on a bot to evaluate the bidders’ claims to competency.
Of course this could all be a gimmick, and Diella will do nothing more than give the government the aura of scientific selection, while in reality the same procurement officers will do the same things, with the same results.
Scamicide recently talked about a “free piano scam” where the scammer gifts the victim a piano for free—if the victim pays delivery costs northwards of $600—in advance. Guess what never gets delivered?
The post goes on to say:
“A big indication that this is a scam is that the moving company asks for payment by Zelle or cryptocurrencies. No legitimate business asks for payment by Zelle or cryptocurrencies, but scammers often do because of the anonymity for these types of payments and the difficulty in tracing or reversing payments made in this manner.”
Well, Bredemarket doesn’t REQUIRE Zelle…but I take it. (No crypto.)
“If a virtual currency transfer of $1,000 or more occurs, the client’s identity must be verified. This step is critical in the digital currency world, where anonymity can lead to misuse.
“If there is a virtual currency exchange of $1,000 or more, identity verification is also required. This helps ensure that all exchanges are transparent and not used for illegal purposes.”
If you find a smartphone game that pays more than $1,000 a pop…let me know.
“Thanks to StealthEX you can now purchase an amount of crypto without KYC if it’s less than $700 or the equivalent of this amount in other currencies. As long as your total purchases don’t exceed $700, you don’t have to verify your identity. You can make one big purchase or several small $20, $50 or $100 transactions. StealthEX allows users to seamlessly exchange their assets across chains in minutes without the need to verify their identity.”
Yeah, $700 rather than $1,000. StealthEX is…um…playing it safe.
The term “money mule,” which first appeared around 2005, refers to a person who transfers illicit money for someone else—sometimes knowing that the activity is criminal, sometimes unknowingly.
“[Y]our job is to receive goods, often electronics that have been shipped to you, inspect them and then reship them to an address provided to you by your new employer.”
So the employee is being paid to inspect goods. What’s wrong with that?
“The problem is that these goods have been purchased with stolen credit cards and you have just become an accomplice to the crime when you ship them to someone else who will then sell them to turn the merchandise into cash.”
Trouble
And if the employee plays their cards wrong, they can end up on an Anti-Money Laundering blocklist.
“Among those who seek to disguise the illegal proceeds of their crimes are drug traffickers, terrorists, corrupt public officials, and organized criminal groups.”
A student job
And there are consequences for the money mules, knowing or not. A foreign student in the UK applied to a job ad with this job description:
“your job content is: use your mobile banking during daily part-time working hours, according to my requirements: help the company collect and transfer money, transfer to the account designated by the company, the company has every day Many orders.”
The company assured the student that everything was legal, so the student took the job. Things went well, until:
“And today my bank sent me a message saying they’ve frozen my account and will still do so unless i explain what certain transactions are for.”
Because the banks can also get in trouble if they violate AML laws.
Bredemarket 