Thursday, January 31, 2008

P2P Loans and Kiva.org

If you use LinkedIn, you're probably familiar with Kiva.org. Kiva has done an outstanding job using the Group functionality in LinkedIn to grow awareness of the work they are doing in the area of providing syndicated loans to third-world entrepreneurs.


Kiva's microfinance model seems to be working - at least for me. This morning, my first loan - to a female grocer in rural Mexico - was repaid on time, and in full.

Rather than withdraw the money, I have now joined a syndicate that will provide $1025 (all Kiva loans are around this size) to Baqi, a wood salesman living in District 10 in Kabul, Afghanistan. Baqi's use of funds is to purchase stock, so he can expend the business. Kiva provides a useful hub for enabling financing of this kind of basis funding requirements, and their syndication technique enables the risk to be spread across a multitude of lenders.

Incidentally, there are a ton of emerging fist-world "Kiva.orgs", such as Prosper.com, that are well-known and well-trafficked. If you're a subscriber to Jim Breune's excellent Online Banking Report, you're probably aware that he is predicting that 2008 will be the year that peer-to-peer loans move from the back of the wave to the front.

Check out the above graph (based on Celent data) that was published here in USA Today. It certainly seems to back up what Jim has been saying in OBR.

Prosper.com reminds me of PayPal circa 2002 - some teething problems, some fraud issues that occasionally get in the news, but I personally find the service fascinating, and I think it provides a useful secondary source of funds for people that have had their identities or credit access compromised.

By the way, if you're interested in Kiva, head over to Kiva.org and sign up. For the low (starter) price of $25, you'll help create wealth, and learn a lot about the emerging P2P marketplace.

No Gender Bias in Identity Fraud

Candy Colp in our sales group sent me an interesting article yesterday regarding a study conducted by antivirus firm AVG into gender bias and online security. The crux of the article, which appeared here was:

"Most men believe that they know more about online security than women, but new research suggests that both sexes are equally vulnerable to malware and other threats."

The study, which involved 1400 presumably equally distributed by gender subjects in the UK, did indeed conclude that men and women and equally likely to fall afoul of malware.

But reading between the lines, the survey also indicated that men were more likely to assume that the security in place on their PC was adequate, versus women, who (more wisely) more often assumed it might not be.

This would possibly explain the tendency of some identity protection firms (see my most recent post below) to target women as customers using television and press.

Two points that I found interesting in the survey was the fact that 1 out of every three people surveyed in the UK had been victimized by identity theft.

AVG's spokeperson was quoted as saying most people felt there was nothing they could do about the situation.

Proactive Vs. Reactive Identity Theft Protection

As many of you know, Authentium is currently rolling out SafeCentral, a solution we consider the best identity theft protection solution on the market.


SafeCentral is the result of almost five years of core R&D (what used to be called VirtualATM is now the SafeCentral client), three years of service back-end development (our ESP platform), and a ton of feedback from users and distributors.

The purpose of this posting is to point out a critical difference between our service and other approaches to "identity theft protection."

The critical distinction between SafeCentral and other solutions offered up as "Identity Theft Protection" is that our solution is designed to *protect* identities - as in stop them from being stolen in the first place.

Other solutions are designed mainly to help consumer *reclaim* their assets - after their identity has been stolen.

These other solutions, well-branded and well-intentioned, don't provide proactive protection - they simply provide a financial guarantee that there will be money available for you if you need to hire lawyers to get your identity back.

As anyone who has ever had their identity stolen knows, there is a massive difference between these two approaches.

Using SafeCentral is like going into war already "armored-up" - using the other solutions is like going into battle, being wounded, and getting hauled off to hospital - and then finding out, as you fight for your life, that your health insurance is paid up.

I have only had my identity compromised once - when money was claimed by an impostor at the other end of a Singapore-USA international money transfer. Getting the money recovered was painful. It took a lot of international phone calls and three days of haggling.

I have been told that my experience was on the "lighter side" of identity fraud cases. According to the most recent statistics, identity theft victims typically spend a year and a half and around $2500 dollars getting things rectified.

This is the core reason why installing a proactive solution is important - as anyone knows, most of the time, you get your money back when defrauded online. What people don't know is how much of a hassle it is to get square., using a "reactive" solution.

When it comes to identity theft protection, Authentium SafeCentral = proactive, the rest = reactive. You decide.

Note: If you're interesting in joining the beta program and trying out the SafeCentral service for free, you can sign up here.

Tuesday, January 22, 2008

Credit Monitoring - A Vector for Hackers?

It's happened. Driving home tonight, listening to FOX WJNO, I heard a country music-based jingle for a credit monitoring service.

"They say a man should always dress for the job he wants
So why am I dressed up like a pirate in this restaurant?
It's all because some hacker stole my identity
Now I'm in here every evening serving chowder and iced tea

Should have gone to Free Credit Report dot com
Could've seen this coming at me like an atom bomb
They monitor your credit and send you e-mail alerts
So that you don't end up selling fish to tourists in t-shirts"

Catchy - and certainly an indication that identity theft protection is headed for the mainstream. But WJNO listeners should beware - you could end up selling fish to tourists anyway.

The problem with consumer credit monitoring services like FreeCreditReport and other online identity protection services is this: the sign-up processes of these services are so easily spied upon that they expose consumers to the very problem they claim to solve - identity theft.

Yes, you read that right - while there is growing awareness of identity theft as a problem, consumers are not yet broadly aware that critical vulnerabilities exist during the account creation processes that have not yet been addressed by any of the major credit monitoring companies - or, for that matter, any of the online banks.

Think about it. During the service application or credit card application process, the maximum possible amount of personal data is exposed to hackers running key-loggers or screen-capture software on your system. Yet at this time, no meaningful legal relationship yet exists between you and the company requesting the data.

Not following my argument? Think about the amount of data you shared the last time you applied for a financial service, such as a credit card or loan, online. Think about the data you shared last year, while submitting your taxes. Did someone tell you up front that they would take responsibility for any data lost by you during the sign-up process?

I didn't think so.

And, chances are, you shared a lot of data during that session - your social security number, your spouse's social security number, your employer, your bank account details, your address - everything on the identity thief's checklist.

There's no doubt that the Citibank ads of last year, and the new FreeCreditReport.com radio commercials are good for consumer awareness. However, these companies need to do more to protect data during the sign-up process - and during the browsing session as well.

Consumers need to speak out as well. Consumers should insist on using services and technologies like the one that we've developed - Authentium SafeCentral, which uses our patent-pending VERO secure session technology.

This kind of technology enables true end-to-end protection for data against key-loggers and screen-capture-based spyware, even if you're just starting out your relationship with a financial service provider.

There is no reason why your provider shouldn't enable this service - we give it to them for free. Alternatively, starting Feb 26th, you can go over to www.authentium.com and sign up for the service yourself.

All of us at Authentium use SafeCentral every day. We wouldn't dream of signing up for a new personal financial management service, credit monitoring service, or bank account, without firing up SafeCentral first.

You should think about making this a habit too.

NASDAQ at 0930

The news overnight from Asian markets, particularly India, and this morning from Europe, meant a lot of people got out of bed early this morning in the US to do what they couldn't do yesterday because of the holiday.

The result was predictable - this from NASDAQ.com:


One of the stories that will come out of today is the story of how much financial information accounts for in terms of total Internet traffic.

The NASDAQ server wasn't the only one groaning the the weight of information requests from the anxious public investor pool this morning - repeated requests to Google servers ended up with half-built pages and missing information.