${log.root}/lowem.log
Inflation, Investing and Everything

All | Energy | Java | Tech | Musings | Env | Biz

Main | Next page »

Monday January 16, 2012

On the DBS/POSB ATM card fraud case in Singapore

So I've been writing in to a Minister once again. Probably not the first or last person to bring up these simple facts to Tharman Shanmugaratnam, Minister for Finance of Singapore, but I thought I would contribute my two cents (ha, ha). Here it goes :

...
Delivered-To: ...
Subject: Improving security for ATM/NETS cards
From: Low Ee Mien [...]
To: tharman_s@mof.gov.sg

Dear Minister for Finance,

I am writing in my personal capacity regarding the recent DBS/POSB ATM fraud case. As we have seen, the two-factor authentication mechanism of ATM/NETS cards has been defeated. The perpetrators have managed to successfully obtain both factors of authentication : something you have (ATM card details via the card skimming device), and something you know (ATM PIN via a strategically-located pinhole camera).

It has been proven time and again that the magnetic stripe data such as those being used in the ATM and NETS cards in Singapore is quite easily copied. This magnetic stripe technology was invented over 50 years ago and is able to contain at most a few bytes of information, and has no processing capability of any sort, nor any form of cryptographic technology to resist cloning or tampering. In short, this is a completely outdated technolgy that the whole of our nation is using for our daily financial transactions, at thousands of retail establishments, ATM's, top-up kiosks, and so on.

Something needs to be done about this glaring security vulnerability.

As you can see from the link below, Malaysia's Maybank is already ahead of Singapore in this respect :
http://www.maybank2u.com.my/mbb_info/m2u/public/personalDetail04.do...

The Maybank ATM card includes an embedded smartcard chip, which as their website states, offers "Increased security, as the smart chip is tamper-resistant and the data stored is harder to extract and copy". This is the key point : smartcard technology, well established by now, mitigates many of the shortcomings of magnetic stripes. It is much harder to simply clone compared to magnetic stripes and requires sophisticated and intrusive physical attacks to get to the private key data contained in the smartcard chip. The technology currently required to carry out such attacks does not fit in a simple card skimmer that can be installed in an ATM card slot. Other security measures such as revocation of the certificates of any particular set of smartcards can be carried out on demand. In addition, manufacturers have already included a number of on-board security measures in smartcard processor chips to resist cloning and tampering.

Hence, in the interest of increased security for banking customers, I would like to suggest that MAS work towards regulations requiring all banks issuing ATM and NETS cards to include embedded smartcard technology such as the EMV technology being used by VISA and other credit card issuers.

As an additional security measure, I would also like to suggest industry-wide regulation to eventually disallow transaction fallback to magnetic strip reading, thus removing one of the main factors contributing to ATM card fraud. The ultimate goal is for ATM/NETS cards to be issued *without* any form of magnetic stripes whatsoever, and ATM's as well as POS terminals to be updated to smartcard-acceptance only, thus finally retiring this outdated 50-year old magnetic stripe technology.

Thank you for your attention.

Low Ee Mien (Mr)

- Sure, smartcards are not impossible to defeat, but they are much harder than the increasingly laughable magnetic stripes, with card skimmers being more readily available nowadays, even apparently custom fitted to closely resemble the "anti-intrusion" devices installed over the ATM card slots. Some have said that 3D printers have now been used to create the exact shapes of these "anti-skimming" devices, or Fraudulent Device Inhibitor (FDI), in an ironic application of cutting-edge technology being used to defeat a simple physical device that was meant to guard against just such occurrences of card skimmers being installed.

The measures announced by the bank are well and fine, such as blocking foreign ATM withdrawals for folks who have not used them overseas, sending out SMS messages and so on, but all these reek of reactionary and stop-gap measures.

I don't quite agree with the DBS CEO's claim that replacing the magstripes with smartcard chips has its own set of problems, such as : "The problem with that is it's a huge inconvenience to customers. When you go to the US, they don't accept chip cards". My man, the world is moving away from this outdated magstripe technology, I am frankly surprised and amazed simply that Singapore has not gone along and our neighbour Malaysia has. Fact is, we are actually behind Maybank Malaysia in this area and there's quite a bit of catching up to do.

(2012-01-16 11:41:39 SGT) [Musings] Permalink

Wednesday December 14, 2011

Hello Android!

Hello World Android! Took me long enough to get going, but here's my first honest-to-goodness Android app, running in the AVD emulator :

And here it is running on my Samsung Galaxy S2 :

Setting up the development environment was simple enough, follow Google's instructions, get the latest Eclipse (yes, I admit I've been a little out of touch lately), get the Android SDK, download the necessary files, libraries and the Android emulator and off I went.

The emulator did take all of 5 minutes or perhaps a bit more than that to boot up on my Acer laptop which up until now had yet to show its age, being perfectly useful for browsing and Microsoft Office and even the occasional VMWare. But now a 2.x GHz 8GB RAM replacement number looks mighty enticing. Running it on the actual device was also simple enough : look for the hello-android.apk in the bin folder, Gmail it to myself, install (application side-loading on the Galaxy S2 was enabled *out of the box*), take screenshot, Gmail screenshot back to myself, and voila.

So goes the saying : "You have taken your first step into a larger world." Or something along these lines.

(2011-12-14 00:27:58 SGT) [Java] Permalink

Monday October 03, 2011

Shell may shut its largest refinery at Pulau Bukom, Singapore at least a month following fire

channelnewsasia.com, foxbusiness.com :

Shell's fire-hit Pulau Bukom oil refinery may remain shut for at least a month. Shell is tight-lipped about how much money is going up in smoke due to the incident at its biggest refinery. But some analysts said disrupted production would affect regional supplies of Shell's products in the short term. Shell's declaration on Sun 2 Oct 2011 of force majeure on the supply of oil products to some customers following a fire at its 500,000-barrel-a-day Singapore refinery has done little to provide answers on how long refining operations will remain disrupted.

While petroleum markets have already priced in a short-term supply disruption, with gasoline, middle distillates and fuel oil all up $2-3 per barrel against crude oil prices since the fire, the declaration has exacerbated supply worries. Shell has not provided a forecast on when repairs to the refinery - the company's largest - will be complete, although it has said refining units at the Pulau Bukom complex were not damaged by the blaze which started in a pumping station near storage tanks and burned from Wednesday to Friday. The fire may have already dented demand for Middle East crude oil. A Singapore trader said Shell may have cancelled 4 million barrels of Oct 2011 crude from Saudi Arabia. It remains difficult to assess the full impact of Shell's supply disruption. Shell said it has started an investigation over the cause of the fire, and won't restart the refinery until safety is ensured, despite damage being limited to a small area.

- Though this has been one of the biggest stories out of Singapore for the past week or so, there are still many questions that are as yet unanswered, the exact cause of the fire only being one of them. The other issues include the possibility of tightness downstream through the supply chain, in particular gasoline (or petrol as we call it here in Singapore), as well as diesel. Another quite valid question is of course something that people might ask me, such as "should I go and top off my fuel tank right away, reduce my driving and in general prepare for an all-out calamity?"

Let's try to estimate this using best guesses. The Shell Bukom refinery operates at 500,000 barrels per day, which is 500kbpd, or 0.5mbpd as the industry as well as we peakoilers usually refer to it. Reportedly, 90% of that is exported, which means that 10% or 50kbpd is for local consumption. Assuming that half of it is utilized for gasoline and diesel production, that works out to 25 kbpd worth, or close to 4 million liters per day. Assuming that each vehicle has a fuel tank of 50 liters, we come to an impact estimate on 79,500 vehicles per day. The total vehicle population in Singapore is 952,221 vehicles (as at Jul 2011 according to the Singapore Department of Statistics), hence the impact will be felt on about 8.3% of the Singapore vehicle population, which roughly speaking, would be 1 out of every 12 vehicles.

As you can see, this is not an insignificant impact though it shouldn't be calamitous. Given the storage buffers throughout the supply chain, we might not expect to see an immediate impact right away. From past observations of petrol price movements, we might expect changes if any to hit within 1 to 2 weeks' time. This isn't much of a forecast, but we might expect petrol and diesel prices to move upward in this timeframe. As they say, pricing happens at the margins, and this is quite a margin.

Of course, many things might happen in a dynamic market. For all we know, it might all come down to who's bidding and who's winning. Singapore may export less distillates as a whole, with price increases passed on to local motorists, and the rest of the impact spread out among the wider Asian region. The extreme opposite could also be true, if the locals balk at increased prices, and so on. At the point of writing, nobody knows for sure. We should have a much clearer picture soon, within 2 weeks at most.

(2011-10-03 21:31:47 SGT) [Energy] Permalink

Thursday September 08, 2011

Swiss unlimited forex intervention plan opens new round in currency wars

bloomberg.com :

Switzerland opened a new round in the global currency war on 6 Sep 2011 as the Swiss National Bank's decision to cap the Swiss franc for the first time since 1978 marked a bid to protect trade hurt by record currency strength against the euro and dollar. The Swiss central bank said it is "prepared to buy foreign currency in unlimited quantities" to keep the euro above 1.20 francs. The franc plunged a record 8.1% against the euro on the SNB's unilateral move, putting it head-to-head with the $4 trillion-a-day forex market that drove the franc up more than 16% against 9 major peers in the past year.

The move may help stabilize markets by forcing investors to return to riskier assets, said Jim O'Neill, chairman of Goldman Sachs in London. The initiative may leave Norway and Sweden vulnerable to gains in their currencies as countries such as Brazil and Japan fight to limit appreciation amid a flight from the euro debt crisis and near-zero US interest rates. Led by China, all of Asia's 10 biggest economies last year sought to influence their own exchange rates to aid exporters as the dollar fell. HSBC recommended Norway's currency as an alternative after the SNB's action. The krone has strengthened 4.5% against its 9 major peers over the past year.

- This was one big announcement by the Swiss. At one stroke, EUR/CHF jumped from approximately $1.10 to $1.20 and stayed there. That's a gap up of around 10 cents, or in forex trading terms, 1000 pips. In the world of leveraged foreign currency trading, in large enough amounts, profits can be made trading in as little as 1-2 pips, while very good money can be made (or lost) in 10-20 pips. Hence 1000 pips is analogous to a Richter-scale 10.0 earthquake.

So the Swiss have gone nuclear on their own currency. While the exact timing of the announcement might have been a surprise, there had been hints along the way in recent weeks as the Swiss authorities had been openly discussing possible pegs to the euro and such. Investors may wish to take note that when the Japanese kicked off the current phase of the currency wars back in Sep 2010, gold prices had gone up nearly 60% from the $1200 region to over $1900 in the past year. This next round in the currency wars could eventually take prices of gold, commodities and other related assets into literally unchartered territory. Do not expect immediate jumps across asset classes though - we shall see how this plays out over time.

Inflation, Investing and Everything

Days like what we've been having recently remind me of why I started this blog in the first place. Looking back at the historical gold prices, in 2004 when I got seriously concerned and started blogging about inflation, gold prices were around the $400 level then.

And now, this week, gold prices have hit record highs above $1600 per troy ounce. That is a 4x increase from the $400 level. It equally reflects the rise in precious metals as it does the corresponding fall in the US dollar, the currency it is benchmarked against. It is a barometer that tells us that all is not right with our financial world. It tells us that, compared to a steady, unchanging store of value with a history of over 6,000 years, the so-called money we have in our wallets and in our bank accounts is decaying steadily. Plus, like most people I know, I don't think I have received a raise of 4 times my monthly salary in my day job in the past few years. If you have, good for you.

On the flip side of all this, with gold prices above $1600, silver prices above $40, and just as well oil prices again flirting with the $100 level, I am once again reminded of the central theme behind what I have been trying to communicate to you, the readers, of what has been coming down the road, and what is yet to come. Inflation. Inflation like nothing most of us have ever seen before.

Since 2004, I have been talking, and blogging, about the coming inflation, how what had seemed to be an unlikely but ultimately potent combination of the fiat money system, debt creation, resource depletion, peak oil, population growth, and climate change would combine to create an inflation monster that would bear down on us all. I tried to convey some measures of what we would need to do to combat inflation in our own manner. From investing in commodities ranging anywhere from gold and silver to oil and uranium, to food and water. From the base metals of iron and copper to the rare earth metals of lanthanum and neodymium and 15 other elements I'm not quite sure I know how to spell. On matters of asset allocation and how we should sub-divide our portfolios. On trying, or not trying to time the markets.

Yes, here we are. It would be prudent, now, I think, to prepare for the coming global hyperinflation. That is if the systems, and the structures that are currently in place continue to run as they have. And all indications point to the same conclusion. We still have not seen anything yet.

Inflation, Investing and Everything. Indeed.

(2011-07-23 01:04:28 SGT) [Musings] Permalink

Tuesday July 12, 2011

Cisco said to be cutting as many as 10000 jobs in upcoming mass layoff

zerohedge.com -> bloomberg.com :

Cisco Systems, the largest networking-equipment company, may cut as many as 10,000 jobs, or about 14% of its workforce, according to two people familiar with the plans. The cuts include as many as 7,000 jobs that would be eliminated by the end of Aug 2011, said the people, who asked not to be identified because the plans aren't final. Cisco CEO John Chambers is slashing jobs and exiting less-profitable businesses as competitors such as Juniper Networks and HP take market share in Cisco's main businesses with lower-priced, simpler products.

Cisco said in May 2011 that it shuttered the Flip video-camera unit and cut 550 jobs. The company may eliminate more positions in the consumer-product unit, which makes Linksys home-networking equipment. Sales of Cisco's switches and routers, which made up more than half of revenue last year, will continue to slip, said Brian Marshall, an analyst at Gleacher & Co. Cisco stock had dropped 24% so far in 2011, while the S&P500 index had risen 4.9%.

- It would be quite a waste to see anything happen to the Linksys division, which used to be a standalone company in its own right until Cisco acquired them. So far all the home routers I have used have been Linksys products, from the wired BEF-SR41 to the Linux-based WRT54GL and now the Cisco Linksys E3000 wireless router, and they have all been reliable and served well over the years.

On the enterprise front, however, what I have heard from colleagues back at the office have not been as favorable in recent times, with some of them talking about the high cost and complexity especially of the newer Cisco switches and routers. In addition, as Cisco tried to integrate security features such as firewalls and intrusion detection systems into their products, I have actually been advised to specify other models from say Juniper instead, as their combo appliances are supposed to be actually cheaper and better. With the increasing level of maturity in this technology sector, the next frontier is inevitably pricing and this is where we might be looking directly at the impact of that.