The digital banking surge predates the pandemic

It may be supposed by some that the global pandemic was the kick-starter of the rise in the number of digital bank accounts. However, that isn’t quite true as Ron Shevlin usefully points out in Forbes. 

In 2019, half of all community banks and credit unions opened less than 5% of their new checking account applications in digital channels. But then these banks only account for 15% of the total current account applications last year.

More significantly, it is what the Americans call ‘megabanks’ (Bank of America, JPMorgan Chase, and Wells Fargo) alongside the digital banks that “accounted for roughly 55% of all checking account applications in 2019, 63% in Q1 2020, and 69% in Q2 2020.”

However, one thing is clear; digital account openings are overtaking in-branch applications. For example, “Nearly two-thirds (64%) of the checking account applications taken during the height of the Coronavirus crisis in Q2 2020 for what consumers considered their primary account were submitted either online or on a mobile device,” Cornerstone Advisors report. That’s a 59% increase over the same period in 2019.

The turning point came earlier though; in the second half of 2019 to be precise. This is the moment when digital applications for primary accounts exceeded branch applications.

It would also appear from Cornerstone’s research that the 35% of Americans with more than one current/checking account, are more likely to turn to digital solutions when applying for a second or third account. Shevlin writes, “In Q2 2020, roughly three-quarters of the applications consumers submitted for their secondary checking was done through digital channels, up from 65% in the first quarter of the year.”

And there is more good news for digital platforms: “a larger percentage of consumers who opened an account in the past three years rated their experience on the mobile channel as “excellent” compared with those who used online or in-branch services.

Banks have for some time clung to the idea that consumers want the ‘human touch’, but Cornerstone’s research indicates that while this is somewhat true, “The rest of the experience isn’t as good as it is in a digital channel.” Furthermore, consumer ratings of the in-branch experience haven’t increased in recent years, and in some cases have fallen.

The megabanks have captured much of the millennial market, largely due to a better digital and mobile experience. This leaves the smaller banks at a disadvantage, although there are opportunities for them to become second account providers. They just need to provide a digital account opening process.

iPhone location tracking is a security risk

There is no such thing as absolute privacy or security for smartphone users. The only way you can have control is by not storing information that you want to keep a secret on your phone.

As Apple CEO Tim Cook said last year, “The people who track on the internet know a lot more about you than if somebody’s looking in your window, a lot more.” It should make us pause to think about how we use our phones.

Apple, according to Zak Doffman, believes it is “privacy protector-in-chief,” and iOS14 is intended to demonstrate its privacy-first approach. Doffman points to the ongoing battle between Apple and Facebook over ad tracking, remarking, “Exploitation of our personal data has become a commodity traded between the world’s largest organisations.”

However, iOS users were surprised when Apple explained its location tracking. It is an invasive feature, and as Doffman says, “a perfect illustration of just because you can, doesn’t mean you should.”

Were you aware that the location tracking builds up a data collection of all the places you have visited, including times, dates, the type of transport you used to get there and how long you stayed at the location.

Jake Moore of ESET commented, “significant locations is one of those features hidden within the privacy section which many users tend not to be familiar with. I cannot think of a positive or useful reason why Apple would include this feature on any of their devices.”

If you check out the data repository on your iPhone, you will likely see that it stores certain places, times and dates, and that is because it is trying to work out if this might be important for a photo memory or a calendar entry. But do you really want this? I agree with Doffman when he says, “I don’t need my phone tracking every single location I visit and deciding which it deems significant to save me a few seconds of effort.”

According to Apple, the device wants to “learn the places that are significant to you.” However, you can breathe a small sigh of relief when you learn that the “data is end-to-end encrypted and cannot be read by Apple.”

What this illustrates is that even though the data is encrypted, you still don’t have absolute control over the security of your iPhone. John Opdenakker, an information security expert, said, “While Apple’s encryption and device-only restriction certainly reduces the security and privacy risks, I personally switched this feature off because it doesn’t offers real benefits and just feels creepy.”  He added, “What worries me from a privacy perspective is that this feature is enabled by default and that the setting is hidden away such that the average user probably doesn’t find it.”

Don’t forget that you can turn off other location-based services on your Apple device, such as ads and alerts. Want to know where to find them all? Just go to “Settings-Privacy-Location Services-System Services-Significant Locations.”

Google spanks naughty app developers

If you have an app on the Google Play Store, and that app provides for in-app purchases, watch out, because the Big G is coming after you.

Currently, under Google’s rules, if you provide in-app purchases, you must use the Google Play Store’s billing services, which basically means that Google keeps around 30% of your revenue.

This is nothing new. It has always been the case. However, a number of developers have decided to ignore this rule and Google is not pleased. So, it plans to reinforce it. Apple is taking similar measures, so the news for developers is not good.

In response, a coalition of app publishers, such as Spotify, Epic Games and Basecamp, “have announced the creation of the “Coalition for App Fairness,” which hopes to more fair arrangements between app stores and publishers,” Johan Moreno reports. The new organization formalises efforts the companies already have underway that focus on either forcing app store providers to change their policies, or ultimately forcing the app stores into regulation. You can find out more on the coalition’s website, where the group details its key issues, including anti-competitive practices, such as the app stores’ 30% commission structure, and the inability to distribute software to billions of Apple devices through any other means but the App Store. The group sees this as an affront to personal freedom.

They just happen to be some of the developers that have been thwarting Google’s fee rule, according to Bloomberg. They have managed to do this, “by mandating that users sign up for services (and pay) through the app’s website, which avoids the need for in-app purchases.”

The problem for Google is Android’s open nature. It allows users to download third-party apps, whereas Apple has a closed app ecosystem. As Moreno says, “on some Android devices, there may be a third-party app store, operating completely without the guidance of Google.”

App developers may continue to circumvent Google by creating and popularising, “a third-party app marketplace that can be loaded onto Android that may provide more fair terms for developers.”

Would you pay a ransom for your cup of joe?

If you’re a gadget-loving person, and you enjoy your coffee, then there is a very good chance that you have a coffee machine. However, I don’t suppose you’ve ever thought it might be a cybersecurity threat.

Davey Winder, a tech journalist, points caffeine addicts in the direction of a new report by security research firm Avasti, which as discovered, “smart coffee machines can not only be hacked but can be hacked with ransomware.”

One of Avasti’s senior researchers, Martin Hron, wrote in a recent blog, “The fresh smell of ransomed coffee”, about how he proved a myth was true when he turned a “coffee maker into a dangerous machine asking for ransom by modifying the maker’s firmware.”

Proving a myth

Hron goes on to say:”I was asked to prove a myth, call it a suspicion, that the threat to IoT devices is not just to access them via a weak router or exposure to the internet, but that an IoT device itself is vulnerable and can be easily owned without owning the network or the router.”

What Hron discovered was that the coffee machine acted as a Wi-Fi access point when switched on. This then established an unencrypted, unsecured connection to a companion app. From that point he was able to explore the machine’s firmware update mechanism, finding that because the updates were unencrypted, no authentication code was required. Hron, behaving as a hacker would, then reverse engineered the firmware stored in the machine’s Android app.

Crypto or coffee?

Perhaps you’ll smile at what Hron tried to do next. He attempted to turn the coffee machine into a cryptocurrency mining machine, something he found would be possible, although also impossibly slow due to the CPU speed. What he did instead, was perhaps more dramatic. Imagine your coffee machine starts making an ear-splitting noise and there is nothing you can do to stop it. Hron created a noise malfunction that could only be stopped by paying a ransom, or pulling the plug on your morning coffee forever.

A noisy attack

He effectively produced a ransomware attack that nobody could ignore. Winder writes, “The trigger for the attack was the command that connects the machine to the network, and the payload some malicious code that “renders the coffee maker unusable and asks for a ransom.”

Hrom also went a bit further. He inserted code that permanently turned on the hotbed and water heater as well as the coffee grinder.

If you have a coffee machine connected to the Internet, you are probably safe, but it’s useful to know that these machines can be attacked. But I do wonder, would you pay the ransom to have your smart coffee machine return to normal breakfast duties, or would you pull the plug and go back to an old skool method of brewing up a cup of joe?