Data Dive

Surprise Outcomes Edition: Cybercrime, Student Loans And CAN Capital

On this day 83 years ago, the United States government pulled the plug on one of the great failures of social engineering in American history — prohibition. The 13-year effort to curb alcohol consumption with a universal ban was pretty much a bust. The experts estimate that the United States government spent millions trying to enforce it and deprived the states of billions in tax revenue — all without managing to make any significant change in American alcohol consumption.

Americans, by-and-large, drank the same amount during prohibition as they did before and after — the main difference was that they paid more and bought it from the Mafia, which itself was largely an outgrowth of prohibition. Al Capone got his start running rum. Watch Boardwalk Empire if you want to get a sense of how this all goes down.

Which leads us to this week’s data dive — because when you raise a glass at 5:23 EST (the official time Utah ratified the 19th Amendment and created the necessary three-quarters majority, thus putting alcohol back on the menu) because you can, also remember to toast unintended consequences, and the fact that even the best-intentioned ideas can go awfully awry.

And perhaps give a shout-out to those last week who all saw their best laid plans go just a little bit pear shaped.

Hack A Municipal Transit System — Get Hacked Back

Public transport riders in San Francisco got something of an early Christmas present last week – courtesy of a cybercriminal getting some coal in his stocking.

San Francisco’s Muni public transit system was reportedly hit by a ransomware attack last weekend (Nov. 26). According to the San Francisco Examiner, the computer screens of Muni agents displayed the message, “You Hacked, ALL Data Encrypted” beginning Friday night. The attacker demanded 100 bitcoin (approximately $73,000) in ransom and displayed in the message to contact for the decryption key.

The SFMTA decided that they’d rather not pay the ransomer — so instead, everyone riding last weekend during the busy shopping rush got to take a free ride. The system was back up and running again normally the following day. While the cyberattack impacted Muni’s email and internal computer system, it did not impact the agency’s ability to run the city’s bus, light rail and street car systems.

But hacking a municipal transport system, as it turns out, has some unexpected consequences — like drawing attention to oneself. Brian Krebs of Krebs on Security reported that the hacker believed to be behind the attack on the SFMTA was himself hacked over the weekend by an anonymous security researcher. Said researcher got interested after seeing a news article on the SFMTA hack.

After finding the extortionist’s email account and guessing the secret question, the anonymous white hat hacker was able to reset the email password and retrieve a whole host of documentation of other recent scams.

Copies of messages in the inbox shared with Krebs on Security revealed that the criminal has used more than a dozen different bitcoin wallets since August to extort at least $140,000 in bitcoin from victim organizations.

“It appears our attacker has been using a number of tools which enabled the scanning of large portions of the internet and several specific targets for vulnerabilities,” Alex Holden, chief information security officer at Hold Security, told Krebs on Security. “The most common vulnerability used ‘weblogic unserialize exploit’ and especially targeted Oracle Corp. server products, including Primavera project portfolio management software.”

While it’s disappointing that the cybercriminal has been successful in extorting so much, it is heartening to know that sometimes doing a bad thing nets one no payout (since San Francisco didn’t want to play along) and a host of bad consequences for their trouble.

Less heartening; when good intentions net unfortunate — and expensive results.

Speaking of which…

Try To Help Student Loan Borrowers — End Up Paying A Few Extra Billion

Some good news for student loan borrowers has turned out to be a bit more expensive than expected for the federal government. According a report to be released by the Government Accountability Office (GAO), the U.S. federal government is on track to provide $108 billion or more in debt forgiveness for student loans during the next few years.

Those refunds come care of President Obama’s plan to help struggling student loan borrowers — and they have a price tag attached that is more expensive than previously thought.

A lot more expensive: according to the GAO, the Education Department’s accounting methods were way off and understated the costs of its debt relief programs by tens of billions of dollars.

The big expense uptick came from an increase in enrollment in income-driven repayment plans that reduce the amount borrowers have to pay back each month based on their income and forgive any debt left unpaid somewhere between the 10–20 year mark. Enrollment in those plans has more than tripled in the last three years and now accounts for 24 percent of federal student loans. All told, the packet of loans is worth $355 billion.

The GAO estimates that of that amount, over one third — around $137 billion — will never be paid back. Of that amount, $108 billion will forgiven by the government when the borrowers meet their end of the deal.

The paper noted the $108 billion only covers loans made through the current school year. The other $29 billion will be discharged because of disability or death, according to the GAO report.

The GAO report noted the big gap between estimated and real cost comes because the Education Department failed to account for inflation when figuring out the future earnings of borrowers, or the potential for increases in the number of borrowers enrolling in an income-driven repayment plan.

“Due to growing IDR-plan popularity, improving [the Education Department’s] estimation approach is especially important,” the report says, according to WSJ. “Until that happens, IDR-plan budget estimates will remain in question, and Congress’ ability to make informed decisions may be affected.”

So, good news for borrowers — unexpectedly expensive news for taxpayers.

But the world is full of unexpected costs — just ask the team at CAN Capital.

Try To Branch Out — End Up Doing Some Executive Pruning

CAN Capital, the small business online lender, has announced that its CEO is on a leave of absence.

Dan DeMeo has been put on a leave of absence, and Parris Sanz, CAN’s chief legal officer, will be filling in the role in the interim CEO. Ritesh Gupta, previously the chief customer operations officer, was promoted to chief operating officer.

The overhaul of the management ranks was prompted by an attempted expansion into a product that didn’t quite go according to plan. Starting in 2010, CAN Capital began offering term loans that required borrowers to make payments daily, irrespective of whether they made sales that day. The collection mechanism used for daily payments didn’t perform properly and didn’t take enough.

“As the board and our leadership team conducted our business reviews and looked at how we can best position the firm for future growth, we self-identified that some assets were not performing as expected and that there was a need for process improvements in collections,” the company said in a statement to American Banker.

CAN also said in its statement to the Financial times that its business has “grown and evolved faster” than some of its “internal processes.”

The shakeup at the online lender comes just a few months after it announced a big milestone: providing small businesses with access to more than $6 billion of working capital. The company said at the time it helped over 70,000 small business owners open new locations, purchase inventory, buy equipment and a myriad of other endeavors with the funding it facilitated.

CAN will reportedly also be laying off on lending — at least until the end of the year, for now focusing on servicing existing customers. The platform expects to resume growth in originations next year.

So what did we learn this week?

Things don’t ever quite go according to plan — whether one is trying to do the right thing, like give student borrowers a break — or the wrong thing, like hold the San Francisco transportation system hostage for bitcoin.

The important thing is to keep your eyes open for all the consequences — intended and not.

See you next week.


New PYMNTS Study: Subscription Commerce Conversion Index – July 2020 

Staying home 24/7 has consumers turning to subscription services for both entertainment and their day-to-day needs. While that’s a great opportunity for providers, it also presents a challenge — 27.4 million consumers are looking to cancel their subscriptions because of friction and cost concerns. In the latest Subscription Commerce Conversion Index, PYMNTS reveals the five key features that can help companies keep subscribers loyal despite today’s challenging economic times.

Click to comment