Data Dive Christmas Carol Edition: Bills, Bitcoin And Banks

Everyone knows the Charles Dickens classic, “A Christmas Carol.” Scrooge the miser is visited by the three Ghosts of Christmas – Past, Present and Future – to divert him from his miserable, stingy ways and introduce him to the true meaning of Christmas.

Fun fact: Dickens wrote “A Christmas Carol” more or less in a single sitting, because he was very overextended financially and concerned about being sent to debtors’ prison like his father before him. “A Christmas Carol,” however, was such a massive hit that it put him back in the black (for a while) in a single stroke.

And while no supernatural apparitions were seen wandering in the payments and commerce ecosystem last week, there was something of “A Christmas Carol” vibe in the air, as we saw the ecosystem visited by its own ghosts of past, present and future in the form of a new bill in the Senate, a bitcoin crash and banks preparing for apocalyptic hacks.

So, what visions did the spirits have in store?

The Ghost Of Hackings Past

Hiding a hack can have serious consequences for consumers, banks and businesses, which is why it is illegal to do so in 48 states and The District of Columbia. But what has to be disclosed – as well as when and to whom – varies across jurisdictions, as do the level and aggressiveness of enforcement.

But that could change if the Senate can pass the Data Security and Breach Notification Act, which would require companies to report data breaches within 30 days. If an individual knowingly conceals a data breach, he or she could face up to five years in prison. The law was introduced by Florida Senator Bill Nelson, and co-sponsored by Senator Richard Blumenthal of Connecticut and Wisconsin Senator Tammy Baldwin.

“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Nelson noted in a statement with the bill’s release.

The move comes just weeks after the revelation that ride-sharing service Uber hid a breach that compromised the data from 57 million of its customers, and that they paid hackers to destroy the stolen information. It also follows the news that credit monitoring firm Equifax hid a massive breach of consumer data for nearly 45 days. During that time period, the sale of the Social Security numbers, birthdates, credit accounts and other personal data of nearly 150 million American adults were going to the highest bidders on the dark web.

The new legislation would direct the FTC to establish security protocols for businesses to follow as part of an effort to better protect customer data. The bill will also include incentives (to be determined) for businesses to use technologies to encrypt their data and make it large unusable in the event of an attack.

According to co-sponsor Blumenthal, the newly introduced bill is designed to work in tandem with the Data Broker Accountability and Transparency Act, which he introduced earlier this year. That bill would require data brokers to create privacy and security measures for notifying the public after a breach.

As for whether the bill will pass, its future is uncertain at best. The Senate considered similar legislation in the aftermath of the Target breach, but it ultimately didn’t go anywhere. Additionally, the fact that this bill is being introduced by three Democrats could be problematic in a Republican-controlled Senate. We’ll see if preventing the hiding of hackings has bi-partisan appeal.

Either way, consumers are rather tired of being breached – and are particularly concerned that they could be haunted by the ghosts of data breaches past, especially if they didn’t know their data had been breached in the first place. Now, there may be more legislative attitude to put firmer rules in place to guarantee that executives who don’t report breaches of the past in the immediate present will face jail time in their future.

Bitcoin And The Ghost Of Crashes Present

What goes up, must come down – aside from the characters in the musical Wicked, nothing can defy gravity for all that long.

And for the last few days, gravity has been catching up with bitcoin.

After hitting $10,000 a little over a week ago, bitcoin rapidly shot up through $12,000, to $15,000 and eventually made it above $19,000 on some exchanges. Though it seemed it might actually hit and cross the $20K milestone, it wasn’t to be – the cryptocurrency retreated to around $18,000 by end of day on Friday (Dec. 8). Twenty-four hours later, the price of bitcoin dropped by 9 percent to roughly $13,000.

Although bitcoin was the most watched, it wasn’t the only digital currency to fall. According to CoinMarketCap, all but one of the top 50 cryptocurrency assets by market capitalization fell over the weekend, for an average loss of around 8 percent in a day.

As of the writing of this article (Dec. 10), bitcoin’s price had shown some gain, and is currently north of $15,000 – but what’s next for pricing is up in the air, as bitcoin futures have officially gone live care of the Chicago-based exchange group, Cboe Global Markets. And Cboe is just the first – CME Group will launch its market later in December, and NASDAQ is preparing for a launch in the second half of 2018.

The potential effect of the introduction of future markets – and the ability to short (bet against the price of) bitcoin – is a jump ball. Boosters believe it will add legitimacy to the market and smooth out volatility. Others think it will just add to the volatility – and very possibly bring about a crash that will make this weekend’s bitcoin drop look fairly tame by comparison.

Meanwhile, the big banks, such as JPMorgan and Bank of America, have said they’ll sit on the sidelines and not settle trades from these future exchanges.

Preparing For The Apocalyptic Ghosts Of Hacking Future

Given the nearly endless proliferation of data breaches and attacks over the last several years, U.S. banks believe they know what the ghost of cybercrime future looks like, and that it just might resemble a successful apocalyptic hacking attack that completely shuts down their computer systems.

And so, they are preparing, together, to head off a run on the bank by panicked citizens.

The project, called Sheltered Harbor, includes banks and credit unions that hold between them about 400 million U.S. accounts. Membership requires each partner bank to offer up its data so it can be used by other firms in the event that their computers are totally crippled by a cyberattack.

The concern among bankers isn’t that hackers will merely abscond with funds – another possibility is that they will simply hold funds hostage by finding ways to lock out the custodial banks. Hackers could also threaten to destroy data.

“So far, most people think about cybercrime in terms of having a credit card stolen,” said Stuart Madnick, a professor of information technologies at the MIT Sloan School of Management. “What you’re talking about now is a nuclear attack: if you can’t get to the ATM and get it to work.”

Consumers suddenly unable to use funds are not happy or calm consumers – and while the Fed and FDIC are prepared to reassure consumers in the event of a bank failure, the system was designed to work with banks that fail over solvency or liquidity issues, not for banks that are failing because they’ve been temporarily locked out of their data by cybercriminals.

“This level of vulnerability to cyberattack didn’t exist in 2008,” said Paul Bracken, a professor at the Yale School of Management, who has been developing war-game scenarios with banks since the 1990s. “The question is how you handle … new ports to enter the system.”

So, what did we learn from the payments and commerce Christmas Carol last week? The true meaning of Christmas? Well, no. But we did learn that the ghosts of past security failures don’t just disappear, and it may soon be illegal to try to make them do so. We learned that bubbles aren’t just for 18th-century Dutch tulip enthusiasts, and that crypto is likely facing a rather volatile Christmas. And we learned that banks are heeding the warnings from the ghosts of cybercrime’s future, and working now to change that future while they still have time.

In the words of Tiny Tim, God bless us, everyone.

Have a good week.