News

Hackers, Installment Loans And Apple Hopes For The Gold

Most Americans can tell you one thing they learned in the last week.

They should have made different choices, trained hard and gone for the Gold in the Olympics.

Whether it was watching Michael Phelps break a 2,000 year-old record or Simone Biles go after 5 golds in gymnastics (3 down, two to go) and set a new world record, or even just doing the mental math and counting the 60 total medal (as of the writing of this article) and 25 gold for TEAM U.S.A., it’s hard not to be just a little bit inspired.

And while medal season is not quite upon us for payments and commerce — stay tuned for Innovation Project 2017 where we give our own medals for the “Best Of” — it was a week worth watching since there were quite a few gold medal efforts.

Hackers unfortunately will be standing on the top of the podium this week with the big Oracle/MICROS breach. Installment loans are moving in on payday loans in the sprint for the finish line to win at the short-term lending game. And Apple gave the world a peek about its next big competitor in what is arguably the world’s biggest race: the (eternal seeming) marathon for smartphone gold.

So how did the competitors in the field look?

Hackers Win Gold

Every event needs a villain — a steroid-using East German (or Russian swimmers in 2016) for instance. In the payments and commerce ecosystem, hackers and data thieves are the reigning champions in the field of being good at being bad.

And this week was a good one for adding notches to their belt since Oracle is a pretty big notch.

According to reports early this week, the Oracle breach spans hundred of systems and was allegedly carried out at the behest of a Russian organized cybercrime group. Krebs on Security reports that the hackers found their way into Oracle by compromising a customer support portal for companies that use Oracle’s MICROS point-of-sale credit card payment system. That “small” sub-portal was home to 330,000 cash registers at hotels, restaurants and retail shops worldwide.

Oops.

Oracle has publicly noted that it “detected and addressed malicious code in certain legacy MICROS systems” and that it is requesting all of its MICROS customers to reset their password for the online support portal.

How many customers in total are effected by the breach remains up in the air, as is exactly how the cybercriminals managed to infiltrate Oracle’s systems as widely as it appears they did.

Oracle first thought the breach was limited to a small amount of computers and servers at the retail unit of Oracle, but soon realized the situation was much more serious after it pushed new security tools to the systems in the networks that were affected.

All in, the hack reached more than 700 systems.

The breach was first discovered by a Krebs on Security reader in late July 2016 and reported to the security blog. Two security experts who were briefed on the breach and the subsequent investigation said Oracle’s MICROS customer support portal was communicating with a server that is widely known to be used by the Carbanak Gang, which is part of a Russian cybercrime syndicate accused of stealing more than $1 billion in computer hacks on banks, retailers and hospitality companies.

And the news just got worse from there. As it turns out, those organized Russian criminals have been busy of late.

In the last month, Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell were all hacked — all by the Carbanak Gang. A similar MO was at work in all cases; the hackers founder a weakness in the point-of-sale system vendors’ servers and then went to work exploiting them.

Exact figures on how many U.S. consumers saw their data go to Russia (with love) remain to be seen.

Installment Loans Coming Up On The Inside 

Regulators do not like payday lending, particularly the large balloon payments that consumers are on the hook for in a relatively short (2-4 week time span). According to the CFPB, such arrangements are designed to keep customers in an unending cycle of renewals, high interest and debt. We have written extensively about the problem of making broad generalizations when the facts don’t support the entire storyline.

That said, and however one feels about that issue — and feelings vary widely — there is another type of short-term lending that is structurally similar in many regards to the payday loan — with one very different feature: they don’t require that ballon payment, installment loans.

Installment loans bear some similarities to their much maligned payday loan cousin. Both tend to be pitched at borrowers with FICO scores that lock them out of more traditional means of credit acquisition like cards or personal bank loans. Both tend to come with big interest payments. And both aren’t for terribly large sums of money (a few hundred bucks for payday loans, a few hundred to a few thousand bucks for installment loans). Both can come with staggeringly high APRs – in many cases in excess of 200 percent of the original loan.

But three main differences separate them.

The first is time. Payday loans tend to require a large balloon payment at the end of the loan term, which is generally a week or two long (since the loans are repaid, in full, on payday as their name implies).

The second is cost. Though some installment loans have the same triple-digit APRs that go with their payday cousins, some have high rates in the 36 percent range. That’s more than even a high interest credit card, but nowhere near the 200 percent or more of its payday lending cousins. Installment loans are also more likely to reward good past behavior among borrowers. Those that pay off loans in a timely manner often enjoy lower interest rates on future loans.

The third big difference is regulatory attitude. The CFPB doesn’t like payday lending, thinks those balloon payments are predatory and is working hard to regulate those loans heavily (some say so heavily they won’t exist anymore).

And many lenders have been switching gears. In 2015, short-term lenders sent out $24.2 billion in installment loans to borrowers with credit scores of 660. That is a 78 percent uptick from 2014, and a triple up on 2012, according to non-bank lending data from Experian.

But where there is interest, there is the CFPB, which is now looking for “potential evolution in these markets” that could harm consumers, said spokesman Sam Gilford.

“We saw the regulatory writing on the wall,” said Ken Rees, Think Finance’s former chief executive who now runs Elevate, a large online installment lender.

How big that wall gets is another question for another day.

The iPhone 7: Hoping To Be Crowned Smartphone Champion 

The Olympics are entering their home stretch, and with it the summer is winding down. Labor Day is just a few short weeks away — and our experience tells us that in psychological time, Christmas happens about 10 minutes after that.

Which means the time to look forward to fall is now, which means back to school, (hopefully) cooler temps and a new iPhone to line up and buy.

But will the people buy it? The marketplace is a good deal less sure of that than they’ve been for releases past.

So what do we know?

According to a Bloomberg, the iPhone is coming to the market on Sept. 7 at a similar but not identical time to the release of the new MacBook Pro.

The buzz has been a bit tepid, with Steve Grasso, director of institutional sales at Stuart Frankel, predicting Apple’s stock is going to underperform “perpetually.”

Grasso pointed to Apple’s reliance on the iPhone as one problem hurting the stock — a point we’ve been making for months.

“Right now, everyone is looking forward to the iPhone 7 … I think it can only disappoint,” Grasso was quoted as saying in the report. He said investors are better off going with Facebook or Amazon if they are looking for growth stocks.

Meanwhile, Craig Johnson, an analyst at Piper Jaffray, confirmed that Apple isn’t a place to invest for those looking to grow their money. Unlike Grasso, he thinks there’s an upside to shares of Apple but said it will be a winner over the long term.

“The stock has been very resilient; it’s found support four times at that $90 level,” Johnson said. “[There’s] more upside to come, but again, this isn’t going to be one of those big long-term winners.”

So the iPhone is coming, but no one thinks it’s going to be the hit the iPhone 6 was, and if Apple can stay the course, it won’t be smashing any world records.

Ouch.

So what did we learn this week?

Russian hackers have apparently been shopping in a lot of POS systems for the last several months – so stay tuned for some breathtaking scores in the “Number of Consumers Compromised Division.” Installment loans, after languishing in payday lending’s shadow for 17 years, are getting their moment in the sun — and we’re sure they’ll love their sports regulatory body, the CFPB, once they get to know them. And Apple is sending a new competitor to the field, and it’s not a good sign when even the bulls are prepping to be let down.

——————————

LATEST PYMNTS REPORT: MARCH 2020 B2B API TRACKER  

B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.

Click to comment

TRENDING RIGHT NOW