Chipotle Hacked, Wells Re-org’ed And Canada Just Says No To The Blockchain

With the comings and goings of Memorial Day, the time has come to kick back, relax and try not to work too hard or move around too much until the weather cools off some.

That is, unless you’re in payments — where the concept of slowing down and kicking back is not on many people’s agendas.

Last week we saw hackers prove there’s no such thing as vacation when there’s consumer data to steal, Wells Fargo continued its great rebuilding with a round of executive reorganization and Canadians said “no thank you” to the blockchain — but very politely, as is their custom.

Here’s the rundown.

Chipotle Hacked

While being hacked is not all that new, and never anything that anyone wants to deal with, as Chipotle already knows, it could worse. Hacks are inconvenient and expensive, but do have the merit of not actually making anyone violently ill. The same could not be said for a run of food safety lapses that left hundreds of Chipotle customers sickened by the salmonella, norovirus and E. coli exposure in 2015 that also took a massive bite out of Chipotle’s revenue for much of the 10 months that followed.

The hacking reveal had a less profound effect on investor confidence — shares ended only marginally lower after the announcement was made on Friday than where they began the day.

The malware that was the culprit lifted customer account numbers and internal verification codes from magnetic stripes on payment cards. The data could then be used to do lots of damage, including shopping online and making “clone” cards to use other places.

As of yet, no customers have reported being affected by the breach — and Chipotle does not know how many customers or cards were hit.

Chipotle also noted it does not have a direct way to tell potentially affected customers that their cards may have been compromised, because it doesn’t collect names or mailing addresses at the point of sale. It has done its best to circulate the information on its website and through social media channels.

As for known information about the breach so far, according to reports, it occurred between March 24 and April 18, 2017, and may have also affected some locations in Canada.

As of now, the malware has since been removed, and Chipotle will likely face fines from card companies for failing to protect its customers’ sensitive data sufficiently. Chipotle will be liable for any fraud that results.

Wells Fargo’s New Executive Groove

Something about being hit with the largest fine in CFPB history for a massive fraud carried out over several years involving millions of customer accounts is the kind of thing that really gets a firm thinking about change.

And in that light, it is not surprising that the news out of Wells Fargo this week is that they are re-shuffling the executive deck after a huge scandal last year left the bank playing 52-card pickup.

Under the watch of the former head of the retail business, Carrie Tolstedt, employees created as many as 2.1 million fake accounts in customers’ names to meet aggressive sales goals.

Mary Mack has officially replaced Tolstedt as head of the retail business, and Well Fargo is now reassigning four executives to report directly to Mack. Bob Chlebowski has been named branch distribution executive; Laurey Cosentino will lead the customer and branch experience team; Celeste Finley will lead the regional services group and Jonathan Velline has been named head of business strategy and administration.

“These leadership changes are responsive to our priorities of rebuilding trust with team members and customers … so that we can learn from the past,” Mack said in a May 24 memo.

The memo also revealed that the bank had reduced its number of western U.S. sub-regions from eight to five — a reorganization that has forced two executives to “seek new opportunities.” The memo said they will look first within the company for those new opportunities.

The new re-org comes on the back of staffing changes earlier this year that saw four mid-level executives fired and stripped of their bonuses for their involvement with the account creations scandal. Former chairman and CEO John Stumpf and another executive removed themselves, forfeiting tens of millions in compensation.

Wells Fargo is the third largest U.S. bank by deposits but has found itself trying to keep hold of its customer base as the scandal unfolded. Wells recently reported its fifth straight decline in quarterly earnings in January, while other major U.S. banks posted gains.

Canada Takes a Pass on the Blockchain

The Bank of Canada recently took a hard look at whether the blockchain has the potential to play a role in the nation’s interbank system and ultimately decided against the technology.

Reports out at the end of last week indicate that the central bank has determined that there are “too many hurdles” that must be overcome for blockchain to be integrated effectively into the nation’s interbank payment system — at least for now. That opinion comes care of an newspaper article written by Senior Deputy Governor Carolyn Wilkins, as well as Payments Canada’s Gerry Gaetz.

The Bank of Canada, Payments Canada, top banks in the nation and blockchain consortium R3 all joined together about a year ago to explore the use of distributed ledger technology.

Among identified problems with the blockchain were incompatibility between blockchain and the need for privacy around some wholesale payments, as well as scalability.

“The bottom line is that a standalone DLT [distributed ledger] wholesale system is unlikely to match the efficiency and net benefits of a centralized system,” Wilkins and Gaetz wrote. “In fact, at its heart, there exists a fundamental inconsistency or tension between a centralized wholesale interbank payment system, as we have now, and the decentralization inherent in DLT.”

The blockchain is not dead in Canada, it should be noted — just on hold. Officials agree that “one day,” perhaps, the technology could see a place in the interbank system.

“Our experiment, done in two phases, demonstrated that it’s indeed possible to settle wholesale payments on a distributed ledger,” they stated. “Our work also found that such a system could meet some, but not all, of the core international principles for financial market infrastructure.”

Reducing reconciliation costs — regulators have noted — might be one area where blockchain technology might in the future be applicable.

So what did we learn this week? A change can do you good — whether it be to POS systems that are harder for criminals to exploit, or in leadership when the last leadership team managed to convince the nation that they couldn’t be trusted in the way they once thought they could.

Unless of course that change is the blockchain — and if you are a Canadian bank, perhaps it might be better to wait a bit before making too much of it.