Know Your Enemy... Paradigm Shwift...

FazzyFocus

FazzyFocus

Experienced procrastinator with a permanent and gluttonous hunger for knowledge. Did you know the worlds smallest lizard is only 1.2 inches long and lives off the northern coast of Madagascar?

Read More

I had planned to wait a little while before writing this article, the idea for it has been simmering for some time and whilst I have some of the research pulled together, I know there is more to be found. Also, Its currently 5:20am, I am on site for a project I am delivering in Abu Dhabi having slept around eight hours in the last four days...So you may have to forgive me if this string of paragraphs is perhaps somewhat incoherent.

Have you noticed recently the cryptosphere seems to be angry? There are constant snipes from one coin community to the next, some valid, some not. Some backed with fact, others based in vitriol. It got me to thinking... Many in the space are looking at cryptocurrencies incorrectly.

Some time ago, I was told a story about a management consultant who Sony bought on to aid their strategy and direction in the days of the Walkman (If you don't know what a Walkman is, go ask your parents... and yes, I really am that bloody old...)

In the mid to late nineties, Sony were the number one player in the consumer electronics space. Televisions, compact disc players, Walkmans, portable Boomboxes and more sold in the hundreds of millions. Other electronics brands could only try and hope to emulate Sony and try to steal some of their market share. The internet was in its infancy at this time, however the information highway revolution was well and truly underway. This young consultant was invited to a board meeting whereupon he posed a question to the board of directors:

Who do you believe your competitors are?

Old and experienced, most of the gentleman around the table (for they were all men and we are referring to a time when women on the board of directors were not just rare, they were unicorns) all answered with the obvious brands such as Phillips, Toshiba, Bush and Aiwa etc. He told them all "You are wrong". The young upstart then proceeded to instruct these experienced gentleman at Sony they should consider the likes of Microsoft, Apple, IBM and other pioneering tech companies of the time their competitors. I have no idea whether this story is true or not, but it makes sense in the context of my forthcoming opinion.

Today, the above might sound obvious regarding the apparent blurring of lines between hardware, software and the companies who make those sorts of products, but at the time that kind of direction was fairly revolutionary. I am sure some of you are also asking “Who the hell are Bush and Aiwa??” Aside from the fact they also produced consumer electronics, it no longer matters who they are because they failed to recognise what Sony did: where the evolution of their industry and competition was taking them. This lesson is why I believe many crypto investors need to re-address their investment approach.

How many times have you come across an article comparing the likes of Tron to XRP? Or an article which compares Bitcoin to Ethereum? News sites are full of analysis on trading on a day to day basis and that is fine if you are day trading, but when we fall into the school playground trap of “But MY coin is better than YOUR coin” particularly with regards to long term investment, its very easy to start down a slippery slope of missing the big picture. This brings us to the first point of today's write up...

Compare what is relevant and know the competition before you invest.

Want to invest in TRX? Its almost pointless comparing it to XRP. Compare it to other entertainment platforms as that is who Tron are squarely aiming at. Netflix, Amazon Prime, Hulu in the western world, Tencent and Netease in Asia Pacific (particularly China), that is where you should be focusing your efforts and research.

Want to drop a few thousand in Bitcoin? Find out which stores of value are performing best and have done for the last decade. Gold may be the obvious comparison when the media refers to something as digital gold but a safe high performance stock with a high leverage and low interest over time might offer similar results.

Ethereum? Perhaps there is an exception here as it is a crypto on which other cryptos are built so EOS may we well be a valid comparison (although each has its strength and weakness as a result of their approach and coding)

Thinking about putting some money into XRP? Go and learn about other payment and settlement providers, which is what I have been doing for a while now. Specifically, I have been focusing on Swift.

Most people who have invested in XRP understand the premise of Ripples business model and how XRP fits into this equation. The known saving estimates pre-testing of 30-60% compared to swift transfers and post-test 40-70% in real world application, but I wanted to dig a little more into swift and specifically the depths of their weaknesses.

Its perhaps worth stating a few headline facts & figures about Swift so we get a baseline understanding of what we are dealing with here, some of the politics in play, who owns what and implications of change etc.

Swift stands for the Society for Worldwide Interbank Financial Telecommunication. It is an consortium organisation owned by 3'000 of the banks within its membership (in varying proportion) operated out of Brussels after being founded in 1973. It was designed as a replacement for Telex which was a messaging system that was old, clunky, insecure and could not cope with the speed at which information needed to flow (45 years later we seem to be back to square one... but more of that later). An interesting point is that it took around 3 years for Swift to reach a membership of 230 financial institutions after its launch in a period when there was virtually no competition. Ripple have managed to get close to this number in a similar time frame with intense competition, in an established market and under regulatory scrutiny.

So how does the swift network operate? Consider the following as an example transfer of funds using the swift network:

  • Bank A sends a message to Bank B requesting the movement of funds from their holding account to the recipient account on behalf of sender who holds account at bank A to recipient who holds account at bank B.
  • Complications arise when there is no relationship between bank A and bank B, therefore they have to use correspondent bank C who have a relationship with both banks (a holding account with both A and B is required at Bank C here).
  • In payment corridors which might not be common (known as “illiquid” or "exotic currency" corridors due to the lack of funds flowing through them. e.g. sending funds in Vietnamese Dong to Polish Zloty) there may not even be a Bank C with relationships between both banks, this is where bank D comes into play to connect A to C, C to D and then finally D to B)
  • It is not unknown for payments to flow through as many as 5 or 6 correspondent banks in worst case scenarios
  • During the transfer, each bank will lift a portion of the funds transferred, sometimes known as a handling fee.
  • Each “hop” of the message traveling through the various correspondent banks adds more time and more cost as each bank moves funds from account to account and relays the message further down the line.

In other words, Swift is nothing more than a messaging system authorising banks to move funds from account to account domestically whilst the banks owning the funds those accounts are abroad. Now most people invested in XRP already know this and I shouldn't really be trying to sell ice to eskimos....

Where this gets interesting though is when we begin to explore the published error rate of 6% on the swift network, the impact of that error rate, the number of security compromises and the vast amount of funds that have been stolen or fraudulently obtained through taking advantage of swift weaknesses.

6% is a little meaningless without context, so here is an attempt to offer some. The generally accepted term for a "erroneous transaction" is a one that has been misdirected or not completed. Whether that is human error or an error in the message direction on the swift network. Swift might be quick to point out much of the flow of funding that is erroneous is not their fault, in this day and age that argument is, as the kids would say "fail". In the most basic of terms, even cheap web based systems can look for validation and verification in a relatively safe manner, even without blockchain behind them. This does of course require two way communication in a network which swift does not cater to.

In other words, with swift: "You can talk, but you wont get an answer and there is no way to know if you have been heard!" (new marketing slogan? who knows!)

But what are the implications of this? According to the Financial Crimes Enforcement Network (FinCEN), the swift network handles messaging that authorises the transfer of around $5'000'000'000'000 per day.(11) Thats five trillion. With a "tr". DAILY.

Brutally rough and what almost seems like a silly math application of that error rate gives us the following approximation:

6% of $5'000'000'000'000 = $300'000'000'000 in "original" erroneous transfers per day

There is no way to know how many of those transactions go through correspondent banks and its unfair to assume that a correspondent bank as has made an error if the message they received has clear instruction. So let us very generously assume that every transaction on the swift network goes through 4 correspondent banks before hitting its target (no way in hell that every transaction or even the majority jump that many times, but humor me...) $300'000'000'000/4 = $75'000'000'000 in "original" erroneous transactions every day.

The number of given business days in a year must now be applied: 365 days a year, divide by 7 days a week, multiplied by 5 working days in a given week)

(365/7)x5 = 260.71

Let's be generous and assume there are 25 public holidays where the banks don't work and transfers can't take place (I don't know of any country that has that many where the banks don't work but hey, if you do, tell me... because I will move there!)

260.71 - 25 days = 235.71

Now lets round down rather than up...because we are still being way more generous than we should do and apparently the banks wont use XRP anyway so what the hey...

235 working bank days in a year where the swift network is under operation...

...and for my last magic trick, multiply the value in erroneous transactions (after correspondent bank action) per day by the number of working bank days...

235 x $75'000'000'000 = $17'625'000'000'000

That is seventeen trillion, six hundred and twenty five billion dollars transferred to the wrong accounts or to dead ends through the swift messaging system...every year....

(that is with me offering a hell of a lot more lee-way to swift that I should do... hey swift... im doing you a favour here!)

Sounds absurd right? It's not when you consider the full handling of the swift network per annum is around $1.25 Quadrillion per annum. These numbers are unfathomable so lets add a touch of perspective: If you had three debts of $1milion, $1billion and $1trillion and decided to pay each of them off at a rate of $1 per second, it would take you:

  • Twelve days to pay off $1million.
  • Thirty two years to pay off $1billion
  • Thirty two THOUSAND years to pay off $1trillion.

Even if my maths is way out to the tune of 70% or more, not considering factors beyond the obvious, and not withstanding the fact that some transactions are $30 worth and others $300'000'000'000 worth, the vast volume of funds that are erroneously transferred is utterly staggering. Of course, once errors are made they can and mostly would be corrected. Funds would eventually be traced and accounts would eventually be made correct. But after how long? At what cost? Who pays for it? Will correspondent banks refund the percentage they have already applied on a transaction? What about interest that could have been accrued? The list of questions you can apply on funds of this magnitude is no doubt very serious.

There is a very real possibility that if the above analysis is even remotely true that the savings represented by Xcurrent and Xrapid are actually underestimated in real world testing if they do not take into account the impact of cost incurred though the swift error rate.

Besides the published error rate, there is a pattern emerging of swift networks systematically being targeted by malware attacks and hackers as a means to defraud/steal from banks. Worryingly, this pattern seems to be getting worse and the success rate seems to be growing, particularly in the last couple of years. Its difficult to tell with absolute certainty as whilst the error rate in the swift network is made public, security compromises and their details are not unless they are leaked through press. For example:

  1. Mid 2013: Sonali Bank in Bangladesh
    $250'000 fraudulently obtained through use of swift transfer requests (1)

  2. January 2015: Banco Del Austro in Ecuador.
    $12.2 million stolen through fraudulent use of the swift interbank system (2)

  3. February 2016 Bangladesh Central Bank in Dhaka.
    Massive hack resulted in $100 million OR $81 million stolen through fraudulent use of the swift alliance system, (reports conflict on the exact amount however all agree it is one of the largest bank heists in history) (2) (3)

  4. June 2016: An unnamed bank in Ukraine
    $10 million stolen through fraudulent transactions made on Swift Interbank System (4)

  5. 2011 – 2017 Punjab National Bank
    $1.8 Billion fraudulently obtained over a 7 year period through a combined weakness of Reserve Bank of India systems, rogue operatives in RBI and Swift Networks (5)

  6. October 2017 Far Eastern International Bank
    $60million stolen through Malware attack that accessed Swift networks through bank systems (6)

  7. November 2017 NIC Asia Bank in Nepal
    $4.4million fraudulently obtained through hacking NIC systems then accessing swift transfers (7)

  8. February 2018: Unnamed bank reported by Russian Central Bank $6million stolen via swift systems (8)

  9. February 2018: City Financial Bank in India
    $2million stolen via swift systems (9)

Count it up? Over $2billion worth of fraud or theft as a direct or indirect result of the use of the Swift network in the last 5 years only... those are just from a few days worth of searching, its likely as well that is the tip of the iceberg.

If I were a betting man I would guess there are a lot more incidents of this nature that have never been exposed in the public eye. There is no way to be certain of course and some of the funds in these instances were recovered through investigation, however it doesn't take a genius to realise that hacks of this nature are not just embarrassing for Swift, but also for the sending bank and any corresponding banks who may be victims of the crime. Given there is no legal obligation for Swift or the banks to divulge this information publicly and it would only serve to damage reputation if it did come to light, it's a reasonable probability that these incidents barely scratch the surface of the problem.

Moreover, the political stance of swift seems to be “This is a problem for the banks, its nothing to do with us”. Sound incredulous? Its not. In a communication to member banks after the famous Bangladesh heist in 2016, Swift wrote:

SWIFT is not, and cannot, be responsible for your decision to select, implement (and maintain) firewalls, nor the proper segregation of your internal networks. As a SWIFT user you are responsible for the security of your own systems interfacing with the SWIFT network and your related environments," the letter said. "We urge you to take all precautions.

Whilst banks are of course entirely responsible for their own security, these security compromises are occuring more frequently, with a similar pattern and take advantage very specifically at the weaknesses of the Swift network. To pass the blame on the subject blindly and without consideration is quite frankly insulting to the banks and irresponsible with regards to the holders of accounts in those banks. Access to these systems is one thing, but the weaknesses of the system in terms of time/validation/communication are so archaic that the argument of bank security is almost moot.

There is an argument that often arises amongst swift proponents that Swift being merely a messaging system should not carry the weight of bank security on its shoulders. The flip-side of that argument I would offer is what other messaging system carries the responsibility of handling the direction of $5 trillion per day of the worlds money?

Perhaps worse than the lack of acceptance of any responsibility, is the fact that in some cases there is outright ignorance to the depth of these compromises. After the Banco Del Austro attack, Swift did not even know about the incident until BDA sued Wells Fargo for approving the fraudulent transactions:

We were not aware," SWIFT said in a statement. "We need to be informed by customers of such frauds if they relate to our products and services so that we can inform and support the wider community. We have been in touch with the bank concerned to get more information, and are reminding customers of their obligations to share such information with us. (10)

Its easy to see why swift might take a blasé stance though. Upgrading the security infrastructure and perhaps the very architecture of a network which spans the financial globe would likely hundreds of millions of dollars. Since the hacks themselves don't actually take out of the pocket of swift, rather the banks are affected, from a financial perspective at least there is very little effect for Swift themselves bar a damaged reputation. Up until the point where Ripple entered the market that damage was almost inconsequential. Now, there is genuine cause for Swift to be concerned. Not just as a result of Ripples innovation as a payment provider or XRP as a settlement and liquidity tool, but due to their own serious inefficiencies, mistakes and lack of security combined with the fact that there is a viable and more attractive alternative.

I'm going to end this write up with something of a cliché. Sun Tzu once said “If you know the enemy and know yourself you need not fear the results of a hundred battles.” He should know. He was a military strategist and philospher around 500 BC and is reputed to be the author of “The Art of War”. In the modern warfare of markets and investment you have one reliable weapon. Your mind. Do your own reading. If you find something I haven't offered you? let me know....I'll read it too.

CORRECTION: It has been pointed out to me that my approach with regards to calculating erroneous transactions considered value of transactions and not number of transactions as it should have done. As such, I have now amended my approach as follows:

Average number of swift transactions per day: approx 35'000'000 as of march this year.

Total transaction value per day (same) at $5trillion

Mean average value of transactions (total value/total transactions) = $147'857

Speculative allowance for what could be defined as "small transaction" assumption @ 6% of mean figure = $8'820 (this MUST be done in the interest of fairness and allowing for the fact larger transactions will have more scrutiny)

6% of 35'000'000 transactions = 2'100'000

low value transactions multiplied by 6% figure is 2'100'000 x $8'820 = $18'522'000'000 per day

multiplied by the 235 day figure already in the article = $4'352'670'000'000 Trillion.

i.e. The actual estimated figure based on available data would be around $4.35Trillion, not the $17trillion mentioned earlier. Still a staggering figure none the less

References:
(1) https://www.bankinfosecurity.com/report-bangladesh-probes-2013-bank-hack-via-swift-a-9143
(2) https://www.bankinfosecurity.com/another-swift-hack-stole-12-million-a-9121
(3) https://thehackernews.com/2016/05/swift-banking-hack.html
(4) http://www.theregister.co.uk/2016/06/28/swift_victim_ukraine/
(5) https://www.bloomberg.com/news/articles/2018-02-21/how-an-1-8-billion-indian-bank-fraud-lasted-seven-years
(6) https://www.theregister.co.uk/2017/10/11/hackers_swift_taiwan/
(7) https://www.reuters.com/article/us-cyber-heist-nepal/nepal-bank-latest-victim-in-cyber-heists-recovers-most-of-the-funds-idUSKBN1D71Y7
(8) https://www.reuters.com/article/us-russia-cyber-swift/hackers-stole-6-million-from-russian-bank-via-swift-system-central-bank-idUSKCN1G00DV
(9) https://www.reuters.com/article/us-city-union-bank-swift/indias-city-union-bank-ceo-says-suffered-cyber-hack-via-swift-system-idUSKCN1G20AF
(10) https://thehackernews.com/2016/05/swift-banking-hack.html
(11) https://www.fincen.gov/sites/default/files/shared/Appendix_D.pdf

disclaimer: This article is opinion only and should not be construed as financial advice. The writer of this article holds XRP


Did you like this post by FazzyFocus?

Send some love:

FazzyFocus

FazzyFocus

Experienced procrastinator with a permanent and gluttonous hunger for knowledge. Did you know the worlds smallest lizard is only 1.2 inches long and lives off the northern coast of Madagascar?

Read More