WEBVTT 1 00:00:07.260 --> 00:00:09.660 Anna Delaney: Hello and welcome to the ISMG Editors' Panel. I'm 2 00:00:09.660 --> 00:00:12.810 Anna Delaney and this is a weekly spot where ISMG editors 3 00:00:12.810 --> 00:00:16.740 meet to discuss and debate the top cybercrime fraud and crypto 4 00:00:16.740 --> 00:00:20.130 stories and trends. And those distinguished editors are 5 00:00:20.160 --> 00:00:24.090 Suparna Goswami, associate editor at ISMG Asia; Rashmi 6 00:00:24.090 --> 00:00:27.660 Ramesh, assistant editor, Global News Desk; and Mathew Schwartz, 7 00:00:27.690 --> 00:00:30.780 executive editor of DataBreachToday & Europe. Very 8 00:00:30.780 --> 00:00:31.500 good to see you. 9 00:00:32.500 --> 00:00:33.190 Suparna Goswami: great to be here. 10 00:00:33.190 --> 00:00:33.850 Rashmi Ramesh: Glad to be back. 11 00:00:34.060 --> 00:00:35.110 Mathew Schwartz: Yeah, great rto be here. 12 00:00:36.400 --> 00:00:39.610 Anna Delaney: Suparna. What a splendid backdrop. Tell us more. 13 00:00:39.610 --> 00:00:42.940 Suparna Goswami: Yes, this is not a picture taken by me. My 14 00:00:42.940 --> 00:00:47.560 friend has gone to Kashmir. So this is how Kashmir looks during 15 00:00:47.560 --> 00:00:50.560 the winters and he has sent this pic. So definitely, this is my 16 00:00:50.560 --> 00:00:53.050 to do list in the next two years, I need to - I have not 17 00:00:53.050 --> 00:00:56.470 visited Kashmir till now - so I need to visit this place. So 18 00:00:56.710 --> 00:00:58.090 hopefully, soon. 19 00:00:59.340 --> 00:01:02.460 Anna Delaney: Very fitting for December, and the festive spirit 20 00:01:02.670 --> 00:01:05.310 over here, at least. And Rashmi? 21 00:01:06.740 --> 00:01:08.660 Rashmi Ramesh: This was also a picture that was taken by a 22 00:01:08.660 --> 00:01:13.280 friend, because it's a regular sunset, just behind his house in 23 00:01:13.280 --> 00:01:17.510 central India. So hit a bunch of really lovely pictures, but I 24 00:01:17.510 --> 00:01:20.030 thought this one was the most fitting for today's episode. 25 00:01:20.660 --> 00:01:23.240 Anna Delaney: Beautiful, beautiful sky. Matt, was your 26 00:01:23.240 --> 00:01:24.470 picture taken by a friend? 27 00:01:25.520 --> 00:01:29.570 Mathew Schwartz: So I actually did take this. I was present and 28 00:01:29.570 --> 00:01:34.370 accounted for at last week's Blackhat Europe conference where 29 00:01:34.370 --> 00:01:37.370 you were as well and in the heart or at least on the western 30 00:01:37.370 --> 00:01:38.960 edge of the center of London. 31 00:01:40.250 --> 00:01:41.840 Anna Delaney: Beautiful. So that is actually in the conference 32 00:01:41.840 --> 00:01:42.200 hall. 33 00:01:42.660 --> 00:01:45.480 Mathew Schwartz: Yes. So this is the ExCeL conference center in 34 00:01:45.510 --> 00:01:46.830 London Docklands. 35 00:01:47.250 --> 00:01:48.570 Anna Delaney: You make it look so arty. 36 00:01:50.460 --> 00:01:53.160 Mathew Schwartz: It's got some beautiful, funky architecture 37 00:01:53.160 --> 00:01:56.040 that always catches me by surprise when you walk into this 38 00:01:56.070 --> 00:02:01.950 otherwise massive, open cavernous all. Anybody who's 39 00:02:01.950 --> 00:02:04.380 been to the ExCeL conference center before knows just how 40 00:02:04.380 --> 00:02:07.890 massive this thing is. And they are expanding it. So more to 41 00:02:07.890 --> 00:02:08.370 come. 42 00:02:09.120 --> 00:02:11.640 Anna Delaney: Very good. Well, I'll let you in on a secret. 43 00:02:11.670 --> 00:02:16.260 This is also taken by a friend of mine. But it is about this 44 00:02:16.260 --> 00:02:20.610 week, I've still stolen it from his Instagram account. So sorry. 45 00:02:21.090 --> 00:02:24.690 But anyway, I am sharing these Christmas spirit and decorations 46 00:02:24.720 --> 00:02:28.140 in London's Covent Garden right now and the London's lights, I 47 00:02:28.140 --> 00:02:30.090 must say, are looking very pretty at the moment, so I might 48 00:02:30.660 --> 00:02:34.710 share another next week. So Matt, starting with you this 49 00:02:34.710 --> 00:02:38.400 week. Here's a question for you. Have police finally ceased the 50 00:02:38.400 --> 00:02:42.120 data leak site operated by ransomware group BlackCat? 51 00:02:43.560 --> 00:02:45.630 Mathew Schwartz: That's a great question, Anna. And the simple 52 00:02:45.630 --> 00:02:50.700 answer is we don't know. But the good news is that at least for a 53 00:02:50.700 --> 00:02:55.170 while, the site has been offline. So possibly there's a 54 00:02:55.170 --> 00:03:00.000 tussle happening between law enforcement agencies and the 55 00:03:00.000 --> 00:03:04.860 group that runs the data leak site. So the group we're talking 56 00:03:04.860 --> 00:03:10.620 about here is BlackCat, also known as ALPHV. I don't know if 57 00:03:10.620 --> 00:03:14.730 you want to say alpha ALV. Who knows. But we'll call it 58 00:03:14.730 --> 00:03:19.890 BlackCat just to keep things easy. And last Thursday, so we 59 00:03:19.890 --> 00:03:24.630 should go Thursday, the site's data leak site, and also the 60 00:03:24.630 --> 00:03:29.010 group's talks peer to peer instant messaging, encrypted 61 00:03:29.010 --> 00:03:32.820 communications account went offline. This is great news, 62 00:03:32.910 --> 00:03:37.740 because it means that the group is going to have difficulty 63 00:03:38.010 --> 00:03:42.540 monetizing its attacks. So I'm going to throw in a caveat in a 64 00:03:42.540 --> 00:03:47.190 second. But it's important to note that in recent months, 65 00:03:47.220 --> 00:03:51.540 while LockBit has been the group most associated with ransomware 66 00:03:51.660 --> 00:03:56.520 attacks that we know about, BlackCat has been second or 67 00:03:56.520 --> 00:04:00.690 regularly been second on the charts when it comes to known 68 00:04:00.690 --> 00:04:04.860 victims. There's a lot that we don't know. So there might be 69 00:04:04.860 --> 00:04:07.920 groups out there, popping victims left, right and center. 70 00:04:08.070 --> 00:04:11.340 And maybe the groups don't have a data leak site, where they 71 00:04:11.340 --> 00:04:15.510 post the nonpaying victims in the way that LockBit, BlackHat 72 00:04:15.510 --> 00:04:17.610 and many other groups do. So there's a lot that we don't 73 00:04:17.610 --> 00:04:20.730 know. But what we do know is that these groups have amassed 74 00:04:20.850 --> 00:04:27.300 lots of victims. BlackCat continues to make headlines 75 00:04:27.540 --> 00:04:34.380 because of its rampant self promotion. Also its tricks - a 76 00:04:34.380 --> 00:04:39.690 lot of groups use tricks to dig themselves up to attract fresh 77 00:04:39.720 --> 00:04:42.510 affiliates, their business partners who take the 78 00:04:42.540 --> 00:04:46.620 cryptolocker malware, use it to infect victims. BlackCat 79 00:04:46.620 --> 00:04:51.090 recently reported in - air quotes - one of its victims to 80 00:04:51.090 --> 00:04:54.660 the Securities and Exchange Commission, because it said the 81 00:04:54.660 --> 00:04:58.740 victim wasn't quickly transparent with the reach with 82 00:04:58.740 --> 00:05:03.150 the attack. overlooking, as I'm sure you can expect criminals to 83 00:05:03.150 --> 00:05:07.140 do that, although there are some upcoming SEC regulations, it 84 00:05:07.140 --> 00:05:09.420 hadn't actually broken the law. And anyway, we're getting so far 85 00:05:09.420 --> 00:05:12.210 down the rabbit hole, because what right do criminals have to 86 00:05:12.210 --> 00:05:16.380 be reporting anybody to anyone. So I mentioned there's a caveat 87 00:05:16.380 --> 00:05:19.950 before, we need to be careful about spending too much time or 88 00:05:19.980 --> 00:05:25.590 focusing too much on any given group. Cybersecurity officials 89 00:05:26.010 --> 00:05:32.250 will regularly remind us that a lot of the group's so called are 90 00:05:32.280 --> 00:05:37.200 more of a loose affiliation. And so, Conti, for example, may have 91 00:05:37.200 --> 00:05:40.740 gone away, Russian speaking ransomware group, but before it 92 00:05:40.740 --> 00:05:45.030 closed down, it's split off a lot of other groups. And so many 93 00:05:45.030 --> 00:05:49.050 of the same players are running or participating in other 94 00:05:49.050 --> 00:05:52.500 operations. Similarly, a lot of these groups won't work with 95 00:05:52.500 --> 00:05:56.490 affiliates. And the affiliates come and go, who's giving him 96 00:05:56.520 --> 00:05:59.640 the best deal at the moment, who's got the best crypto 97 00:05:59.640 --> 00:06:03.360 blocking malware, many of the affiliates apparently will have 98 00:06:03.360 --> 00:06:05.820 multiple different strains of ransomware at their fingertips 99 00:06:05.820 --> 00:06:10.620 that they can use, given the victim that they happen to have 100 00:06:11.520 --> 00:06:15.270 attacked, and they can determine what might play best for any 101 00:06:15.270 --> 00:06:19.500 given situation. So we shouldn't glorify and we shouldn't overly 102 00:06:19.500 --> 00:06:23.490 focus on any given group. All that said, it would be wonderful 103 00:06:23.490 --> 00:06:27.900 if BlackCat does indeed seem to be disrupted, perhaps 104 00:06:27.900 --> 00:06:28.500 permanently. 105 00:06:30.150 --> 00:06:34.860 Anna Delaney: You cited Ollie Whitehouse in your article, CTO 106 00:06:34.860 --> 00:06:37.710 of Britain's National Cybersecurity Center. He 107 00:06:37.710 --> 00:06:41.850 mentioned at BlackHat recently, we need to find better ways to 108 00:06:41.850 --> 00:06:44.790 dissuade adversaries in the ransomware sphere. What do you 109 00:06:44.790 --> 00:06:48.270 think he meant by that? What sort of creative, unconventional 110 00:06:48.270 --> 00:06:49.620 ways was he referring to? 111 00:06:50.590 --> 00:06:53.470 Mathew Schwartz: Well, I mean, the Blackhat Europe scene here, 112 00:06:53.470 --> 00:06:57.040 he was speaking not far away from this architectural 113 00:06:57.040 --> 00:07:01.000 flourish, or whatever we want to call it. Ollie didn't, in his 114 00:07:01.000 --> 00:07:04.900 keynote, give any ready answers, I think it was a call to action. 115 00:07:04.900 --> 00:07:07.540 And he was detailing a lot of the concerns and a lot of the 116 00:07:07.540 --> 00:07:11.230 challenges. And he said what we need to be able to do, and I 117 00:07:11.230 --> 00:07:14.710 think how we'll know that we've somewhat arrived, is that we can 118 00:07:14.710 --> 00:07:17.860 surprise attackers, we can give them a really bad day in the 119 00:07:17.860 --> 00:07:21.760 office. And he was clear about saying, I don't know exactly how 120 00:07:21.760 --> 00:07:26.110 we do that. But he said disrupting their infrastructure, 121 00:07:26.530 --> 00:07:29.230 I don't know how much of an impact that really has. They're 122 00:07:29.230 --> 00:07:33.400 getting much better versed in using, he thinks, infrastructure 123 00:07:33.400 --> 00:07:36.790 tools so that if something gets taken down, they can rapidly 124 00:07:36.790 --> 00:07:40.270 stand something else up. A lot of these organizations are being 125 00:07:40.300 --> 00:07:44.080 run much more as businesses, they have an HR team, they have 126 00:07:44.080 --> 00:07:48.340 an admin support. They have developers whose job it is to 127 00:07:48.340 --> 00:07:51.490 make more resilient architecture so that if it does get 128 00:07:51.490 --> 00:07:55.150 disrupted, probably they can study that and maybe this 129 00:07:55.150 --> 00:07:58.090 particular group is offline for for six months, maybe they 130 00:07:58.090 --> 00:08:00.820 reboot under a different name with a slightly different 131 00:08:00.820 --> 00:08:03.670 configuration. And so they've been disrupted in the short 132 00:08:03.670 --> 00:08:08.710 term, but the profit potential is still so vast that Ollie said 133 00:08:08.710 --> 00:08:12.730 we need to find a better way to disrupt the group, disrupt the 134 00:08:12.730 --> 00:08:16.480 individuals. Unfortunately, he didn't have any easy answers. 135 00:08:17.350 --> 00:08:21.700 Defense is helping for sure. But this is still an open question. 136 00:08:23.050 --> 00:08:25.180 Anna Delaney: And speaking of infrastructure, news this week 137 00:08:25.180 --> 00:08:28.120 that a UK parliamentary committee has warned that the UK 138 00:08:28.120 --> 00:08:31.480 Government is at high risk of a catastrophic ransomware attack 139 00:08:31.480 --> 00:08:34.450 that could bring the country to a standstill because of poor 140 00:08:34.450 --> 00:08:36.130 planning and a lack of investment. I know this is 141 00:08:36.130 --> 00:08:38.950 shifting gears slightly. But with everything you know about 142 00:08:38.950 --> 00:08:41.530 ransomware and the UK Government, what's your 143 00:08:41.530 --> 00:08:41.980 reaction? 144 00:08:43.070 --> 00:08:46.520 Mathew Schwartz: I think it's a useful cautionary note. We 145 00:08:46.550 --> 00:08:51.710 continue to hear cybersecurity agencies in Britain, and also in 146 00:08:51.710 --> 00:08:55.730 the US talking about the need for basics. Basic, Basic, Basic. 147 00:08:55.760 --> 00:08:58.760 I mean, how long have we been hearing, let's just focus on the 148 00:08:58.760 --> 00:09:02.450 basics. But apparently, there's just still so many 149 00:09:02.450 --> 00:09:05.810 organizations, not using multi factor or two factor 150 00:09:05.810 --> 00:09:11.120 authentication, wherever they can. We have seen officials 151 00:09:11.570 --> 00:09:14.090 urging or recommending organizations, who can't do it 152 00:09:14.090 --> 00:09:17.840 themselves, to think more about cloud services. And we've seen 153 00:09:17.840 --> 00:09:21.800 with Ukraine, for example, how cloud services has really saved 154 00:09:21.800 --> 00:09:25.130 its bacon when it comes to the government and other critical 155 00:09:25.160 --> 00:09:30.020 infrastructure sectors. It's Russia versus Microsoft, in some 156 00:09:30.050 --> 00:09:33.590 domains now. And if you can't do it yourself, that might be a 157 00:09:33.590 --> 00:09:38.150 really good move. So they're continuing to beat the drum. 158 00:09:38.510 --> 00:09:42.410 It's a little disheartening that they feel that they need to, but 159 00:09:43.010 --> 00:09:46.340 hopefully, at some point, more organizations, more businesses 160 00:09:46.340 --> 00:09:47.240 will start to listen. 161 00:09:48.320 --> 00:09:50.690 Suparna Goswami: It never gets boring - the space ransomware. 162 00:09:51.350 --> 00:09:54.500 Mathew Schwartz: No, no, no, it's always - you wake up in the 163 00:09:54.500 --> 00:09:57.260 morning, don't you, and you think what's happened? 164 00:09:58.670 --> 00:10:01.730 Anna Delaney: And they will see the access shift and advance 165 00:10:02.090 --> 00:10:04.520 next year now that criminals have more tools in their 166 00:10:04.520 --> 00:10:08.480 arsenal, always. Well, thank you so much, Matt. That was 167 00:10:08.480 --> 00:10:12.350 excellent analysis, as always. Suparna, what's been happening 168 00:10:12.350 --> 00:10:15.170 in the fraud world recently? What are the latest trends that 169 00:10:15.170 --> 00:10:16.010 you're reporting on? 170 00:10:17.290 --> 00:10:19.300 Suparna Goswami: Thank you, Anna. So yes, I have been 171 00:10:19.300 --> 00:10:22.300 speaking with experts in the fraud space for the past couple 172 00:10:22.300 --> 00:10:26.050 of weeks, trying to wrap up the year and trends and what to 173 00:10:26.050 --> 00:10:30.040 expect next year, completed all the lists that I have, but of 174 00:10:30.040 --> 00:10:33.820 the four and five people I have spoken with a couple of themes, 175 00:10:34.240 --> 00:10:37.990 the common themes, one was check fraud, and one was - they spoke 176 00:10:37.990 --> 00:10:42.220 a lot about the faster payments space. Now, in the year 2023, it 177 00:10:42.220 --> 00:10:45.160 might sound silly, that we're still talking about check fraud. 178 00:10:45.190 --> 00:10:48.850 Over the years, some massive growth in this kind of fraud as 179 00:10:48.880 --> 00:10:51.520 any fraud expert, and none of them thought that check fraud 180 00:10:51.520 --> 00:10:54.940 could cause such huge losses to financial institutions have now 181 00:10:54.940 --> 00:10:58.330 been speaking about. We have spoken about check fraud in, I 182 00:10:58.330 --> 00:11:01.000 think, in one of the other episodes of Editors Panel as 183 00:11:01.000 --> 00:11:05.470 well, I did feature. And it just amazes me that even this year 184 00:11:05.590 --> 00:11:09.220 how come that check fraud has impacted financial institutions 185 00:11:09.220 --> 00:11:12.610 so much. And the suspicious activity reports related to 186 00:11:12.610 --> 00:11:17.080 check fraud reached, I think, what nearly 5000 in 2023, 187 00:11:17.110 --> 00:11:20.140 highlighting the widespread nature of the problem. Now, 188 00:11:20.290 --> 00:11:22.990 there are a couple of things or three factors, which I would say 189 00:11:23.020 --> 00:11:27.610 has caused this. One is obviously stolen checks. You 190 00:11:27.610 --> 00:11:30.640 know, organized criminal groups are increasingly targeting the 191 00:11:30.640 --> 00:11:35.230 US mail system. That's one part. The other, the cyber part is the 192 00:11:35.230 --> 00:11:38.170 social media scam that fraudsters are leveraging your 193 00:11:38.170 --> 00:11:42.670 social media platforms to lure victims, and evolving tactics 194 00:11:42.670 --> 00:11:46.480 like criminals are constantly adapting them, changing their 195 00:11:46.480 --> 00:11:50.980 methods utilizing Dark Web or other technologies to create 196 00:11:50.980 --> 00:11:55.240 sophisticated, counterfeit checks. And sometimes, the 197 00:11:55.240 --> 00:11:58.870 problem is not only about counterfeit checks, but it is 198 00:11:58.870 --> 00:12:03.100 also about checks which are legitimate. So this is an area 199 00:12:03.100 --> 00:12:06.220 which bankers have not dealt with, the banks are dealing with 200 00:12:06.220 --> 00:12:09.790 legitimate checks. And these are being negotiated effortlessly. 201 00:12:09.790 --> 00:12:15.040 So this is all closely linked to your identity theft. Fraudsters 202 00:12:15.040 --> 00:12:18.400 are combining ID theft and fake bank accounts to deposit checks 203 00:12:18.430 --> 00:12:24.070 and bypass authentication. I asked if in 2024, if they think 204 00:12:24.070 --> 00:12:27.640 banks will be better prepared, and if you can expect any change 205 00:12:27.640 --> 00:12:30.250 in this kind of thought, unfortunately it's likely to 206 00:12:30.250 --> 00:12:34.150 remain the same. As the experts said, all fraudsters will 207 00:12:34.150 --> 00:12:37.480 continue because the tactic is working exceptionally well for 208 00:12:37.480 --> 00:12:42.280 them. And what problem with banks is that these fraud 209 00:12:42.280 --> 00:12:46.300 channels - your email, your identity, when the checks are 210 00:12:46.300 --> 00:12:49.420 deposited, they all work very independently. There's not a lot 211 00:12:49.420 --> 00:12:52.960 of systems they're bringing, they're not vendors that are 212 00:12:52.960 --> 00:12:55.210 bringing all these channels together, look at it 213 00:12:55.210 --> 00:13:01.420 holistically. And that's the key. But to be fair, banks are - 214 00:13:01.450 --> 00:13:06.340 unlike this year and the previous year, banks are trying 215 00:13:06.340 --> 00:13:08.410 to improve the control environment when it comes to 216 00:13:08.410 --> 00:13:12.280 check because check fraud was never really on their radar. But 217 00:13:12.280 --> 00:13:15.490 there is no significant improvement as such, there they 218 00:13:15.490 --> 00:13:19.660 are. But there's nothing that can be spoken about a lot. But 219 00:13:19.690 --> 00:13:22.420 definitely they are bumping up investment priority list for 220 00:13:22.420 --> 00:13:27.670 check for detection solutions. And so looking ahead, I think AI 221 00:13:27.670 --> 00:13:31.600 - we said that maybe we have spoken so much about AI this 222 00:13:31.600 --> 00:13:36.280 year, AI probably will be used to visually spot fraud patterns, 223 00:13:36.580 --> 00:13:39.490 because it reduces number of checks routed for manual review 224 00:13:39.490 --> 00:13:43.090 and can help reduce risks associated with synthetic and 225 00:13:43.090 --> 00:13:46.660 account opening fraud. So check fraud is something, sorry, 226 00:13:47.170 --> 00:13:49.060 artificial intelligence is something that they can 227 00:13:49.090 --> 00:13:52.990 leverage. And other was on the payment space. Everybody is 228 00:13:52.990 --> 00:13:57.730 very, very excited because FedNow was launched. And what's 229 00:13:57.790 --> 00:14:00.490 irresistible about faster payments is that you know, you 230 00:14:00.490 --> 00:14:04.060 will get money from A to B as quickly as possible. And that's 231 00:14:04.060 --> 00:14:06.460 what excites the fraudsters, they're trying to get money to a 232 00:14:06.460 --> 00:14:10.810 place where they can control it, they can cash it out as quickly 233 00:14:10.810 --> 00:14:15.010 as possible because it's a matter of time before either, 234 00:14:16.030 --> 00:14:20.140 you know, they're being caught. So they need that speed. So 235 00:14:20.140 --> 00:14:23.830 that's what they get from fast payments. And I asked if there 236 00:14:23.830 --> 00:14:27.670 are some important lessons again, which banks can 237 00:14:27.670 --> 00:14:30.880 incorporate since there was so much spoken about with FedNow 238 00:14:30.880 --> 00:14:34.750 being launched. So they said that networks now and FedNow is 239 00:14:34.750 --> 00:14:38.050 working, the federal banks are working toward that, they need 240 00:14:38.050 --> 00:14:40.870 to work on strategies to interact with customers in a way 241 00:14:41.260 --> 00:14:44.590 that stops the payment before the payment instruction is 242 00:14:44.590 --> 00:14:50.440 accepted. So if I'm a bank or from a payment network, I need 243 00:14:50.440 --> 00:14:53.320 to know enough about the customer, customer. It's all the 244 00:14:53.320 --> 00:14:58.750 things we talked about, like what devices they are using, 245 00:14:58.900 --> 00:15:01.870 what time of the day, who is the sender? Who is the receiver? 246 00:15:02.380 --> 00:15:05.440 What is the dollar amount? What is the behavior? So all these 247 00:15:05.440 --> 00:15:06.550 factors need to come in. 248 00:15:08.410 --> 00:15:11.020 Anna Delaney: And how about policy and regulation, Suparna? 249 00:15:11.020 --> 00:15:14.350 What policy or regulatory changes do you foresee being 250 00:15:14.350 --> 00:15:16.540 implemented in response to these emerging trends that you 251 00:15:16.540 --> 00:15:19.180 mentioned? And how might they impact individuals and 252 00:15:19.180 --> 00:15:19.870 businesses? 253 00:15:21.130 --> 00:15:23.230 Suparna Goswami: I don't know where they happen to count on 254 00:15:23.230 --> 00:15:26.560 for, but I'm expecting with my interaction with the experts is 255 00:15:26.560 --> 00:15:30.250 because FedNow has started, reimbursement model will 256 00:15:30.250 --> 00:15:34.000 definitely pick up in the US as it is. Definitely it's, like 257 00:15:34.030 --> 00:15:38.080 2002 in the UK implemented with the reimbursement model. US will 258 00:15:38.080 --> 00:15:41.800 do that. That's my prediction. And that's what not my 259 00:15:41.800 --> 00:15:43.870 prediction, but yeah, that's what even experts are saying. 260 00:15:44.320 --> 00:15:47.680 So, because FedNow launched this year and faster payment adoption 261 00:15:47.680 --> 00:15:51.280 is expected to increase and at present, what is happening is a 262 00:15:51.280 --> 00:15:55.630 fraud rate on this networks are very low. So, they are not 263 00:15:55.630 --> 00:15:59.890 really concentrating much on the fraudsters because FedNow, RTP, 264 00:15:59.890 --> 00:16:04.090 I think the per day transaction, at least on FedNow is below 100 265 00:16:04.090 --> 00:16:08.830 per day, which is very less. So by 2024. If it is increasing, so 266 00:16:08.830 --> 00:16:12.550 will the scams increase, and so will be the reimbursement, the 267 00:16:12.550 --> 00:16:17.080 call for reimbursement, there was some talks early 2023, but 268 00:16:17.080 --> 00:16:20.980 they died down. But I think because this is faster, the 269 00:16:21.010 --> 00:16:25.480 FedNow is by the Federal Reserve Banks. So if it increases, I 270 00:16:25.480 --> 00:16:30.490 think the reimbursement model will finally be live in the US. 271 00:16:30.790 --> 00:16:34.090 And the other space, I think there will be a lot of talk 272 00:16:34.120 --> 00:16:37.510 about and I think something will come around is in the identity 273 00:16:37.510 --> 00:16:42.130 fraud space where they're depending on KYC alone. So I 274 00:16:42.130 --> 00:16:45.580 feel that KYC is a tipping point, especially in the digital 275 00:16:45.580 --> 00:16:50.590 space why nobody's contesting that KYC is not important is of 276 00:16:50.590 --> 00:16:55.180 course important, but it is not enough. And we need those 277 00:16:55.210 --> 00:16:58.480 digital signals that are outside of information that has been 278 00:16:58.480 --> 00:17:01.420 provided to us, like in some cases, organization may want to 279 00:17:01.420 --> 00:17:05.320 take a picture of the driver's license, or passport, your ad 280 00:17:05.320 --> 00:17:09.640 spoke about your phone, they may want to type out the kind of 281 00:17:09.670 --> 00:17:12.790 product or services that are being provided, you know, so I 282 00:17:12.790 --> 00:17:19.960 think it will go beyond just KYC your digital authentication. So 283 00:17:19.960 --> 00:17:22.990 they will create all these kinds of signals and provide that 284 00:17:23.230 --> 00:17:27.550 identity assurance, like phone is one of the major things even 285 00:17:28.090 --> 00:17:30.430 they're talking about mobile driving license, and if they 286 00:17:30.430 --> 00:17:34.120 can, that can be used to open bank accounts in the US. But of 287 00:17:34.120 --> 00:17:38.710 course that itself, because not every state has a standard way 288 00:17:38.740 --> 00:17:44.560 of you know, having that mobile the secure way of having more 289 00:17:44.620 --> 00:17:48.550 MDM. So I think Georgia is very mature, but the other states 290 00:17:48.640 --> 00:17:51.790 probably are not. So they can't really standardize it. But I 291 00:17:51.790 --> 00:17:55.660 think it will go beyond just KYC in 2024. 292 00:17:57.100 --> 00:17:59.020 Anna Delaney: Great overview of the trends, Suparna. Thank you 293 00:17:59.020 --> 00:18:02.500 very much. Rashmi, let's turn to cryptocurrency. And it's been a 294 00:18:02.530 --> 00:18:05.590 very busy year in that sphere as well. What are the most 295 00:18:05.590 --> 00:18:07.930 important cases that have shaped the industry this year? 296 00:18:07.000 --> 00:18:31.540 Anna Delaney: Very decent indeed. So there's a lot of 297 00:18:07.920 --> 00:18:11.272 Rashmi Ramesh: Hands down. It's been Binance and FTX, of course. 298 00:18:11.341 --> 00:18:15.241 So Binance's former chief Changpeng Zhao and FTX's former 299 00:18:15.310 --> 00:18:19.689 chief Sam Bankman-Fried who were superstars of the industry. And 300 00:18:19.757 --> 00:18:23.658 confirm felons. So this has had one very clear impact. An 301 00:18:23.726 --> 00:18:27.900 industry that has famously been, you know, regulation averse, 302 00:18:27.968 --> 00:18:31.800 almost like the Wild West, is now not only contemplating 303 00:18:31.540 --> 00:18:35.740 talk, there's a lot of agreement that regulation is needed. Are 304 00:18:31.869 --> 00:18:36.043 government impose rules, but also possibly welcoming them. So 305 00:18:35.920 --> 00:18:39.460 we likely to see anything shift next year, in terms of 306 00:18:36.111 --> 00:18:40.080 I spoke to many experts about this. And they're all of the 307 00:18:39.460 --> 00:18:39.760 regulation? 308 00:18:40.148 --> 00:18:44.596 opinion that crypto is not dead. But it will look very different. 309 00:18:44.665 --> 00:18:48.907 Once regulators and governments have taken steps to control it 310 00:18:48.975 --> 00:18:52.739 more. So they say what we need is a tailored and a more 311 00:18:52.807 --> 00:18:56.639 comprehensive oversight of crypto and water recycling of 312 00:18:56.708 --> 00:19:00.403 regulations that exist for traditional finance. But we 313 00:19:00.471 --> 00:19:04.440 still, you know, borrow from experience. So crypto faces a 314 00:19:04.508 --> 00:19:08.135 lot of issues today that traditional finance has been 315 00:19:08.203 --> 00:19:12.309 able to address just by existing for all of these years. For 316 00:19:12.377 --> 00:19:16.004 example, having disclosure standards that ensure that 317 00:19:16.072 --> 00:19:20.383 crypto companies, that custody digital assets, don't sweep them 318 00:19:20.452 --> 00:19:24.557 up in case of bankruptcy and also ensure that customers have 319 00:19:24.626 --> 00:19:28.321 actual records if their assets are mishandled. And the 320 00:19:28.389 --> 00:19:32.358 legislation does not have to be one big inclusive omnibus, 321 00:19:32.426 --> 00:19:36.258 right? It needs to start with more discrete measures and 322 00:19:36.326 --> 00:19:40.022 evolve as the technology evolves. And of course, there 323 00:19:40.090 --> 00:19:43.990 will always be those who claim to want regulation but not 324 00:19:44.059 --> 00:19:47.959 really wanted and our very own SBF is a case in point. He 325 00:19:48.027 --> 00:19:52.338 rallied for crypto regulation in public, but derided it as just 326 00:19:52.407 --> 00:19:56.581 PR in private. There are some parts of his text messages that 327 00:19:56.649 --> 00:20:00.618 were unveiled during his trial that show as much. I'm not 328 00:20:00.686 --> 00:20:04.997 allowed to use that language on camera. But if you just go back 329 00:20:05.066 --> 00:20:09.308 to the transcript, you can read all about it. And it does not, 330 00:20:09.376 --> 00:20:13.687 it actually focuses quite a bit on the fact that cryptocurrency 331 00:20:13.756 --> 00:20:17.930 does have a crime problem. SPF ran a very poorly governed and 332 00:20:17.998 --> 00:20:22.035 very under compliant family of companies under the guise of 333 00:20:22.104 --> 00:20:26.141 compliance. Now it's all of these companies were registered 334 00:20:26.209 --> 00:20:30.452 in all the right ways. And all the district jurisdictions they 335 00:20:30.520 --> 00:20:34.557 operated in, but and they seem to be like a poster child of 336 00:20:34.626 --> 00:20:38.731 compliance, right. But we all know how that went on. Anyway, 337 00:20:38.800 --> 00:20:43.042 the industry, the issue is that the industry grew too quickly. 338 00:20:43.111 --> 00:20:47.353 And initially, during its boom, it was run by technology folks 339 00:20:47.422 --> 00:20:51.185 who had little interest and very little inclination for 340 00:20:51.253 --> 00:20:55.701 regulation. But even if you fast forward to the present day, when 341 00:20:55.770 --> 00:20:59.875 a majority of the industry is agreeing that maybe we do need 342 00:20:59.944 --> 00:21:03.981 regulation, there's an issue on what compliance even means. 343 00:21:04.049 --> 00:21:08.018 There is a massive disconnect between policymakers and the 344 00:21:08.086 --> 00:21:12.124 industry on how to even define certain things in blockchain 345 00:21:12.192 --> 00:21:16.640 transactions, starting with even defining what cryptocurrency is. 346 00:21:16.708 --> 00:21:20.608 Is it a commodity? Is it a security? Is it a collectible? 347 00:21:20.677 --> 00:21:24.988 What type of regulation does it come under? And which agency is 348 00:21:25.056 --> 00:21:29.230 responsible for regulating it? And even if they figure all of 349 00:21:29.299 --> 00:21:33.404 this out, how do you figure out if the service providers are 350 00:21:33.473 --> 00:21:37.099 actually complying in a meaningful way? So the crypto 351 00:21:37.168 --> 00:21:41.136 regulations in the US right now are primarily being shaped 352 00:21:41.205 --> 00:21:45.379 through enforcement. So having clarity on, you know, defining 353 00:21:45.447 --> 00:21:49.484 what the parties are, what the assets are understanding the 354 00:21:49.553 --> 00:21:53.385 unique identification challenges in blockchain. And also 355 00:21:53.453 --> 00:21:57.285 understanding that it is an iterated approach is what we 356 00:21:57.353 --> 00:22:01.048 need, rather than a fixed regulatory approach. I think 357 00:22:01.117 --> 00:22:05.222 that's what will help and also have to take into account the 358 00:22:05.291 --> 00:22:09.396 decentralized nature of crypto to deal with because it's not 359 00:22:09.465 --> 00:22:13.365 owned or controlled by any government or central bank. So 360 00:22:13.434 --> 00:22:17.471 you can't really control the currency, you can only control 361 00:22:17.539 --> 00:22:21.987 companies that deal with it, and different countries regulated in 362 00:22:22.055 --> 00:22:25.135 different ways. So, decentralization makes it 363 00:22:25.203 --> 00:22:29.445 really, really hard to apply the same rules that you bought to 364 00:22:29.514 --> 00:22:33.483 traditional finance, like the travel rule, for example. So 365 00:22:33.551 --> 00:22:37.862 anyway, I hope that's a defense overview of the regulatory mess 366 00:22:37.930 --> 00:22:41.010 that we're currently in, in the crypto space. 367 00:22:51.150 --> 00:22:53.640 Rashmi Ramesh: Hopefully, we will see, we will definitely see 368 00:22:53.640 --> 00:22:56.730 more regulation. And hopefully, that regulation takes into 369 00:22:56.730 --> 00:23:01.620 account all of these issues. As someone boating in the space for 370 00:23:01.620 --> 00:23:05.340 a bit, I personally don't really see much clarity in defining 371 00:23:05.370 --> 00:23:09.810 what cryptocurrency is, or the category it falls under and who 372 00:23:09.810 --> 00:23:13.440 regulates it. Not at least in the next one year, maybe by the 373 00:23:13.440 --> 00:23:15.960 end of the year, because this is an issue we've been dealing with 374 00:23:15.960 --> 00:23:20.730 for quite some time now. But one interesting development that an 375 00:23:20.730 --> 00:23:23.910 expert mentioned to me is that he thinks the recent cases will 376 00:23:23.910 --> 00:23:27.000 put the spotlight on the role of money laundering reporting 377 00:23:27.030 --> 00:23:31.770 officers, and Bank Secrecy Act compliance officers. So many 378 00:23:31.830 --> 00:23:35.610 organizations, especially in like the FinTech and the crypto 379 00:23:35.610 --> 00:23:40.410 space, basically have a tick box compliance heads and MLROs and 380 00:23:40.410 --> 00:23:44.400 BSE officers who have very little experience or knowledge 381 00:23:44.430 --> 00:23:47.850 and are certainly not sufficient, which are certainly 382 00:23:47.850 --> 00:23:51.330 not sufficient to perform that role effectively. He mentioned 383 00:23:51.330 --> 00:23:55.230 that he has seen CEOs or head of operations acting as MLROs, 384 00:23:55.380 --> 00:23:59.700 which is a massive conflict of interest. So he says that this 385 00:23:59.700 --> 00:24:02.790 is likely to change the upcoming year. So here's hoping. 386 00:24:04.530 --> 00:24:06.120 Anna Delaney: Wonderful insights. Thank you very much, 387 00:24:06.120 --> 00:24:10.650 Rashmi. It's been a busy year for you. And finally, and just 388 00:24:10.650 --> 00:24:15.780 for fun, if you had an AI powered chef in your kitchen, 389 00:24:15.870 --> 00:24:18.450 what type of cuisine would you want it to master? And what 390 00:24:18.450 --> 00:24:27.600 signature dish would you name after the AI? Leap in, Suparna. 391 00:24:27.000 --> 00:24:32.880 Suparna Goswami: No, I couldn't come up with a lot of very 392 00:24:32.880 --> 00:24:38.130 innovative I was like, Okay, let me have the master what is India 393 00:24:38.220 --> 00:24:43.440 outside? People swear by chicken tikka, sp I was like, maybe I'll 394 00:24:43.440 --> 00:24:51.720 name it neural spicy chicken tikka, but I I'm not very happy 395 00:24:51.720 --> 00:24:54.690 with the name. Maybe I thought of something better. This is 396 00:24:54.690 --> 00:24:55.440 what I came up with. 397 00:24:55.620 --> 00:24:57.450 Anna Delaney: Yeah, well, me to work away. Maybe you could ask 398 00:24:57.750 --> 00:24:58.170 ChatGPT. 399 00:25:00.240 --> 00:25:02.430 Mathew Schwartz: Wow, that sounds so Cyberpunks, Suparna. 400 00:25:02.460 --> 00:25:08.340 I'm just like, I want to taste that, maybe only once though. So 401 00:25:08.400 --> 00:25:11.430 what I would love I mean, it's already a thing kind of but you 402 00:25:11.430 --> 00:25:15.210 know you have sushi robots. But imagine if you could have sushi 403 00:25:15.210 --> 00:25:21.300 robots plus the power of AI. And so I guess I guess you could 404 00:25:21.300 --> 00:25:24.390 have like a cyber roll or something or a cyber AI roll. I 405 00:25:24.390 --> 00:25:27.870 don't know what it would have in it just excellent cutting 406 00:25:27.870 --> 00:25:31.920 tolerances, perhaps I need to think about the ingredients 407 00:25:31.920 --> 00:25:32.250 there. 408 00:25:32.820 --> 00:25:36.210 Anna Delaney: Sushi on tap. I love it. Rashmi? 409 00:25:36.630 --> 00:25:40.140 Rashmi Ramesh: I have a very world peace sort of ahimsa. So 410 00:25:40.470 --> 00:25:43.770 because we currently live in a world where in every corner, 411 00:25:43.770 --> 00:25:47.790 there's a war or countries are on the brink of one. So if I had 412 00:25:47.790 --> 00:25:51.180 an AI Chef, I'd have them combined nostalgic flavors of 413 00:25:51.180 --> 00:25:54.690 these regions to make new foods that people in conflict in 414 00:25:54.690 --> 00:25:59.940 countries can relate with. So yeah, and I'd probably call it I 415 00:25:59.940 --> 00:26:01.500 don't know, harmony or something. 416 00:26:02.430 --> 00:26:05.700 Anna Delaney: I love that. Lovely. I sort of like going in 417 00:26:05.700 --> 00:26:09.510 the same vein. So when you go on holiday, you have a delicious 418 00:26:09.510 --> 00:26:12.930 meal with some wine or cocktails and everything's perfect. Then 419 00:26:12.930 --> 00:26:16.950 you come back and you try and recreate that dish. It's never 420 00:26:16.950 --> 00:26:20.430 quite the same because maybe the water is different. The ambiance 421 00:26:20.430 --> 00:26:24.330 is certainly different, smells are not there. Well, my AI chef 422 00:26:24.330 --> 00:26:27.780 would not only create my favorite holiday dish, but also 423 00:26:27.780 --> 00:26:32.130 conjure the entire sensory experience with it. And I call 424 00:26:32.130 --> 00:26:36.960 it epicurean maestro, bringing a touch of magic to your tastebuds 425 00:26:36.960 --> 00:26:40.080 and senses. Nice. 426 00:26:41.550 --> 00:26:42.270 Mathew Schwartz: Bring it on 427 00:26:42.630 --> 00:26:46.110 Anna Delaney: This is all make you feel very hungry. Thank you 428 00:26:46.110 --> 00:26:49.620 very much, Suparna, Rashmi, Matthew. Always a pleasure. 429 00:26:49.830 --> 00:26:50.700 Great insights.