Ever made a payment online?  Of course you have.

I now pay my credit card bill online.  I don’t do an automatic payment – I like some measure of “hands on” control.  But I know this:  Once I execute a payment to my card company, by clicking ‘Submit,’ I receive a confirming text message to my phone nearly instantaneously.  I’m talking about a couple seconds.

I pay my car insurance online.  When I execute payment, I get an e-mail confirmation almost immediately.  Within a minute, easily.

Same for cable.  Same for power.  These transfers (both in terms of money, and communications) happen with a speed of execution that is extremely efficient.

Not so for certain other transactions.  When I initiate a transfer to my bank from PayPal, I’m advised that the funds will be in my bank account between 3 and 5 days’ time.  Meantime, my PayPal balance is 0 (or down by whatever amount I’m transferring).  So, where’s the money in the meantime?  And why can the transfer not be immediate, as in the former cases above?

When I do a bank-to-bank transfer, I receive a similar counsel:  The money will be in my other account in approximately 3 days.  Meanwhile, the originating account is debited – but there is no credit (yet) on the other end of the pipe.  Where’s the money?

Well… it’s obviously in some kind of limbo.  That money does exist:  It’s not vaporized while “in transit.”  However, wherever it resides, you can bet it is making money in the form of interest, or lending itself to investment.  How?

Just consider the one case – that of PayPal:  They are transacting money all over the world.  PayPal is handling money in the millions, likely billions, of dollars.  At any given moment in time, PayPal has a tremendous amount of money in limbo, suspended between various accounts during those 3-to-5 day delays.  This represents an ‘asset bubble’ and that pool of money on a balance sheet is a resource:  That resource of money is earning interest, or funding investments – at least, it seems to me.  Meantime, you wait for your money to transfer at the speed of… well, something other than electrons.

This would seem to be a newsworthy story, and a ripe area for a little legislation.  A 3-to-5 day delay is not necessary in vetting the transfer of money.

What do you think?

According to the Associated Press (AP), hackers are targeting power plants in order to seize control.  Presumably, on my part, “control” here means to disable them and create power outages to large areas; I doubt they’re looking to deliver benevolence through efficiencies and reduced bills, for example.

In fact, malicious code and worms are targeting all manner of industrial plants and systems.  The Department of Homeland Securtiy (DHS) is urging companies to improve security practices.  When reviewing weaknesses as identified by the DHS, it’s rather amazing to see that one of the highlighted security breaches, and spread of a botnet to almost 100 computers, was accomplished through an infected file as delivered to a laptop via a flash drive.  The user then connected his laptop to his company’s network and the botnet spread.

It would seem that in this day and age there would be a regularized update of patches for vulnerabilities, but also:  In the example cited, the user was returning from an outside conference where the laptop had been in use.  I suggest a thorough review by IT for any items that have been offsite, prior to granting access to the overall enterprise. 

Perhaps it’s time for monthly security refreshers for all staff; the time involved is a burden, for sure, but it’s time well spent.  Perhaps a 10 minute security brief by the IT leader at the end of the monthly all-staff meetings is prudent.  For any particular high-profile malware that needs immediate addressal, ad-hoc meetings or e-mail blasts could warn users to be especially cautious, particularly within scopes and activities the malware seems to target.

Being that a good portion, perhaps most, of security breaches are due to human actions (and error), there’s something I’ve noticed:  When you call your bank, credit card company, etc., they ask you a security question (it might be mother’s maiden name, name of your first school, etc.).  Several questions usually follow on:  What is your date of birth?  What are the last four (or six) digits of your card?  What are the three numbers on the back?  What is the expiration date?  However, how do you vet the party on the other end of the line that’s soliciting (and collecting) all of this personal, and authenticating, information?

My next post will raise a rather interesting security question, along with a prediction…

August 5^th:  On this day in 1861, the U.S. levies its first income tax (3% of incomes over $800).