The Eyes Have It: Cameras Are Spying on Travelers

By Robert McGarvey

On a May 5th United flight from San Diego to Houston, an unnamed female passenger in first class entered the bathroom where she noticed a blinking blue light. She did not know what it was but she took the device to the flight crew. United Corporate Security subsequently determined it was a video recording device.

Then, per a document compiled by the FBI, “After viewing the information on the device, a male was caught on video installing the device in the first class lavatory of this particular flight.”  Apparently the man’s face wasn’t visible but – using his clothing and also jewelry – an ID was made. The arrest of Choon Ping Lee, who works for Halliburton, an oil field service company, followed.  

Creeped out? Justifiably. But here’s the grim reality: throughout your travels, very probably you are being spied on.  In some cases it’s by state sponsored security forces. In other cases it’s by miscellaneous creeps, perverts, and miscreants.

Does it really matter who?  Is it more comforting to know the Chinese government has eavesdropping devices in your Beijing hotel room – which it probably does and it also probably has your cellphone tapped – than it is to know that your Airbnb host is a perv who has cameras in rooms?

Guess what, it’s nothing new. In 1983 I co-wrote a book called The Complete Spy, which detailed the hundreds of legally available devices that let ordinary citizens spy on their spouses, children, neighbors, co-workers, bosses, you name it.  A theme of the book was that our privacy was evaporating and we seemed uninterested in fighting back.  

It is much, much worse today.

You don’t have to be Erin Andrews to have your privacy robbed. But a take away from the Andrews caper is that a determined eavesdropper can – with few roadblocks – easily spy on us in hotels.  And spying in hotels is surprisingly common

There’s even a claim that a hidden camera was found in a cruise ship cabin.

Why would anyone want to spy on me or you? Who the hell knows.  

Some nation states spy compulsively.  The Soviet Union and East Germany did it routinely (and if you visited either, you were eavesdropped upon. This is beyond question).  Today, Russia ranks high among nations that eavesdrop on foreign visitors. But China does likewise (maybe even more so).  The Saudis do too. Ditto the Israelis.  But you also hear about the French, Singapore, and many, many more nations. It’s not just nation states however.

As for who else eavesdrops in hotels, it can be anything from a business competitor to a jealous spouse or a just plain weirdo.  Remember Gay Talese’s The Voyeur’s Motel, where he documents a motel owner who systematically spied on guests.

Don’t say it can’t happen where you are staying.  Especially not because spying has gotten easier.

What’s new today is that eavesdropping has become very cheap and very low skill.

Around $40 will buy you a perfectly good spy camera.

For a few extra bucks, you can get a camera disguised as a clock or a bluetooth speaker.

Such cameras are usually wireless and battery powered. It takes essentially no skill to set up a camera.  

That’s a scary difference. A generation ago, cameras were expensive but also high maintenance.  Now cameras are installed by dropping them in place and, very probably, forgetting about them. Who needs to retrieve something so cheap?

How can you fight back?  The good news is that self-defense detection weaponry too is proliferating.

Now for Spy vs. Spy. There is plenty of technology that says it can find hidden eavesdropping technology and that has a prima facie credibility in that these devices typically connect via wiFi and/or Bluetooth. A device, or app, that hunts for Bluetooth and WiFi in the immediate vicinity may well pinpoint a nearby camera.

Some also hunt for a glint from the lens of a hidden camera and they just may find them.

But they may not, too. The better, pricier eavesdropping tools are built to foil the cheap detectors.

Dial up the price of the detector to north of $50, or even better, north of $100 and your odds of finding spy gear escalate.

Experts also recommend an oldfashioned physical inspection. Look for what’s out of place – a blinking blue light in a United lavatory – and you’ll hit the bullseye without any tech.

But even with preventative steps, don’t count on having privacy wherever your travels take you.  For 40 years people have asked me what I do to avoid being spied upon. My answer has always been the same: nothing.  I assume I may be spied upon, I act accordingly, and if I am spied upon, so be it.

I really cannot think of any surer strategy. Especially not today.  

Sign Off That Hotel WiFi Right Now!

by Robert McGarvey

If you are reading this on hotel WiFi, sign off now.  A new Bloomberg report underlines how porous hotel WiFi networks are. This is a long look at the problem and that’s good because it is a grim reality that savvy travelers need to know about.


Do you care if hackers have your credit card numbers, maybe passport info, possibly driver’s license details, hotel loyalty program log in and password, and probably more? Because they do. Because hotels do not care about your privacy. They just don’t.

Of course this week’s news is about airlines and breaches – specifically BA – and they have a sorry history of poor defense against hackers. Don’t get distracted however. Airlines are bad at this. But hotels are simply the worst.

Forgive me a Cassandra moment. I have been writing about how much hotel WiFi sucks for at least a decade. The stories are manifold and they always say the same: hackers long ago figured out that hotels have essentially no protections on their wifi networks so it is very much a wild west where an Internet caveat emptor prevails.

Except the odds are stacked against you: the hackers are very good at their work, which is stealing salable data.  Hotels are very bad at protecting our data. Hotel group after hotel group has fallen victim to hackers. TrumpHard Rock. Hilton. Marriott

Information security blogger Brian Krebs has reported that the Marriott (Starwood) breach involved 500 million of us.  

In a mea culpa, Marriott said: “The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.  For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.  For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.  For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.”

As for who hacked these hotels, nobody knows.  In many cases it doubtless is ordinary, common criminals.  In other cases, something else may be afoot. Noted Bloomberg: “Marriott hasn’t found any evidence of customer data showing up on dark-web marketplaces, CEO Arne Sorenson told a Senate committee hearing in March. That sounds like good news but may actually be bad. The lack of commercial intent indicated to security experts that the hack was carried out by a government, which might use the data to extrapolate information about politicians, intelligence assets, and business leaders.”

Yep.  The Chinese are believed to be voluminous acquirers of data. But the Russian aren’t slouches. Several European governments are in the game too.  And the US government increasingly is active. In that last case it is difficult to see a hack on a domestic company. But impossible? Not really.

Understand this: hotels are truly bad at protecting data. It’s an industrywide malady.  And hotels are lots worse than most other industries. Bloomberg posits a theory: “Hospitality companies long saw technology as antithetical to the human touch that represented good service. The industry’s admirable habit of promoting from the bottom up means it’s not uncommon to find IT executives who started their careers toting luggage. Former bellboys might understand how a hotel works better than a software engineer, but that doesn’t mean they understand network architecture.”

That rings true to me.

Bloomberg went on: “There’s also a structural issue. Companies such as Marriott and Hilton are responsible for securing brand-wide databases that store reservations and loyalty program information. But the task of protecting the electronic locks or guest Wi-Fi at an individual property falls on the investors who own the hotels. Many of them operate on thin margins and would rather spend money on things their customers actually see, such as new carpeting or state-of-the-art televisions.”

In the big chains the vast majority of hotels are owned by “asset holders” – everything from pension funds and big insurance companies to wealthy individuals.  They have to be persuaded to fund big ticket campaigns. And often they haven’t been.

The result in the hotel business is a patchwork of old, cruddy, unreliable technology.

But you do not have to be a victim. There is nothing we can do to strengthen the defenses around a hotel’s property management system, etc. But we can take steps to protect ourselves when it involves WiFi.

You have three options.  Definitely use them in hotels, but also in airports, coffee shops, and airport lounges. I don’t guarantee your safety but I promise you will be much, much safer than if you don’t take such steps.

O Create a personal hotspot with your cellphone and log in via it.  Cellular data is much, much more secure than is hotel network data. Not perfect. But good enough for most of us. This has been my go to for some years.

O Use VPN, a virtual private network.  There are known limitations to the security delivered by VPNs.  I personally no longer use one. But I know many companies require their traveling execs use a vpn and if that’s policy, it is much, much better than logging on naked to a hotel network.  

O Use Silo or a similar secure browser. The secure browser processes all web data inside a secure container so even if a user accesses malware it’s no harm, because the data won’t reach the user’s computer. Silo also encrypts traffic to shield it from prying eyes. A tool such as Silo offers more robust protection than do VPNs.  (Note: I have been paid by Silo’s developer for past work. That company had no involvement in this column and did not pay me for this.)

That’s three choices.  On your next hotel stay when you log into the Internet use one of the three and know that you will be a lot safer than the guests who log into the hotel’s computer. There is no excuse for not protecting yourself.  Not when you know just how perilous hotel networks are and will almost certainly remain.

The 21st Century Credit Union Welcome

 

By Robert McGarvey

For Credit Union 2.0

Sign up as a new member at your credit union – or pick any credit union – and what happens?

Ask yourself a sharper question: what doesn’t happen?  Think hard on that because the future of this new member relationship hangs in the balance.

Amy Downs, CEO at Allegiance Credit Union, a $260 million institution headquartered in Oklahoma City, has been thinking hard on these very questions and she believes she has found an answer that helps bring her credit union squarely into the 21st century’s digital world.

Mind you, Amy has worked at Allegiance for many years, 30 in fact. She remembers the new member welcomes of the old days. Back then Allegiance was officed in the Alfred P. Murrah Federal Building and it serviced federal employees.  As new workers were onboarded by human resources, they ordinarily were brought by the credit union and of course they got a warm welcome from the credit union employees, recalled Amy. Many of those new employees signed up on the spot.  And why not? They had been sincerely greeted by credit union employees – probably including the president, definitely senior managers. They knew they had a name and face they could seek out down the road if they had an issue they wanted to discuss.

What bank could match those human faces at the credit union?

Flashforward to nowadays and what happens when a new member joins a credit union? Increasingly that happens online. Then what? Probably there is a welcome email – and doesn’t that sound warm, friendly and inviting?

Not.

Probably, too, there is a welcome packet that arrives by US Mail – along with bunches of postcards from nearby dental offices, solicitations for donations, and maybe a past due notice on an electric bill.

Credit unions are scrambling – and many are failing – to make good, warm ties with new members. And many of those new members drift away or, even more commonly, they never put more than a few dollars into their credit union account. The bulk of their wallet is at another institution.

The future for credit unions is terrible – if things stay like this.

Matters got especially complicated at Allegiance. In 2002, the credit union got a community charter where it now serves people who live or work in the six counties around Oklahoma City.

In that transition, what was lost was that new employee introduction and that was a powerful moment that set up thousands of strong member – credit union relationships.

Amy thought on this and then she heard about an alternative.  What she now sends new members is a welcome video in which her smiling face is on camera, offering a sincere happiness that the new member brought Allegiance their business.

A couple times a week she scans the list of new members and when she recognizes a name, she makes a personal video. When she saw a husband of a close personal friend, she laughingly said in that video, “About time you listened to your wife!”

But even with the members she doesn’t know, what they see in Amy’s video is a person who is glad to meet them.

“We are losing our personal touch, all credit unions are,” said Amy.  “Everything has changed. It’s not the way it was, when we were on a first name basis with all our members. Now we have to work at it.”

When Amy heard about new member welcome videos, she wanted to know more. When she discovered the costs are nominal – she records her own, using a digital video recorder that cost $65 – and the actual time to record is a matter of minutes, she was all in.

Understand: the video is similar to what would have been an in-person meet and greet with a new member a generation ago. Amy’s videos are in the vicinity of 30 seconds. That matters because our attention spans just aren’t suited to movie-length video welcomes.

The bottomline for Amy and Allegiance: “We have to start marketing in different ways, or credit unions will be left behind.”

Use the technology that is readily available to forge stronger ties with new members. Welcome videos – absolutely – are a step in that direction.

Credit Union 2.0 has developed video solutions for new member welcomes – they in fact facilitated the work for Allegiance. For more info, here’s the contact.

Want to see Amy’s video? Click here.

 

Realtime Banking Is Coming at You: Ready or Not

 

By Robert McGarvey

 

For CU2.0

 

A new report out of Celent asks a question that just may terrify you: Are banks ready for a real time world?

You probably know the answer at your credit union.

Join the club: many – probably most – credit unions are nowhere close to embracing a real time financial services universe.

Tell me why it takes a day – sometimes several days – to move money from an account at my credit union to a payee already in the system when, truly, it simply is a matter of shifting bits and bytes?

Money can – and now should – move as fast as a text message and if a friend in India sends me an SMS via Facebook right about now it is showing up in my FB queue.

It can happen in financial services. With money. Everybody – that means you – will have to climb aboard. “Real time payments,” said Celent, “have moved beyond being an if to a when.”

Here’s a Celent observation: “Most existing payment engines have a number of challenges in delivering real-time payments. First, they are generally batch-driven, rather than single message and instant, and so simply not suitable. The second, and less obvious reason, is that they require downtime for maintenance and upgrades, something that isn’t allowed in a real-time payment solution. Many real-time payment schemes only have downtime over the year measured in seconds. Old technology simply wasn’t designed to support that.”

What Celent is prescribing is adoption of a robust payments hub that can provide the 21st century world what it wants.

“Real-time payments require all the activity in the value chain to be carried out, typically in under a second, if not quicker. If all the processes are within the hub, they are easier to manage and coordinate. But as volumes increase, this becomes more and more essential. Furthermore, functions that sit within the hub will be subject to the same design requirements in terms of availability and maintenance,” wrote the Celent author, Gareth Lodge.

Some real time functions already are in use in the United States.

Digital currencies – the report pointed in particular to Ripple – are paving the way for a shift to real time money movement.

Zelle also is a step into real time for institutions that adopt it (and some credit unions already have – such as America First Credit Union and BECU).  And Dwolla offers real time ACH transfer functionality.

Don’t necessarily expect smooth sailing for your institution into the real time universe. Exactly how – and how well – many competing real time systems will integrate with each other is not yet known.

Then, too, as Celent pointed out: “The term real-time payments perhaps hides an obvious truth: in order to make the payment real-time, everything and anything that touches the payment, including fraud checking, balance checks, and the front end initiation system have also to be real-time…24 hours a day, seven days a week.”

All of that represents a massive change in how credit unions work.  Digital banks, Celent pointed out, are architected from the word “go” to handle real time. A legacy institution has a different, very real set of challenges. Said Celent: “Real-time payments then are the vanguard of the digital bank. New banks, built from the ground up, do not need to give this a second thought, but for any other bank, the task of converting from the existing infrastructure is a huge task.”

And the news gets worse.  Said Celent: “Many banks still run core banking systems that are over a decade old. The chances are that unless it has been replaced within the last five years, it is still a batch system. This poses immediate challenges — how to update the customer balance until the next batch, overnight run.”

Institutions – and their cpre providers – are fiddling with workarounds.  But that’s the point: there will definitely have to be workarounds and they may not always be easy, elegant or even straightforward.

What to do?  The first step is recognizing that now indeed is the start of real time banking.  That, said Celent, is integral to the transformation into the digital bank that just about all now know is the future. Wrote Celent: “Banks may see the need to move to a digital bank, but they may be struggling to make the business case for investing in real-time payments. Yet there is a confluence of the digital banking trend with real-time payments, as they share many of the same attributes and indeed, that make it impossible for a digital bank to truly exist without it.”

Absolutely right. Until real-time payments are part of the package the institution just isn’t a digital bank. Period.

Wrestling with Your Digital Talent Gap

 

By Robert McGarvey

 

For CU 2.0

 

Wake up to a frightening reality: very probably your credit union is falling behind in the race for digital talent and that just may be a sound of impending doom.

Consulting firm CapGemini, working with LinkedIn, recently issued a report on The Digital Talent Gap and the takeaways for credit union executives have to be frightening.

According to CapGemini, six in ten banking executives acknowledge they face a widening talent gap. The report pinpoints banking as a sector where that gap is especially high.

The money center banks, almost certainly, are not pointing to themselves. They are busily hiring top digital talent as they chart their paths into a 21st century where digital is seen as the core of banking.  They see that future and they are preparing for it.

Down a checklist, CapGemini sees less skill than is needed in a range of digital activities that are central to banking today. Included on the list are cybersecurity, mobile apps (where a big skill deficit is cited), data science, and big data (another huge deficit).

A lot of what has become core in delivering financial services is now emerging as areas where many, many credit unions and community banks are just not keeping up because they don’t have the talent to stay in the game.

Employees know these realities. According to the survey data, 30% of banking employees believe their skills will be redundant in one to two years. 44% believe their skills will be redundant in four or five years.

That suggests a frightened, anxious workforce.

Employees also express dissatisfaction with trainings offered them by their organization.  45% say they are not helping them attain new skills.  42% say the trainings they attend are “useless and boring.”

Ouch.

Question: does your credit union leadership know their own employees fear their institution is lagging in the race for digital competence – and that they despair over the viability of their own skills?

It gets worse. You just may lose the digital talent you presently have. The CapGemini survey found that “over half of digital talent (55%) say they are willing to move to another organization if they feel their digital skills are stagnating.”

The good news: CapGemini offered concrete suggestions about what organizations need to do to remain players in the race for digital talent.

A suggestion not on the list is blunt: credit unions often will need to find their digital talent through third party vendors and CUSOs.  No shame in that.  At a certain institutional size, the savvy survival strategy is to know where to go outside to help chart the credit union’s digital path.  There still needs be digital skills internally – especially a sharp sensitivity to what matters digitally inside the c-suite.  But a lot of the digital heavy lifting can and should happen through third parties at all but the very largest credit unions.

But the biggest credit unions need to be sure they are nurturing internal digital talent. And smaller institutions need to know what they can do with the talent they have and they also need to stay watchful of their third party vendors and their talent development efforts.

Just because a CUSO was spot on technologically in 2010 doesn’t mean it has a clue today. Things move very fast in this world.

That’s where the CapGemini suggestions about how to develop digital talent come in.

And step one is Attract Digital Talent where CapGemini points a finger at the institution’s leadership.  Specifically: “Align leadership on a talent strategy and the unique needs of digital talent.”

How does your credit union measure up there?

Does your leadership see the ultimate importance of digital in charting the institution’s future?

The next steps are no easier: “create an environment that prioritizes and rewards learning” and “align leadership on a talent strategy and the unique needs of digital talent.”

Digital warriors go where they are loved and wanted.  It’s that simple.

One more step: “Give digital talent the power to implement change.”

This doesn’t sound easy?

Nope. It all is very hard, especially for small and mid size credit unions.

But the alternative just may be planning to go out of business.

That makes the choice easy.

 

The Sad State of Inflight WiFi aka Bring a Book

 

By Robert McGarvey

 

It was 10 years ago that you probably first experienced inflight WiFi and if you are like me you remember that moment with delight.  GoGo rolled out WiFi to a handful of flights on a handful of carriers (American Airlines, Virgin America, Delta, Air Canada, Air Tran Airways and United) in 2009 and, pretty soon, I was picking flights based upon my guess about WiFi availability.

How cool was it to email at 30,000 feet? Very. And, honestly, the speeds just didn’t seem slow back then – in part because users were few.

Meantime, think about today where there’s WiFi in coffee shops, homes, fast food restaurants and – you know what? – it is pretty much ubiquitous. In Phoenix there’s even free WiFi on the lightrail ($4 to ride all day), just about every coffee shop offers it, and so do apartment house lobbies, doctors waiting rooms, and I could on on.

Where we are, WiFi is.

Except on airplanes.

Let’s put aside the issue of how bad – slow, overpriced, unreliable – inflight WiFi has become. There also very real issues around security (or lack thereof), where everybody from crooks to government agencies may be eavesdropping on your keystrokes. We’ll get to that momentarily.

For now what grabs me is that WiFi is very far from ubiquitous inflight – indeed odds are that any given seat will not have WiFi, according to a report from Routehappy. That report says that 43%
of available seat miles (ASMs) worldwide have at least a chance of Wi-Fi on board. Note that hedge – at least a chance. That’s because many planes claim WiFi but it may not in fact be actually working.

That 43% is up from 39% last year – which highlights the slow pace of upgrades.

This means 57% of seats have zero chance of providing WiFi.

US carriers are better than the rest, per Routehappy: “U.S. airlines offer at least a chance of Wi-Fi on 86% of their ASMs, with 85% of ASMs fully rolled out.”  It added: “Non-U.S. airlines offer at least a chance of Wi-Fi on 32% of their ASMs, up by 14% from the 2017 report.”

Now chew on this: “Three carriers now offer Wi-Fi on 100% of their flights: Icelandair, Southwest, and Virgin Atlantic.”  That means many, many dozens don’t. By Routehappy’s count, 82 airlines globally offer WiFi, so that means 79 don’t offer it on all flights.

A morsel of good news is that “13 airlines globally offer Wi-Fi on 100% of long-haul flights: Air Europa, Delta, Emirates, Etihad, Eurowings, EVA Air, Iberia, Kuwait, Lufthansa, SAS, Scoot, United, and Virgin Atlantic.”

Another morsel: “While passengers have come to expect Wi-Fi on large global airlines, many smaller airlines have now begun offering Wi-Fi as well. Air Astana from Kazakhstan, Air Côte d’Ivoire from Ivory Coast, and Air Mauritius from Mauritius are just a few of the numerous smaller airlines that began offering Wi-Fi in 2017.”

Nonetheless, the bad news is that when flying overseas, you have a better than even chance of not having WiFi access.

Despite the rising global ubiquity of WiFi.

Routehappy, by the way, holds out hope for the disgruntled passengers – myself often among them – who no longer even try to use inflight WiFi.  My usual preference is to read a book on my iPad – and I carefully insure the books I want to access are downloaded before I leave for the airport.

At most I will do a fast email session inflight.  But not usually.

But there are glimmers of hope that our increasingly loud kvetching about WiFi quality will be dealt with by the carriers. Said Routehappy: “Best Wi-Fi is now available on 16% of ASMs worldwide, representing a staggering 129% increase from the 2017 report.”  

It defines “Best WiFi” this way: “Fastest Wi-Fi systems currently available, capable of advanced media streaming (whether allowed by airline or not); comparable to a home connection.”

That is good news on first glance but on second what it says is 84% of ASMs don’t have “best WiFi.”

In the 2017 Routehappy report, by the way, it noted that 6% of flights offered “best WiFi.”

There has been progress in bringing “best WiFi” to more passengers globally – but not a lot, not really.

And airlines plan to get us viewing movies and such on this “Best” WiFi – and how good is your cable connection at home when you try to stream a movie on Friday night?

Right.

Don’t expect better even from “Best” WiFi on long, packed flights.  I know I’m not. I saw the drop in inflight quality circa 2012 as more of us discovered it and started using it. Similar will befall “Best” WiFi and it will surely deteriorate.

That’s why for now I’ll stick with my plan to read books on my iPad, maybe make notes in my paper calendar-planner.

How 1999.

But has anything really changed?