Meetings WiFi Sucks – So What?

by Robert McGarvey

The question isn’t does meetings and events wifi suck – of course it does – the real question is why and maybe, honestly, the realer question is so what?

Let’s unravel this. For at least a decade event attendees have kvetched about wifi – mainly its slowness, sometimes its plain unavailability. I still recall, with a crooked smile on my lips, a travel tech conference I attended around 10 years ago at a plush Scottsdale meetings hotel where even the press table lacked wifi. Picture a half dozen travel tech reporters cursing and, well, you have the picture. Personally I giggled because I knew what I was witnessing was a lot better story than what I would have filed had the press table been equipped with functioning wifi.

The venue simply had underestimated demand for wifi and the demand crushed the inadequate signal that was provided.

How funny is that at a tech conference? Of course even I started to curse when I discovered my cellphone hotspot had no signal in the hotel basement where this event was held.

Incidentally, I don’t think that hotel was doing anything nefarious to block my hotspot – I believe it was just the location. But know that in the past some hotels in fact have blocked hotspots and had their wrists slapped by the FCC. Marriott even paid a $600,000 fine for such misdeeds.

Flashforward to now and I believe the usual wifi problem remains too many devices accessing too anemic a signal. Why? Usually it’s an unwillingness to spend what would be required to provide an adequate signal. That was true in 2009 and it is true today. In fact not much has changed over the past decade. Ask event planners and some 58% of meeting planners say weak or unavailable wifi has negatively impacted their events, according to data via EventMB.

This is an occasion for much teeth gnashing – vide the recent Skift article, Why Is Wi-Fi at Events Still So Bad? Reported Skift; “Sluggish internet speeds, a network that suddenly cuts out, and odd corners of the room that somehow have adequate service as long as you hold your phone at a specific angle. These are the problems that nearly every conference attendee, trying in vain to use the provided Wi-Fi, has faced at least once, especially at a large event.

“In fact, providing good Wi-Fi is one of the top challenges meeting planners face, with over half reporting ongoing issues with it.”

But maybe it is for the better entirely.

How so? There’s a long history of fake and malicious event wifi that usually aim at harvesting user log in data, sometimes have loftier aims such as downloading malware to users’ computers. It’s easy enough. Under $1000 in gear, usually put in a cheap travel bag, will create the wifi network, then name it, Free Event WiFi or [Hotel] Meetings WiFi.

If you build it, and say it is free, they will log in.

There’s also no real guarantee of safety when using genuine event wifi. Public wifi networks – especially at hotels (airports too) – have a long history of hacker eavesdropping. Public wifi just is not safe. Is it fine for checking scores on ESPN and the front page at WAPO? Probably. How about your checking account? Nope.

What about company email? Nope.

Here’s the deal: I don’t whine about feeble event wifi because, very probably, I won’t use it. I prefer to use a cellphone hotspot. Sure, I pay a few cents in data use – but to me that is a small price to pay for enhanced security.

When the cellphone hotspot isn’t powerful enough, lately I’ve used the built in VPN on my Google Fi phone to add protection to wifi access. Sure, I know VPN isn’t the security fix-all – but when public wifi is all I have on my cellphone I will use VPN to add at least a little security. And I will still mind what sites I access. My rule of thumb: if you don’t mind if a cyber criminal is looking over your shoulder as you surf, the sites are fine for access via public wifi with a VPN.

Bottomline: event wifi sucks. But that is okay by me. I don’t trust it, I urge you to similarly approach it with suspicion, and that is how to stay safe. If use it you must, use a VPN – even better use a secure browser such as Silo.

But stop complaining. Accept that wifi at your next event will suck, and be thankful. When you don’t use it you are safe.

The Eyes Have It: Cameras Are Spying on Travelers

By Robert McGarvey

On a May 5th United flight from San Diego to Houston, an unnamed female passenger in first class entered the bathroom where she noticed a blinking blue light. She did not know what it was but she took the device to the flight crew. United Corporate Security subsequently determined it was a video recording device.

Then, per a document compiled by the FBI, “After viewing the information on the device, a male was caught on video installing the device in the first class lavatory of this particular flight.”  Apparently the man’s face wasn’t visible but – using his clothing and also jewelry – an ID was made. The arrest of Choon Ping Lee, who works for Halliburton, an oil field service company, followed.  

Creeped out? Justifiably. But here’s the grim reality: throughout your travels, very probably you are being spied on.  In some cases it’s by state sponsored security forces. In other cases it’s by miscellaneous creeps, perverts, and miscreants.

Does it really matter who?  Is it more comforting to know the Chinese government has eavesdropping devices in your Beijing hotel room – which it probably does and it also probably has your cellphone tapped – than it is to know that your Airbnb host is a perv who has cameras in rooms?

Guess what, it’s nothing new. In 1983 I co-wrote a book called The Complete Spy, which detailed the hundreds of legally available devices that let ordinary citizens spy on their spouses, children, neighbors, co-workers, bosses, you name it.  A theme of the book was that our privacy was evaporating and we seemed uninterested in fighting back.  

It is much, much worse today.

You don’t have to be Erin Andrews to have your privacy robbed. But a take away from the Andrews caper is that a determined eavesdropper can – with few roadblocks – easily spy on us in hotels.  And spying in hotels is surprisingly common

There’s even a claim that a hidden camera was found in a cruise ship cabin.

Why would anyone want to spy on me or you? Who the hell knows.  

Some nation states spy compulsively.  The Soviet Union and East Germany did it routinely (and if you visited either, you were eavesdropped upon. This is beyond question).  Today, Russia ranks high among nations that eavesdrop on foreign visitors. But China does likewise (maybe even more so).  The Saudis do too. Ditto the Israelis.  But you also hear about the French, Singapore, and many, many more nations. It’s not just nation states however.

As for who else eavesdrops in hotels, it can be anything from a business competitor to a jealous spouse or a just plain weirdo.  Remember Gay Talese’s The Voyeur’s Motel, where he documents a motel owner who systematically spied on guests.

Don’t say it can’t happen where you are staying.  Especially not because spying has gotten easier.

What’s new today is that eavesdropping has become very cheap and very low skill.

Around $40 will buy you a perfectly good spy camera.

For a few extra bucks, you can get a camera disguised as a clock or a bluetooth speaker.

Such cameras are usually wireless and battery powered. It takes essentially no skill to set up a camera.  

That’s a scary difference. A generation ago, cameras were expensive but also high maintenance.  Now cameras are installed by dropping them in place and, very probably, forgetting about them. Who needs to retrieve something so cheap?

How can you fight back?  The good news is that self-defense detection weaponry too is proliferating.

Now for Spy vs. Spy. There is plenty of technology that says it can find hidden eavesdropping technology and that has a prima facie credibility in that these devices typically connect via wiFi and/or Bluetooth. A device, or app, that hunts for Bluetooth and WiFi in the immediate vicinity may well pinpoint a nearby camera.

Some also hunt for a glint from the lens of a hidden camera and they just may find them.

But they may not, too. The better, pricier eavesdropping tools are built to foil the cheap detectors.

Dial up the price of the detector to north of $50, or even better, north of $100 and your odds of finding spy gear escalate.

Experts also recommend an oldfashioned physical inspection. Look for what’s out of place – a blinking blue light in a United lavatory – and you’ll hit the bullseye without any tech.

But even with preventative steps, don’t count on having privacy wherever your travels take you.  For 40 years people have asked me what I do to avoid being spied upon. My answer has always been the same: nothing.  I assume I may be spied upon, I act accordingly, and if I am spied upon, so be it.

I really cannot think of any surer strategy. Especially not today.  

Sign Off That Hotel WiFi Right Now!

by Robert McGarvey

If you are reading this on hotel WiFi, sign off now.  A new Bloomberg report underlines how porous hotel WiFi networks are. This is a long look at the problem and that’s good because it is a grim reality that savvy travelers need to know about.


Do you care if hackers have your credit card numbers, maybe passport info, possibly driver’s license details, hotel loyalty program log in and password, and probably more? Because they do. Because hotels do not care about your privacy. They just don’t.

Of course this week’s news is about airlines and breaches – specifically BA – and they have a sorry history of poor defense against hackers. Don’t get distracted however. Airlines are bad at this. But hotels are simply the worst.

Forgive me a Cassandra moment. I have been writing about how much hotel WiFi sucks for at least a decade. The stories are manifold and they always say the same: hackers long ago figured out that hotels have essentially no protections on their wifi networks so it is very much a wild west where an Internet caveat emptor prevails.

Except the odds are stacked against you: the hackers are very good at their work, which is stealing salable data.  Hotels are very bad at protecting our data. Hotel group after hotel group has fallen victim to hackers. TrumpHard Rock. Hilton. Marriott

Information security blogger Brian Krebs has reported that the Marriott (Starwood) breach involved 500 million of us.  

In a mea culpa, Marriott said: “The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.  For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.  For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.  For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.”

As for who hacked these hotels, nobody knows.  In many cases it doubtless is ordinary, common criminals.  In other cases, something else may be afoot. Noted Bloomberg: “Marriott hasn’t found any evidence of customer data showing up on dark-web marketplaces, CEO Arne Sorenson told a Senate committee hearing in March. That sounds like good news but may actually be bad. The lack of commercial intent indicated to security experts that the hack was carried out by a government, which might use the data to extrapolate information about politicians, intelligence assets, and business leaders.”

Yep.  The Chinese are believed to be voluminous acquirers of data. But the Russian aren’t slouches. Several European governments are in the game too.  And the US government increasingly is active. In that last case it is difficult to see a hack on a domestic company. But impossible? Not really.

Understand this: hotels are truly bad at protecting data. It’s an industrywide malady.  And hotels are lots worse than most other industries. Bloomberg posits a theory: “Hospitality companies long saw technology as antithetical to the human touch that represented good service. The industry’s admirable habit of promoting from the bottom up means it’s not uncommon to find IT executives who started their careers toting luggage. Former bellboys might understand how a hotel works better than a software engineer, but that doesn’t mean they understand network architecture.”

That rings true to me.

Bloomberg went on: “There’s also a structural issue. Companies such as Marriott and Hilton are responsible for securing brand-wide databases that store reservations and loyalty program information. But the task of protecting the electronic locks or guest Wi-Fi at an individual property falls on the investors who own the hotels. Many of them operate on thin margins and would rather spend money on things their customers actually see, such as new carpeting or state-of-the-art televisions.”

In the big chains the vast majority of hotels are owned by “asset holders” – everything from pension funds and big insurance companies to wealthy individuals.  They have to be persuaded to fund big ticket campaigns. And often they haven’t been.

The result in the hotel business is a patchwork of old, cruddy, unreliable technology.

But you do not have to be a victim. There is nothing we can do to strengthen the defenses around a hotel’s property management system, etc. But we can take steps to protect ourselves when it involves WiFi.

You have three options.  Definitely use them in hotels, but also in airports, coffee shops, and airport lounges. I don’t guarantee your safety but I promise you will be much, much safer than if you don’t take such steps.

O Create a personal hotspot with your cellphone and log in via it.  Cellular data is much, much more secure than is hotel network data. Not perfect. But good enough for most of us. This has been my go to for some years.

O Use VPN, a virtual private network.  There are known limitations to the security delivered by VPNs.  I personally no longer use one. But I know many companies require their traveling execs use a vpn and if that’s policy, it is much, much better than logging on naked to a hotel network.  

O Use Silo or a similar secure browser. The secure browser processes all web data inside a secure container so even if a user accesses malware it’s no harm, because the data won’t reach the user’s computer. Silo also encrypts traffic to shield it from prying eyes. A tool such as Silo offers more robust protection than do VPNs.  (Note: I have been paid by Silo’s developer for past work. That company had no involvement in this column and did not pay me for this.)

That’s three choices.  On your next hotel stay when you log into the Internet use one of the three and know that you will be a lot safer than the guests who log into the hotel’s computer. There is no excuse for not protecting yourself.  Not when you know just how perilous hotel networks are and will almost certainly remain.

The 21st Century Credit Union Welcome

 

By Robert McGarvey

For Credit Union 2.0

Sign up as a new member at your credit union – or pick any credit union – and what happens?

Ask yourself a sharper question: what doesn’t happen?  Think hard on that because the future of this new member relationship hangs in the balance.

Amy Downs, CEO at Allegiance Credit Union, a $260 million institution headquartered in Oklahoma City, has been thinking hard on these very questions and she believes she has found an answer that helps bring her credit union squarely into the 21st century’s digital world.

Mind you, Amy has worked at Allegiance for many years, 30 in fact. She remembers the new member welcomes of the old days. Back then Allegiance was officed in the Alfred P. Murrah Federal Building and it serviced federal employees.  As new workers were onboarded by human resources, they ordinarily were brought by the credit union and of course they got a warm welcome from the credit union employees, recalled Amy. Many of those new employees signed up on the spot.  And why not? They had been sincerely greeted by credit union employees – probably including the president, definitely senior managers. They knew they had a name and face they could seek out down the road if they had an issue they wanted to discuss.

What bank could match those human faces at the credit union?

Flashforward to nowadays and what happens when a new member joins a credit union? Increasingly that happens online. Then what? Probably there is a welcome email – and doesn’t that sound warm, friendly and inviting?

Not.

Probably, too, there is a welcome packet that arrives by US Mail – along with bunches of postcards from nearby dental offices, solicitations for donations, and maybe a past due notice on an electric bill.

Credit unions are scrambling – and many are failing – to make good, warm ties with new members. And many of those new members drift away or, even more commonly, they never put more than a few dollars into their credit union account. The bulk of their wallet is at another institution.

The future for credit unions is terrible – if things stay like this.

Matters got especially complicated at Allegiance. In 2002, the credit union got a community charter where it now serves people who live or work in the six counties around Oklahoma City.

In that transition, what was lost was that new employee introduction and that was a powerful moment that set up thousands of strong member – credit union relationships.

Amy thought on this and then she heard about an alternative.  What she now sends new members is a welcome video in which her smiling face is on camera, offering a sincere happiness that the new member brought Allegiance their business.

A couple times a week she scans the list of new members and when she recognizes a name, she makes a personal video. When she saw a husband of a close personal friend, she laughingly said in that video, “About time you listened to your wife!”

But even with the members she doesn’t know, what they see in Amy’s video is a person who is glad to meet them.

“We are losing our personal touch, all credit unions are,” said Amy.  “Everything has changed. It’s not the way it was, when we were on a first name basis with all our members. Now we have to work at it.”

When Amy heard about new member welcome videos, she wanted to know more. When she discovered the costs are nominal – she records her own, using a digital video recorder that cost $65 – and the actual time to record is a matter of minutes, she was all in.

Understand: the video is similar to what would have been an in-person meet and greet with a new member a generation ago. Amy’s videos are in the vicinity of 30 seconds. That matters because our attention spans just aren’t suited to movie-length video welcomes.

The bottomline for Amy and Allegiance: “We have to start marketing in different ways, or credit unions will be left behind.”

Use the technology that is readily available to forge stronger ties with new members. Welcome videos – absolutely – are a step in that direction.

Credit Union 2.0 has developed video solutions for new member welcomes – they in fact facilitated the work for Allegiance. For more info, here’s the contact.

Want to see Amy’s video? Click here.

 

Realtime Banking Is Coming at You: Ready or Not

 

By Robert McGarvey

 

For CU2.0

 

A new report out of Celent asks a question that just may terrify you: Are banks ready for a real time world?

You probably know the answer at your credit union.

Join the club: many – probably most – credit unions are nowhere close to embracing a real time financial services universe.

Tell me why it takes a day – sometimes several days – to move money from an account at my credit union to a payee already in the system when, truly, it simply is a matter of shifting bits and bytes?

Money can – and now should – move as fast as a text message and if a friend in India sends me an SMS via Facebook right about now it is showing up in my FB queue.

It can happen in financial services. With money. Everybody – that means you – will have to climb aboard. “Real time payments,” said Celent, “have moved beyond being an if to a when.”

Here’s a Celent observation: “Most existing payment engines have a number of challenges in delivering real-time payments. First, they are generally batch-driven, rather than single message and instant, and so simply not suitable. The second, and less obvious reason, is that they require downtime for maintenance and upgrades, something that isn’t allowed in a real-time payment solution. Many real-time payment schemes only have downtime over the year measured in seconds. Old technology simply wasn’t designed to support that.”

What Celent is prescribing is adoption of a robust payments hub that can provide the 21st century world what it wants.

“Real-time payments require all the activity in the value chain to be carried out, typically in under a second, if not quicker. If all the processes are within the hub, they are easier to manage and coordinate. But as volumes increase, this becomes more and more essential. Furthermore, functions that sit within the hub will be subject to the same design requirements in terms of availability and maintenance,” wrote the Celent author, Gareth Lodge.

Some real time functions already are in use in the United States.

Digital currencies – the report pointed in particular to Ripple – are paving the way for a shift to real time money movement.

Zelle also is a step into real time for institutions that adopt it (and some credit unions already have – such as America First Credit Union and BECU).  And Dwolla offers real time ACH transfer functionality.

Don’t necessarily expect smooth sailing for your institution into the real time universe. Exactly how – and how well – many competing real time systems will integrate with each other is not yet known.

Then, too, as Celent pointed out: “The term real-time payments perhaps hides an obvious truth: in order to make the payment real-time, everything and anything that touches the payment, including fraud checking, balance checks, and the front end initiation system have also to be real-time…24 hours a day, seven days a week.”

All of that represents a massive change in how credit unions work.  Digital banks, Celent pointed out, are architected from the word “go” to handle real time. A legacy institution has a different, very real set of challenges. Said Celent: “Real-time payments then are the vanguard of the digital bank. New banks, built from the ground up, do not need to give this a second thought, but for any other bank, the task of converting from the existing infrastructure is a huge task.”

And the news gets worse.  Said Celent: “Many banks still run core banking systems that are over a decade old. The chances are that unless it has been replaced within the last five years, it is still a batch system. This poses immediate challenges — how to update the customer balance until the next batch, overnight run.”

Institutions – and their cpre providers – are fiddling with workarounds.  But that’s the point: there will definitely have to be workarounds and they may not always be easy, elegant or even straightforward.

What to do?  The first step is recognizing that now indeed is the start of real time banking.  That, said Celent, is integral to the transformation into the digital bank that just about all now know is the future. Wrote Celent: “Banks may see the need to move to a digital bank, but they may be struggling to make the business case for investing in real-time payments. Yet there is a confluence of the digital banking trend with real-time payments, as they share many of the same attributes and indeed, that make it impossible for a digital bank to truly exist without it.”

Absolutely right. Until real-time payments are part of the package the institution just isn’t a digital bank. Period.