Friday, August 28, 2015

Debtor Can't Explain Millions in Missing Protein Powder

Ultimate Nutrition, maker of Pro Star Ultimate Whey Powder, filed for chapter 11 bankruptcy last December in Hartford, Connecticut.  The debtor is in a headlock with TD Bank NA over a  $13 million loan.  Millions of dollars worth of powdered protein shake supplement ingredients are missing from Ultimate's warehouse and TD Bank is trying to find out what happened.  

TD has asked the bankruptcy court for an investigation into the whereabouts of the missing inventory.  Brian Rubino, Ultimate's CEO, says he destroyed the missing powder, about 40% of the company's inventory worth about $3.8, because it was "unsaleable."   Perhaps the powder was never really in stock, but Ultimate reported it to pump up its inventory.  Or, the powder is out there somewhere still subject to TD's lien.  The possibility that really scares me is that Rubino dumped the mountain of "unsaleable" powder into the Hog River that runs underneath the City of Hartford.

Tuesday, August 25, 2015

Not Too Big to Jail

Presidential hopeful Hillary Clinton said in a recent speech on economic policy that individual bankers should go to jail for their role in the 2008 financial crisis.  In May 2015, JP Morgan  and Citibank, along with several foreign banks, plead guilty to conspiracy to manipulate the foreign currency exchange spot market.  The banks agreed to pay criminal fines of $2.5 billion.   That's not enough justice for Ms. Clinton. Individuals must go to jail and she promised that they will on her watch.  

A Morning Consult poll in April 2015 showed that about 58% of Americans surveyed think individual bank employees should be prosecuted, convicted and imprisoned for financial crimes and 44 % said that criminal sentences and fines for financial institutions is not sufficient to deter "Wall Street" from engaging in financial misdeeds.  So far, although banks have taken a beating, no individuals have been jailed for unlawful conduct contributing to the 2008 crisis.  The reasons why we haven't seen video of Wall Street bankers in orange jumpsuits remain the subject of speculation and debate.

Last week, the U.S. Attorneys' Office for the Southern District of New York announced a guilty plea and jail time for a banker.  Charles Antonucci, Sr., former president of The Park Avenue Bank, was sentenced to 30 months for his role in a massive fraud involving self-dealing, bribery, embezzlement of bank funds, and a scheme to steal about $11 million from the Troubled Assets Relief Program (TARP), a federal program established in the aftermath of the 2008 crisis to help banks stabilize and address liquidity problems.  (The press release is a fascinating read for those interested in how to rob a bank without a gun).  It's not the widespread humiliation of individual bankers that so many Americans seem to want, but it proves that if the evidence is there, bankers are not too big to jail.

Tuesday, August 11, 2015

The Chips Are in the Mail: EMV Liability Shift in October 2015

A few weeks ago I got a new credit card with a microchip.  Last weekend, when I swiped it at Target, I got a lesson on how to use the microchip reader in the checkout line.  The new technology is called "EMV" which refers to a technical standard developed in the 1990's for payment instruments that store data on integrated circuits (chips) rather than magnetic stripes. The term comes from the names of the three companies that created the technical standards: Europay, Mastercard and Visa.  These three companies, along with JCB, American Express, China UnionPay and Discover formed a consortium managed by EMVCo.  The six member organizations work together with banks, merchants, payment processors and other stakeholders.

Use of chip technology reduces fraud relative to use of magnetic stripe technology because the chip permits "dynamic authentication" of the payment.  Put very simply, a magnetic stripe embeds a unique identifier, but all it does when swiped through a reader is show the identifier, which is always the same.  A dynamic authentication protocol authenticates the payment by computing a unique response to a challenge which uses both the data presented in the challenge (from the authentication server) and the secret data contained in the chip.   A thief can steal the credit card number, but without the chip-enabled dynamic authentication, the number is useless.

In August 2011, Visa announced its plans to implement the "Global POS (point of sale) Liability Shift Policy" for the US. For most counterfeit card fraud at a retailer's in-store locations ("card present" transactions), liability for an unauthorized transaction has always fallen on the card issuing bank and not the merchant. Effective October 1, 2015, the new policy shifts liability to the party in the payment process that has not made the investment in EMV chip cards or readers.  Each payment network (e.g., Visa, MasterCard, Discover) has its own rules, but they all implement the same cheaper loss avoider principle.  According to a paper by EMV Migration Forum that summarizes information collected from payment networks, the party supporting the most secure technology for each fraud type will prevail, and in the case of a technology tie, the fraud liability will remain with the card issuing bank. So, if the issuing bank hasn't switched to chip enabled cards, the issuer will bear the loss even if the merchant hasn't switched to a chip reader.  However, the merchant will bear the loss from use of data copied from a chip-enabled card if the data is used on a counterfeit card at the merchant's swipe card reader.  The merchant could have prevented that loss by switching to a chip reader that would have blocked approval of the counterfeit magnetic swipe transaction.

Chip technology will reduce counterfeit loss in "card present" transactions. But, it won't affect counterfeit fraud in "card-not-present" (CNP) transactions, e.g., via internet, mail (snail and e) and telephone.  So far, there is no single, simple solution to eliminate CNP fraud.  According to the EMV Migration Forum Card-Not-Present Working Committee, the best practice is multi-layered. The key is to authenticate the identity of the person who initiates the CNP transaction. The best practice is to adopt an authentication protocol that requires at least two of these three authentication factors:  1) ownership --something the authorized user has, such as a credit card; 2) knowledge -- something the authorized user knows (such as a PIN); or 3) inherence --something the authorized user is or does (such as a fingerprint).

Banks Beat Back New York City Regulation

The New York Bankers Association (NYBA) scored a win over the City of New York in federal court last week.  In NYBA v. City of New York,  the court granted NYBA's motion for summary judgment.  The District Court for the Southern District of New York found that City Local Law 38 (the Responsible Banking Act) was preempted by both federal and state law.   The RBA would have required New York banks to submit information to a community advisory board, which would in turn submit a report to the City Banking Commission for its consideration in deciding whether to permit the banks to accept any part of New York City's $6 billion in deposits.  The opinion sets out the long and fascinating history of the legislation through two mayoral administrations (Bloomberg who thought it was both misguided and preempted, and De Blasio who supported it).