The online security for World of Warcraft is a bad as it is for internet banking, and World of Warcraft has six million subscribers (more than many banks have Internet banking customers). It's just passwords. So now the phishers have provided yet another confirmation that World of Warcraft gold is a real as Sterling by launching yet another wave of phishing attacks! Now, phishing attacks on virtual worlds are hardly new, but the scale and sophistication are growing all the time.
(Dave, FTR, when was the first phishing attack on virtual worlds?) I've written before about crime in the virtual worlds. Here's more details:
A few days ago, it was reported that a new Trojan has appeared on the scene: PWS.Win32.WOW.x. Spread via email, IM, and Peer2Peer file sharing - and gamers tend to do a lot of each of these - as well as through our old friend the malicious pop-up ad that exploits Internet Explorer vulnerabilities (and you know you shouldn't be using IE, but perhaps you are a masochist), this Trojan is brilliant in its limited, precise scope. Once installed, Win32.WOW tries to steal a World of Warcraft user's name and password. Armed with that information, the criminal logs in to the user's online Warcraft account, transfers all the player's virtual property to an avatar controlled by the attacker, and then sells the property on a gray-market auction site for real money. By the time the player figures out what has happened, their character is denuded of all his goodies and the villain in this story is long gone.
(interesting military tricks at the start of that article...)
Back to the thrust of this post. Over in the telco world, everyone is madly rolling out payment systems. *Everyone*. Why? For the most part the handsets now have sufficient power to run the application, and the systems programming infrastructure is well developed (read: cheap). Also, banks are out of that scene (read: fed up) and they have problems enough in their home turf (read: phished!).
So anyone can move in and do it without the normal interference - either a startup or the telco itself.
The early experiments have been made. The errors and the mistakes are all there for the careful researcher. Enough successes exist now that you don't even need to be careful, you just need to avoid being stupid. The b-plan is simple - pick the successful system you want to emulate, change a few paramaters so you aren't in direct competition, go.
But all is not so rosey. Reports are that the phones are completely insecure as platforms. So back to Dave again:
Now that you can withdraw virtual money from real ATMs, this is only going to get worse. I'll just replay that part: now that you can withdraw virtual money from real ATMs... The first cards are going to be issued for Project Entropia. Players may now exchange their virtual world currency with real world cash using Versatel-compatible ATMs, according to Entropia developer MindArk. The cards are available exclusively through MindArk and bridge a player's in-game PED (Project Entropia Dollars) with their real (whatever that means!) bank account. The rate of exchange (10 PEDs to $1 USD), according to MindArk, is fixed.
We may be polite in other circles and pretend that Dave is speaking about games people play. But here in FC we deal in the bitter truth. He's really talking about everything. All payment systems, all sectors, businesses.
So where are we heading here?
Back in the mid 90s, David Chaum (the prof who invented digital cash) lit a firestorm of speculation pithily captured as "The End of Money." Of course that didn't happen, in fact nothing much happened at all, but it didn't stop many people jumping on the bandwaggon (until their ticket expired) or regulators rushing in or journalists writing a thousand articles.
The explosion predicted then is happening now. And it's happening in the way that was predicted back in the 1995 era. Then, it was common for cryptographers (unfinancial) to have the upper hand, saying that if we don't secure this stuff, it will turn into a catfight. So they secured everything and it bogged down.
Now, the reverse is happening. If we subscribe to GP, then we are learning to live with the red curve being a very close part of our operation - the Paypal model if you like.
We need to learn to live in a world of continual, fast moving fraud and continual, fast moving payment systems. Obviously, the regulator's nightmare, and the financial cryptographer's bane.
Unfortunately, the old players only have themselves to blame for this. The lessons from the past are quite clear. One long hard lesson is that you don't fight fraud until you can see it. Another lesson is that you launch your payment system from as far away from the banking sector and the regulators as possible, because you want it to succeed. (Pop quiz - which massive company is launching a huge payment system as far away from the banking sector as possible... today?)
You don't regulate until you have something to regulate. And it helps to have a good reason, too. So when the Europeans rushed in and tried to clamp down on this evil development, they just killed the innovation within - Digicash and the various strong smart card developments - and sent all the reserarchers off elsewhere. Yes, they reserved it for the banks, which was their intention. No, the banks didn't do it, which was what economics predicted. So the end effect was that the Europeans blew their wad. Now they have to sit back and let the world do payment systems to them.
Over in the US, the Americans had a secret weapon: Alan Greenspan. History doesn't record in detail what the living god of monetary policy was up to in the world of payment systems, but I saw the tracks everywhere. What he did was to create a decade of peace. From the early days, right up until the last few years, digital money was able to experiment and blossom in the US.
Those days came to an end with 9/11. Since then, the money transmitter regulations were used to bring all to heel. Paypal, e-gold, all those remittances that drive a non-trivial portion of the latin american economy, they all work for the man, now. And heat is being turned up:
A House subcommittee today approved legislation today banning all forms of online gambling in the United States. To strike at offshore gambling sites, the panel authorized law enforcement officials to stop credit card and other forms of electronic payments to those sites.
The US is repeating the errors of the Europeans in the 90s. So expect as a long term prediction to see the centre of gravity to move outside the US. Which isn't to say that Paypal won't make good money, but they won't be doing too much that is different, and they are about to become one player in a crowded market (c.f., b-plan above).
The new world for payment systems is now outside the US and outside the Europeans. The question is, where is it going?Posted by iang at May 7, 2006 06:19 AM | TrackBack