Whine and Dime #0007


I recently instructed an Oz bank to move a sizeable (for me, at least!) chunk of money from AUD held in Australia to a UK-hosted AUD foreign currency account. This should have been a relatively straightforward AUD-to-AUD international transfer, but because of the size, I was paranoid about getting it right. I went to special effort to validate the form details with the sending and receiving parties. Both of whom told me that it checked out and was good to go.

I even fielded a phone call from my Oz bank at about 10pm London time on the day that the transfer was supposed to happen to validate that everything was Ok. I reiterated with them that because of the size of the transaction I was keen for it to be checked. 'All good', they said. Sadly, I wake up next morning to find an email telling me that the transfer was not made because the form was not filled out correctly.

Now I am sad. I take a quick peek at the exchange rate (which is never a good idea because it's like googling your latest malady) and it has dropped by about £0.07. This doesn't seem like a lot, until you work out what the difference equates to in terms of GBP in my bank account here in the UK. :(

I understand how international money transfers work, and I understand that dealing with one bank in one country can be tricky enough, and I know that the problems just pile up when you have to talk to multiple banks in multiple countries. I get that. I really do. This is not what I am complaining about. Where it all goes wrong for Oz Bank is in their response to a polite email that I sent them about the real £ cost of the delay. I wasn't asking for anything, just querying where the process had gone wrong given the diligence that I thought had been applied.

A chirpy representative of Oz Bank now has an opportunity to atone for their stuff-up, but lets the chance spill out of their hands. I would not have been so upset if they had simply come back with something along the lines of:

“Gee, we’re really sorry there was a delay, and you’re right, it was our fault. International transfers can be tricky, and there’s always the risk of a delay while we make sure that all the data is correct. We'd prefer to do that, then send the money to the wrong place where it can be incredibly difficult to get back. And as you know, rates can move up and down.”

At least that would have demonstrated a modest understanding of what is going on in an international transfer. But no. The reply I got to my question was this:

"In regards to the exchange rate, my understanding is that the lower the rate the more funds you will get on the other side ..."


There are multiple things wrong with this incident. First of all, how is it possible that someone working for a Tier-1 Australian retail bank does not understand international currency transfer? In fact, it's worse than not understanding it: this person has the mechanics backwards. And secondly, when you have clearly screwed up and it has cost a customer real money, do you a) take the chance to understand the customer's position and help them out, or b) tell them they've got it wrong. This chirpy representative from Oz Bank chose option b).

The lesson for me from this process is if you are moving a sizeable chunk of AUD from to the UK, it pays to move the AUD into a UK-based AUD foreign currency account first, and then execute the transfer into GBP inside the UK. That has the advantage that the movement of value from Oz to Uk happens in AUD with no exposure to an Australian-priced AUD:GBP spread. Then the subsequent AUD:GBP currency exchange can happen in the UK, where it appears that people actually understand how currency exchange works.


Note: a 'shine' is something new to balance the whine, calling out a bank for doing something noteworthy.

To balance this week's whine, here's a shining example of a bank who understands that the confluence of security and user experience should produce more than an epic fail. Capital One will now let customers ditch security questions for a phone swipe. Hopefully, UK banks can replace their abominable "nth character" login screens with something as easy as this.

Industry News

A new Apple Pay patent has corporate credit cards in its sights, according to Patently Apple. This looks like a mechanism that would allow TouchId to be used to control authorisation of tasks, as well as allow for "profiles" which give guest users (potentially identified by their fingerprint) access to a subset of the functions on a device. From PatentlyApple:

For example, a guest user A may be allowed to send text messages and access the web to view websites, while a guest user B can access the web to view websites and make purchases on online stores, make telephone calls (when the electronic device is a smart telephone), and take photos. The ability to view photos, change Wi-Fi connections, activate airplane mode, set the alarm clock, and read texts and emails can be denied to one or both guest users through respective user profiles.

The ebook "Day 1 EMV in the US: Current State and What's Next" provides some good background on EMV cards and terminals in the US. The rollout of EMV terminals there will be a big factor in how quickly Apple Pay, and other smartphone-based payments technologies take off. After moving to the UK recently, it is interesting to note that penetration of contactless terminals in Australia is almost ubiquitous, whereas it is quite sparse in the US. The UK sits somewhere in the middle, with far fewer NFC terminals than I would have expected.

Google is going to add loyalty and rewards to Android Pay in an effort to ramp up its promotional push. Contrast this with the recent Whole Foods / Apple Pay loyalty announcement, and it seems like the payments disruptors are looking for ways to add value to payments that go beyond just clipping the ticket on the transaction.

Western Union is trying to make international payments social with a new service that allows cross-border payments to be made from third-party platforms. So far, details on exactly which platforms will be working with "WU Connect" have not been released.

"Fifty billion points of commerce" is the MasterCard vision for payments across the Internet of Things. MasterCard hopes that technology that can turn any consumer gadget, wearable or accessory into a payment device will help them achieve that vision.

Beyond payments, the Economist thinks the the grip banks have over their customers is weakening. Meanwhile, TechCrunch asks "Are Banks Destined To Become The Next 'Dumb Pipes'?". "Yes" is almost certainly the answer unless they can speed up their innovation abilities on the boundaries of their core ledger and payments systems.

In what can only be described as a brave move, RBS is to connect all staff to Facebook at Work. What could possibly go wrong?

In a clever piece of vertical integration, several US Banks have united to form a secure, real-time payments network that will combine the clearXchange payments network with the Early Warning real-time fraud, risk and authentication system.

Showing just how hard it is to keep fraud out of the payments network, an Omaha, US company was responsible for a whopping $5.7m of Square's fraud losses. This single loss accounted for nearly 23% of the company's total fraud losses, which certainly raises some questions about the company's ability to prevent fraud at scale.

"Hey, how about we add QR-codes to payments?", says Chase. Again. Are there any good examples of QR-codes adding anything to payments? Or is it just more roller-skating horses?

Mobile payments are about to take off in South East Asia mainly because mobile is the main mechanism by which people in that part of the world access the Internet, and mobile is huge in Asia, and growing.

Blog Posts

Worth Following

  • @jonas - CTO at
  • @tuo2 - Another Oz security professional with a lot of good things to say

Nerding Out