Cash Money

In Germany certain disoriented politicians suggest the abolition of cash money. Arguing that cash money is used by criminals and terrorists. Abolishing cash money and only allowing electronical transactions, these transactions can be tracked and controlled. Crimes will be avoided and terrorism ended. Luckily there are other prominent statements to contradict this wired ideas.

But what does the abolition of cash money have to do with privacyIDEA?

Central Book Keeping

In the European Union we usually like to travel to other EU countries and pay with the same Euro, not having to change money or bother about any exchange rate. Usually this is very convenient.

Electronic transactions could be great and convenient, too. We do not need to care about bringing enough money, everything would be smooth and easy and one central book keeping instance would take care to transfer 100 credits from person A to person B. After the transfer is approved and completed, person B could hand person A the goods of interest.

But such a central book keeping instance would not only know, what money was spent by whom on what, but it could also restrict the amount of money person A is allowed to spent or person B is allowed to receive. Even worse this controlling instance could also disallow person A to spent money for certain goods or to buy from certain sellers at all. Thus people could be banned from buying cigarettes, certain medicine or unpleasant newspapers.

Again, what does this have to do with privacyIDEA?

No Central Book Keeping

We do not like to be controlled and we do not want you to be controlled either. Many two factor authentication services are running two factor authentication as — guess what — a service.  This in fact is such a central book keeping. Such a central service knows, who of your users authenticated where and when. And they could easily allow or disallow access based on other decisions than the right OTP value sent by your smartphone. You do not know and do not control the algorithms used.

This is why we offer privacyIDEA to run on premise. Under your control. With no central book keeping and with no fear, that conditions or laws might change tomorrow.

And this is why it makes me shiver, when I read about any idea for centrally controlled anything or the abolition of cash money.

Fight for your informational self-determination and stand up to keep your cash money!

…and use privacyIDEA!

Scientist from Pune in India have an interesting idea to use one time passwords to withdraw money from the ATM machine. Bad enough, the one time password is to be sent via SMS. I understand it. Banks are great in saving money. A bank does not want to give ATM cards to the customers, as those cards cost money. Well, sending an SMS also costs money, but the bank could request a fee from the customer each time the customer withdraws money. This fee can directly be used to cover the costs for the SMS.

The next interesting thing is, that the customer should authenticate at the ATM with his fingerprint. Perfect: The bank does not have to enroll anything to the customer.

The customer will bring his own mobile phone and tell the bank the phone number.

If the customer wants to use ATMs, the customer will also register at the bank and give his fingerprints to the bank. Not speaking of how secure fingerprints really are. If the mobile phone is lost or stolen, attackers will also get the fingerprint [1], [2]. So this idea is merely a one-factor-authentication: The possession of the phone!

Besides – Finally everbody gets the customers fingerprints: the state for the ID cards, the bank for withdrawing money – who is next?

Such an authentication scheme will not increase security, it will only help the bank – to save money.

Many people are thinking of biometrics when talking of next level authentication. I don’t see it that way. privacyIDEA tries to avoid compromising your personal identity and anyhow provide you with a secure multi factor authentication solution.

Keep your fingers to yourself!