Why should currencies move a far greater amount than usual in a short space of time, for no apparent reason and then more or less return to their norm?

This situation is beginning to occur far more frequently than in the past and as with everything in the financial world no-one is ever to blame

Yes, liquidity plays a large part with the imposition of tougher banking requirements but so do algorithms and automated computer high frequency traders (HFTs) which can trigger excessive movement and compound each other

However, why is the concept of market manipulation limited to individual traders / organisations and surely it should be applied to computer models as well or the organisations that run them? There maybe bugs or glitches in the software but no-one has yet managed to explain why this exonerates either the developer or the underlying organisation from ultimate responsibility or even why they should not pay the penalty for what is clearly market manipulation

After all someone has coded the computers to react in a certain way and without ‘fail-safes’ they effectively get into a position where the computer code does indeed manipulate the market for financial gain and furthermore they feed on each others decisions thereby compounding the issue very quickly

For the future this is inevitably the way forward for ‘hackers’ – why bother to go for ‘penny-ante’ ransom hacks when targeting the Forex market by getting systems to place fake/dummy trades can reap huge rewards

Better still if you can get your computer to trigger a knock on effect with the market makers systems the sky is the limit. Simply get your systems to find the trigger points in the ‘algo’ computers and let them do all the work – furthermore, by triggering someone else’s systems to do the dirty work you probably won’t even get found out

Don’t do it too often because that is one way of being found out, but once every 6 months should fund a nice lifestyle

So the message seems to be clear – write systems that ascertain the ‘algo' systems triggers and then use these loop holes to exploit the market using the HFT's own applications to do the work for you

And don’t forget the underlying message that nobody is at fault ‘.. it was a computer that done it – your honour ..’! - and I have no idea how the computer code got written

Tags: | Categories: Currency | Forex

TalkTalk seems to have been compromised yet again (despite being warned) with an unspecified number of customer records being put at risk and all we get from the company is sorry, relayed by a CEO who seems completely out of her depth with even the basics of computing

Coupled with this is a fake concern whilst at the same time off-loading responsibility for TalkTalk’s abject failures back onto their customers – with phrases such as: just monitor your bank accounts against any unauthorised intrusion as a result of our mistakes

Quite frankly TalkTalk are currently in stall / cover-up mode because they really don’t have a clue how many customers have been affected or the long term implications of their negligence and there is really no way they can quantify the numbers involved in this breach. Therefore one must assume that their entire customer base is at risk!

Furthermore, to all accounts, we are being told that much of the data was not encrypted in the first place – which is a fundamental howler that should be severely penalised - and the best the CEO can come up with is that it is not a legal requirement. Oh well! that's ok then!

Make no mistake the ICO has a guilty part to play in all this as does the actual DPA – which is abused almost every day by any organisation one contacts. Even if you ask them the time the reply is generally we cannot tell you because of the DPA; an answer that is borne of complete ignorance of the law and perpetrated by just about every organisation one speaks to because it suites them to take this stance with their customers – for their own ends

This is all very well, but surely it is about time we put a proper price on failure so that companies take more care in the future. After all TalkTalk are now busy off-loading the responsibility for monitoring compromised information back onto their customers – with the inevitable hand wringing and statements about change your password, watch out for targeting by scams etc.

The full impact of this breach may not be known by individuals for months or even years and in the meantime companies like TalkTalk simply walk away from the situation unscathed

Why on earth does a Data Protection Act exist except to guard against this type of eventuality and in order to do this they need to have a proper method of penalising companies that do not handle customer personal details securely

Unfortunately the present position of a block fine seems to be the best sanction/penalty on offer

‘.. In April 2010, the ICO was granted the power to issue fines of up to £500,000 for serious DPA breaches ..’

Now to put this in context let us just assume that TalkTalk has compromised 4 million customers and receive the maximum fine of £500,000 – this means that your personal data as a customer is valued by the ICO at 12.5 pence when in fact your data could probably be sold to hackers for far more than that on the open market. Therefore a  fine of £500,000 is simply  ‘chicken feed’ in the overall scheme of things!

No wonder all these companies are so cavalier with your information because the ICO penalties are so weak that there is simply no incentive for a company such as TalkTalk to exercise a duty of care. After all, even the fine is probably tax deductible so just pay the fine, don’t change their ways and carry on as normal regarding the DPA fines as one of the prices of doing business – wholly wrong!

Well this is not good enough – especially as the maximum fine is per company breach and NOT PER COMPROMISED RECORD

The fines should be on the basis of each hacked record and if the company cannot quantify the extent of the breach then the default it should be on the basis of their entire customer base

One also needs to take account of the potential costs to the customer if compromised, and 12 pence nowhere near meets the expenses involved trying to mitigate the impact or worse still dealing with a raid on their bank account

With all this in mind I suggest one starts with a fine per customer record and not a block fine for the company

The level at which this fine should be levied must be set at an amount that the takes account of the costs incurred by a ‘normal’ customer in taking protective measures when informed their data has been compromised and in this respect a suggested starting figure of £10.00 per customer record for the first company offence rising to £100 per record for repeat offences

The figures now change to a far more respectable penalty for TalkTalk – 4 million customers @ £10.00 each = £40 million fine, which is a far more realistic consumer cost associated with their failure(s) and would undoubtedly be a wake-up call for them to take matters far more seriously

… and for goodness sake let’s stop having these so called X_Spurts (x = unknown quantity & spurt= a drip under pressure) in the media giving bindingly obvious comments because they need to say something and are just as much in the dark as everyone else

Alternatively repeal the DPA because laws without proper sanctions are worthless - over to the ICO to change their penalties – when can we expect these fines to become more realistic?

By the way - from what sparse information is available one would lay odds that the hack was probably via SQL Injection – perhaps TalkTalk should look this up because they are obviously totally in the dark about the whole area

Tags: | Categories: Computers