Tuesday, January 24, 2012
GCF is proud to be among the thousands of New Jersey businesses going RED on Friday, February 3rd to support the American Heart Association "Go Red for Women" movement. Heart disease is the number one killer and health threat facing women today. The "Go Red for Women" movement provides women with information, resources, community and hope to live stronger, longer lives. Donations are being accepted at all GCF branches through February 3rd.
Our Current Rates:
For a listing of our current deposit and loan rates, click here.
SOPA/PIPA And Should You Even Care?
How many of you had even heard these terms before the Internet went dark last week?
The landing page of major sites protested H.R. 3261 by displaying only a black screen on January 18th with instructions on how to contact your local legislator to voice your opinion. Sites including Reddit, Google, Wikipedia, WordPress and TwitPic among 7000 others.
The protest was successful. Both bills were withdrawn from further discussion by the following day. Yet they did have some substance. Both may rear their heads again with new provisions.
So we know that our favorite web sites are against passage of this bill. But what exactly do the Stop Online Piracy Act (SOPA) and Protect Intellectual Property Act (PIPA) entail?
The Stop Online Piracy Act was introduced by House Judiciary Committee Chair/ Texas Republican Lamar Smith and 12 co-sponsors on October 26, 2011. At stake are intellectual property rights.
In truth, such rights have been a gray area since the advent of the Internet. It's the big guns screaming the loudest here. It's the movie studios and record labels. Writers and photographers fall into the mix as well.
The management of GCF Bank pays me to write this weekly newsletter. Once the newsletter is published online, any other site is free to pick up the article and run with it. Certain reputable sites will first request permission. Others I'll just stumble upon. Either is fine with me as they both drive visitors to our web site which I also manage. It's a win-win situation.
Not so for musicians or studios. Pirated versions of movies and music can be found in the wild online. These folks earn their living through record or box office sales. Every click downloading stolen property robs them of their due profits.
SOPA required that any site caught selling non-licensed intellectual property be virtually taken down. The ISP had to prevent visitors from going there. Search engines had to remove that site from their results. PayPal could no longer accept their payments. Ad services had to pull their ads.
If you mentioned the site in a Facebook post, your comment would have to be deleted. The same with Twitter, WordPress or any other online entity. If the comment remained, the offending site could be shut down.
What would it take to trigger these actions? A letter stating the property owner has "good faith belief" that their content has been infringed upon. No lengthy process to try to resolve the problem. No cease-and-desist order. No investigation necessary. What surmounts to hearsay evidence is enough to convict.
Content providers can shut a competitor down by merely claiming they have "good faith belief" that they host copyrighted material without proper license.
Not only would this legislation be a nightmare for Google or PayPal to institute, but it's unnecessary. Reputable sites do this already. Anyone can post a video to YouTube. But they will take it down upon learning the material was copyrighted. The Digital Millennium Copyright Act of 1998 has this covered.
Case in point surfaced the day after SOPA was shot down. The government effectively shut down music pirating site Megaupload by enforcing laws already in existence.
No amount of legislation will stop someone who knowingly commits an illegal act. And the majority of offending sites are outside of the U.S. Try prosecuting an international thief.
PIPA is the Senate version of this same bill. Introduced by Vermont Democrat Patrick Leahy on May 12, 2011, the law provides tools to curb access to "rogue websites dedicated to infringing or counterfeit goods" focusing on those registered outside of the U.S.
This bill targeted only domain name system providers, financial companies and ad networks. It didn't include Internet providers or those responsible for connectivity. It didn't raise quite the furor.
Both bills would seriously damage cybersecurity efforts. To block offending sites, data packets would have to be intercepted before reaching their destination. Internet providers would have to intercept and analyze web traffic. Innocent web sites can be captured along with those intended. Internet functionality would be threatened.
Nobody can deny that theft is a problem. Whether it be identity theft, petty theft or intellectual theft; an innocent party becomes a victim.
Amidst the uproar over SOPA/PIPA, two very strong points emerged. First, we need not go to such extremes to address a problem. Other options have already been presented that would offer far less drastic repercussions.
More importantly was the power of the web on display. Without the blackout, these insane bills would have passed under the radar. The Internet would be forever changed. Not in a good way.
Web-based activism had a major impact on U.S. political activity. Maybe it's time to take a stab at unemployment, overspending or a host of other hot issues threatening America today.
Online retailer Zappo made the news last week for all the wrong reasons. Their database had been hacked. Stolen were names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or encrypted scrambled passwords of 24 million customers.
I can hear your groans. It just isn't safe to shop online. Look what can happen. This kind of thing never happened when I ordered through a Sears catalog. I'll phone in my orders from now on.
Wrong approach. Any order you place is input into a computer for processing. It matters not where you are sitting or what method you use when you place that order.
Even restaurant waitstaff enter your order into a computer and send it to the kitchen to fulfill. They use that same data to process your bill.
A cyberthief doesn't have much to gain by knowing if you ordered merlot or cabernet with the filet mignon, but you get my point.
The computer is merely a tool to process information. The information is then stored to make future transactions easier to manage.
The computer is NOT the villain. Human weakness covers that role quite well.
Weakness on the part of the cyber thieves puts their greed above common good. Most of these crooks are geniuses, not the dumb criminals that appear on truTV's World's Dumbest series. They are skilled at drafting computer code. If they would channel their energy into productive purposes, time spent patching systems could be used towards developing new features.
But they would have to answer to a boss everyday. And the money wouldn't be as good.
Weakness on the part of employees. Zappo isn't the first company to have their database hacked. Sony suffered perhaps the largest violation in 2011 with a series of attacks against PlayStation Network and Online Entertainment customers worldwide. The two largest incidents alone affected over 100 million accountholders.
Sony's problems began when hacker group Anonymous declared the company an enemy after being embroiled in a lawsuit earlier in the year. The group denied involvement in the hack.
The breach at Epsilon compromised customer lists for many of the largest companies across the country. An increase in spearphishing attacks began shortly thereafter.
Even security expert RSA fell victim after an employee opened what he thought was a confidential corporate memo mistakenly sent to him. The attachment unleashed a worm that infiltrated customer security token codes stored on RSA's internal network. Among the client list compromised was Lockheed Martin.
A good number of database breaches come from within. Curiosity gets the best of an employee as with the RSA breach. A disgruntled employee steals computer code as just occurred at the Federal Reserve.
None of the stolen data would benefit a thief had it been encrypted.
Weakness on the part of Internet users. Weak passwords and using the same one at a multitude of sites puts you at risk. This is one area you can control. And perhaps it's the most important of them all. If your Zappo password is the same as your online banking password, you might be in trouble.
Password management can get difficult. Every site has its own protocol, but it's only the minimum required. Some want a combination of letters and numerals while others need a variety of upper and lower case. So use them all to be safe. The only variable is typically whether or not a special character is accepted.
Your password should be at least 8 characters in length. Use a mnemonic phrase to help you remember. For example, your favorite band may have been the Grateful Dead when you were growing up. You saw them live 56 times. To make the password unique, include the first letter of the site's URL at the beginning or the end. So if you were creating a password for Amazon, your phrase might be:
I saw the Grateful Dead 56 times Amazon.
Taking the first letter of each word, your password would be IstGD56tA.
Perhaps the bigger news should have been what Zappo got right. There was some criticism over how quickly they notified customers. Without all information in hand, they may have missed something important. Yet doing so allowed customers to change passwords and be proactive about averting damage.
Zappos, owned by Amazon.com, stored credit card data in a separate database. It made the stolen information much harder to use. They cryptographically stored credit card numbers, rendering the data useless if it had been stolen.
They had a response plan in place before the breach occurred that could be immediately implemented. No delay by first trying to figure out what to do.
This type of database hacking attack is expected to increase in 2012. A cyberthief has more to gain by targeting a database than by stalking your computer. We can only hope corporations follow Zappo's lead in customer protection.
#2 - A Strong Legal System
Last week I argued that certain strong institutions, such as the military, are a prerequisite for a prosperous society. This week I would like to identify a second required institution: A strong legal system.
I speak of the legal system in the broadest sense, such as a court system in which to seek remedies for legal injustices. I would include in this characterization strong contract law, such that the written agreements (contracts) of individuals and companies are binding. And courts enforce them.
Why is this required? Because capital flows much more freely when the owners of that capital believe they have recourse against entities that fail to fulfill an agreement. Strong contract law is so important that most jurisdictions in the U.S. recognize the "parol evidence rule", which says (to paraphrase) that written agreements trump verbal agreements. It makes sense that, if the counterparties take the time to reduce their agreement to writing, than both sides have certainly considered the benefits and risks. And then must abide by the outcome, which courts must enforce.
An example of where strong contract law has created great prosperity is the U.S. is the home mortgage market. The vast majority of individuals who purchase a home in the U.S. utilize a mortgage. Home purchases are such large expenditures that, for most buyers, the amount of time required to "save up" for a home purchase is simply unrealistic and could last for decades, or even a lifetime. So borrowing the funds and paying them back from future (usually higher) earnings makes sense. This process also provides investment income for net savers in a community as their capital is "borrowed" (typically through a bank) to provide housing for those yet to have such excess savings. It is a win-win. Picture Jimmy Stewart in It's a Wonderful Life.
But the system is utterly dependent on strong contract law. Home purchasers who use a mortgage, technically, from a contract law perspective, sign a note (promise to repay) secured by a mortgage (a document that encumbers the real estate until the loan is repaid.). If the borrower fails to repay, the lender (lien holder) can foreclose, a legal process whereby the lender can take possession of the property to satisfy the debt. Historically, in the U.S., property values have been very stable over time, usually appreciating at a rate at least equal to inflation (and in some locales at much faster rates). This situation gives lenders comfort that their capital is secure over the long haul, and in most cases, the lender's equity position improves over time.
The traditional "conventional" mortgage model was based on a 20 percent down payment and financing for the remaining 80 percent. The 20 percent down payment served two purposes: It caused the borrower "to have skin in the game" increasing the incentive to make payments - lest they risk their down payment. Secondly, it allowed the lender some cushion against the time and money required to go through the foreclosure process. As a result, capital continued to flow freely into the mortgage lending market because the risks to the lender were fairly low in that the instances whereby lenders sustained losses occurred very infrequently. The result has been mortgage interest rates that are much lower than for other types of credit which allowed a much high number of borrowers qualify for a mortgage loan. Once again, win-win.
The system created "The American Dream" of home ownership and worked well for more than a century - making the U.S. the envy of the world in home ownership rates. But it must be remembered that the true underlying principle of the system is based on a strong legal system. Imagine how much capital would be risked if lender were unsure if they had recourse against default!
Unfortunately, that is where we are now. So what went wrong? Next week we'll explore how well intentioned congressional social engineering and gaming of the system to increase home ownership left the system severely damaged, threatening The American Dream.
GCFlash is a weekly e-mail sent only to its listed customers and associates free of charge. GCFlash informs customers of special product offerings which may be of interest, current interest rates on both deposit and loan products, selected financial news and other financial tidbits. GCFlash is intended to supplement the more comprehensive information listed on the GCF Web site at http://www.gcfbank.com.
For more comprehensive information, visit our Web site at http://www.gcfbank.com or call (856) 589-6600 Ext: 337 (Timothy P. Hand)GCFLASH PRIVACY STATEMENT
GCF maintains your e-mail address in a confidential and secure database along with much of your other account information, such as mailing address and telephone number, etc. Before aggregating our e-mailing list each week, we filter out any duplicates. In most cases, this inhibits the unintended e-mailing of multiple copies of GCFlash to a single e-mail address. However, because these account records are kept by both individual and account, there is a chance members of the same household could each receive a copy of GCFlash or any other transmission at the same e- mail address - resulting in multiple copies. For example, a husband and wife that both have accounts with GCF may both receive a copy because the names are different but listed at the same e-mail address. This is similar to the manner in which each individual may share a common telephone number. To handle this situation, GCF recommends you simply delete any extra copies of GCFlash as this will ensure that ALL individuals receive any future promotional mailings, which might only be targeted or offered to specific accountholders meeting certain criteria. GCF has the capability to suppress customer e-mail addresses so they are omitted from our transmission list. If you would rather have a specific household memberÃ¢â‚¬â„¢s e-mail address suppressed in our electronic database, simply send us a reply, as stated below, and indicate the accountholder for which you would like to have e-mail suppressed. Please keep in mind that this suppression will mean that NO future e-mails are sent, including special promotional offers. If you have any questions about this process or need additional information, please contact us at firstname.lastname@example.org.
If you would like to be removed from this electronic mailing list, please hit reply and place the word REMOVE in the subject line. Please note, removing your name from our electronic mailing list means GCF will send NO FUTURE NEWS or SPECIAL OFFERS.
Banking With Us