Friday, October 31, 2014

This Week in Bank Failures

Stress tests and other examinations of European banks over the course of this year were released showing that most of Europe’s giant banks are prepared for any modest change in the economic winds. There was only a short list of 25 (or fewer, depending on which measures and tests you might want to lend credence to) that are considered too short on capital to survive an unexpected minor stress. The one bank with the glaring capital shortfall is Monte dei Paschi, the world’s oldest bank and one of 9 in Italy that were considered to have failed stress tests. Monte dei Paschi is judged to be €2.1 billion short, almost a tenth of the total capital deficit on the list. Italy’s central bank noted that the stress test scenarios were particularly unfavorable for Italy because of the way the recession of 2012 was counted as a baseline. When you imagine more realistic economic scenarios for Europe, the rest of the euro zone is probably in about the same boat that Italy is in.

A weakness of bank stress tests is that they look at only the most obvious and naive economic scenarios encompassing just a few macroeconomic variables. They can’t help you find the unexpected changes that are the cause of most failures in businesses and banks. In this week’s headlines, for example, energy analysts were talking about the possibility of world oil prices settling between $70 and $75 for an extended period, a decline of a third from the last few years. Which banks might be negatively affected by this unexpected decline in energy prices? Which might be in trouble if energy prices unexpectedly increased by a similar amount? We can only guess. The variance analysis of a stress test can’t dig even this deep.

In the U.K., Lloyds passed the European stress test, but so narrowly there are worries about whether it can pass the U.K.’s stress tests. Those results are coming up in December.

According to a published report about the “address book” break-in at JPMorgan Chase, criminals gained access through the bank’s virtual private network (VPN). VPN access ordinarily is tightly controlled, but the criminal group must have found a way around the restrictions, possibly based on a combination of IP spoofing and a rootkit attack.

Thursday, October 30, 2014

The Design Flaw in CurrentC

There is a lot of talk about a data breach at CurrentC, the retail mobile payment platform currently being tested by more than 50 U.S. retailers, but there is a more fundamental flaw that may sink the platform, at least in its current form. It goes back to the original reason for the CurrentC platform, which is that retailers want to collect shopping data on their customers. As envisioned, CurrentC will have hundreds or perhaps a thousand retailer members and a single central database of enrolled customers. Every retailer will apparently have full access to the customer database, at least insofar as customers have ever shopped at that retailer. When you think of all the retail data breaches of the past year, not just the POS problems but all the others, what are the chances that a database that’s in the possession of 1,000 retailers will remain secure? No chance at all. A leak could occur at any participating retailer and affect a good fraction of CurrentC customers, if not all of them. If recent experience is a guide, we can expect one or two participating retailers to have a CurrentC customer data leak — per month.

What makes this such a sensitive point is that CurrentC will have a shopper’s checking account number and essentially unlimited access to the funds in the account. When you think about it this way, do you really want to share your banking information, and the potential ability to empty out your checking balance, with hundreds of retailers? I suppose some consumers might decide to take that leap of faith, but you would want to think very carefully before doing so.

This stands in especially stark contrast to Apple Pay, a system in which retailers are never in possession of an actual account number belonging to a shopper. Apple Pay too, though officially launched, is essentially just testing right now; it will need to be expanded somehow if it is ever to be relevant to more than 10 percent of U.S. shoppers, but it nevertheless can serve as a proof of concept. On the surface, Apple Pay looks like a step up in security when compared to a traditional POS card payment, while CurrentC looks like a step down. Collecting and exploiting customer transaction data is a core design principle at CurrentC, and that means it faces a series of security challenges that consumers now know don’t have to be part of a transaction system at all.

Tuesday, October 28, 2014

“Unlimited” Data Plans That Have Limits

AT&T is in trouble with the FTC for identifying one of its cellular data plans as “unlimited” when the carrier does, in practice, impose limits on data use under the plan. AT&T says it explains in the fine print that “unlimited” really means “limited,” but this argument won’t carry any weight in an official proceeding, and AT&T will surely end up changing the name of the data plan to more accurately reflect its effective limits. There is a trend away from unlimited plans anyway in both wireless and wired networks, and rightly so; beyond a certain point, the bandwidth involved does in fact cost a considerable amount to provide, so it doesn’t make much sense to offer it for a flat rate.

Saturday, October 25, 2014

Halloween Shopping

From what I have seen locally, Halloween shopping was not quite so energetic this year. Stores still looked almost fully stocked today going into the first of two weekends of Halloween parties. This is in contrast to the past few years when I remember seeing half-empty racks and shelves at this point in the season.

Perhaps this reflects a cautious attitude from consumers, but that is not the same as being strapped for cash. I have seen shoppers make multiple impulse purchases, not Halloween-related, on their Halloween shopping visits. Consumers have money to spend but are holding back on Halloween purchases.

Friday, October 24, 2014

This Week in Bank Failures

One of the recurring questions this year has been whether it is realistic to count on regulatory supervisors and auditing firms to catch risky financial practices in banks. In general, the answer seems to be no: bank personnel can too easily conceal the extent of risks they are taking, not just from outside observers, but from bank executives and internal auditors. That view was reinforced in the Fed’s handling of JPMorgan’s high-risk derivatives trading which nearly brought down that bank in 2012. Bank examiners knew in 2008 of the trading risks JPMorgan was taking, but never followed up nor shared their concerns with others at the Fed and the O.C.C. By 2011 regulators had forgotten about JPMorgan’s high-risk trading, and in the meantime, the bank’s traders in London kept raising the stakes on their bets.

A Fed Office of Inspector General report laments the lack of coordination and continuity, but even assuming those problems had been overcome, it is no sure thing that a follow-up examination would have discovered the scale of the risks the bank was taking. And even if they had known everything, it is hard to imagine that regulators would have intervened to prevent the bank’s near-death experience. Wall Street banks in general were taking enormous trading risks between 2009 and 2011 in the hope of earning enough to cover their respective financial shortfalls. For a time this worked, as the markets moved generally in only one direction. The Fed must have known in a general sense of the extent of risks banks were taking, but opted to cross its fingers and look the other way — a policy approach confirmed in leaked New York Fed tapes last month that showed examiners unwilling to confront equally serious shortcomings at Goldman Sachs. The Fed must have worried, along with the rest of us, that careful, prudent bank management would not be enough in a financial sense to keep Wall Street going.

Of course, hoping for the best is hardly a strategy for avoiding a global financial calamity in the future. The need for reform is obvious, but even the Fed Office of Inspector General has little to suggest. Its ten recommendations are well taken but offer nothing to ward off the next giant bank trading debacle, whether at JPMorgan or elsewhere. As long as banks are governed by the too big to fail policy, in which a giant bank is all but guaranteed to be kept together even in bankruptcy, it is hard to see what anyone can do to get banks to take their financial risks literally.

Too big to fail may have been written into formal policy, but that does not mean that policy cannot change. On Monday New York Fed president William Dudley suggested that regulators and legislators may be forced to break up the giant banks if Wall Street’s casino culture cannot be reformed.

There was a billion-dollar bank failure tonight, the largest in a year, though perhaps not really as large as its financial size would suggest. The O.C.C. closed National Republic Bank of Chicago. State Bank of Texas has assumed the deposits and is purchasing two thirds of the assets. The remaining assets are not available for purchase because they are tied up in bankruptcy litigation, as I will explain in a moment.

The failed bank specialized in loans to hotel operators, most in New York and Illinois, and this approach became a problem by 2011 as the hospitality business was slow to recover from the recession. By 2013 the bank had completely stopped making new loans as regulators pressed it to improve its capital position. After years of impressive profits, the bank posted losses of more than $100 million between 2012 and the first half of 2014. The bankruptcy of the bank’s largest customer, the owner of 34 hotels who owes on a staggering 21 percent of the bank’s portfolio, left it with few options. The O.C.C. issued a series of orders for the bank to improve its operations, which led eventually to the removal of the bank’s president in July. That order gives little insight into the unfolding drama inside the bank at that time, but there must have been some inkling of danger to the bank, as the order gave the president only 24 hours to clear out his desk and turn in his badge.

Now that the bank has failed, the FDIC will likely seek to seize the hotel properties of bankrupt borrowers, putting their respective bankruptcy reorganization plans in doubt.

Illinois has seen more than its share of bank failures this year, with five of the national total of 16.

Thursday, October 23, 2014

The King Lives

Much of the news of the day on any given day is not new at all. Today from Ottawa we are hearing a new version of “The King Lives,” a drama that goes back at least 10 centuries. It might seem an empty exercise, just a lot of fine language and posturing, until you look at the stock markets, duly reassured today after a mini-panic yesterday. The fact that we have seen these scenes before does not take away their meaning.

Tuesday, October 21, 2014

McDonald’s Responds to Decline With Cost-Cutting

McDonald’s posted earnings that showed another step down in its U.S. market presence. In explaining its earnings, McDonald’s said it was losing many of its U.S. customers to Chipotle. This makes sense when you think about it: Chipotle might not be as friendly or pretty as McDonald’s, but its ingredients are slightly better, the food tastes better and is served faster, the restaurant is cleaner, and the prices are essentially the same.

McDonald’s could fight back by improving its food, but that would not be the McDonald’s way. It could look for another way to stay relevant to its customers, but perhaps it thinks it has already tried everything during the past five years of decline. The more radical changes that could improve customers’ view of McDonald’s are too outside-the-box for the fast-food chain to even consider. Instead, McDonald’s says a new round of cost-cutting is just ahead. This cannot be the right answer. Surely the quality of either the food or the customer experience will suffer, driving more customers away.

Monday, October 20, 2014

IBM Revenue Decline Reflects Corporate Sector Retreat

It is hard to explain away IBM’s latest quarterly report, which shows revenue falling by 4 percent compared to the year before. Executives probably would like us to believe a series of small strategic errors led to the decline, but it is hard to point to any specific error in what is generally a carefully managed company. There were no major glitches or embarrassments such as a botched product release or data leak. Sales were down in every segment and every region. IBM referred to the quarter and, by extension, the year as a period of unprecedented changes in corporate information technology, but there is little to support that assertion either.

Sales were down, it seems, just because IBM’s customers in the corporate sector were less inclined to spend, particularly in September. It must be remembered that the year-ago September was a time of retrenchment as businesses of all sizes tended to wait out the effects of the federal government shutdown. There was no shutdown looming this past quarter, yet somehow spending fell even lower. The corporate sector is doing better financially last year, so it it can hardly be said that IBM’s customers have no money to spend. My sense is that it must be a combination of corporations have gotten what they needed, so that there is no urgency in buying more, and not getting what they needed, then holding back with a sense that something is wrong. Of course, that is not much of an explanation. IBM sells mainly into the enterprise budget, but desktop budgets have faced even sharper cuts.

Perhaps it is just that corporate IT spending went too far too fast without enough of a business justification to support it. Few of the promised gains in productivity and market positioning ever materialized. Whatever the story, the changes in the computer business go far deeper than just the end of the PC era.

Friday, October 17, 2014

This Week in Bank Failures

The European Banking Authority (EBA) has clarified the status of the “non-bonus” bonuses being paid by dozens of European banks to top-level managers. These extra payments are legal, but must be counted as bonuses under new EU rules that limit banking bonuses to 100 percent of salary, or 200 percent of salary for a bonus specifically approved by stockholders. This means that most employees who received the “non-bonus” bonuses this year will not be eligible for year-end bonuses. Banks can still get around the bonus cap by raising salaries. In most businesses, limiting bonuses to 100 percent of salary would have no effect, since few workers get bonuses that high, but in banking, thousands of workers were receiving performance bonuses over €1 million every year in spite of salaries much lower than this. Bonuses in banking are a problem because they can encourage high-risk strategies that can put a bank’s future profits and solvency at risk, or aggressive market strategies that may involve misleading or cheating customers.

The White House has put its authority behind a move to more secure credit cards. Starting next year, U.S. government credit cards will have chip-based security devices. This move should give the transaction network an extra incentive to upgrade its equipment, which in turn should get banks to issue the more secure credit cards to more of their customers. Improving the physical form of credit cards should reduce the risk of fraud when credit card transaction data is stolen, something that has happened far too often in the past year. Last weekend, it was Kmart’s turn to announce a major point-of-sale data breach.

Russia’s economy continues its slide, and this was reflected by a downgrade by Moody’s, rating the country’s debts barely above junk status. The costs of military adventures, sanctions against Europe and North America, the government’s promises to prop up a stumbling banking sector, and a general malaise and industrial decline were already hurting the Russian economy. And now, a decline in global oil prices has cut Russia’s earning capacity by a staggering 10 percent, and oil prices seem likely to fall farther before they turn upward again. Russia’s currency has declined by 15 percent since the beginning of the year, largely because of the central bank’s moves to support the banking sector.

Banco EspĂ­rito Santo, which collapsed spectacularly last summer, was employing shady off-balance sheet maneuvers to shore up its capital as long ago as 2002, regulators and investigators have discovered. Among other strategies, the bank set up offshore investment funds that mainly invested in the bank’s own stock. The bank and its offshore investment funds lent money to customers which they lent back to the bank, a form of transaction that sounds illegal, but it depends on the details, which investigators are now taking a close look at.

A mid-month bank failure: Maryland bank regulators closed NBRS Financial, which had 5 locations in northeastern Maryland and adjacent Lancaster County, Pennsylvania. The failed bank had deposits around $200 million earlier this year. Deposits and assets are transferred to Howard Bank, based in the greater Baltimore area just to the west. Howard Bank will immediately be selling off about a tenth of the assets. It is a big expansion for Howard Bank, which had just 7 branch locations last month before purchasing one of NBRS’s branches in a separate transaction.

Thursday, October 16, 2014

2 Apple Notes

Two things jumped out at me in Apple’s product announcement presentation today:

  • There is another energy efficiency boost in the new version of web browser Safari, this time focusing especially on movies. Better energy efficiency is especially easy to notice on a portable computer because it translates to longer battery life, but the actual energy savings add up much faster for desktop computers, which are not nearly so energy-efficient as laptops because they don’t have to be — this is one of the main reasons desktop computers may cost less than laptops. If a few million people at any given moment save a fraction of a watt, it adds up over time to reduce global energy demand. The improvements this time might be big enough to get some users to switch to Safari from Chrome or Firefox.
  • The comparison of iPad sales to PC sales is telling. Apple said iPad sales for the past 12 months were greater than the combined PC sales of the 4 largest PC manufacturers. One reason this is possible is that the PC category declined year over year if Apple is excluded. PCs have become more durable, and that is the main reason unit sales are declining, but that doesn’t explain away the comparison when an iPad is about twice as durable as a PC on average. You also have to consider that more than half of PCs are sold to large businesses for office use. If you take those out, since they are used more as terminals than as computers, it seems as if the PC era is over and it is now the iPad era.

Wednesday, October 15, 2014

Attack of the Flag-Bearing Drone

A drone carrying a flag crashed onto a playing field during a World Cup qualifying match. Chaos ensued — actually, worse than chaos, but I’ll let you look that up elsewhere if you are curious. What fascinates me is the low cost of creating chaos in this incident. A drone costs little, a flag nothing, yet the intrusion was dramatic enough to disrupt the activities of half a million people. It is possible that the drone operator didn’t mean to be so disruptive, but merely went too far and overloaded the drone or steered it ineptly while attempting a political statement. I am only speculating, but the scenario underscores how casually such a large disruption can be created.

With new technology every year there is always new potential for chaos, but social and cultural forces work against the disruptions. It is human nature that we resist being manipulated, and now that we have seen how easily a crowd was manipulated by a flag-bearing drone, the same kind of attack probably will not be nearly so effective the next time someone tries it. Among many other adjustments, game officials will surely be quicker about getting players out of harm’s way when there is a threat from a flying object. It is this kind of adjustment of expectations, more so than counter-technology, that keeps our public lives from descending into chaos with each new technological change.

Monday, October 13, 2014

Solar Power as a Way to Save Money

You shouldn’t expect solar power to make a big splash. Only about 10 percent of U.S. houses are well-suited for rooftop solar, so there isn’t much point in advertising the technology to the broader public.

Not just any house can generate solar power efficiently. Most houses can be ruled out quickly for one of these reasons, or others:

  • No level or south-facing roof.
  • The local electric utility doesn’t permit it.
  • Too much cloud cover.
  • Trees or tall buildings nearby.

With so few ideal customers, there might not be much hype around solar this year or next, but the cost of a solar installation has fallen so much that people who can are installing solar systems just to save money. Even situations that don’t look so favorable in a traditional financial analysis may be a good investment for a homeowner who has the money. Consider a relatively unfavorable scenario in which a homeowner can spend $20,000 and save $80 a month on electricity. That works out to an ROI (return on investment) of 4.8 percent. A growth-oriented business might scoff at a rate of return as low as that, but it is nevertheless 10 times what you can get by putting the same money in an ordinary savings account, and there are other advantages. A solar installation doesn’t share the same risks you face when you rely on the banking system, particularly the risk of inflation.

At current prices, it is easy to imagine rooftop solar installations at a rate of 1 percent of houses per year, and that could go up to 2 or 3 percent as equipment prices fall. Even that is a pace of change slow enough that you might not notice it while driving around your neighborhood, but it adds up to a substantial role for solar electricity in the not-so-distant future.

Saturday, October 11, 2014

POS as a Data Theft Target

The pattern of data leaks this year shows that criminal groups looking for transaction data are finding more weakness in POS systems than anywhere else. POS systems operate at the point of sale, which you might think of as a cash register, and connect it to the data center where transactions are processed. There are software weaknesses in POS systems when compared to online stores, but the operation of these systems seems to be the bigger issue.

But first, the scale of the problem is larger than most people realize. Most of the headlines mention the largest data leaks, as measured by the number of people affected. These mostly occur at the national retail chains. These are some of the large U.S. retailers where transaction data was leaked:

  • Target
  • Home Depot (stores in Canada also affected)
  • Michaels (crafts)
  • Neiman Marcus
  • Kmart
  • Sally Beauty
  • Goodwill Industries (20 regions)

Grocery chains are also affected, including:

  • Albertsons
  • Jewel-Osco
  • Supervalu
  • Acme
  • Cub Foods

Leaks affect a far greater number of restaurant chains, more than 100 in one incident alone this year. A few of the high-profile restaurants affected are:

  • Dairy Queen
  • P.F. Chang’s
  • Jimmy John’s
  • Lost Pizza

The list goes on. Hospitals, parking garages, basically any operation with multiple locations that accept card payments is at risk.

No one should imagine that transaction data leaks are limited to those reported in the news. That would be logically impossible, when you consider that there is a delay, usually of two or three months, sometimes shorter but sometimes much longer, between the opening of a data leak and the time it is discovered, understood, and reported to the public. There certainly are more incidents in the process of being discovered. There are also others that escaped detection completely, and more going on now that will not be discovered either because the retailers are not looking very hard or lack the advanced skills to detect the server malware involved, or because the malware is designed to erase itself quickly, before it can be identified. The actual scale of data leaks must be at least 20 times more than what has been reported.

Transaction data security seems so hopeless that Publix Super Markets Inc., not yet a victim of a known data leak, is seeking public relations advice for a data leak that seems more likely than not to happen.

That’s the scale of the problem. So why is the point of sale such an easy target for criminals? It is not really the point of sale itself that is the weakness, but the multiple physical locations involved that make POS transactions hard to secure. Consider that there haven’t been nearly so many data leaks at retailers that have a single store, never mind the smaller scale involved. A single physical location means the people in charge of data security are onsite. The data still has to travel over a network, but unlike the Internet or any WAN (a physically large network), the entire network can be seen and studied by the people on the inside, while being physically protected, to a degree, from the world outside. (Of course, a retailer can give up this advantage through careless outsourcing of its POS operations.)

With multiple stores, data security depends on the actions of whoever is onsite, which usually means someone who is not effectively trained in the finer points of network security. I have heard of cases where it was the store manager or restaurant manager who was tasked with getting the data network installed, with equipment that arrived in a small pile of boxes along with a few pages of written instructions. Companies that can’t afford to hire specialists for such sensitive work also can’t afford to provide training to their staff members who must fill in the gaps. That’s not an approach that inspires any confidence.

One common scenario that security experts complain about is that POS terminals (cash registers) are shipped to retail locations with default passwords already installed. The store manager is supposed to change these passwords before operating the terminals, but as you might guess, this often doesn’t happen. These default passwords are simple phrases that are not that hard to guess in a brute-force attack, and once intruders know a default password, they can break into multiple locations quickly, providing multiple entry points to the POS network.

That is just one scenario exploiting one weakness. Compounding that weakness and others like it, most POS terminals are general-purpose computers running wide-open operating systems such as Linux and Windows Vista, allowing arbitrary software to be installed remotely by anyone who has the right password. Further expanding the range of possible exploits, POS terminals in most cases are plugged directly into the Internet, protected only by an off-the-shelf firewall — another design choice that security experts moan about.

By now it ought to be possible to design POS terminals that have all software installed at the factory or data center so that it is impossible to change the software while the machine is deployed. Such machines would cost less to manufacture and would be smaller and easier to deploy. The technology required isn’t really a mystery — a POS terminal is not really the equivalent of a smart phone, but closer to the equivalent of a dumb phone from about 15 years ago.

Without going into further detail, solutions are certainly possible, but don’t hold your breath waiting for retail chains or banks to take action. For now, if you use your credit card at any retail establishment that has multiple locations, you should consider that your transaction data may be captured in real time by shadowy criminal groups somewhere in the world. As Consumerist puts it, “Do You Ever Shop Anywhere? Congratulations: Your Data Will Be Hacked.” Besides the personal risks, the card transaction network as a whole is at risk. As I have cautioned before, on any given day without warning, the transaction networks could be hit with a pattern of fraudulent transactions so vast that they are forced to shut down. If that happened this morning, you probably would not be able to use your credit or debit card for a few months, and one or two of the major credit card banks, not to mention some of the more troubled retail and restaurant chains, could go under while the problem is being sorted out.

It is not enough, then, to accept that your personal transaction data is at risk whenever you use your cards. The whole system is at risk. It is important to have some cash on hand and a balance in a checking account so that you can carry on even if, one day, the card network cannot.

Friday, October 10, 2014

This Week in Bank Failures

JPMorgan Chase executive Jamie Dimon returned to work and used his first public appearance to warn about the destabilizing effect of the shadow banking system.

If a bank is too big too fail, then its derivatives contracts have to be “too big to cancel.” Contract terms for many derivatives are being rewritten, effective January 1, 2015, so that parties no longer have the option to cancel the contract if the counterparty is caught up in a financial crisis. These terms in the past have exposed banks to a second level of risk connected with a broad range of financial events. Under the current standard contract language, a triggering event at a bank could lead to trillions of dollars in derivatives cancellations, and that easily could be enough to push even the largest bank into insolvency. Relatively minor and unrelated financial events, such as the sale of a subsidiary, could be sufficient to trigger a wave of cancellations. It’s a scenario that regulators in the United States and Europe realized was inconsistent with the principle of “too big to fail.”

What if Scotland had voted to secede? Bank of England had contingency plans to provide public reassurance and billions of pounds in emergency liquidity if needed. The main objective would have been to reassure depositors that their banks were still going concerns in spite of the political changes.

A credit union was liquidated tonight. State regulators closed County & Municipal Employees Credit Union of Edinburg, Texas. Member accounts were transferred to Navy Army Community Credit Union. The failed credit union had 7,000 members. Monday is a holiday, so full member services will be available on Tuesday.

Thursday, October 9, 2014

Blue LED Draws Nobel Recognition

The Nobel Prize in physics was announced this week and the winners were the inventors of the blue LED, or light-emitting diode. Blue LEDs are the backbone of the white light of current-generation light bulbs, not to mention most video displays of the past 8 years. In its story, Scientific American fundamentally overlooks the importance of indoor lighting and other forms of lighting that use LEDs, and it describes white LED technology incorrectly, but otherwise has a good summary of LED technology and the prize award:

Wednesday, October 8, 2014

Easier Job Searching

If you are a job seeker who has recognized job skills, perhaps the most relevant job market statistic is the one that tells you how many job openings there are in front of you. For the United States as a whole, that is best measured by the ratio of unemployed workers to job openings. Most workers will care more about local market conditions than the total for the country, but the national measures should fall near the middle of the local measures. For the first time since the beginning of 2008, the ratio of workers to openings fell below 2 in August, a good sign for job seekers.

The theoretically ideal number is 1, but 2 is pretty good — at least when compared to 5 or 6, the range we saw in 2010 and 2009. With a ratio of 5, an average job seeker may have to apply to thousands of job openings (for which he or she is fully qualified) to be reasonably assured of being offered at least one job. With a ratio of 2, a few tens of applications is likely to suffice, so that well-qualified job seekers are less likely to remain unemployed for years at a time.

Of course, these are averages, and there are still many well-qualified unemployed workers who have been passed over for more than a year. Meanwhile, the job market remains terrible for new graduates and for those whose skills do not quite match the skills that are in demand. Employers will have little interest in taking chances on this second tier of workers until the pool of fully qualified and experienced workers dries up. The unemployment rate, around 6 percent, is enough to say that that degree of job market recovery is still more than a year away.

Tuesday, October 7, 2014

HP: the New Gateway?

One day ago as I looked at the initial reports of Hewlett-Packard’s decision to split into two companies, I was missing important details. As the day went along, it became clear that I had missed the gist of what was going on. Hewlett-Packard is ditching the PC business and apparently the printer business too.

As it is spelled out in the plan at Hewlett-Packard, businesses virtually don’t buy traditional PCs or printers anymore. People have been saying the PC is dead for three years now, and of course that is an exaggeration, yet there must be something to it if HP, at one time the largest PC brand in the world, now says its PCs are no longer suitable for its business customers. The spinoff “Compaq” company focused on laptops and printers, apparently to be called “HP Inc.” in the official plan, does not expect to sell to businesses in any significant volume. Instead, it will offer its computers, printers, and related hardware exclusively to consumers.

Consumers? This is a horse of a different color. Consumers, of course, do buy business-style computer hardware, but when they do, they tend to buy the same things they are familiar with from the office. If the HP brand is fading from the office, visible only on the oldest and most out-of-date equipment there, consumers will look elsewhere when they want office equipment at home. The best way to gauge how well this will work is to look at the history of Gateway after it gave up on the business market and tried to sell exclusively to consumers. In about three years it went from major brand to non-player to being bought out and its manufacturing shut down.

HP has decided to head down the same path. This is not as crazy as it might sound. If there is no profit potential left in the PC business and printing too is on its way out, the logical thing to do is to liquidate the HP brand reputation before it is too late to matter. And if the business customers have already lost interest, then you would turn to whatever customers are left. This is what economic theory suggests, but in the practical world, there are at least two catches. First, this must be done without tipping off the suckers, the consumers who are the new intended customers. If people start tweeting “HP is the new Gateway,” you’re done. Second, this enterprise might end up with no profit at all if it cannot be pulled off smoothly and gently with a minimum of expensive upheaval. The $2 billion in expected startup expenses for the new company are already enough to give one pause.

The bottom line: Gateway Inc. never completely went away, but still sells laptops to its loyal customers. This is where HP as a computer and printer brand is heading. If one of the market leaders is this convinced that PCs and printers are legacy technology, not just saying so but putting its future on the line, you might want to think twice before investing in new equipment in this category. What do you really need a new computer or printer for?

Monday, October 6, 2014

Deconstructing the Hewlett-Packard Split

It is hard to explain the Hewlett-Packard split to anyone outside of the computer business. The huge but struggling computer conglomerate now says it will devolve into two companies, one focused on enterprise services and the other on laptops. This is essentially the split that the company considered last year and rejected then because it didn’t make any sense. Now they are proceeding with a plan revised so that it makes sense to the board, though we don’t yet know what those revisions are. Here’s what makes this split so inherently confusing:

  • We don’t know the names or any other identifying details of the two new companies. At this point, they are both known as “Hewlett-Packard” or “HP.” If there were any practicality in this plan, one of the new companies would be known as “Hewlett” and the other as “Packard,” but that is too simple and obvious for it to actually happen. For the purposes of discussion, it may help to assign names arbitrarily from HP’s history. Think of the laptop company as “Compaq,” the laptop company that Hewlett-Packard merged with many years ago, and the enterprise services company as “Autonomy,” the enterprise services company that HP acquired more recently. The way the announcement was worded, it appears more likely that “Autonomy” will keep the Hewlett-Packard name, though that detail actually may not have been decided yet.
  • Both of the new companies will be computer companies selling almost entirely to large businesses. (For an important update, see “HP: the New Gateway?”) It is not as if there are two distinct businesses that will be separating with each other, as in the case of eBay and PayPal. It is more of an arbitrary split.
  • Both of the new companies are backward-looking in their business strategy. Sometimes you get a company that wants to separate its hot new product line from its stodgy old product line, but there is none of that at HP. “Compaq” is oriented toward the 1990s idea of the business office, complete with personal computers and, yes, plenty of ink for printing those mountains of paper documents that the personal computers will generate. “Autonomy” is focused on the corporate sector that so dominated the economy before the “downsizing” era of the 1980s, but that has been declining in its share of economic activity ever since.
  • Both new companies face financial uncertainty. “Compaq” barely breaks even on the computers it sells and loses money on the printers, but hopes to cover its overhead by selling lots of high-priced ink. That’s a business model that worked a lot better ten years ago than it did last year, and it may not have a long future as businesses continue to reduce the mass of paper documents they generate. “Autonomy” makes most of its gains on sweetheart deals it negotiates with a short list of major corporations. Every time the corporate sector catches a cold, “Autonomy” will sneeze.
  • The management of the new companies is an open question. The current Hewlett-Packard often looks as if there is no one in charge, so it is hard to imagine where the management for two new companies will come from. In reality, of course, Hewlett-Packard has plenty of people on board who are more than capable of running the two new companies, assuming they can break free from the board and executive leadership of the current Hewlett-Packard.
  • Maybe there is no plan. When Plan A failed and Plan B isn’t working, eventually you get to the “try something” stage, and this move has some of that feeling about it. HP’s closest competitor, Dell, already tried going private, and now that that’s done, it doesn’t exactly look like a brilliant move worth imitating. HP doesn’t have the free cash flow for a major acquisition, and it already tried restructuring five different ways. If you look at the “Bold Moves” chapter in Corporate Leadership for Dummies, a spinoff or split is the next option on the list.

Fortunately, the bottom line is not nearly so complicated. If you own an HP printer, by the time you need your next supply of ink next year, you’ll be getting the ink from a new company, and I suppose there is a slight chance that you’ll need to buy a new printer to go with the ink. Check your favorite online supplier for details when that time comes.

Saturday, October 4, 2014

Building for Failure, and Eating the Same Way

In the David Wolfe book Longevity Now I came upon this line:

Eating poorly is similar to building a house or office complex with inferior materials that wear out in twenty years instead of two hundred years.

I like this quote because this is exactly what we do — not so much that we eat poorly, but that we have such a preponderance of inferior building materials and construction techniques. Of course, these are not the choices you would make if you were building a house for yourself to live in. Then you would spend the extra $200 and do the extra two weeks of work to build a 200-year house instead of a 20-year house. If the builder is anyone other than the intended occupant, though, there is an inescapable tendency to save a dollar here and thirty seconds there, resulting in a building that looks good and passes its inspections, but that begins to fail almost immediately. If you’ve heard of “builder grade light bulbs,” you know the mindset I’m talking about: save four cents now, more work next year for someone else. It is a rare new house that does not need some kind of repair within its first ten years, and over 40 years, it is common for the cost of repairs to exceed the original cost of construction. It doesn’t make good economic sense when you can build a house to last with what looks like the same materials and the same amount of work, but the people choosing the materials and slapping them together know they won’t be around to see them eventually fail. If you need a building and can take the time, there is something to be gained from being personally involved in the construction.

Much of the same logic applies to food. If you never stop to ask what the factories are selling you, you may never connect the food to the consequences of eating it. Food factories, of course, know that most consumers don’t even read ingredients, so their main objective is to make a product that looks like food and put it in a pretty package. With attention to detail and a basic curiosity about the growing body of knowledge on food and its consequences, you can do much better than that without necessarily having to pay much more.

Friday, October 3, 2014

This Week in Bank Failures

After a doozie of a data leak this week, this time from a bank and directly affecting about half of the people in the United States, all the talk is about data security — a fitting topic for Cyber Security Awareness Month. You might have noticed that the larger data leaks don’t happen just anywhere. The tendency is for the more serious data breaches to come from government, brick-and-mortar retail chains, and financial services companies. It is not that the criminals are going where the transactions are. The biggest cluster of transactions can be found at online retailers and within the transaction network, for example at the major credit card clearinghouses, yet these companies have not had their share of data leaks. Partly, perhaps, it is because these companies see their transactions as essentially their whole business, and go to extraordinary lengths to protect them. But I believe there is something else that ties many of the data leaks together, and that is the fear of up-to-date technology. Government agencies, banks, insurance companies, retail chains, and restaurant chains have a basic reluctance about technology. They tend to fear that if they install brand-new technology, it will break something. They may also fear the effort of keeping up to date.

These are not unfounded fears. Consider Apple’s newest operating system, iOS 8, released two weeks ago, as the latest example. It was patched twice in the first week. The patches fixed serious problems — among other issues, a few older phones couldn’t get a cellular connection at all after upgrading to iOS 8.0 or 8.0.1. The few users who did upgrade to 8.0.1 had to upgrade again barely one day later, so the effort of the first upgrade was wasted. Millions of users still wonder how final the current version, 8.0.2, really is, and may wait until December or January (and perhaps version 8.1.1) before they upgrade. It’s a perfectly reasonable approach, and in the technology sector, these users are simply understood as “late adopters,” customers who really have to be impressed and reassured before they move to new technology.

Banks face the same issues, but unlike cell phone users who might hold off for a few months, banks think nothing of waiting years — 5, 10, even 15 years — before installing an upgrade. Consider that large banks, insurance companies, and the Internal Revenue Service are basically the only organizations that still run mission-critical applications on mainframe computers. Mainframes, also known as “big iron,” are the balky, expensive, and decidedly energy-inefficient room-sized computers based on technology that dates from the 1970s and early 1980s. They are used not because they are good at anything, but just out of organizational inertia. Or consider the security problems posed by ATMs, automatic teller machines. The majority of them, as the year started, ran on the obsolete operating system Windows XP. As we saw, a reluctance to keep things up to date led to enormous added costs and risks across the banking sector worldwide. This is the technology milieu in which we entrust our banking lives. Within a large bank, it may take a year-long study and five levels of management approval just to install a software patch in order to fix a bug in a server configuration. When an obsolete network component has to be replaced, the replacement may not be the latest and greatest, but the oldest version available — installing seven-year-old technology, for example, to replace ten-year-old technology. The situation is only a little better in the larger insurance companies and many retail and restaurant chains, where the worry is about upgrading so many locations while keeping everything in sync. In organizations that are so afraid of new technology, keeping up with the ever-changing demands of data security is an unenviable task. I have met a few of the people who do this work within banks, but I frankly don’t know how they do it within the draconian limitations of the hierarchical management of a bank.

You might read in the news that the entire banking sector is facing a cyberattack, but that is not really true. I believe the largest banks are targeted by criminal organizations specifically because of their out-of-date technology, and the same might be true of retail chains that take the same go-slow approach. When many of an organization’s servers run operating systems and other key components from five and ten years ago, the many known design flaws in these obsolete versions give criminals an opening to get in. In other words, large banks’ fear of breaking something by employing “new” technology from the past five years is an impediment when it comes to keeping customer data secure, and these large banks end up breaking something in a different way. The large banks shouldn’t have to look far to find out how they could be doing better. A great many banks, probably most banks but especially the medium-sized banks with roughly 10 to 50 branches and also the “new” large banks that grew past 50 branches within the last ten years or so, are doing better at keeping up with technology and keeping their data — and their customers’ data — safe.

There was a credit union liquidation this week. At the end of September, the NCUA liquidated Republic Hose Employees Federal Credit Union. It had nearly 500 members but less than $1 million in assets. It primarily served employees of two factories in Youngstown, Ohio. The NCUA is contacting members about their accounts.

Thursday, October 2, 2014

Jobless Claims: It’s a Trend

For five years I have been cautioning against reading too much into the U.S. weekly initial jobless claims readings, but there is in fact a trend. Behind the various ups and downs that the financial press has tried to latch on to along the way, there is a decline, with fewer people applying for unemployment as time goes on. It is a slight decline, about 800 per week over the past five years, impossible to pick out in the short term from a number that fluctuates by 10,000 or more from one week to the next, but easy to see if you look at six months or more all at once. Many observers have been waiting to see weekly initial jobless claims fall below 300,000. When that happened in July it was possibly a fluke, but it’s happened five more times since.

Initial jobless claims is mainly a proxy measure for staffing cuts by financially distressed businesses. It is now at a level that is consistent with a strong, healthy job market. Obviously, in other ways that are more important, the U.S. job market is not so strong as we would hope, but the problems are not stemming from large numbers of employers that find themselves overextended. The job market is still sluggish, and as it (we can hope) gradually returns to a normal level of movement, that will tend to keep weekly initial jobless claims up near its current level, probably eventually rising above 300,000. But it depends. The job market has changed and some employers are trying to be quicker in their hiring. In theory, that could keep unemployment claims down as more workers who are losing their jobs are hired for new jobs before they have a week of actual unemployment.