Click for the statement

Click for the statement

Daily fantasy sports giants FanDuel and DraftKings have temporarily banned employees from playing online fantasy sports for money.  The ban comes after a controversy erupted during the past few days involving allegations of something akin to insider trading. I covered that here, with much of that story repeated below to save you a click.

Meanwhile, Major League baseball officials said today they were surprised that fantasy employers had been allowed to play fantasy games.  MLB is an investor in DraftKings.

“We have reached out and discussed this matter with them, MLB spokesman Matt Bourne told Reuters. 

That workers at these firms play fantasy should surprise no one. Who else would these firms hire but avid players?

Meanwhile, the two major fantasy sites took action today, banning workers from playing for now, and reiterating that there is no evidence of financial advantage.

“Member companies must restrict employee access to and use of competitive data for play on other sites. At this time, there is no evidence that any employee or company has violated these rules,” according to a statement issued by FSTA, a trade association that represents FanDuel and DraftKings. “That said, the inadvertent release of non-public data by a fantasy operator employee has sparked a conversation among fantasy sports players about the extent to which industry employees should be able participate in fantasy sports contests on competitor sites. We’ve heard from users that they would appreciate more clarity about the rules for this issue. In the interim, while the industry works to develop and release a more detailed policy, DraftKings and FanDuel have decided to prohibit employees from participating in online fantasy sports contests for money.”

Whenever there’s big money changing hands, there is incredible incentive to create some kind of information advantage. Without proper restrictions in place, it’s inevitable that someone on the inside try to use their access for personal gain – particularly when the “gain” could be several multiples of the employee’s annual salary.

The substance of the incident in question is this: A DraftKings employee accidentally leaked a list of most popular players, revealing he had access to that data before the public. The same employee had also won $350,00 in a FanDuel contest earlier.  Since the best way to win a fantasy contest is to field diamond-in-the-rough athletes who other players are unlikely to pick, a list of most popular players would provide an information advantage — even at a rival site, since the lists are usually very similar.  There is debate about whether the specific leaked information would have helped in the particular contest the DraftKings employee won, but at a minimum, the incident shines a light on lack of transparency over who has access to what data and how it can be used.

It was smart for FanDuel and DraftKings to issue a ban; they’ll have to do even more to ensure the glory days of daily fantasy sports aren’t short lived.

The original story:

[Read more!]


Click for the DraftKings statement

Click for the DraftKings statement

To the surprise of (hopefully) no one, hard-charging fantasy sports non-betting sites are suddenly embroiled in controversy that includes discussion of something akin to insider trading.  While there is no evidence of anything fraudulent occurring, the incident has shined a bright light on a potential lack of transparency and external regulation over the industry. Both FanDuel and DraftKings issued statements on Monday affirming the importance of the integrity of their platforms in response to a growing controversy about employee access to non-public information and its potential use to gain a financial advantage.

What happened in a nutshell:  Last week, a DraftKings employee inadvertently leaked information about most commonly-used players in a contest before that information should have been public.  Such lineup data would be valuable to fantasy players, who could gain an edge by filling their rosters with athletes that others are unlikely to use. And while DraftKings employees are not allowed to play DraftKings contests, they can and often do play at FanDuel and other sites. The reverse is also true.

The incident is noteworthy because it draws attention to the problem that fantasy employees might have access to data that the public does not, and then “trade” on that data at other sites — something a bit like insider trading.

Complicating the story is this: the DraftKings employee who leaked the data had won $350,000 on FanDuel earlier.  There is no evidence that non-public information was used as an aid in that win, the two firms say.   And some fantasy website discussions say the data that was leaked would not have been an aid in the contest the employee won.

Still, it creates a lot of questions in players’ minds, wrote Ben Brown at

“With no transparency for the industry in place, similar situations like this could easily occur. And with no regulatory board or anything in place to police this sort of activity, we as players are left in the dark,” he said. “Now is it possible to simply state that all (daily fantasy) employees should not be able to participate in … contests at other sites with the general public? No, probably not, but this is again where a regulator would be beneficial to the general DFS Player. Right now we are playing in the wild west.”

It should come as no surprise that employees of fantasy sites are active fantasy players, and are among the most successful.  That creates all kinds of potential conflicts concerning who has access to what data and how it can be used.  Right now, there are no real external rules about that. And statements from FanDuel and DraftKings have been vague so far.

“Nothing is more important to DraftKings and FanDuel than the integrity of the games we offer to our customers,” DraftKings said in a post. “Both companies have strong policies in place to ensure that employees do not misuse any information at their disposal and strictly limit access to company data to only those employees who require it to do their jobs. Employees with access to this data are rigorously monitored by internal fraud control teams, and we have no evidence that anyone has misused it.

“However, we continue to review our internal controls to ensure they are as strong as they can be. We also plan to work with the entire fantasy sports industry on this specific issue so that fans everywhere can continue to enjoy and trust the games they love.”

FanDuel’s post was similar, adding only this initial phrase:

While there has been recent attention on industry employees playing on FanDuel and DraftKings, nothing is more important to DraftKings and FanDuel than the integrity of the games we offer to our customers.”

Recently, a member of Congress called for hearings into the operation of the suddenly-ubiquitous fantasy sports industry, and this incident shows why that’s a good idea.

For new players, it’s important to understand that while advertisements hawk the potential for life-changing winnings, fine print on TV ads reveals the average win is about $22, and Heaven knows what the median winnings amount is. Those big pots likely skew the average a lot.

It’s also a good idea to read this great story on Bloomberg, “You Aren’t Good Enough to Win Money Playing Daily Fantasy Football.” It’s all stuff veteran gamblers know, which generally could be filed under the wisdom of, “If you don’t know who the sucker is, you are the sucker.”  Fantasy sports games are dominated by “whales,” who win all the big money — many aided by sophisticated computer programs.  And whales need food to keep making money. That’s you, fantasy newbie fish.

If that sounds a bit like how the stock market works, you are right.  But however imperfect, the stock market has external rules and audits that at least attempt to make the game straight

I’m not against adults playing games with entry fees hoping to win a lot of money. I do wish we just got on with it and called that gambling.

And I know any time you put this much money in a fast-paced environment with , you aren’t playing a game — you are playing with fire.  This is an industry which better let the grownups do their thing, and fast.

{ 0 comments } chart. Click for more. chart. Click for more.

It’s getting more expensive to park and access your own money, but you probably knew that.’s annual survey of checking account fees came out Monday, revealing that the average cost for withdrawing money from a not-your-bank ATM has risen to $4.52, a record.

Some checking account fees are up, too, while the hurdles needed to avoid them are also up.

ATM fees are always good for some outrage, but this isn’t actually an entirely bad news story. Part of the reason ATM fees are up is simple: People are using them less. A lot less — 47 percent less, according to this Wall Street Journal story.  Of course they are.  Cash is unnecessary in all but extreme circumstances.  Some small business owners are holdouts and won’t take credit cards.  Sometimes, people don’t want an electronic record of a transaction.  The holdouts, and the privacy, are dwindling, however. And the non-cash options, like mobilepay, are growing.  That means investing in the ATM industry is a bad idea.

Some people are hurt however: The usual suspects who have fewer options than high-income consumers.  People with bad credit or other challenges using credit cards are now paying more to access their cash. As are people who find themselves in some kind of emergency. How much more?

“ATMs charge an average of $2.88 to let noncustomers withdraw money — up 4% since last year. On top of that, your own bank likely will charge you a fee that averages $1.64 for using an out-of-network ATM,” Bankrate says. 

Meanwhile, slightly fewer banks are offering free checking, Bankrate says — 37 percent in 2015 vs 38 percent last year.   Consumers can avoid the fees, but doing so requires automatic deposit transactions, or minimum balances, or both.

Meeting these requirements can be tricky.  If you balance falls below $1,000 for even one day in a month, a $10-$20 monthly fee can be added. I’ve also spoken with teachers who are paid 10 months out of the year and lose their free checking when the aren’t paid — and thus don’t have a direct deposit — during summer months.


The good news is I was refunded my money.  The bad news is they took my money.

The good news is my money was refunded. The bad news is they took my money.

I know in-flight Wi-Fi prices have increased recently, but $300 for one cross-country round trip? That’s essentially what Gogo Inc. charged me recently.  And I don’t want that happening to you.

If you’ve ever used Wi-Fi on an airplane, check your credit card bills. Now.  The firm that dominates the U.S. in-flight Wi-Fi market — Gogo Inc. — seems to have a bad habit of charging consumers’ credit cards when they aren’t looking.

In my experience, Gogo even took my money when it was expressly told not to.

I asked Gogo twice to offer comment for this story. The firm did not respond.

You probably know the basic elements of the story I am about to tell. Everybody knows the credit card auto-renewal game and how lucrative exploiting laziness can be. Heck, America Online still has 2 million paying customers.  But exploiting laziness is one thing.  So is the “make it really difficult to cancel” game. But refusing to honor cancellations?  That is quite another.

If you fly, you probably know that Gogo has raised prices dramatically. Good for them. I’m surprised it didn’t happen sooner. I find in-flight Wi-Fi very valuable.  For a few bucks, I can turn a lost travel day into a productive day. So $10? $15? Even $25? Worth it to me.

On a flight in April, I was surprised to find the single-trip price had soared all the way to $30 – or $60 for my round-trip. But Gogo also offered a monthly subscription for $49.  Great, I thought. I’ll do that, save $10, and cancel after a month.  I knew I was entering a potential dragon’s lair. I knew Gogo priced things precisely to steer me in this direction, with the hope that I’d be lazy and end up paying for at least one month of service I didn’t need.  I also knew that the fine print around canceling was a bit odd:

“You may cancel your monthly subscription at any time by contacting Gogo Customer Care (via phone:1.877.350.0038 or email:,”  it said, without an end parenthesis there. “If you wish to cancel your monthly subscription and avoid a charge for the next month, you must do so at least two (2) days before the monthly renewal date of your subscription. (The monthly renewal date is the same day of the month that you first subscribed). If you do not cancel at least two (2) days before the monthly renewal date for your subscription, but you do cancel before your monthly renewal date, contact Gogo for a refund. If you cancel after your monthly renewal date, you will be charged for the next month and your cancellation will be effective the following month.”

Here’s one brain twister: If you have to contact Gogo to cancel, why would you have to contact Gogo separately to get a refund if that cancellation is within two days or your renewal? I didn’t want to find out.

So I took all precautions. I set up digital reminders well before that two-day window to ensure I canceled the service on time.

Then, a few days after my trip, I set out to cancel.  Naturally, canceling was harder than signing up, which itself shouldn’t be (but is!) allowed.  There was no way to cancel on the website. So I initiated the requisite chat with a customer service representative who called herself Claire. (Why chat? Because I’d have an instant record of it. More on that in a moment.)

Claire tried, with aplomb, to convince me not cancel. (I had no other flights planned, so a monthly subscription to Wi-Fi that works at 30,000 had no value to me.)

“If you prefer, I could suspend your subscription for a month. That way you don’t have to re-purchase later,” Claire said. This is a clear setup, of course,  with another chance to forget and end up paying for the service. No, I said, “Please do as I asked right now, Claire, and cancel the subscription immediately.”

After a back-and-forth, Claire relented.

But I know this game, and I planned for trouble.  I asked for a confirmation code. I was told there was no such thing, but was promised a confirmation email.

“We’re sorry to see you go and look forward to seeing you back soon.  I’ve cancelled your subscription. You’ll still be able to use it through 05/07/15, however, there will be no additional automatic renewal.”

That phrase “no additional automatic renewal” bothered me. But I know my rights, and I trust my credit card issuer (USAA) to have my back, and I didn’t know what other evidence I could gather, so I disconnected.  I saved a copy of the chat transcript. And I got the email from Gogo.

You know the rest of the story.  I also got five  more $49 charges from Gogo.  Oddly, I didn’t get a single email about any of them, though my inbox is otherwise crowded with Gogo receipts and notices.

When I called Gogo customer service to complain, the operator was polite, and said pretty quickly he would issue a refund, which I received within a week or so.  And I asked, does this happen often?

“It does happen,” he said, though he said it was unusual. “It is people doing the work and we make mistakes.”

But was it really a mistake?

Earlier this year, Buzzfeed reporter Sapna Maheshwari wrote a story about Gogo and a strange feature of the firm’s subscription service.  While Gogo sends a pile of emails to users, including a receipt for every one-time use transaction, Gogo does not send a receipt for monthly subscriptions.

Meanwhile, Maheshwari found consumers with the same experience as me, like this one.

“So much for the “no automatic renewal” after I contacted your rep to cancel.  Credit card charged again,” wrote Thomas Underhill on his Twitter account earlier this year. (His Twitter account shows Gogo subsequently contacted him to offer him a refund.)

The logical question to ask is: How many consumers were charged monthly fees by Gogo and didn’t notice?  We may find out.

GoGo is the defendant in a class action lawsuit about its subscription tactics.  Both lead plaintiffs in the case complain that the recurring monthly charges were a surprise, and Gogo never sent receipts or notices about them. Earlier this year, a federal judge ruled the consumers could push ahead with their lawsuit, rejecting Gogo’s claim that the consumers had agreed to settle claims via a mandatory arbitration clause.

Why would Gogo do this? It’s important to note that while the firm hasn’t turned a profit yet, its revenues are growing.  A growing portion of that revenue comes from subscriptions. From Buzzfeed:

“Gogo said it brought in about $133 million in revenue last year from individual sessions and $88 million from subscriptions, which together accounted for more than half of the company’s total revenues. In 2011, individual sessions, including sales of the nonrenewable 30-day pass, brought in nearly $51 million in revenue, compared with about $27 million from monthly subscriptions. ”

In other words, revenue from monthly subscriptions has more than tripled during the span, is growing faster than single-use revenue, and is obviously key to Gogo’s business model.  But what portion of that revenue is genuinely earned vs. collected from confused consumers?

One of the main theories from my book Gotcha Capitalism is that there are entire companies, and sometimes even industries, that cannot be profitable without resorting to “gotcha” tactics.  For a while, low-end DVD players came with rebates that made them essentially free — the firms selling them only made money when consumers screwed up the rebate paperwork, or more accurately, when the firms made filing for rebates intentionally difficult.  For obvious reasons, such firms have a poor future. Eventually, consumers figure out the ruse and stop playing the game.  Eventually, critical partners don’t want to be besmirched by the firms’ bad behavior.  (I will certainly try to book on airlines like Southwest and JetBlue that offer a Gogo alternative going forward. Hear that, United and Alaska?)

Eventually, federal regulators are roused and take a look.

Companies can survive for a while on gotcha tactics, but not forever. The end usually comes quicker than many realize. If the firm can’t make money without taking it from people because they are confused, it doesn’t deserve to survive.

Gogo provides a real service that is very valuable to consumers like me.  But I fear it’s not valuable enough for the firm’s business model, and that it is resorting to the automatic credit card charges game to stay aloft. I hope I am wrong, but if I’m right, the sooner the end comes, the better.  Do your part — check those credit card bills. It’s a lesson we all need to learn, and re-learn, in our gotcha-driven economy.

Don’t miss a post! My email list is free


T-Mobile's announcement

T-Mobile’s announcement

In the annals of what I like to call “Dear John Data Loss Letters,” this one takes the cake.

“Experian North America  today announced that one of its business units, notably not  its consumer credit bureau, experienced an unauthorized acquisition of information from a server that contained data on behalf of one of its clients, T-Mobile, USA, Inc.,” writes Experian today on its website in a sort-of apology.

The phrase “experienced an unauthorized acquisition of information” is quite elegant, no?

Remarkably, the firm that T-Mobile trusted to vett cell phone service applicants has been raided by hackers, who made away with detailed sets of personal information on 15 million consumers. Criminals stole data covering more than two-year’s worth of applicants, from September 1, 2013 through September 16, 2015.

Experian says the data included names, dates of birth, addresses, and Social Security numbers and/or an alternative form of ID like a drivers’ license number, as well as additional information used in T-Mobile’s own credit assessment.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” said T-Mobile CEO John Legere in a statement. He admirably took to Twitter immediately and began answering questions about the incident. Not all victims are current customers, he made clear.  Applicants who did not become customers can also be impacted.

Victims can get two free years of credit monitoring, T-Mobile promised — but the offer involves, ironically, ProtectMyID, which is owned by … Experian.

“We’ll have an alternative option tomorrow,” Legere wrote to consumers who complained about the offer of free credit monitoring services T-Mobile promised.

No payment card or banking information was acquired, Experian said.  In fact, the data was exposed is could actually cause more trouble for consumers.

Experian also stressed that the hack did not involve its main consumer credit database.

“We take privacy very seriously and we understand that this news is both stressful and frustrating.  We sincerely apologize for the concern and stress that this event may cause,” said Craig Boundy, Chief Executive Officer, Experian North America.

For more information, click on Experian’s “Overview” page regarding the incident.



They're baaaack.

They’re baaaack.

I hate when Gotcha Capitalism wins, and you do too. But it happens all the time, because markets fail, and when they do bad operators win, and companies trying to be honest are penalized. That’s not a free market, that’s a free-for-all market. It’s terrible for everyone — consumers, businesses, the government, the economy. Terrible for everyone, that is, except the bad actor.

Let me show you what a market failure looks like, and why those of you who think government intervention is always bad are asleep at the wheel.   We’re going to stick with something non-controversial today — buying tickets to sporting events and concerts.

You know I don’t give out compliments to corporations lightly, so it should mean something when I throw flowers at StubHub for doing the right thing about two years ago when it converted to “all-in” pricing.  Consumers who shopped for tickets on StubHub’s site saw the full, out-the-door price as soon as possible.  No exorbitant handling fee, no $35 overnight shipping fee, no $17 print-at-home fee.

Just…the price. Bravo.

And what happened?  The (broken) market punished StubHub. Mercilessly.  Competitors who continued hidden-fee trickery appeared to have cheaper tickets, and StubHub lost sales. Websites that sorted tickets by price punished StubHub. While survey after survey showed consumer hate the aftercharge game, it’s still intoxicating.  When you spend 25 minutes picking your tickets out, you can’t help but tell yourself, “Crap, I don’t feel like starting over.” And you buy the ticket.  With the fees.

StubHub gamely held out, but in the end, it waved the white flag. As I like to say, you can never afford to be the only honest poker player at a game of cheats.  So in September, StubHub went back into the hidden fee game.  A $36 ticket on the site now costs $45. And so on.

I could have told StubHub things would have ended this way. I’ve been preaching this since my book Gotcha Capitalism came out.  Since I read Xavier Gabaix’s economics paper on hidden fee shenanigans nearly a decade ago on “shrouded attributes.”  The paper explains all the ingenious ways corporations hide, or shroud, the real price of things, and why that makes it impossible for consumers to be intelligent agents. His pet example is the computer printer. No one knows how much ink will cost, so the real cost of a printer is invisible.  And when prices are invisible, there is no free market.  The entire reward system of capitalism breaks down.  Instead of the best companies with the best products and lowest prices winning, the companies that “shroud” prices most effectively win. The cheaters win, and the honest players lose their shirts.

But that’s only half the story Gabaix tells. The other half is even more depressing, and it explains why StubHub failed (and why InterContinental Hotels failed at upfront pricing, and why JC Penney failed at “fair and square pricing,”  and why Southwest Airlines keeps hinting it will have to add baggage fees).  A company might get the bright idea to shine a light on hidden fee practices of competitors, which you might think would give them a marketing win. Instead, this attempt at “debiasing,” or teaching, consumers is an abject failure. It just calls attention to the competitor’s lower prices, and trains consumers that they should use competitors and try to beat them at their hidden fee game somehow.

I call this the “death of the price tag.”  Here’s a link to a cute animated video I made about this problem, which is dire, and I say contributes mightily to the boom and bust cycle of American (Gotcha) Capitalism.  It’s a horrible cycle. Companies cheat, they get ahead, honest companies fail, they disappear or join the dark side. Then, eventually, the gig is up, consumers do learn their lesson or the bubble of fake value pops, and all the roaches scatter with the people’s money. An entire industry collapses in on itself.  Then the cycle repeats.  But the book if you want a more intellectual discussion of this problem, or start a discussion below.

But there’s a simple answer.  Back to online ticket sales. There should be a a rule that every actor must show the out-the-door price as soon as feasible on every site.  The end.  In one swift blow, that would create a fair marketplace. It would reduce friction. The right actors with the best prices would get the money. Consumers would have a better experience. Everyone wins, except the firms that existed only because they shrouded, or cheated. Those firms would go out of business because what they were doing was unsustainable anyway. ( I have a story coming soon about one of those firms you won’t want to miss. In fact, I’m sure you won’t.)

Now, apply this price tag rule to other industries. Airlines. Hotels. Mortgages.  Cell phones.  Cars. Whenever a price is discused, it’s the out-the-door price, not some imaginary number no one can actually buy anything for. Verizon, for example, could never again advertise smartphone plans for $80 a month when there is no actual way to get a smartphone for $80 a month (without that other $15 monthly device access fee).

Sure, go ahead, list your costs of turning on the lights or paying for plastic cups in the breakroom on some website somewhere.  But the price is the price. You’d see a big change in the way consumers approach purchases. And I’m convinced you’d see an improvement in the economy as a whole.

Let me throw another flower at StubHub, which still has an option while shopping that lets you check a box that indicates “show prices with fees.”  The firm is gamely trying, and I honor that.

Now, it’s time we demanded the same from all the companies we work with. But if you think there’s an industry-group, organic, market-based solution to this problem, I have a ticket to a Beatles concert to sell you.  For this market failure, we need a regulator to set a clear rule. And we’ll all be better for it.


Credit cards with magnetic stripes are being eliminated in favor of cards with fraud-fighting computer chips. Here are all the details you need to know as a cardholder.

Why is Oct. 1 important?

Banks and merchants have been inching toward the magnetic-to-chip transition for a long time. New rules take effect Oct. 1 that provide a dramatic incentive to make the switch. The rules govern who pays when credit card fraud occurs. After Oct. 1, most merchants that aren’t equipped to accept chip cards will have to pay when fraud occurs. While all chip-card point-of-sale terminals won’t change overnight, that’s a pretty big carrot.

I still have an old magnetic stripe credit card. Will it stop working?

Generally, no. Most point-of-sale terminals will be able to accept both mag stripe and chip cards.

How will this affect me directly?

Ideally, very little. There will be a slight difference in the procedure for using plastic at checkout. Instead of swiping your card, you will insert your card — similar to the way you insert a card into an ATM. Then, you’ll have to wait a moment while the card is authenticated.

What if I still swipe my card?

If your card has a chip on it, most chip-ready terminals won’t accept a swipe. They’ll force you to insert the card into the chip reader.

Why should I care?

In theory, chip cards are nearly impossible to counterfeit. Switching to chip cards will virtually eliminate a certain kind of credit and debit card fraud that’s very common today called “card cloning.” In cloning, criminals steal account numbers and other basic information, then encode a separate piece of plastic with the data and use it to make fraudulent purchases or in some cases, cash withdrawals. That’s how a criminal can steal from your credit card even if your card is still in your wallet. Because the chips haven’t been cloned yet on any kind of wide scale, this version of credit card fraud is expected to drop significantly, as it did when European nations switched to chip cards. So that’s good news.

Will it eliminate all credit card fraud?

Heck no. In fact, there is some debate about whether it will reduce fraud at all, or merely shift it to other forms. Switching to chip credit cards, on its own, does nothing to stop “card-not-present” fraud, such as use of stolen account information to make fraudulent online purchases. When card-present fraud drops, everyone expects card-not-present fraud to rise. So it’ll be even more important that you check your credit card statements each month to spot crime. (If you’re worried about other forms of identity theft and fraud, you can monitor your credit scores for free on to spot any unexpected changes that could signal bigger identity theft issues.)

Why do I keep hearing the term “EMV?” What does it mean?

That stands for Europay Mastercard Visa, the three firms that originally developed the standard. In this context, “chip card” or “chip credit card” or sometimes even “smartcard” means the same thing as EMV card.

How does it work?

When a chip card is inserted into a reader that recognizes it, the chip wakes up and performs a calculation that can be checked on the spot to ensure the card is not a fake. Further authentication can then be conducted online with the cardholders’ bank.

The rest of the world has been using EMV for years. Why was the U.S. so slow?

Because telecommunications in the U.S. have traditionally been much cheaper than elsewhere. EMV was critical in Europe and beyond because it was too expensive to perform “online” authentication via phone calls in many places. EMV cards can perform some authentication checks locally, a great advantage in places where telecoms are costly. In the U.S., banks and merchants didn’t mind the long-distance phone calls, so the urgency for transition wasn’t there — until high-profile hacks of retailers like Target really forced the situation.

How far along is the change?

If you ask Visa, pretty far. The firm says 141.9 million chip cards have been issued in the U.S., and 301,000 merchants are chip-ready, a 547% increase over last year. Other folks aren’t so sure. Gallup and Wells Fargoreleased a survey in August involving 600 small-business owners, and only 29% said they would be ready to accept chip-enabled cards by Oct. 1 do so before the deadline. An additional 21% said they never planned to make the switch.


Click to watch Yogi's funeral on Yes

Click to watch Yogi’s funeral on Yes

I’m really sad about Yogi Berra’s  passing.

You already know the long list of wonderful things about Yogi, so I won’t repeat them here.  An extraordinary friend, husband, athlete, and businessman.

What makes me most sad is that Lawrence Berra wasn’t really extraordinary at all. He was a downright ordinary human being. He was little.  He worked summer jobs, even after “making it.”  He spoke like us – most of the time. He might be the last world-famous athlete we’ll ever see who was one of us.

When Ted Williams first saw Yogi, he said, he thought his chest protector would hit the ground, Yogi was so short.  He looked no more like a future MVP than the security guard who probably stopped him at the Yankee Stadium entrance asking for ID.

Yogi was special, of course. By the time he was left his teen-age years, he had already quit school to help support his family, and fought on D-Day to help support the Free World.  He’d already done more than most of us will in out lifetimes.

He had great skills — he set the record for home runs by a catcher, broken by the venerable Johnny Bench. But Yogi’s best quality was his ability to be a teammate.  He was masterful at handling pitchers, the most underrated part of any baseball team’s success.

He was a masterful teammate until the end.  Yankee announcer Michael Kay bawls every time he tells the story of Yogi visiting Phil Rizzuto when the former Yankee shortstop — and fellow regular guy –was dying in assisted care.  Yogi went every day and played cards with Phil, because he knew he was scared.

He was 5-foot-7. He was a giant.   But more than that, he could have been you and me.  

Yogi wasn’t an Adonis. He wasn’t a 7-footer. He obviously wasn’t ‘roided up.  He probably wasn’t even picked first in gym class at anything.  But he made it.  And anyone watching Yogi could think, or in good conscience tell their children, you can make it too.

Sports are different now.  Children become “professionals” before they reach  puberty.  Pitchers who  don’t throw 90 mph by age 14 are discarded.  Athletes are creations of science and data.

Yogi, we all know, was a creations of the heart.  That’s why we all love him. He was …normal.

Baseball is far different from other sports.  One reason: It is incredibly democratic.  Every defender also  gets to hit.  Everyone gets a turn.  In basketball, defensive specialists go entire games without taking a shot. In hockey, too. In football, well, there are entirely separate teams for offense and defense. But in baseball, the last can become the first.  The least has the chance to be the greatest.  And we see it often — long games are determined by the last player on the bench, who gets a surprising hit and a day in the sun.  Baseball brings us incredibly moments of underdog heroes, more than any other sport.

Baseball is actually designed for such magic.  It is designed to give everyone a chance. It’s designed so Yogi can become a hero.

I wonder now, in baseball and in America, what chance Yogi would have were he an 18-year-old today?

Full disclosure: A dear family friend, Fr. Tim Shugrue, was pastor of Yogi’s Catholic Church in Montclair for many years.  I have even more reason than many of you to know how normal, and kind, Yogi was as a person.  Decades after he had won the last of his record 10 World Series, he was touching people’s lives every single day.

I will miss him.




Kenna Security

Bad guys are so much more nimble than good guys that they have a two-month head start in most hacking situations, a new report has found.  Meanwhile, software flaws that are even a decade old continue to be used to hack hundreds of thousands of computers, according to Kenna Security.

In the hacking world, a secret software flaw that can be exploited is known as a “zero-day” vulnerability.  Known only to a select few, zero-day exploits give hackers the ability to break into machines at will, and much has been made of this alarming problem.

But even known vulnerabilities might as well be “zero day” flaws, suggests findings in a report issued Tuesday by Kenna on what it calls the “Remediation Gap.”  Kenna says it examined one billion breach events and came to this disturbing conclusion:

Most organizations require 100-120 days before fixing vulnerabilities; meanwhile, hackers exploit them within 40-60 days.  That’s two months of free shots.

“The public has grown plenty familiar with hacker seeking out a specialized target, such as Ashley Madison. But automated, non-targeted attacks still remain the most significant threat to businesses of all sizes,” said Karim Toubba, CEO of Kenna. “Every company has data that hackers want to get their hands on, but security teams remain one step behind their adversaries. Security teams need to move quickly to remediate critical vulnerabilities, but they don’t have the tools needed to keep pace with hackers.”

The report suggests that too much attention has been placed recently on targeted attacks, while old-fashioned “spray and pray” attacks remain many firms’ greatest threat.

“Of the organizations that Kenna has evaluated, 100 percent are susceptible to vulnerabilities – which correlate to at least one stable publicly available exploit,” the report says.

Kenna said it pulled its sample from a database of 10 million successful attacks per week, collected through AlienVault’s Open Threat Exchange, as well as threat intelligence data as well as data from various partners, including Dell SecureWorks, Verisign, SANS ISC and US-CERT.

“By executing this approach, we were able to estimate the probability that a vulnerability might be exploited, as well as the sheer volume of attacks, based on the volume of attacks displayed by the aggregated data,” the report says.

Security professionals do a poor job of prioritizing which threats they remediate, and often fail to patch old flaws that are known to be popular among hackers in favor of top-of-mind flaws that have been recently announced, the firm argues.

“One of the points we need to make is that the vulnerabilities in question are often very old, well-known weaknesses that simply haven’t been fixed yet. We’ve seen this over and over again as we evaluate the data,” the report says. “In many cases these vulnerabilities are not sexy, and they don’t hog the spotlight – but in many environments they actually represent major weaknesses.”

For example, Kenna spotted 156,000 exploitations of the Slammer worm executed during 2014. Slammer hit so many servers that it dramatically slowed down general Internet traffic – in 2003.

The report also finds that automated attacks are on the rise: Kenna says there have been over 1.2 billion successful exploits witnessed in 2015 to date, compared to 220 million successful exploits witnessed in 2013 and 2014 combined – an increase of 445 percent.

“Companies will continue to face the cold reality that throwing people at the problem is no longer sufficient for remediating vulnerabilities and combatting the sheer volume of automated attacks,” Toubba said.”


There are many reasons a monthly student loan payment might increase — but from $200 to $1,400 in a single month? That seems like cruel and unusual punishment — but that’s exactly what one consumer told federal regulators happened because of a paperwork delay.

(This story first appeared on Read it there.)

The 600% jump sounds hard to believe, but the complaint was recently cited by the Consumer Financial Protection Bureau in a warning it issued about a particularly sinister form of what it calls “payment shock.” Ironically, it comes as the result of a program designed to make student loan repayment more affordable.

A new student loan program that began in 2012 allows low-income borrowers to apply for income-based repayment plans. These plans cap monthly payments at a percentage of the borrowers’ income, ensuring they have money left over each month for basic necessities. So long as borrowers remain in good standing, unpaid interest doesn’t end up added to the loan balance, and payments are capped at 25 or 30 years, depending on the specific program.

But to make sure borrowers’ financial situation doesn’t change, each income-based repayment plan must be recertified annually — and that’s where the trouble is. If the paperwork isn’t completed on time, the payments snap back to their original amount.

In a blog post discussing the problem, Seth Frotman of the CFPB wrote that a remarkable 57% of borrowers in a Department of Education sample missed their paperwork deadlines. Making matters worse, since loan payments are usually auto-deducted from borrowers’ checking accounts, former students hit by snapped-back payments are often unaware of the situation until there’s a gaping hole in their checking account balance, which often leads to a cascade of financial problems, including potential credit damage. (You can see how your student loans are affecting your credit scores for free on

“When borrowers don’t recertify on time, their payments will snap back to the amount they would have owed under a standard 10-year repayment plan — a jump of hundreds of dollars per month, in many cases. This can be a shock to those already struggling to make these payments,” he wrote.

Whose fault is it when the paperwork isn’t completed on time? The CFPB has heard from consumers saying their financial institution was to blame, Frotman said.

“We’ve … heard about detours and dead ends that prevent you from keeping your payments affordable under these plans, even when you’ve filled out the required paperwork,” he wrote. was unable to contact the woman who complained her payments snapped from $200 to $1,400, and could not independently confirm the details of her situation, but here is what she told the CFPB. She blamed her loan servicer Navient for the screw-up:

“I submitted the required documentation for the 2015 IBR repayment plan 8 weeks before the expiration of my previous IBR application, and within the time period Navient indicated. Due to Navient’s delays, my IBR application was not processed timely,” she wrote. “While waiting for them to process my application, monthly payment jumped from approximately $200 a month to $1400 a month, causing me to go into overdraft on my checking account. Navient failed to process my application timely even though my application was complete and no documentation was missing, and failed to communicate the huge increase in payment.”

Nikki Lavoie, Navient spokeswoman, declined to comment about this specific complaint filed with the CFPB, but she did say that Navient strives to process renewals quickly.

“The standard is within 15 days but it is often sooner than that — to ensure that customers receive their renewal before their deadline,” Lavoie said. “We prioritize renewal recertifications nearing a deadline to help ensure a borrower’s payment doesn’t increase.”

Navient disclosed in an August filing with the Securities and Exchange Commission that is currently under investigation from the CFPB. The filing says Navient was notified by the CFPB that the agency’s office of enforcement is “considering recommending” legal action related to “disclosures and assessment of late fees and other matters.”

“The Company is committed to resolving any potential concerns,” the filing, dated Aug. 19, says.

The recertification problem is widespread, and not limited to any one loan servicer. According to Department of Education research, hundreds of thousands of students failed to recertify on time last year. Even worse, nearly one-third of that group ended up going into a hardship-related deferment or forbearance.

For students currently enjoying the protection of reduced monthly payments, the CFPB warns that it’s critical to make sure recertification is completed in a timely fashion. Failing to do so not only results in payment shock, but it can also impact accumulated interest waivers and the 25-year maximum payment clock.

The CFPB is currently reviewing comments about issuers with student loan servicers, and says it will issue a report about next steps in the coming months.