Written by Technorati Tags: EMV, risk analysis
It’s not the story that the top five banks in the UK are about to declare a total of £37 billion in profits for the last financial year.
Nor is it the story of the student opening his first bank account. He paid in £41 to cover the cost of a direct debit for insurance. The direct debit actually turned out to be £42 so the student was charged an additional £38 by the bank. He didn’t know this so when his insurance company told him that the debit had been refused, he paid in the missing pound and asked them to try again. But now, of course, his account only has £4 in it, so when the insurance company try to debit, they are again refused and the student is charged another £38.
Nor is it the story about the woman who called her bank to tell them that her husband had died. She then got a letter from the bank asking her to repay her son’s overdraft. This caused some family upset because she didn’t even know that her son had an overdraft. Her son then discovered that the bank had notified credit reference agencies of his death. You can see how embarrassing this was going to be: You go into a shop to get a mobile phone and you’re told ‘Sorry, you can’t have a pay monthly mobile phone because you’re dead.’ The bank had, of course, mixed up the dead father and the not- dead son.
No, the story that was most interesting was the story about the person whose credit card statement turned up with two charges in India. When they rang the bank to complain, they were told that their signature must have been forged, clearly implying a retail (not ATM) transaction. It then transpired that the transactions were PIN not signature. The person had the card in their possession in the U.K. the entire time. The card never went to India. And the person said that they never disclosed their PIN to anyone either. The issuer gave the money back together with an additional ex-gratia payment for charity because it took so long to sort out, but I’m very curious as to how a retail PIN transaction could have taken place in India when the card was in the U.K. Anyone reading this in the newspaper would have — incorrectly, I’m sure — deduced that the bank in question was issuing chip-n-pin cards that could be counterfeited. They would then, presumably, make a mental note to use a different bank next time they wanted a credit card. How does a bank factor this kind of reputational risk into technology investment decisions?
My point is that at a time when credit card fraud is, say, seven points and bad debt is 700 points, it’s easy to push fraud down the priority list and stop listening to people like us who think that technology should be used to improve security. But would the net income lost to the issuer because of customers going elsewhere be more or less than the seven basis points lost to fraud? That’s one of the questions I’m going to be asking at the card fraud conference in London today.
Incidentally, there was also a story about a person trying to send £250 to a family member in Australia. They had such faith in the international money transmission network that they put cash inside a card and posted it, but it never arrived. They can’t get their money back from the Post Office because it turns out that it’s illegal to post bank notes in letters in Australia. Who knew?
My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public. [posted with ecto]
