it’s time to throw out the blanket zero-liability paradigm and get legitimate, responsible consumers to put some skin in the security game, too. The good ones appear to be ready to do what’s needed to protect themselves. Consumers who can’t should get restricted account access. Those who won’t should bear the specific costs of their misbehavior instead of loading their burden on the backs of the vast majority of responsible transactors.
Interesting, and different to my plan to make it the both the issuers and customers problem by changing the law so it’s not illegal to use someone else’s card. My plan delivers zero fraud, instantly.
Steve makes, as always, a lot of sense. But as Chris Skinner noted, when he was discussing the UK government’s “Get Safe Online” initiative, is that only 24% of UK online consumers think they should be primarily responsible for their own online safety. In other words, 76% think they’re not responsible for their own safety when shopping, banking or doing stuff online. Zero liability has, indeed, created a kind of moral hazard: products that were never meant to be used online are being shoehorned into channels where they are less than wholly safe where they are being used by consumers (like me) who don’t care about security because they are indemnified against loss. Hhhmmmm.
At the moment, neither the the banks, the consumer and the police aren’t sufficiently incentivized to stop identity theft, so who is? The merchant. In the case of CNP, it’s the merchants who are losing the money, but even so the take up of anti-fraud 3D Secure technology has been rather limited: apart from anything else, the merchants themselves don’t want to implement it for fear they will lose more from basket abandonment than fraud.
There’s a good article about the fraud/lost sale trade-off in this month’s Digital Transactions, by the way.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]