Written by it’s time to throw out the blanket zero-liability paradigm and get legitimate, responsible consumers to put some skin in the security game, too. The good ones appear to be ready to do what’s needed to protect themselves. Consumers who can’t should get restricted account access. Those who won’t should bear the specific costs of their misbehavior instead of loading their burden on the backs of the vast majority of responsible transactors.
Interesting, and different to my plan to make it the both the issuers and customers problem by changing the law so it’s not illegal to use someone else’s card. My plan delivers zero fraud, instantly.
Technorati Tags: credit cards, debit cards, fraud, payments, retail
Steve makes, as always, a lot of sense. But as Chris Skinner noted, when he was discussing the UK government’s “Get Safe Online” initiative, is that only 24% of UK online consumers think they should be primarily responsible for their own online safety. In other words, 76% think they’re not responsible for their own safety when shopping, banking or doing stuff online. Zero liability has, indeed, created a kind of moral hazard: products that were never meant to be used online are being shoehorned into channels where they are less than wholly safe where they are being used by consumers (like me) who don’t care about security because they are indemnified against loss. Hhhmmmm.
At the moment, neither the the banks, the consumer and the police aren’t sufficiently incentivized to stop identity theft, so who is? The merchant. In the case of CNP, it’s the merchants who are losing the money, but even so the take up of anti-fraud 3D Secure technology has been rather limited: apart from anything else, the merchants themselves don’t want to implement it for fear they will lose more from basket abandonment than fraud.
There’s a good article about the fraud/lost sale trade-off in this month’s Digital Transactions, by the way.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
My understanding is that the zero-liability deal with consumers came about because the card issuers petitioned the governments around the world for price protection. That is, they asked for a subsidy of protection for their contracts with merchants that forced all prices to be the same, and to get that the regulators insisted on no-liability or $50 liability caps for consumers.
(I was too young to care about these stories, so I may be wild of the mark, but) in the good old days, the war was against cards. Small merchants offered discounts of 5-15% for cash, because it was cheaper for them. Large merchants had more economies of scale, of course. To get the small merchants into the card net they had to be foistered with an uncompetitive bargain.
It might be worth considering that the phoney war on cash is simply the request for the removal of one subsidy that hurts the banks, today. That’s a fair deal if we get rid of the other subsidies too.
Certainly the no-liability deal should go. European banks are doing it already, last I heard they are hitting the consumer for around 30% of the phishing losses.
Question is, what are the banks prepared to give up?
While I like many points in the article I’m responding, the suggestion that we should remove the accountholder’s zero-liability provision is a bad idea in the US for two reasons:
1) Such thinking is based on a faulty premise. Research data does not show that zero-liability protections eliminate the accountholder’s motivation to protect against fraudsters. Consumers view the card or bank account as “their account”, and treat every violation as a personal issue with potential consequences that don’t simply end once fraud amounts are potentially reimbursed. 2) The backlash by consumer protection groups would be simply unbearable. Anyone ready for a page one story in the Times about how bank XYZ has finally gone over the top to stick it to the consumer?
What we need is to empower the accountholder, giving power to their significant motivation to protect themselves and building on their unsurpassed individual knowledge of what makes for a legitimate transaction. We have the technology, yet its not being deployed.