It’s easy running money, isn’t it

[Dave Birch] Running a retail payment system is pretty easy, which is why new entrants are attracted to it despite the thin margins, as we’ve discussed before. But it isn’t easy when things go wrong. Take a look at what’s been going on in Hong Kong, where there are currently 15 million Octopus cards in circulation and the company handles 10 million transactions totaling more than HK$78 million (about five million quid) every day. Octopus has been found to have takenan average of HK$240 from six cardholders every day for the past seven years (amounting to HK$3.7 million) because of faulty transactions. Octopus are, of course, going to refund the money to the 15,270 people affected going back to 2000. There are no records before 2000, so the additional HK$300K overcharged during that period is going to be donated to charity. The fault meant that about six in every 10,000 top-ups went wrong: the money was deducted from the cardholder’s bank account but not credited to their Octopus account. Octopus Holdings chief executive Prudence Chan Bik-wah said the main cause of the failed transactions was a malfunction of an electronic funds transfer module in the add-value machines at transit stations and that all top-up transactions from the machines will remain suspended until the problem is completely fixed. She also pointed out that since 90% of the customers are anonymous, it’s complicated to sort out refunds so customers are being encouraged to use personalised cards free of charge for the next 12 months.

Technorati Tags: contactless, payments, transit

The problem came to light some ago when Octopus admitted that its investigations failed to discover why money was deducted from the accounts of more than 500 card users without topping up their cards with the appropriate amounts. The Hong Kong Monetary Authority (HKMA) ordered an enquiry at the end of last year. Although it was originally believed that problems began with the upgrade of the EPS add-value system at the beginning of December, the inquiry revealed a limited number of failed add-value transactions arising before that date with refunds outstanding. Although the problem appeared to be restricted to a limited number of EPS add-value transactions, it had been decided to call for an independent review and they appointed Professor Andrew Chan Chi-fai of the Faculty of Business Administration of the Chinese University of Hong Kong and the Chairman of the Hong Kong Deposit Protection Board to advise the management of Octopus Cards Limited (OCL). The HKMA has also served notice to OCL under Section 59(2) of the Banking Ordinance, requiring the company to submit to the Professor an independent auditor’s report on the operation of add-value services through EPS as well as OCL’s operational risk control environment. It’s this report that is the heart of the news story above. It’s taken them a few months work through it all, but they seem to have got to the bottom of it.

The saga raises a few points for non-bank organisations looking to move into the payments business:

• It’s really hard to test payment system properly because of their operational scale, therefore it’s best to assume that something will go wrong. Having detailed specifications and semi-automated testing driven from those specification (not from the design) is critical, but someone somewhere is still going to implement something incorrectly.
• It’s best not to jump to conclusions about what has gone wrong. Given the complexity, you may be looking at misleading symptoms.
• Have a good procedure in place for when it does go wrong. Don’t panic. Turn off the component that doesn’t work — any well-designed system has fallbacks (ie, if POS top-up doesn’t work, consumers can use mobiles instead) — and set about finding the problem. People are naturally sensitive about money, so it’s important to get it fixed.
• Finally, if something goes wrong then turn the big guns on it, don’t try and sweep it under the carpet or hope it can be fixed in the back room. Octopus has kept public confidence by being open about the investigation, the results and their actions.

A useful case study for anyone going into this business.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public. [posted with ecto]

.