Even if there were a trustworthy way to send money over the Internet–which there isn’t–the network is missing a most essential ingredient of capitalism: salespeople.[From Clifford Stoll: Why Web Won’t Be Nirvana | Newsweek Technology | Newsweek.com]
Well, we still don’t have a completely trustworthy way of sending money over the Internet, although PayPal is doing a pretty good job, but there’s no shortage of salespeople. True, most of them seem to be selling Viagra, but there’s an awful lot of commerce going on nonetheless.
But why isn’t there a completely trustworthy way of sending money? And what would completely trustworthy actually mean anyway? Let’s take it to mean that no-one can pretend to be me in order to make a payment with my money. Well, that’s not really a payment system problem, it’s an identification and authentication problem. We have a 2FA retail payment system (ie, chip and PIN) here in the U.K., yet fraud has been increasing steadily ever since it was introduced.
…fraud when you order by mail, telephone or on the internet is still increasing – in fact, it rose 44% in the first half of 2007, compared to the first six months of 2005.[From The final verdict on chip and Pins – ID fraud| Credit reports – MSN Money UK]
This isn’t simply a U.K. problem (because we export a lot of our fraud, primarily to the U.S., France and Spain at the moment) but is true across Europe. It’s got the point where the European Commission is getting upset about it. Roughly speaking, they say there are 10 million fraudulent transactions in the SEPA area per year, affecting 500,000 merchants, representing roughly a billion euros in losses. Oh dear.
EU internal market and services commissioner, Charlie McCreevy, says: “Payment fraud affects consumer confidence in non-cash means of payment and therefore remains a threat to the success of the single market for payments.”… A study conducted for the Commission in 2007 shows that user trust in certain authentication methods for cashless payments could be improved.[From Finextra: Card fraud threatens development of European payments network – EC]
Of course not all fraud affects consumer confidence. I don’t really care how much credit card fraud there is, for example, because I’m protected from it by law and if fraudsters obtain my card number and use it to buy jewellery in Mumbai, then the bank will give me my money back. It’s not my problem at all. This is why the general public aren’t that bothered about helping banks to improve — as the public see it — the banks’ security or reduce the banks’ losses.
Despite continuing security concerns, two thirds of customers do not want their bank to provide chip and PIN-style authentication devices, according to UK high street bank Abbey. The bank says a survey of 1000 of its own customers found that just one-in-three people (32%) want to be supplied with a security device to further secure online transactions.[From Finextra: Customers don’t want authentication devices, says Abbey]
I wasn’t sure how I’d like using my Barclays two-factor device, especially since I know that it doesn’t defend against all attacks, but it’s actually fine. It’s easy, it works and after using it a couple of times I just got used to having it under my monitor and grabbing it when I needed it for home banking. But I only use it for home banking: if I’m buying something on the web using my Barclays credit card or Barclays debit card, the device sits forlorn in front of me, powerless to hold back the relentless tide of CNP fraud.
The share of online revenue lost to fraud in 2007 held steady with 2006 at 1.4%, but as e-commerce grows, the total dollar loss from online payment fraud is growing at the rate of about 20% a year and is estimated at $3.6 bln in 2007, up from $3.1 bln in 2006, according to CyberSource.[From 1.4% of online revenues lost to fraud in 2007 | IT Facts | ZDNet.com]
I don’t want to be mean, especially to people who pay my wages, but the performance of the banks in this area seems very poor. Instead of getting together to launch something new for the Internet Age — like a working e-cheque, for example — they’ve continued to bend, batter and patch up the credit card systems to force them into environments for which they were never designed. Surely it’s time for a rethink, starting with integrating into identification and authentication systems and work backwards to deliver payments.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]