But this is only the beginning. The March issue of the Journal of Payment Strategy and Systems (volume 4, number 1) has an article by David Teitelbaum and Gretchen Lamberg of Sidley Austin called “The Deputisation of the US Payments Industry” which talks about the extent to which different interest groups want to the payment system to police other non-payment laws (think about the recent Norwegian ban on using Visa and MasterCard for offshore gambling transactions). And the issue has just made the headlines in the UK, because a Member of Parliament wants to fine card companies for allowing people to buy child pornography (although not other illegal material, but I don’t know why).
Geraint Davies, Labour MP for Swansea West, is set to put his case in the House today in a Ten minute rule Motion which says: “That leave be given to bring in a Bill to impose penalties on credit and debit card providers for the facilitation of the downloading of child pornography from the internet; and for connected purposes.”
Davis told the BBC’s Today programme… “This is the means of thousands of perverts viewing abusive pictures and we need to stop that. One way to do that is to identify them, and if the credit card companies facilitate this abuse they should also be penalised,” he told the programme.[From Finextra: MP calls for penalties for card schemes over prepaid card abuse]
“One way to do that is to identify them”. Indeed. In fact, that’s the only way to do it, because unless you know who they are, you can’t prosecute them. And I would have thought that if the plod turn up at Barclaycard with a warrant that says “this card was used to commit a crime, please tell us who it belongs to”, then Barclaycard will tell them. (The pre-paid card thing is a red herring, because you can’t use them online without registering and because criminal don’t use them anyway because the “unregistered” balance limits are low, they use stolen cards.)
So what is the MP going on about? How does Barclaycard know that the $9.95 that I’ve just spent on my card at a web retailer in Uzbekistan is for a shareware game of dominoes or for child porn? How is Visa supposed to know whether a web site with foreign-text like this one is about legitimate political discussion or the trafficking of children for sex? You may as well pass a law to fine the Bank of England for allowing perverts to buy their computers using £50 notes in the first place or better still fine banks for letting people withdraw money from ATMs to pay for prostitution (or drugs, or whatever).
There’s a real problem with making payment systems into policemen, especially when the decision about what is or isn’t allowed is not black and white, or varies from country to country or even between constituencies within a country. Look at (just one) of the arguments going on in the PayPal community, this time about what is or isn’t “hate speech”.
It’s clear that there are some people who want to constrain peoples’ spending, and sometimes for a very good reason, but is it right to expect the payment system itself to do this. Suppose you don’t want minors to buy cigarettes, for example.
Times review finds that in more than half of the state’s casinos and gaming rooms, welfare recipients can get cash from state-issued EBT cards. Officials say they’re moving to block such transactions.[From California welfare cards can be used in many casino ATMs – latimes.com]
This won’t make the slightest difference, naturally, because the gambling-crazed welfare recipients will just remember to go to the ATM before they get to the casino. They may even have to pay for an extra bus ride to get to the ATM (rich people won’t, so once again the poor will get the higher transactions fees).
What is happening here is that the payment system is being used as an imperfect proxy for an identity management system, and that’s why it’s being used to stop welfare scroungers, gamblers and so on. But this means that the costs of detection, filtering and prevention are all falling on the payment system (in other words, on law-abiding customers) which doesn’t seem right. If there were a proper identity management system in place — so that a customer could prove that they are 18 or a UK resident or legally sane — then the issue of payment and the issue of identity (ie, credentials) would be properly separate.
Of course, if the government want to pay the banks to provide these proxy identity management services, within an explicit framework of liabilities, then that would be a useful conversation to get under way.
This led me into a conversation with a couple of the guys at work about the design of payment systems. Should payment systems be designed to allow tracking, tracing and monitoring? The answer is yes, but with clearly understood boundaries. It is easy to think of socially-beneficial examples of the payment system “interfering” in a payment.
The future of VAT can and must be quite different. As the migration to the also otherwise so-sense-making e-invoicing is progressing fast it is possible to deploy SPLIT-payments – meaning that when the buyer is paying the invoice the VAT-part will be directed to tax, the net amount to the seller (automatically followed by possible refund)[From Networked Economy – Bo Harald: The future of VAT – Automatically Real Time]
OK. So now the next step. Should the payment system be designed to allow blocking by merchant category or line item? Yes, provided that the cost is not disproportionate, but I doubt there is a merchant category code (MCC) for “child porn vendor” nor an EPC code for “child porn” so this wouldn’t help anyway. And if there was an MCC for “child porn vendor” then the criminals wouldn’t use it: they’d use an MMC for entertainment, or whatever. That’s the thing about criminals — they tend to break the law.
Should the payment system be designed to keep transaction data private, even though people sometimes use it to do bad things? Well, I think the answer must be yes but there must also be what, over on the Digital Identity blog, is called the “smash the glass” option. If you do something wrong, law enforcement must be able to press a button somewhere and have the system go transparent. So your transactions are cryptographically-protected against routine trawling, but if the police get a warrant then the relevant transactions (and only those transactions) should be opened up for inspection.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
As you’ve already pointed out, the feasibilty of this whole idea is where it really falls down as issuers have no fool-proof way of identifying what merchants are actually selling. It did get me thinking though about whether it would be possible to make the merchant acquirers accountable. I say this, as when we looked into our anonymous prepaid accounts, we found a small number of ‘niche’ merchant acquirers seemed to service a large proportion merchants selling adult content. They are the ones which have the relationship with the criminal merchants so wouldn’t it make more sense to penalise them? (of course this is not to say that I think the payment system should be made into a policeman)
Additionally, you mention how anonymous prepaid is a bit of red herring as the cards need to be registered for online use – this basic registration is not KYC’d at all on a number of programmes and is really just a means to enable cardholders to use their card online. Basically the details could be completely fictitious especially if it is content being bought and not anything which needs to be delivered to a physical address. As for the low limits discouraging criminals, it would obviously depend on the crime and how the card is used. For example I came across a number of examples of anonymous prepaid cards being used to buy ad space in autotrader (or similar) so that when the poor purchaser realised they’d been sold a freshly stolen car for cash, the seller was untraceable. And similarly for downloading illegal content I doubt the limits would be a barrier to the crime.