The cabin crew came round with the on-board shop trolley-style cart-thang and I bought something from them. And then I paid for it.
So this is what happened: I gave the crew member my BA Amex card and my BA Executive club card as have I done in the same circumstances for several years.
First of all, the POS terminal refused to accept my British Airways American Express card because it expires at the end of this month. I assume that this is a software error of the type first spotted in about 1955, so I’m going to mention it my complaint to BA and I’m sure they’ll get round to fixing it sometime.
The nice lady with the terminal said something along the lines of “I don’t suppose you have another card do you?” so I open my rolling office and choose one of the other 47 cards in there. I decide to give it a go with a Barclaycard MasterCard that doesn’t expire for a couple of years. They swipe it. It’s got a chip on it, and I know the PIN, but they swipe it. I wondered for a moment if they were real cabin crew or if this is some elaborate Eastern European mafia fraud to obtain track data and PINs for use in US ATMs, so thought I’d better remember their faces for the inevitable police fotofit session.
While I making a mental note of their basic characteristics (would I say that she was “average” height?) , the “cabin crew” (if that is, indeed who they were) asked me for my Executive Club number, because they can’t read the number from the new Executive Club cards in low light. Then they asked me for my passport.
What? Why on Earth would I give my passport to mafia-style super-fraudsters!
I ask why they want my passport, mentioning in passing that British Airways already have my passport details, and the cabin crew tell me that it’s because of high levels of card fraud. They also tell me that it’s a pain in the arse, because many passengers have put their passports away in bags for the flight and have to pfaff about getting their bags from the overhead bin and rummaging around finding their passports, which means it takes way longer to do on-board shop sales. They also said that the on-board terminals have new software that doesn’t do chip and PIN any more (they didn’t say whether this is the patch for 1999 or 2019), which is why they swiped my card and had me sign it. Bizarre.
A transaction that should have taken in the region of 20 seconds — insert card in terminal, enter PIN, print receipt (I don’t even care about this – they could just e-mail it to me later) — took several minutes. What’s more, a transaction that should have taken in the region of 20 seconds and minimised fraud was replaced by a transaction that, if anything, will cause fraud to rise, for the obvious reason that if I am a fraudster using bent cards on plane I already don’t care that you know who I am. You have my seat number and all of my personal details already. If the guy in 28B uses a stolen card, say, and the transaction gets charged back to BA, what are they going to do any differently now? The police (in the UK, at least) are not going to send out the CSI:Heathrow team because they get an e-mail from BA saying that passport number XYZ bought a bottle of Gordon’s with a card that was subsequently declined. What a joke. I felt really sorry for the BA cabin crew and (with their permission) asked if I might record this payment omnishambles for posterity.
After the harassed cabin crew had moved on, I couldn’t help but start to think how ludicrous this incident was. What has happened? Well done, payments industry. We’re actually going backwards. If British Airways decide to get some new software written by people who know what they are doing, here is my suggested transaction marketecture (and I don’t know why I’m giving them this for free – must be something to do with the low levels of oxygen in cabin).
- If the customer has a chip and PIN card, insert the card and have the customer enter the PIN. If the PIN is correct, that’s the end of it as far as BA are concerned.
- If the card has a magnetic stripe or a chip that doesn’t work, then by all means swipe the card, make the passenger sign the slip, demand to see their passport and record the passport details with Soviet-era efficiency.
The way BA handled payments on BA177 LHR-JFK (08SEP12) made no sense. To take a customer’s chip and PIN card, then ignore the PIN and swipe it, ask to see a passport (which is pointless anyway, because British Airways have my passport details on file against the booking and I had to show the passport to board, so if customers are committing fraud by using counterfeit or stolen cards this won’t make any difference whatsoever) is inconvenient, slow and silly.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
Even with a “chip-n-PIN” terminal in “live” retail environment, how can consumer be sure that some “EMV-approved” card terminal is not a bogus one?.. Think about this: mobile telecom industry carries out over 10bn (!!) REMOTE authentication session DAILY, using whatever phones consumer happened to have. Terminal (I.e. phone/SIM related) fraud level is… below 0.01%…
There’s your answer – easy! Use your mobile phone, on the flight, to call a ground-based call centre that can process the authorisation request as a CNP-on-board-a-plane-somewhere-over-the-Atlantic transaction with restricted chargeback rights based on the authentication of the phone. Chip and PIN – who needs it?
In-flight purchases normally take place during certain time. All planes have comm. facilities. Doing a batch transaction – similar to what TfL are doing with Underground gates – via IP would take a few minutes max (btw, try timing SMS and WhatsApp messages…) Besides, airlines already know who you are, as well as details of at least one of your valid cards.