Identity Fraud: Shift from Resolution to Prevention

This opportunity has been knocking for a few years now. And the knuckles are quite worn out.

When I meet with other people in the industry, we all agree that banks generally don't care about resolving problems even if the systems and tools are there. They regard fraud as a cost of doing business.

Each week, here in finextra we have bloggers writing about financial institutions' failure to innovate. FIs are not into innovation, well at least not when it comes to resolving problems. What we have seen so far is that they are quick to innovate processes and systems that allow them to skim, for example, using high-frequency trading systems with access to flash orders. This is the prevalent mentality - innovation is accepted and welcome only if it enables the FI to make quick bucks/profits. Never mind that when you take a close look at this 'innovative' high-frequency trading system (for example), one would readily see that it messes up the level playing field. As an ex-trader, I find such an exclusive system anomalous and in my opinion, these systems should not be allowed. 

It's also a herd mentality out there and considering the economic fiasco that they have brought upon themselves, banks just do not want to do anything. 

What you call UDLAPs is offered by patented processes and systems (priority date of Feb. 2001, USPTO 6931382). VISA's similar patent application claims came in March 2002, 13 months later... This 6931382 system was actually conceived and designed approximately in September 2000 - 9 years ago!

It's one thing to have an idea, develop it and offer it to the banks. If you do not have a patent for what you are offering, better close your shop. Don't waste your time and money! Banks, specially their IT departments will not hesitate one bit to copy your idea. Heck, they do this even when they know that a patent exists!

And let's talk about what would motivate a card issuer to do the 'right thing', meaning implement a fraud prevention system. Let's take a look at verified by visa or ucaf/spa for example. Why are these systems being mandated and why are card issuing banks being forced to implement these systems?

I'm ABC Issuing Bank and I am being told to implement VBV or UCAF/SPA. At the moment, without VBV or UCAF/SPA, I actually earn higher interchange fees each time my issued cards are used for online payments even without doing this additional validation. I need to comply but what's in it for me? Wait, are you saying that online merchants will actually pay less interchange fee for card payments that I verify with VBV or UCAF/SPA? And why do I need to force my cardholders to use these systems? I don't get it. As the issuing bank, I can never have control nor would I even know or be able to prevent fraudsters to present 'fake' VBV or UCAF/SPA stubs that can fool my cardholders to divulge their additional authentication tokens. I truly fail to see the logic in this plan and actually earn less after I am forced to implement the systems  to do this extra validation step.

Another alternative is for the security solution provider to get into the card issuing business itself and offer the security with the cards. I just looked into a company that offers prepaid card accounts. They started in 2006 and their revenues have grown from approx. 50 million euros to a little over 200 million euros within 3 years of operation! We now clearly see a trend towards debit and prepaid. Consumers would naturally want to control their debit and prepaid, no doubt, because it's their money, not the bank's.

I'm beginning to think that the key to 'motivating' banks to offer effective systems is to find a way to let consumers know that these systems/solutions have been in existence years ago (since 2000). With the banks' herd-mentality and card schemes that are subjected to antitrust law, Consumer Protection Agencies working with other regulating bodies might be able to make headway in making the knocks heard and doors open.

Which is exactly why I knock on Government doors and those of venture capitalists and not banks, certainly not after the first bank and absolutely not after I realised they were generally insolvent.

Better to short them, wait and take them on at their own game.