Even back in the 1990s when ecommerce was in its infancy, there were always other ways to pay. It’s just that they were rubbish – inconvenient, fraud prone and slow. You could mail a cheque or cash, wait for days and risk being defrauded by an unscrupulous
merchant. It was no real surprise that with its universal deployment and its established dispute resolution system, the card payment system dominated payments in ecommerce. They simply were the best available method and rapidly they became the way in which
trade on the internet was performed.
But let’s not fool ourselves that card payments are well adapted to usage online. Devised originally to operate in a paper environment, they were upgraded to work with a magnetic stripe and subsequently squeezed via mail order and telephone order processing
into an online environment. It was always a bit difficult to use a card online. Typing in a 16 digit account number, a 4 digit expiry date and a 3 digit card verification value, none of which the user can possibly remember is a fairly long winded process.
Oh, and then you have to enter your billing address and make sure to distinguish it from your mother’s address if you’re sending her a present. We became acculturated to these processes, but they were never convenient.
And card payments were vulnerable to fraud: at first the fraud risk was due to criminals misusing card numbers during the transaction process and (and let’s not fool ourselves about this) it was also the exploitation of the generous chargeback rights granted
to customers which, in effect, allowed then to deny participation and be believed – so-called first party fraud. To address this, the card schemes implemented better fraud prevention measures; Verified by Visa and MasterCard SecureCode have been broadly deployed.
But there was a cost in further inconvenience for the cardholder. But still customers complied – they wanted to buy on line and there really was not a practical alternative.
The nature of the fraud changed, rather than trying to compromise the transaction, the criminals realised that they could harvest industrial quantities of data by hacking the databases where card details were stored. Attacks were launched on
processors. Literally hundreds of millions of card numbers were stolen and misused in these attacks. The card schemes once more moved to address the issue and devoted significant resources to the implementation of PCI-DSS (the Payment Card Industry Data
Security Standard). This has placed a massive burden on the merchant community. The costs of implementing PCI have been estimated to run into billions of dollars.
It was certainly possible to devise a payment scheme which doesn’t suffer from these systemic issues, which doesn’t leave traces of data valuable to a fraudster as a by-product of making a legitimate payment. And security doesn’t necessarily mean inconvenience
either. Over the years lots of different systems were devised.
But the problem wasn’t building a better mousetrap, the problem was getting enough people to make a beaten path to your door. The thing about payments is that they are a networked good. Despite the inconvenience, the really valuable thing about a payment system
is the number of users that it has. Without lots of consumers, there’s no point in a merchant deploying. And without lots of merchants there’s little incentive for a merchant to adopt.
But there are a couple of straws in the wind: In the Netherlands, cards are now a minority of ecommerce payments. There the payment system
iDeal accounts for more than 50% of all ecommerce. How were they able to get ubiquity? For the Dutch, this was achieved since iDeal is a bank operated scheme and all the major banks in the Netherlands simply decided
to participate and equip their consumers with the facility.
For PayPal it was a lot harder, they literally had to bribe consumers to come onto the platform. At first PayPal offered each user you adopted their product $20 every time they recruited a new user, later reduced to $10, then $5 and finally dropped. Crude,
yet effective. And now PayPal has more than 230 million accounts and a survey by has found that “PayPal is a more preferred method of online payment than credit cards for consumers in Europe and the Middle East”. That’s something to put a shiver down the spines
of Visa and MasterCard.
Whilst Visa and MasterCard are still the web’s favourite way to pay, without solving their convenience problem will they still be in 10 years time?