Teenage children of our friends taught me the most typical response they often give to their parents - stretched out index fingers and thumbs forming "W". "Whatever..." (If you then flip hands down, you get even more emphatic message - "Whatever, Mom!..")
That's how the payment industry is approaching fraud and security. Like teenagers and sex, they talk about it, but don't do it. And when "parents" (regulators, security experts, innovators, etc.) say something reasonable on the subject, the industry nods
as if in agreement, with "W" hands in front of them. Why?
Well, because fraud doesn't hurt that much. We all know that we need to do more exercise, eat healthy food and drink moderately. In the real world? "W".
We all know the extent of online fraud and the damage potential of identity theft. Yet, funny enough, "not only do customers not care about security, they will actively switch
to service with less security if it is more convenient or cheaper despite telling researchers that they value security and think that security is important."
A year ago we developed a proof of concept for online "chip&PIN" transactions. We decided not to go through the expense and hassle of EMV/PCI certification until we had strong customer interest. Guess what. Despite all the (strong) evidence of
how serious the problem of fraud and identity theft is, and despite a lot of heads nodding in agreement, neither merchants nor consumers were really interested. Free device, 5-minute sign-up, etc didn't lead to a single tangible traction. Yet, during the same
period we saw strong uptake of "insecure", yet convenient solutions. Makes you think... Twice.
I recently questioned the business case behind Secure Electrans' HomePay. In his comment, SE's MD gave all the (sound and valid) arguments we were using a year ago - how important security
is, how costly fraud is, etc. Do they have merchant and, most importantly, consumers queueing? I hope so...
E-comm is dominated by a few 100-pound gorillas. The name of their game is "frictionless". Amazon is happy to eat some fraud as long as customers keep coming back and buying more. Anything which could lead to abandoned carts is discarded. eBay relies on
PayPal to deal with fraud (and PayPal are doing a great job!).
The US market is still clinging to a poisonous mag stripe, resisting EMV advances. Some say the cost of EMV deployment is too high. Not with $50 EMV terminals and $2 EMV cards. Even short-term benefits outweigh the cost and hassle of EMV switch, on many
levels. Take the pill, wince once, enjoy healthy life thereafter - what could be simpler?.. Yet, convenience of the status quo wins over the bitterness of fraud. (Not to mention general inertia of the masses when it comes to changing habits and adopting new
Does it mean that "online chip&PIN" won't work? Not at all. If consumers are offered an easy-to-use solution that gives them convenience and multiple tangible benefits (as well as security), they could start using it. E.g. faster and simpler checkout process.
If merchants see millions of consumers having access to such a solution and willing to use it, they could integrate it. For that to work for both sides of the equation, such a solution has to be much simpler and more compelling than clicking on the PayPal
button. And that is not a small task: as a consumer, I need 10-15% discount to make me reach for the dongle, get the card out of my wallet and punch in my PIN - instead of enjoying the speed, simplicity and convenience of PayPal. But then maybe I am not a
It's a classic "chicken & egg" dilemma. Solution? "Ducks!" (A father is explaining to his young son what an "alternative" is: "You build a successful chicken farm business and make millions. Your business grows. Then one day, it starts raining, and rains
non-stop for a year. Water level rises and all your chickens are dead. Your business is ruined!" - "So, Dad, what is an "alternative?" - "Ducks!")