Comments on: The Mobile Payment Conundrums: To Chip, To Store, To Bank? http://storefrontbacktalk.com/securityfraud/the-mobile-payment-conundrums-to-chip-to-store-to-bank/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Sun, 20 May 2012 01:49:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Howard Falcon http://storefrontbacktalk.com/securityfraud/the-mobile-payment-conundrums-to-chip-to-store-to-bank/comment-page-1/#comment-64029 Howard Falcon Thu, 08 Oct 2009 13:53:26 +0000 http://www.storefrontbacktalk.com/?p=3911#comment-64029 Interchange is not the issue it is the cost related to interchange. The banks and card associations are always looking for ways to make money and in the issueing of cards there is significant leway. Lets take MasterCard as an example. They must have 15 different World Cards and each may have up to 3 - 5 interchange levels. Now Why do they need to have so many card types and interchange levels? What is happening is that they come out with a new card and interchange set the pricing the same as another card for 6 months and change it. How many interchange levels are required. We now have over 400 of them. In regards to fraud and the cost of interchange, most fraud occurs from restaurants, yes more than internet transactions, yet restaurants get one of the lowest interchange rates. Try and prove that a corporate card / business card has more fraud per use than a generic card, don't believe it. Anyone that loves the interchange system in its present form is definately a bank. Interchange is not the issue it is the cost related to interchange. The banks and card associations are always looking for ways to make money and in the issueing of cards there is significant leway. Lets take MasterCard as an example. They must have 15 different World Cards and each may have up to 3 – 5 interchange levels. Now Why do they need to have so many card types and interchange levels? What is happening is that they come out with a new card and interchange set the pricing the same as another card for 6 months and change it. How many interchange levels are required. We now have over 400 of them. In regards to fraud and the cost of interchange, most fraud occurs from restaurants, yes more than internet transactions, yet restaurants get one of the lowest interchange rates. Try and prove that a corporate card / business card has more fraud per use than a generic card, don’t believe it. Anyone that loves the interchange system in its present form is definately a bank.

]]> By: Evan Schuman http://storefrontbacktalk.com/securityfraud/the-mobile-payment-conundrums-to-chip-to-store-to-bank/comment-page-1/#comment-63987 Evan Schuman Thu, 01 Oct 2009 16:41:24 +0000 http://www.storefrontbacktalk.com/?p=3911#comment-63987 Editor's Note: Dan, please allow me to clarify a point you addressed. You said "If someone makes an “unauthorized” withdrawal from your bank account, the bank will make you whole. The law demands it, not the credit card networks." That's very true. But they will EVENTUALLY reimburse the consumer. What happens to all of the bounced checks in the meantime? All of the insurance premiums and mortgages that can't be paid in that meantime? If there is a credit card breach, the pain to the consumer can be minimized. If it hits the bank account, it's a very different and more damaging situation. If the credit card bank needs two weeks to get a credit issued for a fraudulent charge, no problem. If the bank needs two weeks to replenish a bank account, it could be a huge problem. Editor’s Note: Dan, please allow me to clarify a point you addressed. You said “If someone makes an “unauthorized” withdrawal from your bank account, the bank will make you whole. The law demands it, not the credit card networks.” That’s very true. But they will EVENTUALLY reimburse the consumer. What happens to all of the bounced checks in the meantime? All of the insurance premiums and mortgages that can’t be paid in that meantime?
If there is a credit card breach, the pain to the consumer can be minimized. If it hits the bank account, it’s a very different and more damaging situation. If the credit card bank needs two weeks to get a credit issued for a fraudulent charge, no problem. If the bank needs two weeks to replenish a bank account, it could be a huge problem.

]]> By: Dan Stiel http://storefrontbacktalk.com/securityfraud/the-mobile-payment-conundrums-to-chip-to-store-to-bank/comment-page-1/#comment-63986 Dan Stiel Thu, 01 Oct 2009 16:36:02 +0000 http://www.storefrontbacktalk.com/?p=3911#comment-63986 First, I'm not sure merchants want to get out of interchange costs. Merchants just want some sanity in the interchange pricing schemes. Yes, data security is paramount in M-commerce. The bad guys are out there and they want to steal your money. Anyone dealing with data has got to outsmart them. The opportunity for M-commerce is to build an entirely new encryption and authentication model that makes PCI look like the lock on your high school gym locker. If "zero-liability" promises for the consumer is the issue, then an examination of ACH regs and card network chargeback policies should put consumers (and retailers) worries at ease. Or, in other words, merchants and consumers are fundamentally no better - or worse – under either scenario. There is nothing stopping retailers using ACH to handle payments from offering their own "zero-liability" promise. Insuring against that risk is certainly cheaper than the fudge-factor built into interchange fees for zero-liability. Fraud is still just a few basis points of card volume, even for the data-compromised. With enhanced data security and authentication, it can remain low, if not go lower. Reg. E certainly applies in most ACH transactions. Under today’s network/PCI rules, the networks and their bank partners agressively seek damages from data-breached retailers. Merchants worried about the liability will be courted by well-capitalized insurance companies and merchant processors who would be happy to manage that risk on behalf of merchants for premiums that are a fraction of current interchange costs. If someone makes an "unauthorized" withdrawal from your bank account, the bank will make you whole. The law demands it, not the credit card networks. The Originating Deposit Financial Institution is the one who is on the hook for allowing an unscrupulous operator to conduct unauthorized ACH transactions. All ACH transactions between Originators and Receivers must be backed by valid authorizations. Authorization requirements differ for the various ACH transactions. While a verbal or other non-written form of authorization is permitted for consumer credit transactions, a written authorization form provides proper authorization for consumer debits. This authorization must be readily identifiable as a debit authorization, the terms must be clearly stated and procedures for revoking authorization must be explained. The authorization may specify that transactions will be for a fixed or variable amount. Of course, if you're dumb enough to "give" permission to access your bank account to a scam-artist operating out of a third-world country or your neighbor’s kitchen, you may still be on the hook. Network rules operate the same way. Whether the loss is from a stolen account number because of a data breach at your neighborhood grocery store or because your next door neighbor's kid bought "do-it-yourself" bank check stock from Office Depot, ACH regs do a reasonably good job at protecting consumers - and merchants. First, I’m not sure merchants want to get out of interchange costs. Merchants just want some sanity in the interchange pricing schemes.

Yes, data security is paramount in M-commerce. The bad guys are out there and they want to steal your money. Anyone dealing with data has got to outsmart them. The opportunity for M-commerce is to build an entirely new encryption and authentication model that makes PCI look like the lock on your high school gym locker.

If “zero-liability” promises for the consumer is the issue, then an examination of ACH regs and card network chargeback policies should put consumers (and retailers) worries at ease. Or, in other words, merchants and consumers are fundamentally no better – or worse – under either scenario.

There is nothing stopping retailers using ACH to handle payments from offering their own “zero-liability” promise. Insuring against that risk is certainly cheaper than the fudge-factor built into interchange fees for zero-liability. Fraud is still just a few basis points of card volume, even for the data-compromised. With enhanced data security and authentication, it can remain low, if not go lower. Reg. E certainly applies in most ACH transactions.

Under today’s network/PCI rules, the networks and their bank partners agressively seek damages from data-breached retailers. Merchants worried about the liability will be courted by well-capitalized insurance companies and merchant processors who would be happy to manage that risk on behalf of merchants for premiums that are a fraction of current interchange costs.

If someone makes an “unauthorized” withdrawal from your bank account, the bank will make you whole. The law demands it, not the credit card networks. The Originating Deposit Financial Institution is the one who is on the hook for allowing an unscrupulous operator to conduct unauthorized ACH transactions.

All ACH transactions between Originators and Receivers must be backed by valid authorizations. Authorization requirements differ for the various ACH transactions. While a verbal or other non-written form of authorization is permitted for consumer credit transactions, a written authorization form provides proper authorization for consumer debits. This authorization must be readily identifiable as a debit authorization, the terms must be clearly stated and procedures for revoking authorization must be explained. The authorization may specify that transactions will be for a fixed or variable amount.

Of course, if you’re dumb enough to “give” permission to access your bank account to a scam-artist operating out of a third-world country or your neighbor’s kitchen, you may still be on the hook. Network rules operate the same way.

Whether the loss is from a stolen account number because of a data breach at your neighborhood grocery store or because your next door neighbor’s kid bought “do-it-yourself” bank check stock from Office Depot, ACH regs do a reasonably good job at protecting consumers – and merchants.

]]> By: Sid Sidner http://storefrontbacktalk.com/securityfraud/the-mobile-payment-conundrums-to-chip-to-store-to-bank/comment-page-1/#comment-63985 Sid Sidner Thu, 01 Oct 2009 16:30:04 +0000 http://www.storefrontbacktalk.com/?p=3911#comment-63985 This is a great dose of reality. There is a reason that interchange fees are what they are - they're worth it. Now, before you grab me and drag me around behind a car bumper, let me explain. A merchant may argue about whether merchant interchange fees are too high, but the value is not zero. First and foremost, your consumer's demand it. Some merchants are willing to not accept payment cards, but most have decided that such a position just isn't tenetable. Like it or not, the Brands have convinced consumers that they just can't live without their {credit, debit, prepaid, payroll, loyalty, gift} cards, through a combination of convenience and incentives, like points. Second, a merchant doesn't have to run their own credit program, like in the old days. These credit programs weren't free. Third, in our global economy, I can travel to another country on pleasure or business, walk into a Starbucks, and use my local banks payment card, and do business. Remember traveler checks? Remember getting mugged in a back alley with a fat wad of cash in your pocket? Other forms of payment have a cost, too. I don't want to sound like a shill for the Brands, but we must always remember that a payment card is both a technology and a way of doing business. It has value. The big question is, how much value?, and how is that value negotiated among issuers, consumers, merchants, acquirers and the networks? Ah, therein lies the rub... This is a great dose of reality. There is a reason that interchange fees are what they are – they’re worth it.

Now, before you grab me and drag me around behind a car bumper, let me explain. A merchant may argue about whether merchant interchange fees are too high, but the value is not zero.

First and foremost, your consumer’s demand it. Some merchants are willing to not accept payment cards, but most have decided that such a position just isn’t tenetable. Like it or not, the Brands have convinced consumers that they just can’t live without their {credit, debit, prepaid, payroll, loyalty, gift} cards, through a combination of convenience and incentives, like points.

Second, a merchant doesn’t have to run their own credit program, like in the old days. These credit programs weren’t free.

Third, in our global economy, I can travel to another country on pleasure or business, walk into a Starbucks, and use my local banks payment card, and do business. Remember traveler checks? Remember getting mugged in a back alley with a fat wad of cash in your pocket? Other forms of payment have a cost, too.

I don’t want to sound like a shill for the Brands, but we must always remember that a payment card is both a technology and a way of doing business. It has value. The big question is, how much value?, and how is that value negotiated among issuers, consumers, merchants, acquirers and the networks?

Ah, therein lies the rub…

]]>