The big bank cyber cover-up

15 04 2015

Something that I have long suspected (and been aware of) is that banks don’t like admitting when money goes missing. It doesn’t matter if it is their money, or yours and mine, the point is if anything goes missing it looks bad for an institution that is supposed to be your secure holder of money. It really doesn’t matter the circumstances either, be it with a dodgy employee doing something naughty at the cashier’s desk, or customers being subjected to cybercrime and fraud, the fact is the bank won’t report it…This thought of mine is backed up by a statement made by the City of London Police chief Adrian Leppard, claiming that he believes up to 80% of online crime goes unreported. Have a read of this article in finextra http://www.finextra.com/news/fullstory.aspx?newsitemid=27226

The challenge

So why is cybercrime growing so massively? The simple fact is, something I’ve been complaining about for a long long time now, is that no matter what you do, you cannot secure something that is inherently not secure. What do I mean? Well card details are not secure. They are printed on the thing, nothing sophisticated is needed to get hold of card details at all. This means card schemes, banks, payment service providers, online payment gateways, businesses, all have to spend vast amounts of money on trying to prove that those card details (at the point of a purchase) are in the hand of the owner. The simple fact that I can get those card details so easily, means that for a person willing to undertake some cyber fraud or card fraud in general, it’s easy, it’s a weak point in the system.

My point is proven even when you add technology upon technology upon technology. Just look at the recent issues with Apple Pay. Apple, claiming the system is so secure is actually not a million miles away from the truth, if Apple could secure the card details that were added to the device, but since these are not secure in any way shape or form, it’s easy to just add other peoples card details to my own Apple device and away I go…

The solution?

The solution is so blatantly simple it frustrates me. Move away from Cards! We don’t move away from cards because of the cost of the card scheme infrastructure, an infrastructure that is so massively outdated in today’s cyber world. Card schemes are simply easy pickings for cyber fraudsters.

When I say move away from cards, I don’t mean just replace the physical card with your phone, ala Apple Pay, I mean ditch the scheme itself. There really is no need for a card to be required in a transaction, this is proven by a number of mobile payment technologies out there that move away from card schemes and look at their own scheme effectively, utilising “e-money”. These businesses / schemes have a massive opportunity to provide security that simply removes fraud, build technology built with modern day living security in mind, and all of a sudden, the fraudster’s life is much much harder. If you detach from the dependency on a card scheme, you have payment systems that are secure, you reduce fraud, you reduce risk, and you drastically reduce the cost of a transaction for a business, and ultimately the cost of products / services consumers purchase.

The only issue, business adoption, educating businesses of the benefits to them, the cost savings and the difference in user experience. That’s the massive challenge, something why mobile payment start-ups are failing. Business owners simply don’t have the time to be educated on this stuff….

So the company that cracks that nut, could get a new scheme out there and start reducing the levels of cyber-crime….Sure the banks eventually will like that idea!





The cost of plastic

7 02 2014

We live in a digital age, and yet all our online and over the phone payments are carried out based on a very non-digital technology – payment cards. Essentially cards are protected by you needing to know a few numbers off the face of the card, and 3 additional security numbers on the back. If you aren’t the only one who knows those numbers, then you aren’t the only one limited to spending on that card.  Yes, there are many new security measures online, such as 3d secure and verified by blah, and yes, there are endless reams of PCI compliancy rules that businesses should follow. But at the end of the day, a bunch of numbers is hardly the easiest thing to secure.

 

The end of cards?

Cards have served us well for a long time now. But the cost of issuing a piece of plastic with some numbers on, isn’t cheap (on such a large scale). The costs of trying to protect those numbers for banks and mainly businesses are always on the increase, and this always results on businesses being charged more to accept a card based payment. What’s worse is, that when that card isn’t physically present, such as online or over the phone (especially when online sales are increasing) the poor old merchant is charged even more for the pleasure of accepting their customer’s payment.

What we must remember is that fraud doesn’t cost your issuing bank much at all. Rather it is the merchant who sold the goods that loses out financially, and they will lose out on the value of whatever they sold. For small businesses that’s quite a risk, especially when they branch out onto the web. I have known many small businesses to be stung like this, loosing thousands in revenue and of course lost product (a double hit for them).

Now we have a number of alternative payment systems and services starting to become available, some in the form of virtual currencies, mobile payments, different payment schemes and processes online (ala PayPal) and these are starting to become quite disruptive to the traditional card schemes and banking business. With alternative payment options growing in popularity, could this possible be the beginning of the end of the card? I say the beginning, as cards are heavily entrenched in our daily lives, and to date, only Starbucks IMHO has shown that consumers and businesses are starting to really make a choice when making a payment – and opting for something other than their card.

 

Digital payments for a digital age

I am a strong believer that when the technology landscape changes drastically, you need to embrace it fully. When cards were first becoming popular, there was no internet, no over the phone payments nor over the phone banking. But the internet is here, and cards haven’t changed at all. The infrastructure hasn’t changed, all that has changed is that software developers let us type in our card details so that the card can be identified. Not much evolution or embracing of the new digital age there.

Payment schemes need to be designed with their current landscape in mind, payments need to be designed for the digital world, which with mobile devices now blends seamlessly at times into the real world. This is what we have done at CloudZync. We have designed a payment scheme for the digital world that can be used online and out there in the real world, day to day via your personal mobile device.

For me, this is just the beginning of looking at how we transact, how commerce takes place, how customer relationships are forged in the real and digital worlds, and it’s an exciting time to be in this space. CloudZync is pushing the boundaries of what we expect from financial products, commerce, customer relationships and in terms of technology making our lives easier. Technology making my life easier and safer as a consumer, and the same applies to businesses. Technology making sales, transactions, experiences and relationships easier to manage and more profitable. To achieve these goals, we must always challenge what has gone before and that includes cards and banks…