Saturday, May 25, 2013

Prolifiration of access mechanisms to payment schemes, will dilute security


It amuses me to see how payment schemes use all kinds of ways to reach an already seriously confused consumer. It seems as if it is almost required to show that customers can reach you in every conceivable different way. A company that is taking this to an extreme at the moment is American Express. By making use of their new Sync product (Read more here), one can now connect your valuable American Express card to (wait for it), Facebook, Foursquare and Twitter. Linking your card in this way allows you to buy special offers from these social networks without having to be re-directed to AmEx. This means of course that you trust the security of your twitter account with your purchase activity.

One could argue that this is not such a big thing as it is only for online offers and fraud opportunities are limited, but this was recently extended to buying gift cards and products from Amazon, Sony, Xbox 360 and Urban Zen by merely sending a tweet. Leslie Berland, SVP digital partnerships claims that they bring true value to customers in a world of social commerce (Read here), but I don't agree at all. By allowing access to the payment system in many different ways, with a myriad number of ways to get authenticated, surely one reduces the trust in the payment system. Customers want to be sure that their cards (or other payment tools) are protected by a simple mechanism (like for instance a PIN to be used always when a payment happens). It also seems as if the prolifiration of social media access, connecting in their own way, with their own hash-tags and special codes happens without clear design and architecture. What are the fundamentals (the un-negotiables) of the payment system, or are we at a stage where anything goes?
 
It is no wonder that in a recent review of payment tools in the UK, customers believe that cash is the safest way to pay. (Read here). We are creating a mess of the payment world if we cannot assure customers that their payment cannot be spoofed, attacked or phished. We can only do this if we keep the security simple, predictable and standardized.

Blackberry money ready to launch in Indonesia

Blackberry's BBM service is still very popular in many markets. One such market is Indonesia where Blackberry announced the imminent launch of BBM money in partnership with local Permata Bank and using the technology supplied by Monitise (Read here). According to my understanding the payment service (providing for Person to Person payments and other remote payments) will piggy-back on top of the BBM messaging service. It is likely that subscribers would send a BBM with some information to another subscriber, that will translate into an actual payment.

Proponents of these type of systems argue that it is easier for a subscriber to learn the payment system as it is based on something that they are already used to. They would not need to download a specific application and can start usinng the system immediately. It is also ideal to build viral characteristics into the system as many people are already using BBM. Similar arguments are being used for the recently launched Google payment solution to be based on gMail. (Read here)

The more interesting challenge from my perspective would be to ensure that the registration process is secure, that the source of funds are well worked out (for instance will this service require robust cash-in eco-system, or will it be based on debit cards) and ensuring that subscribers will be confident in using a messaging system to do payments too. There is still a lot of work before these type of payment systems will become mainstream.