Tag: credit cards

A world of criminal sheep

Are we are all criminally inclined sheep that need to fleeced and controlled?

Notorious unpaid blogger Michael Arrington recently described his battle with a bank over direct debit charges.

To overcome a fraudulent recurring charge on his credit card, Arrington cancelled his account only to find the bank moved the recurring charges to the new card, a ‘service’ designed to avoid fraud and save customers the hassle of re-establishing legitimate direct debits after a new card is issued.

Both of those are noble reasons but the core of this philosophy lies in a contempt for customers which can be summarised in two principles.

A customer is;

  1. A sheep to shorn of any available cash through sneaky fees and shady business practices
  2. A criminal

In the 1980s business school view of the world, customers are criminally inclined sheep who have to be regularly shorn to enhance profits and controlled so they don’t go anywhere else.

Only businesses operating in protected environments can get away with this today and the two obvious sectors are banking and telecommunications.

The telco industry long soiled its nest with consumers with dodgy charges and a contempt for customers which reached a peak (nadir?) with the ring tone scams where kids had their phone credits pillaged by fees they never knew they had signed up for.

While those dodgy charges paid the handsome bonuses of telco executives, it proved to another generation of consumers that these companies see their customers as sheep to fleeced on a regular basis.

Ironically it’s that lack of trust that dooms the telcos in the battle to control the online payment markets – their practices of the 1980s, 90s and early 2000s mean few merchants or consumers will trust them as payment gateways.

One of the strengths banks bring to that market is trust. Like cheques, credit cards succeeded as a payment mechanism because people could trust them.

In screwing customers over direct debit authorisations, the banks are damaging that trust as Arrington says “I really don’t think I’m going to be giving out my credit card so freely in the future.”

That’s a problem for businesses as direct debiting customers have been a good way to ensure cash flow and reduce bad debts but when clients perceive there is a high risk of being ripped off they will stop using them.

Businesses that insist on direct debits will be perceived as potentially dodgy operators who rely on locking customers into unfair contracts rather than providing a decent service for a fair price.

So the banks’ position of legal power works in their short term interest and against them – and the merchants using their services – in the longer term.

While bank and telco executives with safe, government guaranteed market positions will continue to treat customers like criminal sheep it’s something the rest of us can’t get away with.

The winners in the new economy are those who deserve to be trusted by their customers and users, if you’re abusing your market and legal powers then you better hope politicians and judges can protect your management bonuses.

Similar posts:

Continuing the online payments battle

Mastercard’s PayPass is a direct challenge to Visa and PayPal

Today Mastercard announced their PayPass service, a “digital wallet” that allows consumers to pay through various online channels including the web and their smartphones.

Mastercard’s PayPass is the latest move in the battle to control the online payments industry as consumers move from plastic cards to using their mobile phones and Internet devices.

One of the interesting aspects of PayPass is how it is a direct challenge to PayPal who in turn recently launched their PayPal Here service which threatens incumbent credit card services like Mastercard and Visa along with upstarts like Square.

While its early days yet in the mobile payments space as consumers slowly begin to accept using smartphones and tablet computers to pay for goods and services, its clear the industry incumbents are moving to secure their positions in the market place.

It’s going to be interesting to see how this develops, many merchants will be hoping this competition starts to drive down transaction costs.

Similar posts:

Strategic lessons from a security breach

What businesses can learn from Stratfor’s data lapse

2011 has been the year of the IT security breach. Big and small organisations around the world ranging from major corporations like Sony through to smaller businesses such as security analysts Stratfor found their customer data released onto the web.

The frustrating this is most of these breaches are avoidable and “hacking” is often giving too much credit for the security used by the targeted companies.

While the ‘hackers’ themselves may be skilled, the compromised organisations are often easy targets as they don’t follow the basic rules of protecting their data.

Standards matter

Customer payment account details are covered by the Payment Cards Industry -Data Security Standard (PCI-DSS) operated by the PCI Security Standards Council.

The PCI Security Standards Council helpfully has a range of information sheets for merchants of all sizes and if you are taking payments off the web you should make yourself aware of the basic requirements.

For most businesses, the cardinal rule is not to save customer’s card details. Once the payment is approved, you have no business retaining the client’s credit card or bank account numbers.

In Stratfor’s case, they were almost certainly processing payments manually and credit card details were being saved on customers’ records in case of errors or to make renewals easier.

Call in the professionals

There’s no shortage of payment companies, ranging from PayPal through specialist services like eWay to your own bank’s services. Choose the one that works best for you. If you have no idea, call in someone who does.

One of the arguments for using outsourced services, particularly cloud computing, is how data security is a complex field that requires professional and qualified expertise. The internal systems of Sony, Telstra and Stratfor were not up to the demands placed upon. A professional service is better equipped to deal with these issues.

Size doesn’t matter

A major lesson from the last year’s security breaches is that it’s not just the local shop or garage e-commerce business that is careless with data. Some of the world’s biggest companies and government agencies have been compromised.

If anything, Sony’s experience has shown the double standards at work in the application of security rules; there’s no doubt that had a local computer shop been as thoroughly compromised as Sony were, they would have been shut down on the second breach and the management would have been carted off to jail well before the twelfth.

For the management of Sony, there seems to have been little in the way of sanctions of the people nominally responsible for this incompetence. This has to change both within organisations and by those charged with enforcing the rules.

The lesson for customers is you can’t trust anyone with your data; don’t assume the big corporation is any more secure than the serving staff at your local sandwich shop.

Passwords matter

Every time one of these breaches happen we hear about password security, with “experts” pointing out that some of the subscribers were using passwords like ‘statfor’ or ‘password’.

For customers, this actually makes sense if you can’t trust third parties with your details so specific, disposable passwords for each site should be used. There’s little point in having a complex password if some script kiddie is going to post your login details onto 4Chan.

Naturally your passwords for banking and other critical websites should be very different and far more secure than those you use for sites like Stratfor and the Sony Playstation Network.

Will 2012 be any different?

Given the data embarrassments of 2012 for businesses and government agencies, can we expect lessons to be learned in 2012?

While many businesses are going to learn specific lessons from these breaches, there’s a management cultural problem where any spending on information systems is seen as a cost that has to be minimised.

This cost cutting mentality lies at the core at many organisations’ failure to secure their systems properly and until a more responsible culture develops we’ll continue to see these lapses.

Good managers and business owners who understand the importance of guarding their organisation’s and customer’s data are those who are ahead of their competition. Over time, these folk who will have the competitive advantage.

For customers, the sad lesson is we can’t trust anyone and a layered approach to security along with keeping a close eye on our bank accounts and credit card statements is necessary.

Similar posts: