I was never sure why the Competition and Markets Authority (CMA) allowed the UK’s shared ATM network to be sold to Mastercard. To me, it looked very much like Mastercard was being allowed to gain significant advantage over its rival card schemes. How can the CMA look at the relative situations of Visa and Mastercard in the transaction processing world and not conclude that there was a significant difference?
It’s not like it was just the LINK ATM network. They were given control over the account to account transfer services in the UK too: key financial infrastructure services that, in my opinion, should be managed centrally for the benefit of all.
If it is correct that the LINK TSG is being wound up, then it is clear that the management and control of the shared network is being transferred from the members to the “owner”. The implication is that the service provided to the members will then be that which the “owner” wants to deliver, rather than that requested by the members.
If we follow the bunny of conspiracy down the rabbit hole of destiny, as our eyes become accustomed to the darkness, will we see a future where the LINK ATM network has been mothballed, and all LINK ATM transactions are processed through the Mastercard network?
How can LINK commit to delivering ATM services in areas where ATM profitability is low, if LINK is not going to exist?
Is the loss of the LINK TSG the first step in losing LINK ATMs?
Banking lobby UK Finance is proposing a universal tax on bank transfers to build a fund that could be used by banks to compensate victims of account transfer fraud.
One wonders what is driving such an approach.
If the victims were defrauded out of cash in their wallets – by scams of a similar nature – it would certainly not fall to the banks to provide a refund. Handing over current account login details may not be the same as handing over a wallet-full of cash, but the interactions between fraudster and victim that lead up to the deed are. It is the social engineering processes that precede the fraudulent activity that we should be focussing on, not the act of transfer itself.
Is this really a problem for the banks?
If this is not a direct banking problem, the problem lies in the gullibility and therefore the vulnerability of bank customers. However, the problem is exacerbated by the speed at which bank balances can be expropriated and transferred.
The development of real-time banking services has fueled the development of fraud vectors focussed on social engineering mechanisms.
A victims fund finaced by a payment tax is not the answer. The answer must lie in modifications to the ecosystem to reduce the opportunities for fraud, but this has a cost.
There are solutions but fraud prevention has never been a headline grabber.
And the good news is that card fraud losses at terminals in the EU are at their lowest level since 2005. It looks like much of it is down to EMV, which limits the effectiveness of card skimming strategies, although the excitable clever people are telling us that it’s down to geo-blocking, fraud monitoring and fraud detection. I am not sure how true this is as I would think that these techniques are more suited to preventing fraud on non-EMV transactions.
Since the ability to clone and create a usable EMV card is non-existent, the opportunities for fraud using EMV cards are seriously limited. It is well established that there can be no duplicate EMV cards. If this is the case, then an EMV card must either be in the hands of its rightful owner, or it must be lost or stolen. If it is in the hands of its rightful owner, then there is no fraud, and if it is lost or stolen, there is essentially a four hour window of opportunity for any would-be criminal. Adding geo-blocking, fraud monitoring and fraud detection is not going to identify lost and stolen EMV chip cards.
Geo-blocking, fraud monitoring and fraud detection are more suited to payment ecosystems that rely more on mag stripe, and can be effective in the e-commerce world. The reduction in fraud that we have seen over the years is due primarily to the introduction of EMV – in the UK – back in the early part of this century. It is now spreading out and we are reaping the benefits. If you want to see how much benefit we are reaping, look at the card fraud levels in the US.
The impact of reducing the opportunity for fraud in one sector is to increase its presence in others. We are inevitably going to be seeing a growing number of social engineering attacks, as the vulnerability of people is now greater than the vulnerability of the card payment systems. We need to be looking at finding ways of preventing the growing financial losses associated with current accounts.
The Payment Monkey is now online, more or less, and the first blog post has been added. At this point, I should say that much of the content has been generated by an infinite number of monkeys banging away on quite a lot of typewriters. Spare monkeys not assigned to the less than infinite supply of typewriters are employed to proof read and sanity check, and because of this, most of the random noise has been eliminated.
Updates will be published as and when the Payment Monkey is inspired by activity in the transaction processing and card payment world.
The site is open for comments, hopefully for some lively debate, the Payment Monkey will respond.