The problem is that consumers have given control of their debit cards over to the merchants. When they do this, they (possibly inadvertently) give them a blank checkbook. A credit/debit card should be more like a virtual wallet than a blank checkbook. I would love merchants to have to ask my - not my banks - permission each time they wanted to charge me.
The system right now relies on the honesty of the merchants. If all charges had to go through the consumer's approval first, then I don't think we'd see much of the free credit report scams anymore. Instead of having to call up a recurring (and unsolicited) biller, just decline all payments to the merchant and let the merchant figure out that they're not getting paid.
If I had the means, I think I would start a Bank 2.0. It would have a killer web interface, charge authentication through cell phones or control panel, and instead of dealing with loans and interest, I would probably make make money through Visa charges.
I had the same idea. I figured that VoIP made it cheap enough for a computer to call me whenever someone tried to charge my card, and I would have to enter a PIN on the phone before it authorized it.
If the timeout on POS card terminals is long enough (about 30-60 seconds), it's enough time for a computer to call my cell, read me the amount to be charged, then wait for me to enter a PIN (not necessarily the same PIN you use on an ATM).
A bank could offer a web interface for me to authorize a list of "always allow" merchants and their charge limits so I don't have to re-authorize supermarkets and recurring subscriptions.
And finally, an interface to list "always deny" merchants.
I like the idea of cancelling an unwanted service by shutting off the flow of money, and then calling their customer support to notify them.
In fact, I think that should be a basic human right. I shouldn't have to argue with a Customer Retention Department (something that pisses me off just in the concept alone), I should just inform them (or let my bank inform them), that I'm no longer their customer.
Me: "Hi, I've cancelled my account."
Them: "I'm sorry, I'll have to transfer you to a customer retention representative."
Me: "No, you don't understand. I've already shut off payments, I'm just giving you a courtesy call. Bye."
I've done that last thing in the UK, however I had to do it via the fraud dept. I had to report unwanted chargers from an e-tailer I'd "cancelled" my account online with as fraud.
However Barclays did make it a reasonably painless and speedy task (comparatively).
On the other hand, consumers have superpowers for chargebacks. If you call up your credit card company and complain you didn't receive a product or you got charged for something that you didn't order you get a refund at the merchants expense.
I have heard cases of merchants that delivered products personally & received signatures getting chargebacks. If the transaction happened over the internet then police, CC companies & banks guaranteed to side with the customer.
It is at the point where it just stops a lot of commerce dead. For many companies fraud is far more expensive then credit card charges. Ironically, this is more the case in commodity industries where margins are pretty low anyway.
Just try ordering some easily resalable product (EG a phone) from an overseas merchant. I know one merchant who throws away any order that come in over the net & retakes the order over the phone because (a) it throws off a lot of the fraudsters & (b) phone-credit fraud goes to a less crowded desk then internet-credit fraud. He is willing to work hard & throw away 1/4 of probably legitimate orders to verify authorisation. There is no way for them to accept money in a way that is guaranteed to stay in their account.
Fraudulent merchants may have a lot of power in this situation but honest merchants are screwed.
If your bank 2.0 was real, you would have the support of most small-medium online stores of you had a logical trade-off in place: Consumers must verify payment / Payments are verified, they can't claim this transaction is "unauthorised".
There are already a couple of ways to help prevent charge abuse by merchants.
Several card issuers already support either single-use numbers, where you get a number issued that works exactly one time for a maximum amount you specify, or enhanced authorization, where you have to verify through the issuers website every time an online charge is processed.
Oddly, almost no-one I've talked to is aware of the programs that already exist (and often for free) to help with fraud.
There have been many proposals to do something like that. There is a proven way to use something called digital cash using public key encryption.
Digital cash allows you to send a long number which represents a single payment and can only be used for that single payment. Thus if the number represents you paying $100 to priceline.com, it can only be used for a single transfer of 100. If someone else tries the same number again, the bank will say, sorry this one has already been used up. In addition to being secure this system can provide absolute privacy.
So theoretically, it is possible but it has not happened. I think one reason is that credit card companies like having people's personal information and being able to see all their purchases.
I've thought the same thing. Why isn't there a system that requires a small inconvenience or effort before a particular transaction goes through? Example: I go to buy something online, but before the money really goes from me to the merchant, I have to phone in, identify/authenticate myself, and identify some transaction details (perhaps an ID, the dollar amount, the merchant's name).
I'd be happy to go through a few minutes of inconvenience for a large purchase if it meant significantly greater security for my credit card.
Because both credit card companies and merchants want buying to be as easy as possible without any steps that may give you second thought. Credit cards are all about impulse buying.
We need is more "push" payment systems. They are inherently more secure than "pull" since the customer controls the process.
This is how it works in Germany. You order something and the merchant provides their account number and an order number. You login to your online banking, and send the money. Done.
Fast, inexpensive, simple and secure. One big reason why PayPal and credit cards aren't popular in Germany.
That is pretty much how the dominant payment system in the Neterlands works (iDEAL):
1. The merchant shows a list of banks that support iDEAL (all major banks, currently 8)
2. You pick yours, the merchant sends you to your online banking environment
3. You log into to your bank account (with your username and password)
4. You review the proposed transaction
5. A transaction code is sent to your mobile phone which you have to enter (alternatively, a list with numbered transaction codes is sent to you using snail mail in advance, the website gives you the transaction code it wants which you'll have to offer; transaction codes are used only one time)
6. The transaction is made instantly and confirmed with the merchant. To the merchant's advantage, the transaction is irreversible.
The total cost can be as low as 45 cents for the merchant, with no fixed or upfront costs.
One of the real problems is that often the card companies make it hard to dispute things.
I used to get billed $1 per month on my PayPal account for something called "YOURSAVINGSCLUB". This went on for like 6 or 7 months. I called their number to "cancel" whatever it was they were charging me for, and they said they required my credit card number to cancel my account. Given I already knew they were dishonest, I wasn't going to give them my number again, just in case they didn't actually have it and relied on a third party for the billing.
Anyway, I tried to resolve it instead through PayPal but to do so involved a Fax machine, and everytime I started the process I gave up because it wasn't worth the time for the one dollar.
Luckily I think PayPal finally figured it out and cut them off, as I haven't been charged in 6 months or so.
PayPal is completely different than a credit card. What you probably should have done, if the PayPal charge was coming off of a credit card, is dispute the PayPal charge with your credit card company.
The actual staff report linked in that article is well worth the read.
These companies are basically running shady private tax schemes. No value-added.
I'm glad the senate report provides a list of the 'partner' commerce companies that have made over $1MM using these schemes. I'll be thinking twice about giving any of them my business.
[PDF]http://commerce.senate.gov/public/_files/111609EXHIBITSTOSTA...
It is amazing to me how credit card companies allow these scams to exist. If somebody does charges people without their consent, they are bound to get a lot of chargebacks and this is just a headache for the cc companies. Also, it is not in the credit card companies interest to allow the credit cards to be conduits for scams.
My parents used to have a business and even though it was a completely legitimate business they were constantly scared of chargebacks. They knew that even a small percentage of chargebacks can cause them trouble with the CC companies and offerred their customers money back whenever possible to avoid chargebacks. And again this was an honest business selling real tangible things to people that knew they were buying those things, not some online scam.
But now you see some companies use credit card billing for nothing but scams and somehow they are allowed to keep their merchant accounts.
The background of the Priceline guy is in using game theory and psychological tricks to maximize the addictiveness of slot machines. That's the whole point of Priceline, to apply these tricks to online shopping to maximize the revenue. This is pretty obvious going in, and maybe the site is deceptive above and beyond that, but is this really a surprise? It seems like they've crossed the line here and this should be fixed, but you really shouldn't be shopping there in the first place.
> but you really shouldn't be shopping there in the first place.
What makes you say that? I wanted to rent a small car for a week and not one site quoted under $300. Priceline quote came in at $120 from the exact same car companies. It worked out great for me. Of course, I was very cautious about not signing up for 10 other things.
The problem is that it's extremely hard to know you are a buyer at all. They put a lot of effort into concealing you'll get charged, and since they silently get your credit card details from the hosting site, you don't get the usual 'enter numbers and agree' page to signal you're entering into a transaction.
Is there any legitimate reason for a company to pass your payment information onto another "partner" (aside from a payment processor like PayPal, etc)? I can't think of one.
If there isn't, the simple thing would be to just ban this practice.
Hopefully that's all they ban...situations like this make me nervous because legislators don't seem to have the ability to comprehend an industry before they pass sweeping legislation. I could easily see the backlash from this resulting in legislation that forces online merchants to make customers jump through a bunch of hoops before they can sign up for a monthly recurring billing plan.
Well, I don't trust priceline anymore. I used to recommend them to everyone, but not anymore. I booked hotels and rental cars frequently when I traveled and I need another one soon, but I think I might not use them this time.
The system right now relies on the honesty of the merchants. If all charges had to go through the consumer's approval first, then I don't think we'd see much of the free credit report scams anymore. Instead of having to call up a recurring (and unsolicited) biller, just decline all payments to the merchant and let the merchant figure out that they're not getting paid.
If I had the means, I think I would start a Bank 2.0. It would have a killer web interface, charge authentication through cell phones or control panel, and instead of dealing with loans and interest, I would probably make make money through Visa charges.