When I woke up this morning, waiting in my email inbox from a dear friend and long-time-loyal to Losing Face, was a link to an article from the BBC News website. The only other text was, “Get on this quick…”
It is about the new Emue card technology, aimed at tackling the growing level of internet and phone card fraud or, as the pros refer to it, ‘Card Not Present Fraud’ (CNP for short). The Emue technology isn’t all that new, Australia has already had a trial run (complete with prop-destitute trailer) last year and Visa have been talking about it for a good 18 months, still this is its first real public break in the UK.
Reading it within minutes of waking up was more than a little tricky but, two or three attempts later, it made sense and I’m left with mixed feelings toward the proposed technology.
The card has a built in 4 digit code generator which will be needed whenever making a transaction online or over the phone, therefore eliminating [or at least reducing] the ability to thieve a card, go to an internet café and blow a couple of grand on bits and bobs from Amazon.
As a concept, that is grand; I, myself, have fallen victim to CNP fraud only this year and it is quite a horrible ordeal. Whilst your money is still ensured by your bank, the lack of an actual event makes the entire experience quite murky and uncertain. At least having your card stolen in person provides an awareness of what is happening and what might then happen!
With CNP, you might be utterly unaware of any ill behaviour until a voice at the end of a phone line casually informs you that someone has pretty much drained your entire account from the other side of the world whilst you slept soundly and unaware.
But, whilst the concept is bang on, and there is a clear and present cause for concern surrounding CNP fraud, is this the right mechanic to solve the problem?
Assuming everything works, and Visa are confident that the battery life on the card will outlive the valid dates, I am sure this really is will dramatically reduce CNP fraud following a worldwide roll out.
But, what happens when it doesn’t? Buttons that need to be pinched rather than pressed, a little LCD screen that could crack… operationally, a number of new things could go wrong that would result in needing a new card more frequently than our current system.
Personally, I’d rather have to order a new card every 6 months than have to go through the uncertainty and rigmarole of losing a load of savings to some faceless arse-hole hiding away somewhere in the world but I can’t help thinking that this creates a new set of user-facing problems whilst resolving a worldwide concern.
Isn’t there a way of securing online payments that doesn’t rely on additional, physical processes? And why does the resolution usually boil down to numbers and codes?
If a bank card is personal, the money that that card represents is personal and the purchases made with that card are personal, surely there is an opportunity to do away with adding more identity that will inevitably be copied and relying on physical ambiguity and personal recollection?
What if the online (CNP) access to my current account had nothing to do with my day to day electronic access (whether that is a card, phone, sticker – anything) and instead was simply something I had engrained in me?
If I was to purchase a CD from a website and, when settling my order, I had to submit utterly unique and personal anecdotal information plus one bank-issued serial?
The bank serial could be different from my actual account number thus reducing the online/offline data cross over, the personal information or passwords could be three tiers deep, and all of which would never need to be written down or stored because it is all already deeply engrained in my personal memory. Hell, one of the references could be a favorite quote or sentence from a favorite book or film or song!
As an example, below are four variables that could, literally be anything. Even the people that know me inside out wouldn’t know what to write if there weren’t any prompts next to the input boxes.
- Account Reference: 12345678
- Personal ID #1: “I heard that!”
- Personal ID #2: “I’ll love you forever, if I ever love at all.”
- Personal ID #3: Sunbeam S7 Deluxe
Written like this, it is more like playing Jeopardy than a secure way of buying something from the comfort of your home but if, when registering for CNP authenticated transactions with your bank in the first instance, the user was given a choice of 10, maybe even 20 prompting questions in which they choose 3, the answers could be anything as long as they mean something to that one unique user.
No need for pressing extra buttons on a card, or another random 4 digit pin, just memories.
Unfortunately, whilst this is all well and good [albeit utterly unfounded and non-academic opinion] but I have had the great fortune in meeting some of the industry’s leading innovators and developers – I’m positive, anything they are putting forward to trial is the most logical and appropriate solution for a worldwide market… In short, I hope I get to play with an Emue card sometime soon!
I’d still like to pay for things whilst remembering some of the most funny and monumental moments from my own personal history though. If I’m shelling out savings for yet another steep electricity bill; I’d rather do it with a smile on my face.