I had a call the other day about the success of Chip & PIN.
This is because of the latest fraud figures from APACS, which shows UK retailer fraud shrank from £73.2 million in 2005 to £37.5 million in 2008. This year, merchant fraud has risen 26% to £47.4 million, the largest jump in criminal activity in payments for all card activity.
"Is Chip & PIN working?" was the focus of the call therefore.
Now most of you know that I don't think Chip & PIN has been the solution since day one but, at the end of the conversation, I realised why and how Chip & PIN happened and why it is here to stay. It also made me realise that Chip & PIN has in fact been the blockage to implementing mobile payment services in the UK.
To illustrate the process, here’s a snapshot of one bank’s boardroom:
The boardroom meeting began with the minutes of the last meeting, apologies for absence and matters of the day. After the usual mutterings and demands and debates, the large oak-panelled door opened and Mr. Mobile stepped into the room.
“Ah, Mr. Mobile”, said the bank’s CEO, Big Cheese. “Welcome to Fusty Bank’s Monthly Board Meeting. As you can see we have the Chairman here and my cohorts in attendance.” The other attendees nodded at Mr. Mobile in welcome, “and the agenda item I believe you are presenting is: ‘the business case for Fusty Bank’s move into mobile banking’. Fire away.”
“Thank you Mr. Cheese”, replied Mr. Mobile. “And let me begin by saying what an honour it is to be here with you today”.
“Get on with it Mobile”, snapped Big Cheese.
Hmmm, that was a good start.
“Well lady and gentlemen”, Mr. Mobile had always liked the bank’s only female board member, Mrs. Human Resource, “I could present numbers to you but you have those in your books and background reading, so let us look at the three main points for investment in our mobile channels today. First for competitive reasons; second for customer and revenue growth; and third for cost savings.”
“Mobile, I have heard this so many times before”, said the Big Cheese.
The Chairman nodded in agreement and, a moment later, so did the cohorts.
This was not going well.
“We have business cases presented here every month and they are all the same”, Big Cheese continued. “They all talk about numbers, competition, customers and costs, so tell me something I don’t know.”
The room fell silent and Mr. Mobile felt a little despondent already, even though he had only been in the room for two minutes.
Mr. Mobile thought for a while and finally, after what felt like an eternity but was just a matter of a few seconds, he turned to Big Cheese’s Head of Fraud, Robin Banks, and said: “you wasted millions of the banks money by ignoring my business case.”
Robin’s face reddened and he closed his eyes.
Big Cheese turned and looked at Robin in surprise, whilst the Chairman gazed like a serpent watching the room’s dynamics.
Big Cheese quietly asks, “Robin, what does Mr. Mobile mean by this?”
Robin picked up his notes and tried to hide.
“Robin?” Big cheese was losing patience.
“Sir, yes sir. I think Mr. Mobile is referring to Chip & PIN sir”, Robin replied in a slightly shaky voice.
Both the Chairman and Big Cheese looked confused, so Mr. Mobile stepped in.
“That’s right Robin, and sorry to drop you in it but Chip & PIN was a farce.”
Big Cheese glowered and asked Mr. Mobile to explain his accusation.
“Well it’s not Robin’s fault really”, said Mr. Mobile, “but more the fault of the UK Banking Industry and APACS, what is now the Payments Council. But it’s not really their fault either. They were just too short-sighted to notice how rapidly the world was changing.”
“Look”, interrupted the Chairman, “we’re in the middle of a Board meeting, listening to your business case which has so far been very unimpressive.” The Chairman does not suffer fools gladly. “Either tell us the facts in a short and succinct fashion or you can get out of here now.”
“Sorry Mr. Chairman”, Mr. Mobile replied sheepishly, “I don’t wish to annoy but some of the facts are critical in the case for this business.”
Once again the Chairman said: “Make it short and sweet, Mr. Mobile”, and now he had the full attention of the room.
“A decade ago, the British banking industry decided to introduce a better way to avoid fraud and decided on Chip & PIN. This was agreed around 2002 after a global analysis determined that the French PIN card system, which had been in place since 1995, worked well and that the EMV Chip in Credit and Debit cards was functional enough for national deployment.” Mr. Mobile was on a roll.
“The system was launched in 2005 and mandated in 2006 when all merchants had to invest millions in new PIN terminals.”
“Mobile, I am getting bored”, sniffed Big Cheese. The Chairman’s eyes had closed about a minute ago and Mr. Mobile wasn’t even sure if he was still awake, and Robin Bank’s eyes were boring into Mr. Mobile’s forehead so hard that he felt them on his face like daggers.
“Sorry Mr. Chairman”, said Mr. Mobile, “but, you see, all that cost and effort was wasted.”
“I don’t see that”, said Big Cheese, “and unless you make yourself clear in less than a minute, you can leave the room.”
“OK sir, short and sweet”, Mr. Mobile now knew he had them.
“At the same time the UK determined upon Chip & PIN, Hungarians were rolling out an alert service which is now used across Eastern Europe, Russia, Africa and other economies. It’s a mobile telephone service which simply alerts customers every time their card is used with an SMS text message. It costs virtually nothing, customers love it and are willing to pay for the service, banks make money out of it, and no infrastructure or millions were spent on terminals to avoid fraud.”
He stopped and looked around the room.
The cohorts were sniggering, Robin Banks was festering, the Chairman was now wide awake and Big Cheese looked unhappy.
“You mean we didn’t need Chip & PIN?” asked Big Cheese.
“No sir”, said Mr. Mobile then, realising his mistake, "I mean, yes sir."
“Banks. Is this true?” asked Big Cheese.
Robin Banks visually trembled and said, “not strictly true sir. When APACS and the industry made this decision, we didn’t think mobile telephones were going to be as ubiquitous or usable as they are today.”
“Are you an idiot, Banks?” asked Big Cheese.
“No sir”, said Banks looking a little like Forrest Gump with his mouth wide open with surprise at such an accusation. “But bear in mind this was a decade ago when we were making the decision for Chip & PIN. How could we have known?”
“And what about those one-time password terminals the banks just spent more millions on rolling out?” asked Mr. Mobile.
Big Cheese was now looking distinctly angry.
“What terminals are you talking about now, Mobile?”
“Well sir”, says Mr. Mobile feeling more and more assured, “the very same group that made the decision to go down the Chip & PIN alley found that fraud at merchant’s terminals was reduced dramatically but the criminal fraternity just shifted their attention to the internet. As a result, the industry made a decision to give customers terminals to authenticate internet transactions.”
The Chairman grunted, “I’ve even used one!” he said.
Mr. Mobile smiled and continued: “The terminals work by entering your card and PIN. You then receive a unique one-time password code that you enter to authorise the payment. The fact that you enter that code proves the cardholder is present.”
“So that sounds good if it reduces fraud online”, said Big Cheese.
“It is. Except that customers hate it and the cost of the terminals has been a waste of money”, says Mr. Mobile.
“Is this true Banks?” roared Big Cheese.
Robin Banks cowered back in his chair, “not strictly true sir.”
“Is it or isn’t it?” asked the Chairman.
“It is but we ...” before Banks could finish Big Cheese growled “get out of my sight” and the two bank security officers who guard every Board meeting picked Banks’ chair up off the floor, with him in it, and physically removed him from the meeting.
“Explain more Mobile”, said the Chairman.
Mr. Mobile was now really pleased with how it was all going and ploughed onwards and upwards ... or so he thought.
“The fact is that, just as a phone can be used for fraud alerts to customers, it can also be used for one-time password generation and authentication.”
“How?” Big Cheese asked the question, looking genuinely interested.
“Well, every time a transaction needs authentication, we send an alert to the customer with details of the transaction via an SMS message to their phone. They should send back a message to the bank server saying it’s ok with a secure code to prove it is them. The bank server then sends them the unique one-time password number as a text message which they enter into the online payment system. Voila. Job done.”
Big Cheese leaned forward and said, “this all sounds remarkably simple Mobile, so why didn’t we do this?”
Mobile smiled and said, “well, we could have done. However, we were so wrapped up with working as a collegiate industry together, and then with all the vagaries and challenges of the Chip & PIN rollout followed by the urgent issues of internet and cardholder not present fraud, that the password terminal and keyfobs seemed the obvious thing to do. However, it once again cost the industry millions, didn’t solve the problem, irritated the customer and created more complexity. If only these people making the decisions could have seen the opportunity for mobile telephones, it would have been so much more simple, cheap, cost-effective and fast.”
“Anything else?” asked Big Cheese.
“Yes, it would also have generated revenue and profit for the bank as the mobile service is a service that customers would pay for, rather than being forced to use”, said Mobile.
“Well, thank you Mr. Mobile. A most interesting presentation and business case”, said the Chairman. “Do you have anything else to say before we conclude?”
“Only that we now have a fantastic opportunity to not only differentiate Fusty Bank from the competition, overcome fraud and create great customer service experiences, but that we can also add on many more revenue-generating applications and services to the mobile.”
“Such as?” The Chairman, Big Cheese and the cohorts were all now listening to every word Mr. Mobile said.
“Billing, payments, remittances, proximity services and marketing, 24*7advisory and support for customer financial management ... anything really. It’s effectively like placing the whole bank in the customer’s hand and, as a result, you can create far more customer activity and revenue.”
Big Cheese digested what Mr. Mobile had just said. He flicked through the notes in the business case. He quietly whispered a few words in the Chairman’s ear and the Chairman nodded.
Big Cheese then waved a finger at the security guards by the door, who came over and talked quietly with Big Cheese. Upon completion of these discussions, they approached Mr. Mobile.
“What’s going on?” asked Mr. Mobile.
“Taking care of business”, said Big Cheese, at which point the two guards lifted Mr. Mobile off his feet and threw him head first out of the Boardroom window.
The cohorts screamed, with several looking visibly distressed. One was even sick.
When the furore died down a little, Big Cheese addressed them all in a very stern manner.
“Colleagues. What you have just seen is something I hoped you would never see, but it had to be done I’m afraid.”
The cohorts squealed and squirmed.
“You see, Mr. Mobile just committed the ultimate crime in banking.”
The cohorts shook and trembled.
“He pointed out the folly of our ways.”
The cohorts moaned and groaned.
“We do not like wasting money and losing revenues.”
One of the cohorts then had the temerity to ask Big Cheese the question they had all been dying to ask (in Mr. Mobile’s case literally).
“So, we are going to rollout mobile services sir?”
“Of course not you fool”, bellowed Big Cheese, rounding on the individual concerned with his face bursting into reds, purples and veins bulging, “we’re going to bury this whole discussion until someone comes into this market with a product that works and then we shall copy it.”
The room went deathly quiet.
Not even a mouse.
Then the Chairman decided it was time to retake control.
“Big Cheese. Why would we do that?”
“Because Mr. Chairman, we cannot afford to let the mobile carriers eat our lunch and I am not about to write-off a ten year security program that cost us millions.”
“Oh yes. I forgot.”
With this, Big Cheese called the meeting to a close and left the room.
Robin Banks, who had been hiding behind the Boardroom door listening to the meeting through the keyhole, crashed into the filing cabinets as Big Cheese pushed the door open with a hefty boot.
Meanwhile, the Chairman and the cohorts wondered what would happen if one day, just one day, they could make a decision to be a leader rather than a laggard.
Ah, but that’s not in the nature of banking is it?