It's been a while since I've blogged about interchange. But I've been meaning to share a personal story about how weak signature debit fraud protection is. Recently Mallory Duncan, the General Counsel at the National Retail Federation was kind enough to speak to my Consumer Finance class about interchange regulation. I took Mallory out for coffee at Starbuck's afterward. I treated. But I asked Mallory if he would do the transaction, with my Visa signature debit card. I stood off to the side while Mallory purchased the coffee with my card.
It turned out to be a signatureless transaction, so Mallory didn't sign anything. And my card has my photograph on the front. You be the judge of whether anyone is likely to confuse me and Mallory based on physical appearance. Pictures after the break.
Mallory's on the left, I'm on the right.
Not apparent from the headshots is that Mallory also has several inches on me, and I've got several pounds on him.
Transaction went through, no questions asked. But don't take my word for it. Try out this parlor trick yourself. And then think what would happen if you lost your signature debit card. Is this technology that we should be encouraging? Because that's what the current debit interchange fee system does. It encourages identity theft and fraud.
Comments
4 responses to “Now Back to Our Regularly Scheduled Programming (i.e., Interchange!)”
I agree that signature debit is suboptimal fraud protection. But it is not as bad as your example shows. Signature debit and credit cards skip meaningful point-of-sale protection, but have significant antifraud protection on the back end: odd changes in spending patterns. We’ve all gotten phone calls from our credit card companies: “Was it really you who bought consumer electronics in Lagos?”
Unfortunately, as long as most clerks at point-of-sales transactions view their jobs as something to be endured and put in as little as humanly possible to get their paychecks, sliding things through is going to be easy. Especially if it’s done during a high-volume period, since a lot of the employers put their emphasis on rapid turnover rather than accuracy, so actually looking at the credit card and verifying it belongs to the user tends to get scanted.
My guess is that you would have gotten the same result trying to pay by check, credit card, or counterfeit money (the number of times the treasury has changed the design of currency lately, I’m surprised a counterfeiter hasn’t designed their own slightly modified form of the bill and passed it as a “newly released” design ). They might actually get away with it if they never claim it’s legal tender (per an 1883 precedent based on gold plating the new “V” nickel which didn’t say “cents”).
For years I’ve noticed that the banking system is pretty much based on trust and after-the-fact checking. I was once missing a $2000 check. A couple months after getting it properly re-issued and delivered I received the original canceled check in the mail — stamped roughly “for deposit to account of payee, lack of endorsement guaranteed”. This for a bank on the other end of the country which I’d never heard of. It makes me wonder when my wife talks about working proof (encoding the amount onto checks) and spending hours looking for small discrepancies, the big ones seem to sail through without being noticed.
There is a trade-off between protection against fraud and ease of use. Today the credit card industry is willing to accept low level fraud, as seen by signatureless transactions for under $25 or $50 and pay-at-the-pump gas, in return for increased convenience to the consumer and higher cards use — I know of young people who charge almost everything, down to the odd candy bar at a convenience store.
I imagine this is helped by thieves tending to make large purchases when they do steal card numbers (triggering card company filters). It seems like the way to steal a credit card is to find one belonging to somebody living in the same area and then use it exclusively on routine, anonymous purchases such as gas and fast food. Most people don’t balance credit card transactions, if the level of use stays low the risk of detection would be very low even using the card over an extended time period.
What I’ve never understood is why merchants don’t install PIN pads despite a sizeable difference in the interchange fees, at least until the last few years. While lots of big merchants, like grocery stores, have PIN-enabled pads, a significant number of merchants don’t, especially smaller merchants. Perhaps it’s because the cost of the PIN pad itself is too high to rationalize saving a few bucks a month. Perhaps merchants’ rates that they pay are blended in a way that wouldn’t lead to much visible savings anyway (which is really a problem with their banks, not the system as a whole). Or perhaps merchants are sheltered from the fraud enough, through liability rules, that they don’t see any benefit to installing PIN pads from decreased fraud, especially in light of the other cost considerations noted above.
However, what’s somewhat perverse about the Federal Reserve’s rules as I understand them (and is potentially perverse about the Durbin Amendment altogether) is that they wipe out any differential in the interchange fees across signature and PIN transactions. While this may give banks more of an incentive to push PIN (if it’s less costly and fraud prone), it also removes the most significant incentive for merchants to install PIN pads – assuming the liability rules don’t change, why would merchants install PIN pads if they haven’t already given the previous potential cost savings?
Perhaps one could just outlaw signature altogether, although that seems a bit extreme (and would currently make online debit purchases difficult). Alternatively, one almost needs to subsidize (or mandate) PIN pads for merchants while at the same time giving a higher PIN interchange fee to banks. Good luck figuring out how to do that.
To close out, did you see the Onion’s note about new bank fees?
http://www.theonion.com/articles/hidden-bank-fees,19438/
Good stuff.
Also, did you hear that the PIN network in Australia recently shifted from an issuer-pays system to an acquirer-pays one?
http://www.abc.net.au/news/stories/2011/03/08/3157891.htm
Interesting.