(keitai-l) Re: Vodafone enters m-payment arena

From: cfb <cfb_at_nirai.ne.jp>
Date: 01/13/02
Message-ID: <3C41E9F1.99463A7A@nirai.ne.jp>
Nick May wrote:
> cjs@cynic.net writes:
> >
> >Let's face it; a piece of plastic is pretty darn "mobile."
> >[...]
> >that Vodaphone is inserted into the consumer -> credit card issuer
> >Which is good for them, if they get a
> >little piece of what goes by, but not good for the others, because
> >that money has to come from one of those three parties
> .
> 
> At the moment, ALL of those parties are paying a large "fraud tax" of one
> sort or another. 

I'd argue that call fraud is fundamentally different from credit 
fraud, as one involves a hypothetical loss easily absorbed by network 
capacity and the other involves a real, actual dollar loss (of course 
it can be argued that credit fraud is "easily" absorbed by the large 
number properties of the profits generated... still the fundamental 
difference between credit and phone service is that credit has a on 
going, interest based loss component... if you reduce/eliminate credit 
fraud, not only to you eliminate that real loss, but there is also an 
increased interest based revenue follow-on effect).

The key question is:

Are carriers willing to exposure their otherwise pristine subscriber
bases to the muddy, potentially expensive waters of credit service?

> If this system could reduce fraud by even a tiny, tiny
> amount, it would cut everyone's costs [...]

Corporations regard fraud reduction (and it's associated costs) as a 
latent revenue angle... the money "saved" almost never gets passed on
to the consumer and, more often than not, the revenue recovered goes 
directly into the creation of yet another business process (and if 
there's a particularly agressive/abitious/intelligent fraud/security
person within the company, this can sometimes get spun out into a 
separate business).  Why make money only to "give it back to the
consumer" when you can fund yet another money making business with it?

> >For physical goods, at least, it looks as if the only change is
> >that Vodaphone is inserted into the consumer -> credit card issuer
> 
> Which is a benefit for ordering through a keitai if one does not have to
> enter all one's cc details. Of course, if you are physically in the shop,
> it has little additional benefit EXCEPT that it might be more "fraud-proof"

A consolidated bill?  The opportunity to use a biometric to verify?
The opportunity to establish an uber-identity by knowing not only who
they communicate with, but what they buy (ask any profiler what an ego
is made of... possessions and interpersonal communication are going 
to be in the top 10, maybe even the top 5)... today's business game
is not only about knowing *who* you are, but *what* you are.  At the
moment, phone companies can buy credit information (at unaffordable
rates), but credit companies can't buy phone records... the merger 
of these two information resources is an obvious eventuality.

> I don't use credit cards on the net because I do not trust the vendor to
> keep the details safe. (There are too many cases of the details being
> hacked (this is British English 'hacked" by the way). With Vodaphone's
> system, my guess is that those credit card details never actually leave
> their system.  That makes me happier as I trsut vodaphone to have decent
> security ina  way I do not trust "Fred's Compabt Disks". As a vendor, I
> would be attracted by the fact that I don't have to be responsible for
> storing all of my customer's credit card details on my server - an
> additional security issue a vendor may not want.

Amex and several other credit/debit card products offer one-time CC#
facilities.  This type of protection, while not exactly Amazon 1 click
compliant, offers credit/debit agencies the ability to discover, in 
real time, which .com has had their database cracked (one of the first
things crackers tend to do is use one of the many domain registration
services to test their freshly cracked database information... chained
through several proxies/anonymisers, of course).  

As far as I'm concerned, one-time CC#s are the *only* "safe" way to 
use a credit/debit service over the internet.

Interestingly enough, if you walk into any Lawson, you can buy debit
cards to be used on the internet.  I've never used them, but I know
they're there.  I think that entire model just doesn't work very well
in Japan and people who order something over the internet are far
more likely to use the delivery service as the payment intermediary.

A couple of points of reference with regard to credit card fraud 
reduction and anonymous debit:

http://www.7-eleven.com/products.html
http://www.monkey.org/geeks/archive/0102/msg00002.html
http://www.cardforum.com/html/cardmark/jan01_c3.htm
http://www.google.co.jp/search?hl=ja&q=Orbiscom+Cyota+&lr=
http://www.infowar.com/iwftp/risks/Risks-21/10Jan2002_[risks]_Risks_Digest_21_86.shtml

7-eleven launched their anonymous debit card product over a year ago.
It's interesting to note that it didn't last through the year despite
the fact that they used a "smart card" *and* one-time, throw-away CC#s
(and the stop date is well prior to 911).  

Given the abundant availability of 3 track mag card writers on ebay:

http://search-desc.ebay.com/search/search.dll?MfcISAPICommand=GetResult&ebaytag1=ebayreg&category0=160&ht=1&query=magnetic+stripe&ebaytag1code=0&srchdesc=y&SortProperty=MetaEndSort
http://search.ebay.com/search/search.dll?MfcISAPICommand=GetResult&SortProperty=MetaEndSort&pb=&ebaytag1=ebayreg&category0=160&ht=1&query=encoder&ebaytag1code=0
http://search-desc.ebay.com/search/search.dll?MfcISAPICommand=GetResult&SortProperty=MetaEndSort&pb=&ebaytag1=ebayreg&category0=160&ht=1&query=CR-90&ebaytag1code=0&srchdesc=y
http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=1319366210

I'd say that useful life span of non-augmented mag cards is coming to 
an end.  What's going to replace it?  Smart cards? Or... The keitai?  

The choice seems fairly obvious to me; however, if a simple debit 
service, hosted by one of the world's largest chain of convenience. 
stores, can not survive, what does that say for the future of 
debit/credit services on mobile phone networks (and please note that
I do not regard docomo as currently providing anything approaching 
debit/credit/transaction service... there are certain critical acid 
tests that they currently fail... the potential is there, however).
Received on Sun Jan 13 22:18:48 2002