$5M for fraud proof mobile credit card authorization?

Published August 29th, 2005 edit replace rm!

In Business 2.0 John Occhipinti from the Woodside fund wants to pay $5M in venture capital for a fraudproof credit card authorization via cell phones and PDAs. I found this via Nathan’s hilarious Odio.us Elevator Pitch generator.

Lets first look at why John wants this from us:

Credit card fraud is more rampant than ever, and consumers aren’t the only ones feeling the pain. Last year banks and merchants lost more than $2 billion to fraud. Most of that could be eliminated if they offered two-part authentication with credit and debit purchases — something akin to using a SecureID code as well as a password to access e-mail. Occhipinti thinks the cell phone, packaged with the right software, presents an ideal solution. Imagine getting a text message on your phone from a merchant, prompting you for a password or code to approve the $100 purchase you just made on your home PC or at the mall. It’s an extra step, but one that most consumers would be happy to take to safeguard their privacy. More important, Occhipinti says, big banks would pay dearly to be able to offer the service. “It’s a killer app no one’s touched yet,” Occhipinti says, “but the technology’s within reach.”

Let’s identify the problems with what John wants:

His ideas as he says is that the merchant sends a SMS with a payment request to your phone. You then perform some sort of digital signature to authorize it and the payment goes through.

This is already very doable and I have seen lots of similar applications from either smaller entrepreneurs (eg. Luup) in Europe or from various kinds of mobile operator funded initiatives (these always fail though for a variety of political reasons). For the full lowdown on all of these just take a stroll over to Scott’s Payments News Mobile Payment page.

While reading through the latest on Scott’s site I came across UPaid, which looks fairly interesting. They have just got the deal for a massive roll out for Visa CMEA (that is middle eastern region). I’m sure there a loads of startups doing this as the technical side of this is not particular hard. PayPal actually even was originally founded as a similar style application for Palm.

About Credit Cards. Now in the US and arguably for international cross border e-commerce the CC is king. In regional or national markets outside North American and the UK it is arguably not the only horse though.

The CC was a brilliant 1950’s style design, which just is not compatible with open networks in a secure way. This is why lots of contractual padding is necessary around it. Did you every wonder why you need a credit check for a merchant account or for a debit card? Well this is the banks who well understand the risk embedded in an unauthenticated payment device and they need to place the risk somewhere. All the rules about who is liable for what in case of fraud are also based on this.

The CC networks are basically multi party electronic networks, where the only thing circulating are account numbers and amounts. There is no digital signatures or anything like that. When you sign a cc slip, the merchants bank keeps it on file in case of fraud. It never gets sent to the card holders bank or anything like that. What all of this means is that every link in the CC network is insecure and open to fraud. Just because you secure the link between cardholder and the merchant doesn’t secure all the other links in the system, just see the whole CardSystems case as the most extreme case.

The problem with all of these rules and legal safeguards around the card is that the end user has so little liability with the card and is happy with that. All of the attempts by the credit card operators to move more liability on to the card holder by using improved technology have so far failed. See MasterCard SecureCode and Verified by Visa.

If these massive programs have failed, why would a $5M startup offering the same thing but in a mobile package succeed? They are up against the exact same forces.

The only that will improve the security of credit cards is to get rid of the non authenticated credit card completely. This does not mean getting rid of the credit card, but it does mean that you couldn’t just enter your credit card on a web form and over the phone. This could not just be a regional or an optional initiative it would have to be international and compulsory. If this was made John’s company could provide an ideal system for authenticating credit cards for phone orders.

Now the merchants and their banks (the acquiring banks) would love this to happen and have been pushing for it. Currently they are the only ones who have been affected on a large scale by CC fraud. The other side of the transaction are the card holders and their banks (the issuing banks), who until recently have had very little incentive to change anything. The reason for this is as mentioned above, the card holder has little risk with credit cards and likes the convenience. The issuers are in a very convenient business and none of them want to rock the boat by say requiring Verified by VISA for internet transactions. So nothing will happen until the cardholders and issuers get part of the liability of the insecure system.

I believe that there really is no good way to fight this essentially internal politics within the card associations. The only people who can change these rules are the associations themselves.

It’s much more interesting to work outside of the credit card system and in reality outside the banking system as they really have no incentive to give you what they perceive to be their own business.

The traditional abstraction away from the banks is the electronic money system, which has it’s own money (or gold) backing the funds in circulation. This is relatively simple to create. You have a bank account, a Ledger, a web front end and customer service staff. I was personally involved with one of these. The big problem here is lack of convenience for the end users, who have to “load money” into the system somehow, before they can use it. With roughly $37 Million in circulation E-Gold is pretty large now, but it’s still no where near as big as PayPal for these same reasons.

Many mobile payment systems have wanted to get rid of the reliance on banks by linking into the mobile operators billing system. This has almost always failed as for some reason the European and (even worse) the US operators have shown to be almost more conservative than the banks. It seems like South Korea and Japan have some interesting mobile operator led payment systems that are taking off. But seriously can you imagine Vodafone or T-Mobile do anything like that?

The only large player that is on the market today that could be used to bootstrap a new system is PayPal. I am sure they have their own plans in this area, but this is where I would see something interesting. For a smaller but growing player I would look at Skype as a very possible player. They have a very widely deployed PKI system and a currently untradeable currency of their own called SkypeOut balance.

I’ve written about payment systems before and have strong opinions on it. The last startup I was in was payment related and I’m more than likely going back there at some point, once I’ve cleared my mind a bit with StakeItOut.

I have some ideas that may or may not work to get past the idea of a stored value electronic money system. However I’m not quite ready to spread them out yet ;-). Probably in the new year if I can find someone with equally large hairy cojones who also has an interest in disrupting things a bit.

When one is greater than two

Published August 26th, 2005 edit replace rm!

Bumped into (while web browsing) a very old friend of mine here in Denmark yesterday, who I haven’t seen for 15 years. It turns out that he is also a bit of a serial entrepreneur and boy did we have a lot to talk about. He’s working solo on a new venture right now for the same reasons I am. I hadn’t really formulated it well until last night.

We’ve both come out of some challenging partnerships that eventually failed. These things can tear on your morale and it is easy to get into a period with a mixture of blame and low self esteem. In many ways its exactly like a divorce.

For me to get out of this cycle it is important for me to work completely solo for now. This simplifies things and keeps the noise and bickering of a partnership out. To do this you do need to pick a relatively simple business that you can manage and pull through yourself.

All this doesn’t mean that partnering is bad. Partnering is fantastic if you have a good partner. It is also definitely the preferred way to go, but as I said there are times in your life when partnering is not right. If your new solo venture is successful you may actually want to bring someone in once you have the basics of the business operational.

Flickr on changing directions

Published August 8th, 2005 edit replace rm!

Interesting inteview at Adaptive Path with Flickr’s Eric Costello about how Flickr ended up going down the photo sharing path and away from their original idea for an online game.

The first early version was really a chat site…

It wasn’t a photo sharing site, so much as it was a place where you could go to chat and talk about photos. But none of that activity was stored in any asynchronous way – there were no Web pages that hosted the conversations people were having about photos, it was all just real-time.

Later on they started adding asynchronous featureas as he call it like web pages, comments and tagging…

As we started adding features to the site itself, like pages that hosted the photos so that people could visit them at a unique URL, we had a lot more success with that. People responded to it, and the site began to grow. So our energies tended to be dedicated toward enhancing that aspect of the site.

It’s a great lesson that sometimes it’s important to follow the users. PayPal started like this as well. The original protype as demonstrated to me on a beach in Anguilla by Max Levchin in 98 or was it 99 (can’t remember which) was a Palm application, where you could beam money to each other for say splitting a restaurant tab. Within a year they had moved to what we now know and love as PayPal.

I have done this myself on many projects. I started doing CaribWeb as a Caribbean tourist portal back in 94, however the discussion forums TravelTalk took a life of themselves and lived on for a good 5 years after I shut the rest down. Making me a fair bit in advertising revenue throughout the years.

More good reasons to Bootstrap from Greg Gianforte

Published July 23rd, 2005 edit replace rm!

Just saw this article by Greg Gianforte from RightNow in SiliconValleyWatcher (via Ken’s Meme Deflector) that states that Most startups should avoid venture funding .

It outlines even further great reasons to bootstrap. Here are some of my favorite from the list:

If you start by selling your concept to potential prospects (rather than stock to VCs), you will either end up with initial customers or a conviction that your idea won’t work. Why raise money and then find out which one it will be?

This first one is really important. It takes a lot of time pitching to VC’s. It is much better to pitch your product/service to your customers.

Money removes spending discipline. If you have the money you will spend it – whether you have figured out your business model and
market or not.

I can’t stress too much the importance of spending discipline. More startups have been killed by lack of this than anything else:

Raising VC money determines your exit strategy. You will either sell the business or take it public. What if you end up with a very profitable, modest sized business that you want to just run? That is no longer an option once you raise VC money.

Many people don’t think about this, but it is true. I’m sure 37 Signals are doing very good and are happy to keep doing what they do. If a VC entered into the equation, how long would that last? They would have to forget about the core business segment, that has now become loyal customers, in order to build to the levels of business that would be required to take it public.

Interview with Wil Shipley on Drunken Blog

Published July 22nd, 2005 edit replace rm!

Fantastic interview with Wil Shipley the founder of Omni and Delicious Monster over on the always great Drunken Blog

Wil was ousted by his board of directors at Omni Group and has some choice comments about it that fit in nicely with my Bootstrap Anti Patterns series of articles.

On playing it big

Here he talks about how the other directors started doing things the big company way against his own ideas:

I started feeling like actual evidence and experience wasn’t as important to Omni as was what was written in management and software books; so I was branded the crazy guy who wanted to ignore all the sage advice of my elders. Time and again our old policies, which had led to our success, were replaced by more conservative policies recommended by ‘experts’.

My feeling was (and is): You don’t adopt the mannerisms of big, successful companies when you’re small, because those mannerisms aren’t what made the companies successful.

They’re actually symptoms of what is killing the company, because it’s become too big. It’s like if you meet an really old, really rich guy covered in liver spots and breathing with an oxygen tank, and you say, “I want to be rich, too, so I’m going to start walking with a cane and I’m going to act crotchety and I’m going to get liver disease.”

The really important thing to remember is that what worked once won’t necessarily work again, and in fact is less likely to work again because it’s been done.

Brilliant. In particular I love the analogy with the old rich guy.

On Morale

When asked “How do you keep from mentally imploding so you are still looking forward to coming into work every day?”, Wil replies:

Well, the usual… Booze. World of Warcraft. Driving the pimp-de-pimp-pimp-mobile. Shirt shopping.

On building the team

The biggest lesson for me has been to realize how much a company changes when you get more people. No matter what you hire people to do, no matter how much say they are supposed to have, they are going to have a say in how the company works.

On weeding out the team

You earn it, or you’re gone. I’m not saying, if you have a bad month, your ass is grass. I’m saying, if you’re consistently not helping the company, you need to go or you’ll infect everyone else, and it’s just not fair to anyone.

About me

Pelle gravatar 160

My name is Pelle Braendgaard. Pronounce it like Pelé the footballer (no relation). CEO of Notabene where we are building FATF Crypto Travel Rule compliance software.

Most new articles by me are posted on our blog about Crypto markets, regulation and compliance

More about me:

Current projects and startups:

Popular articles

Topics: