Payment systems

edit topic

Dear EBay, please don't mess up Skype

Published September 13th, 2005 edit replace rm!

I have to admit like many people I was dumbfounded when I heard about EBay’s purchase of Skype. Having read EBay’s Skype Presentation
I think it does make a lot of sense. There is definitely a lot of shared areas that might not be entirely obvious to some of us who are snow blind in they payment area.

In particularly they mention that Skype can help reduce friction points in the sales of high value and complex items.

I remember when I sold my Landrover Discovery II (boo hoo how I miss you) 5 years ago on EBay. There was certainly a lot of calling back and forth between the buyer and me.

The real thing that worries me is if they start going conservative on Skype the same way they were with Paypal.

Have a read through Who Killed PayPal? which describes how PayPal has instituted a bunch of strange super conservative rules, that basically piss users off but please regulators.

I knew Max and Peter from PayPal back in the early days and remember their techno-libertarian enthusiasm which I still share today.

Skype is in many ways the PayPal of telecoms. It has a very Libertarian/anarchic approach to everything. I’m not sure it was intended that way or if it just happened as an accident. I really hope EBay leaves Skype to do it this way.

If you have to start confirming who you are before signing up, it would certainly kill off the growth of Skype. Eg. See David’s commentary on Flickr Signup pre and post yahoo .

The good thing is that EBay definitely is a ecommerce company and a a successful one. They are not a conservative telecom company nor a media conglomerate. They don’t need or should feel scared into doing major changes.

$5M for fraud proof mobile credit card authorization?

Published August 29th, 2005 edit replace rm!

In Business 2.0 John Occhipinti from the Woodside fund wants to pay $5M in venture capital for a fraudproof credit card authorization via cell phones and PDAs. I found this via Nathan’s hilarious Elevator Pitch generator.

Lets first look at why John wants this from us:

Credit card fraud is more rampant than ever, and consumers aren’t the only ones feeling the pain. Last year banks and merchants lost more than $2 billion to fraud. Most of that could be eliminated if they offered two-part authentication with credit and debit purchases — something akin to using a SecureID code as well as a password to access e-mail. Occhipinti thinks the cell phone, packaged with the right software, presents an ideal solution. Imagine getting a text message on your phone from a merchant, prompting you for a password or code to approve the $100 purchase you just made on your home PC or at the mall. It’s an extra step, but one that most consumers would be happy to take to safeguard their privacy. More important, Occhipinti says, big banks would pay dearly to be able to offer the service. “It’s a killer app no one’s touched yet,” Occhipinti says, “but the technology’s within reach.”

Let’s identify the problems with what John wants:

His ideas as he says is that the merchant sends a SMS with a payment request to your phone. You then perform some sort of digital signature to authorize it and the payment goes through.

This is already very doable and I have seen lots of similar applications from either smaller entrepreneurs (eg. Luup) in Europe or from various kinds of mobile operator funded initiatives (these always fail though for a variety of political reasons). For the full lowdown on all of these just take a stroll over to Scott’s Payments News Mobile Payment page.

While reading through the latest on Scott’s site I came across UPaid, which looks fairly interesting. They have just got the deal for a massive roll out for Visa CMEA (that is middle eastern region). I’m sure there a loads of startups doing this as the technical side of this is not particular hard. PayPal actually even was originally founded as a similar style application for Palm.

About Credit Cards. Now in the US and arguably for international cross border e-commerce the CC is king. In regional or national markets outside North American and the UK it is arguably not the only horse though.

The CC was a brilliant 1950’s style design, which just is not compatible with open networks in a secure way. This is why lots of contractual padding is necessary around it. Did you every wonder why you need a credit check for a merchant account or for a debit card? Well this is the banks who well understand the risk embedded in an unauthenticated payment device and they need to place the risk somewhere. All the rules about who is liable for what in case of fraud are also based on this.

The CC networks are basically multi party electronic networks, where the only thing circulating are account numbers and amounts. There is no digital signatures or anything like that. When you sign a cc slip, the merchants bank keeps it on file in case of fraud. It never gets sent to the card holders bank or anything like that. What all of this means is that every link in the CC network is insecure and open to fraud. Just because you secure the link between cardholder and the merchant doesn’t secure all the other links in the system, just see the whole CardSystems case as the most extreme case.

The problem with all of these rules and legal safeguards around the card is that the end user has so little liability with the card and is happy with that. All of the attempts by the credit card operators to move more liability on to the card holder by using improved technology have so far failed. See MasterCard SecureCode and Verified by Visa.

If these massive programs have failed, why would a $5M startup offering the same thing but in a mobile package succeed? They are up against the exact same forces.

The only that will improve the security of credit cards is to get rid of the non authenticated credit card completely. This does not mean getting rid of the credit card, but it does mean that you couldn’t just enter your credit card on a web form and over the phone. This could not just be a regional or an optional initiative it would have to be international and compulsory. If this was made John’s company could provide an ideal system for authenticating credit cards for phone orders.

Now the merchants and their banks (the acquiring banks) would love this to happen and have been pushing for it. Currently they are the only ones who have been affected on a large scale by CC fraud. The other side of the transaction are the card holders and their banks (the issuing banks), who until recently have had very little incentive to change anything. The reason for this is as mentioned above, the card holder has little risk with credit cards and likes the convenience. The issuers are in a very convenient business and none of them want to rock the boat by say requiring Verified by VISA for internet transactions. So nothing will happen until the cardholders and issuers get part of the liability of the insecure system.

I believe that there really is no good way to fight this essentially internal politics within the card associations. The only people who can change these rules are the associations themselves.

It’s much more interesting to work outside of the credit card system and in reality outside the banking system as they really have no incentive to give you what they perceive to be their own business.

The traditional abstraction away from the banks is the electronic money system, which has it’s own money (or gold) backing the funds in circulation. This is relatively simple to create. You have a bank account, a Ledger, a web front end and customer service staff. I was personally involved with one of these. The big problem here is lack of convenience for the end users, who have to “load money” into the system somehow, before they can use it. With roughly $37 Million in circulation E-Gold is pretty large now, but it’s still no where near as big as PayPal for these same reasons.

Many mobile payment systems have wanted to get rid of the reliance on banks by linking into the mobile operators billing system. This has almost always failed as for some reason the European and (even worse) the US operators have shown to be almost more conservative than the banks. It seems like South Korea and Japan have some interesting mobile operator led payment systems that are taking off. But seriously can you imagine Vodafone or T-Mobile do anything like that?

The only large player that is on the market today that could be used to bootstrap a new system is PayPal. I am sure they have their own plans in this area, but this is where I would see something interesting. For a smaller but growing player I would look at Skype as a very possible player. They have a very widely deployed PKI system and a currently untradeable currency of their own called SkypeOut balance.

I’ve written about payment systems before and have strong opinions on it. The last startup I was in was payment related and I’m more than likely going back there at some point, once I’ve cleared my mind a bit with StakeItOut.

I have some ideas that may or may not work to get past the idea of a stored value electronic money system. However I’m not quite ready to spread them out yet ;-). Probably in the new year if I can find someone with equally large hairy cojones who also has an interest in disrupting things a bit.

If I was to create a new payment system...

Published June 22nd, 2005 edit replace rm!

There is a lot of buzz going on right now about payment systems. First with the huge credit card theft which was seriously just waiting to happen (and will happen again), secondly with Google’s new Payment System which could have the potential to be interesting.

This subject is dear to me as I have spent more than my fair share of time in the payment system business.

So if I was to do it again (and I probably cant stay out of it completely) I have some ideas about it.

First of all these are the things I and google should do:

Google have an opportunity to do many of these things. In particular the first point about the banking system.

The banks will do anything they can to kill your business as a payment system. Afterall they have had a near monopoly for years in handling payments electronically.

Even though they do NOT handle the majority of payments in the world. Most payments are still cash and are handled easily and simply without the interference of banks.

Google cashflows

Google has the advantage of a large source of revenue through Adwords as well as a major group of small business Adsense partners.

This means they have two huge internal sources of cashflow that aren’t currently integrated.

Step 1. Linking the cashflows together to create GoogleBux

Linking those together would be the first step in the puzzle. That would simplify their operation and costs greatly. All they would have to do is to add a simple book entry system to their Google Account system.

Step 2. Allowing transfers between members.

How to turn this into a payment system then? Simply allow people to transfer parts of their GoogleBux balance to other users.

Now we have a payment system with probably a huge circulation of funds within the system.

Step 3. Cutting the cord to the banks

They currently use the banks to receive payments via credit cards to pay for Adwords. They Adsense members using antiquated paper checks or electronic fund transfer if you are lucky enough to have a US bank account.

Personally I would rather be able to spend my adsense money on adwords or other services than wait a year for $100 check that my Danish bank will then charge me $30 do clear.

Also what if I could go transfer my 67 GoogleBux to a friend in exchange for 400 dkk cash.

Someone might even make a business out of it and charge a 2% markup on exchanges to the banking system. Thus outsourcing the integration with each countries banking system to the free market. Google would save tons of moneys, headaches and legal problems.

At Reboot I talked with Malthe Sigurdsson from Skype about this as a solution for them allowing people to buy Skype credits in strange places where people don’t have credit cards. He said that they would like to do something like this, but fraud is a huge issue.

I think though that the clever people at Skype and Google could probably come up with some clever technological solutions for this. Such as not mixing hard and soft money

About me

Pelle gravatar 160

My name is Pelle Braendgaard. Pronounce it like Pelé the footballer (no relation). CEO of Notabene where we are building FATF Crypto Travel Rule compliance software.

Most new articles by me are posted on our blog about Crypto markets, regulation and compliance

More about me:

Current projects and startups:

Other under Payment systems

Popular articles