I have made known my opinion that the routing of electronic
transactions and the authentication of payment system users are separate
functions and do not mix well. There are
plenty of solid efficient ways to authenticate users and firms can combine
methodologies, add steps, or invent new processes, to ensure the person
initiating the movement of funds has authorization to do so. Users may pay for
greater assurance that an unauthorized user cannot initiate a payment. For me, one of the best indicators of the
validity of the user giving instructions to pay is the location of the user.
Authorizers use velocity checks routinely in the industry
(except apparently in the sub-continent of India) to the point that the
detection method is stale and routinely bypassed by professional
ne’er-do-wells. Ridiculously the
location data accompanying a request for authorization to pay is the point of
sale, which may be on the opposite side of the globe from the user
location. Some shops reduce their fees
for cardholder not present (CNP) transactions by adding location data about the
home address of the user, which still has nothing to do with the actual
location of the user.
There are plenty of reasons for users not wanting to give
away their current locations, and that is a consumer choice that increases risk
of an unauthorized transaction. Consumers need to pay the excess fees for their
preferences and not retailers. After
all, the public pays excess baggage fees on a commercial airliner if that is
their preference.
If the actual present location of the user becomes an
element for validation then the resulting risk probability becomes quite
simple. If R = the distance between the current location and the last location
of the user, and T = the time between the present and the last payment
instruction then at some point R/T is a physical impossibility. For the sake of argument, say that we are in
a future age and people can routinely travel at warp 10 (10 times the speed of
light for you non Star Trek fans). However, no civilization exceeded warp 20,
and only the most advanced battle cruisers can do that. If a payment user R/T for this future initiation
of payment exceeds warp 10 and they do not travel by advanced battle cruiser,
then the validation system declines the user access request. There may be a ratio based on individual R/T
which is as unique as a fingerprint, but if there is, it likely won’t
discovered until we at least achieve warp one.
Next Blog: Likelihood
of accurately predicting the next blog
No comments:
Post a Comment