The U.S. Department of Justice (DOJ) thinks that you''re not interested in playing fair. Apparently American Express has put a bug in its ear about how you won''t let your member banks work with them or with any other types of credit cards Merchants, on the other hand, are very angry about the fact that you keep raising the price of using your services, especially in a "card-not-present" environment like the Web. A reasonable person could see how the DOJ would interpret your actions as monopolistic, especially when 75% of credit transactions are made with your cards: Drive out the competition, then raise the prices.
Your latest announcement that you will soon require all online merchants to use real-time processing for credit card transactions - you call it a virtual terminal - will require many merchants to discard their current software in exchange for more expensive services. The cost of implementation alone will probably force many Web businesses to close. Perhaps you don''t want to do business with the many e-merchants and brick-and-click merchants that don''t do an enormous amount of business on the Web, and for whom such changes could never be cost-effective. I''ve been told by several industry professionals that as many as 90% of online merchants don''t do real-time processing of payments, but take the information offline and process it through regular terminals.
If you really want to show the DOJ - the people who want to turn Bill Gates'' company into Micro.com and Soft.com - that you want to enable secure, private e-commerce, and that you''re not hostile to competition in the payment arena, then you should think about working with a company called Incogno.
Incogno
Incogno has a technology-based solution that solves many problems at once - the same problems that make your cardholders nervous about shopping online:
- Preserves customer anonymity even for hard goods (good that are delivered, as opposed to soft goods, which are downloaded)
- Does not require customers to download any additional software or manage any client-side keys or certificates
- Allows merchants to accept credit cards without seeing the payment information or having to store the payment information
- Allows merchants to ship merchandise without knowing the recipient''s name or address
- Allows shippers to ship the merchandise without knowing what''s being sent
- Allows banks to process credit card transactions without knowing what''s being purchased
- Allows fraud-detection services to process payment information and rate risk (see Online Fraud: The Merchant''s Dilemma)
- Completely eliminates the risk of hackers and internal fraud for merchants since credit cards are always encrypted
Need to Know Basis
The premise of Incogno''s solution is that information is distributed on a "need to know" basis. The Incogno SafeZone is installed on the merchant''s server and handles the checkout process. The merchant really only needs to know what''s being purchased, that the credit card was accepted by the merchant bank, and that the risk of fraud is below the threshold of acceptable risk determined by the merchant. The merchant bank needs to know the merchant''s account number, so it can credit the account, the customer''s payment information, and the amount of purchase. The fraud-detection service needs to know a bit more than the bank, but doesn''t need to store any of it. Finally, the shipper needs to know the ship-to address associated with a parcel it picks up from the merchant. The only party that has all the information -- products purchased, purchaser data, billing and shipping information -- is the purchaser; that''s just as it should be.
Incogno breaks up all the usual payment and shipping information into packets, encrypts each one, then sends the encrypted packets to the merchant who then passes them on in their protected form to the appropriate parties. Only the appropriate parties can decrypt their own data. No data is exposed "in the clear." What could be safer?
That was a rhetorical question, not a request for you to form committees and spend two years investigating the problem, only to decide to develop your own version of the Incogno solution. The U.S. lags behind Europe in payment options and non-repudiation technologies (the ability of the merchant to verify that the purchaser is who he says he is based on some client-side authentication) because of your chronic foot-dragging. Even the U.S. Postal Service moves faster than you do when it comes to implementing new technologies - heck, it only took them about 50 years to give us the self-adhesive stamp.
Whether it''s Incogno''s solution, or something else very similar, the solution provider will have to work with the merchant banks that make up your membership. Since no one seems to be able to distinguish where Visa and MasterCard end and the member banks begin, your seal of approval on the Incogno system for facilitating private, secure, anonymous commerce online would mean a lot.
Of course, shippers like UPS and FedEx and fraud services like eFalcon also need to agree to participate, but they''re businesses with competition, and they''ll do what they need to do to be competitive. Something we haven''t seen any evidence of from either of you.
Here''s a perfect opportunity to show your cardholders that you care about their privacy and anonymity, and to show your merchants that you want to help them avoid having to store all that precious payment data on their servers. Saying "No" to Incogno is saying "Yes" to more break-ins like the one at Western Union a couple weeks ago.
Now''s the time, Visa and MasterCard. You have the opportunity to be the belle of the ball at the e-commerce party. Make the most of it.
Alexis D. Gutzman is an E-commerce Technology Author and Consultant and author of The HTML 4 Bible, FrontPage 2000 Answers!, and ColdFusion 4 for Dummies. Her newest book, The E-commerce Arsenal: 12 Technologies You Need to Prevail in the Digital Arena will be out in October. She can be reached at agutzman@internet.com
IE 7
Firefox 2.0
