Sometimes when you're watching nautical-themed movies, you'll hear the phrase, "I have the conn." The person who speaks this phrase is alerting all those on the vessel that he or she is in control with regard to the vessel's direction and speed. Customers could utter that phrase with regard to their payment vessels—they pretty much have full control in that they make the final choices about their method of payment. They may be restricted by the payment options a merchant offers, but in most cases, if they don't like the options they can shop, or secure services elsewhere.
One of the challenges with payment security that we frequently mention in our posts and speaking engagements is the disincentive that various consumer protection regulations give for consumers to adopt strong security practices. We have all seen or heard of the consumers who write their PINs on their debit cards or set up the PIN 1-2-3-4. In addition, research consistently tells us that consumers often select easily guessed user IDs and passwords—and then often use those same ID/password combinations on multiple sites.
Financial institutions and other payment stakeholders have long worked to develop tools that will encourage customers to be more aware of their financial account activity and contribute to minimizing fraud losses. Account alerts are among the most useful and popular of the tools. When consumers set up account alerts, they can usually specify conditions that will trigger a text message or e-mail. Common alerts are sent when the account balance drops below a set threshold, a debit transaction posts in excess of a specified amount, or an address or phone number change was made on the account. These alerts are beneficial, but they are merely reactive; they report only when a condition has already occurred.
I believe we will soon see a major breakthrough in card security. There are new applications now in testing or in early roll-out phases. These applications will allow customers to be proactive because they will be able to set up a number of filters or controls on their payment cards that will dictate whether a transaction even gets to the point for an authorization decision. For example, if I have a payment card that I use only for gasoline purchases, I can designate my settings to reject transactions coming from other merchant categories. Or I can specify that no international transactions should be allowed. At the extreme end of the control options, I can "turn off" my card, thereby blocking all transactions, and then I can turn it back on when I am ready to use it again. The possible options and filters are almost limitless for this self-service function. Yes, there will be the need for strong customer education, and the choices will require a reasonable limit or the customer will never remember what they set.
If these options are enabled and cardholders are then willing to "take the conn," this new tool could help significantly reduce the number of unauthorized transactions. Critical to the success is whether cardholders will set a reasonable range of parameters based on their normal card usage patterns so they don't get transactions rejected they actually make themselves but still be able to weed out the truly unauthorized transactions. I say "full speed ahead" with such tools. What do you say?
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed