Quo Vadis, Risk Management

Payment professionals seem to have this idea that they are the knight in shining armor who is standing between the clueless and childlike customer and the omnipotent criminal. In their pursuit of safety for everybody, they seem to be willing to sacrifice privacy, self-determination and individual responsibility one small step at a time.

I say that customers are perfectly capable and willing to take responsibility for their actions, and they should bear the consequences of their actions instead of hiding behind the bogeyman of the criminal who, in the imagination of the risk managers, keeps getting ever more sophisticated and smarter every year. By now, all these online criminals must be geniuses that would make Prof Moriarty look like an amateur.

Of course, online scams are crimes that need to be dealt with, but I think the solution has to have something to do with empowering the customer to manage their own commercial affairs as adults dealing with each other.

Ask yourself, when you get scammed in an online purchase, would you expect the shipping company to protect you? What about your Broadband Internet provider? The mobile phone manufacturer? So many companies take part in the transaction, and still it appears that only the payment provider is supposed to do something.

In the physical world, that does not seem to be an issue. Nobody is looking to the Central Bank for help if they paid cash for the fantastic deal at the weekend farmer’s market, just to find out when they get home that the oranges are all rotten inside.

If payment providers want to do something, they should start with transparency and empowering the customer. After decades of building payment systems, it is still impossible to recognize half the merchant names on my credit card statement. It is still impossible to contact the merchant or get any information about the merchant from the bank or the payment provider. It is ridiculously hard to stop a recurring payment.

Internet scams are no different from crime in the physical world. Eighty percent of all scams come from twenty percent of countries, banks, individuals etc. Internet scams could be cut in half overnight if you remove one or two countries and a couple of internet malls, banks and payment companies.

But this would also remove the profits that are being made in these biotopes of crime. And so it is easier to let risk managers wring their hands on LinkedIn (1) and in a myriad of conferences to give the impression that the industry is dealing with the issue and all it takes is “to make risk management part of the company culture” or “it is not about fraud, it’s about trust”, and similar clichés.