We’re making progress. Before this year, on trips to the UK my American banks didn’t offer chip-and-PIN cards. When I came over for this year’s European Information Security Summit in February, I finally had two chip-and-PIN cards, and they both worked flawlessly. All it took was last December’s cyber-crime attack on retail giant Target to finally convince American banks that the time was right to start adopting the simple security technology that Europeans have taken for granted for many years.
What struck me as most compelling about the rollout is that the implementation was – from a consumer’s point of view – utterly uneventful. That’s the brilliant advantage that comes with adopting common standards: once you’ve proven something works, it’s more efficient and less stressful to latch onto an industry standard than it is to try and compete endlessly with different proprietary techniques.
Case in point: we’ve had mobile banking on our smartphones for years. The Texas-based USAA, a financial services company, has made it extremely simple for me to instantly deposit cheques using their iOS app and my iPhone’s camera. I just click the deposit button, hold the phone above the endorsed cheque, snap pictures of the front and back and, 30 seconds later, have the money transferred into my account. I have accounts with two other American banks, and neither of those smartphone apps allows me to deposit cheques.
USAA’s app also lets me pay my bills from my smartphone, something that my other banks (who shall, for decency’s sake, remain anonymous) can only handle from a desktop PC’s browser interface. The best that my other banks’ iOS apps can do is allow me to transfer funds between accounts and check current balances. That’s inadequate.
Similarly, my sons’ Boy Scout Troop uses Square’s tiny credit card reader widget to support their annual fundraising. In the three years since they adopted Square’s tech, their earnings increased an average of 21 per cent because donors could pay via credit card. They tried out a competing product that used a different technical interface, and had to abandon it because it didn’t measure up.
I raise these examples because we always seem to be perpetually on the brink of introducing reliable digital payment solutions. Yes, I’ve seen people buy things from vending machines using their phone. I’ve used keychain-based Near-Field Communication widgets to buy petrol. I’ve used the Starbucks app’s barcode scanner that links back to a serialised gift card. There are a lot of interesting ways to simulate being paperless and cardless in the economy, but they all – in the end – took us back to a traditional bank and a traditional monthly bill. It’s obfuscation, not true evolution.
If we’re ever going to deploy digital payment technologies, we’re going to have to select the engineering front-runner and double down on their technology as a common, multinational standard. Pick the total solution that works best and commit to it early. For best results, select one that incorporates biometrics, behaviour modelling, and geospatial location-aware services for a truly secure implementation, and then take it to market. Today, I have to call my bank and warn them that I’ll be traveling overseas.
A global deployment should always know where you are, and that you’re the one authenticating your purchase. Simple, efficient, and intolerant of drama. I’m hoping that when I return for the 2015 European Security Summit, I’ll be able to leave my credit cards at home and just bring my mobile phone to pay for everything.