Online Banking (the security of which) has been taking a beating over the past couple of weeks. But there's good news too...according to the BBC, Barclay's PIN Sentry Device has made online banking more secure. ( read more on Barclay's PIN Sentry Device and HomeATM's Wedgie) at: HomeATM Has Powerful Potential!
Last Wednesday, I posted a relatively sarcastic articlepointing out how blatantly insecure paper checks were (are)...while questioning how it was, that they lasted so long. It got me to thinking... in the future, what will be the perception of the way we process today's online transactions?
So, please allow me a moment in order to set the table for the following blatantly tongue-in-cheek, (yet truly sincere) "insecure scenario:" I will use a brick and mortar example and tie it in with it's analogy to an "online purchase." Ready?
Okay, here we go...Let's imagine that you enter into a store, and you find something you'd like to purchase. Naturally, you pick the item up (hit select) and walk up to (proceed to) the checkout counter (checkout basket).
Much to your chagrin, when you arrive at the checkout counter...there isn't anyone "physically" there....nor is there a "physical" POS device which you can utilize for self-checkout. (e.g. Something along the lines of NCR's FastLane or Pay at the Pump device whereby you can "swipe" your own card and checkout.) Instead...what you find at this "unmanned" checkout counter, is a pen and a piece of paper. The piece of paper contains three rectangular boxes with instructions.
1. The first instruction tells you to: "write down (enter) your credit/debit card account number in box 1.
2. The second instruction informs you that you'll need to: "write down (enter) your secret 3-digit code on the back of your credit/debit card in the box labeled number 2" (for "enhanced security" (sic) this information is required to be entered, thus potentially hacked, by the card companies)
Furthermore, you are instructed that you CANNOT leave with your goods, as they are to remain with us here at the store. We will, however, ship them to you within 24-72 hours...if all goes well...therefore:
3. The third instruction informs you that you need to "write down (enter) your name, address, and zipcode" in box number three so we can ship your goods when the time comes. Please the sheet of paper with your name, address and card information, in the basket and leave the store or continue shopping....
Question: When put it in these terms, would you follow the instructions posed at the checkout counter? You wouldn't do it would you?
Yet, fundamentally this is how every online transaction is currently done. (except of course, ones that are abandoned*) *Note: Checkout abandonment is a costly problem for Internet Retailers, yet a problem which HATM's wedgie also helps to alleviate.)
This brings me to my point on why HomeATM's "Wedgie" is "all good." Under the aforementioned scenario, it is blatantly clear that, when it comes to online banking or online transactions, "the card swiping/PIN Entry Device" should be put into the hands of consumers!
Hand It Over Buddy
One's first reaction might be to think that asking the consumer to utilize a personal "card swiping PIN Entry Device is not how checkouts are currently done at brick and mortar locations. There, it is the retailer who is provides the card swiper/ PIN entry device. True, but therein may lie the problem(s). Let me explain...
It was these very same retailers in the "bricks and mortar" world who, "for security purposes" altered their checkout procedures by "shifting" the act of "swiping the card" over to "the consumer."
The reason behind them doing so is because it seems that there were instances whereby some customer's cards were being swiped (by insiders) not only into the retailers POS device, but also into a secondary magnetic card reader. Thus the information contained on the magnetic stripe, was being captured exposing that customers data to potential identity theft/fraud.
Word got out in the press, and in response (and to prevent this from happening), it was decided that the problem could be alleviated if the consumer never "handed it over." but, instead, "swiped the card" themselves. Thus the recent practice of consumers swiping their own cards was born.
So there's nothing behaviorally "new" when it comes to asking a consumer to swipe their card themselves. They've been doing it for a while. In fact, the practice of entering their PIN was existant well before the actual swiping of the card with the use of swivel devices that turned toward the customers in order for them to be able to enter their pin.
Swipe At Home or "Don't Leave Home With It"
With that said there really is no difference between asking a consumer to swipe their own card at home, or swipe it at a retail location. But to be sure, let's analyze:
1. Consumer Swipes their card at the physical "bricks and mortar" store location ...okay, got it...now let's do it the other way...
2. Consumer Swipes their card at "home" where the "virtual store" is located.
Seems the same to me.* *except of course, at home, whereby neither the card nor the Wedgie ever leaves the possession of the consumer, thus shielding said consumer from the potential harm caused by "a rigged" swipe device...
It is appearing more and more evident that until someone figures out a way to secure transactions without them, a peripheral card swiping/PIN Entry Device that can be easily connected to a PC, PDA and mobile phone, is an online shoppers "best bet" to protect them against fraud.