Back on “frictionless payments” again. The bitcoin dream of instant (well, sort-of-instant) value transfer from anyone to anyone else with no third party that might be able to censor the transaction in the middle inevitably leads to what we used to call, in the first flush of digital bearer instrument debate, the “Grandma presses the wrong button and loses the house” problem that I touched on earlier this week. Or, to rephrase using the current examples, if the customer uses two-factor authentication to instruct the bank to send money to a crook is that the bank’s fault? Is it really a customer’s fault , for example, if their solicitor uses insecure e-mail to communicate with them instead of secure WhatsApp? There’s a spate of such frauds in the UK right now.
Mr Doyle instructed his bank to pay the money into this account. The couple then enjoyed their Easter weekend, little knowing their money had been stolen and their lives were about to be derailed. The truth emerged only the following Wednesday when TCS confirmed it did not have the money, and it became clear that the payment had been made to unrelated account operated by fraudsters.
The report then goes on to say that “the whereabouts of the money remain unknown” but this cannot be entirely true. Since the money had to be paid into a UK bank account and since UK banks perform stringent Know-Your-Customer checks before giving people bank accounts, the whereabouts of the money are very likely known, if not by the account holder (who could then be arrested) by whoever the account holder gave the login to (who could then be arrested). So it should be easy to get the money back… well, maybe…
Mrs Parkinson, a self-employed secretary and bookkeeper, was told that the remaining money could not be returned because the stranger who had the cash was “not able or willing to return the funds”.
Payment UK recently released a report about payee identification that proposes to add another step to inter-bank transfers so that after you enter the bank account details of the recipient (which you shouldn’t be doing of course – a big part of the solution is to stop requiring customers to enter sort codes and account numbers) the system will send you back the name of the receipt and ask you to confirm. There’s a long way to go with this though, because there are privacy and other issues. Is it any of my business what the name on your account is? Nevertheless, fixing the problem is on the agenda.
The UK banks also have a new code of conduct for instant payments so that if you accidentally send money to wrong account then the banks will ask nicely to get it back, but if the person you sent it to doesn’t want to send it back, you basically have to go to court (and pay the banks’ lawyers somewhere between £80-£200 per hour).
the ombudsman ruled in favour of the banks, reiterating that MBNA and Santander had done all they could.
If the bank can’t get your money back for you when you made a mistake, then you may as well have used bitcoin. Right? That’s what they appear to be telling you! This is why I will pay for the lovely antique map case I just saw using a credit card and not the faster payment service (FPS), which would have been quicker and cheaper for the me, the merchant and the bank. Of course, if someone put a scheme on top of FPS so that they did the payee verification for you and included chargeback rights for a small fee then that might be very attractive to a great many people.
In other news, MasterCard are apparently launching a bid for VocaLink.