EnglishFrenchGermanPolishSpanishTurkishRussianItalianDutchDutch

Roboblog

Forget anonymity, realize what your real problem is

April 2013

U: Why do you offer so huge discount only for customers paying with Bitcoin? I don't need my payment to be anonymous and I prefer to use credit card.

SKrobot: Anonymity is not the most important benefit of paying with Bitcoin. It is a nice addition but there is a more measurable advantage of Bitcoin payment - we don't have to pay processing fees.

U: That's OK, but I guess the processing fee is only a small percent of the payment and it is your cost so why should I care?

SKrobot: You are wrong about two things. For small merchants credit card online payment processing cost is often bigger than 20% of the gross price. Secondly this money must come from somewhere and it's ultimately the customer who pays that processing fee.

U: Why is the fee so high and where does this money go?

SKrobot: Common knowledge is that the fee splits:

In reality both positions represent the fee to Banks for "handling the payment". The real cost of fraud is represented by the product loss by merchant. Let me illustrate this point:

Consider three entities: Merchant, Banks and Fraudster. Fraud happens when Fraudster is using a stolen credit card to order goods from Merchant. Although payments go through Banks, for fraud cost calculations Banks are out of the equation. Fraudster is getting the goods and Merchant is losing them. This represents the cost of fraud to Merchant. It means that the entire processing fee goes to Banks to cover their expenses. Additionally Merchant is penalized by Banks with ~ $15 chargeback fee for every transaction originating from the stolen card number.

U: I agree that it's outrageous and I'm worried that the money I pay to you are being eaten by Banks. But I also think it's OK that online merchants are incentivized to be careful and not to be too greedy in charging customers. Certainly merchants can avoid fraudulent transactions by being cautious in accepting payments.

SKrobot: Merchants are motivated to keep the fraud rate low but in most cases they have no influence on the sequence of events. Often even if the purchase is legitimate and authorized by the customer, the merchant is penalized for the fraud which happened somewhere else. For example:

Eibhleann (yes, it's a real Irish name) is buying a PlayStation game on Monday. On the same day the Sony PlayStation database gets compromised and customer data gets leaked including credit card details. On Tuesday fraudulent transactions authorized by Eibhleann's stolen card number appear on her account but she is not aware of it and on Wednesday she is buying a lot of other things including SecurityKISS VPN service subscription. After a few days she checks her statement and realizes that something is wrong. She calls her Bank explaining that starting from Tuesday there are purchases on her account that she didn't authorize. The Bank is reverting all transactions starting from Tuesday and is issueing chargeback requests to the system. Banks have no incentive to analyze every transaction individually because they receive part of the chargeback fee paid by merchants who were unfortunate enough to have Eibhleann as a customer.

U: If the transaction is legitimate can't you contact your Bank to review it or to submit the complaint?

SKrobot: Small merchants are helpless when dealing with big financial institutions. Usually contacting merchant Banks to review individual transaction is a waste of time because their customer support is designed to consume supplicant time, patience and energy. It is an unfair battle: The Bank's low paid support staff against the underresourced merchant whose time can be better spent on building products and providing value to society. It's often more rational choice to keep developing products instead of fighthing for every stolen payment where outcome is uncertain and the process is exhausting small business resources.

U: So where is the problem with "normal" payments? I like using my credit cards and they seem to work well. What can Bitcoin add to it?

SKrobot: Bitcoin works in the way, most people think other payment methods work. Bitcoin is simple. Customer pays and merchant receives the payment.

U: So credit cards don't work in this way?

SKrobot: No, the credit card system is incredibly complex. Every payment goes through at least 6 different institutions. Again for simplicity let's call them Banks. None of them adds actual value to the process.

U: How so? Don't they secure payments and provide guarantees?

SKrobot: They can decline transactions once it's clear that the credit card was compromised. Most of the time it's the merchant's responsibility to reject suspected transactions. There are many false positives in this process. Whenever your card payment is bounced it may be the result of merchant's fear to accept your payment. They are scared for a reason.

U: Don't Banks provide dispute mediation?

SKrobot: They say they do, but we can hardly call it dispute mediation. Banks reverse payments on cardholder request without actual mediation which would be too expensive. There is also no incentive to do mediation. Since cardholder is their customer they need to compete for, any rejected claim might affect their future sales. Banks often come to terms with the fact that reversal requests are rarely used by genuine customers while being massively abused by fraudulent cardholders.

U: Don't Banks at least verify payer identity?

SKrobot: No, in Card Not Present transactions it's not possible to authenticate cardholder. Authentication requires a secret to be shared between two parties while the information entered during online transaction is effectively public.

Visa and MasterCard provide an optional 3-D Secure scheme which is supposed to authenticate cardholder but it is equally flawed like the rest of the system. It's based on a static password which can be intercepted by a keylogger. It also generates a lot of website redirects which apart from being an additional attack vector and a hassle to a user, are confusing, so users often abandon the purchase and look for an alternative website/provider that does not implement 3-D Secure.

U: So it looks like Banks are trying to do something useful. Isn't it just the difficult underlying problem that has no better solution? Why is credit card so vulnerable to fraud?

SKrobot: Credit card is an outdated 19th century concept. Using individually assigned payment cards was described in 1887 by Edward Bellamy in his novel Looking Backward. Early versions of payment cards were deployed since 1920s in the United States. They were always easy to counterfeit but convenience outweighed the risk. In 1950s the general purpose credit card become popular and the payment processing cost was only growing since then.

For a long time the forgery-prone credit card was tolerable in face to face dealings. Brick and mortar shops required a physical token - the card itself which, while easy to counterfeit, could prevent massive fraud if handled carefully.

With the advent of online shops we gave up that last protection measure - we check only card numbers instead of physical tokens. A single card number is used in multiple transactions in many places which means it is effectively a public information. In such a setup there is no method to prove that the person using that number is the legitimate owner of the card. The idea of using a static 16-digit number to authorize payments is just ridiculous and inherently insecure.

U: So how is it possible that it works?

SKrobot: We still tolerate that absurd and transfer billions of dollars in fees to maintain the system by companies who have vested interest in preserving the status quo.

National Retail Federation estimated that in 2008 credit card companies collected $48 billion in interchange fees. Intercharge fee is usually about 2% of transaction value, which for online payments is only a fraction of the total fee paid directly by merchant and indirectly by consumer.

Credit cards became the mechanism to transfer wealth from genuine cardholders to fraudsters with numerous institutions popping up and eating up larger and larger share of the pie under a veil of consumer protection while lobbying for legislation that prevents consumer to find out the real cost of using credit cards.

The system is not sustainable but it may take decades until it collapses. Having multi billion budget credit card companies can shape legislation to stifle innovation that could reduce amount of fraud. Banks have no incentive to fix the system. The more fraud exists, the more obscure and complex services they can offer and the more effectively can justify their existence and demand higher fees.

U: Wouldn't it be fair if merchants simply set lower prices and surcharge customers who pay with credit card?

SKrobot: It would. Unfortunately it is illegal.

Credit card lobby is extremely powerful. They influence legislation process for decades. In the United States federal law prohibited surcharges on card transactions. That law expired in 1984, but a number of states have since enacted laws that continue to outlaw the practice. California, Colorado, Connecticut, Florida, Kansas, Massachusetts, Maine, New York, Oklahoma, and Texas have laws against surcharges.

It looks like the legislation protects consumer rights but in reality it prevents customer to see the unfolded price with third party cost details.

For example, New York merchants who would like to give customer more information and display price components, including card processing costs, violate state law which is a criminal offense, punishable by a $500 fine and up to one year of imprisonment.

In the United Kingdom the No Discrimination Rule "prohibits merchants from charging different prices to those who pay by credit card rather than by another means of payment".

Merchants are forced to pretend there is no such cost. It's a taboo imposed by law. Merchants have to incorporate a third party processing fee into the product cost, so even the customers who don't use credit cards pay that price. It is not only a monetary price. It's also a qualitative difference, because the barrier of entry eliminates from the marketplace the efficient and innovative small businesses which are not able to amortize the risk and cost of online payments.

U: Can't you educate customer to make them aware of the problem?

SKrobot: This is what we do here. There are many customers who are aware of how high price they pay for using credit cards and how big share goes to corrupted financial institutions. However the sad thing is that normally those customers still contribute to cover the cost of maintaining credit card industry because the fee is included in the final price of the product which, for simplicity and legal reasons, is the same for everyone, no matter how they pay. In SecurityKISS we think it's not fair, hence the massive discount for Bitcoin payments.

U: But with Bitcoin, does it mean that you can evade taxes and do money laundering?

SKrobot: Absolutely not. We pay taxes from Bitcoin transactions like from any other revenue. Money laundering is the process of concealing illicit sources of money to make it appear like legitimately earned money. For money laundering one has to have illicit source of money in the first place. Providing online security, privacy and anonymization services is not illegal (yet).

U: What worries me is that Bitcoin payments are irreversible and I can't claim back the payment if you don't fulfill the order.

SKrobot: SecurityKISS was founded in 2010 and is continually building trust and reputation among users. It is our greatest asset. We wouldn't risk our reputation by not fulfilling the order or by not refunding the payment if the customer is not satisfied. We understand that the merchant reputation becomes an issue in the Bitcoin landscape, so for your online store selection we suggest not to trust search engine results which can be easily manipulated but instead rely on your friends' recommendation. It's also the reason why we don't do any advertising.

U: So where can I get Bitcoins?

SKrobot: We prefer not to promote or endorse other websites. Do your own research. The matter of payments is very important because it affects your quality of life. You owe it some attention.