Posts tagged Credit
Lend PayPal your ears: The eBay-owned payments company doesn’t want to just process your transactions. It wants to fund them, too.
The most visible move it’s making is changing the name of BillMeLater, a provider of consumer credit eBay bought in 2008 for a little under $1 billion, to PayPal Credit.
That minor branding fix is just the tip of a financial iceberg. PayPal is also rapidly expanding PayPal Working Capital, a financing program for small businesses. It is taking PayPal Credit international. And it plans to make PayPal Credit an option for the growing number of mobile-app transactions that its Braintree subsidiary processes.
The interchange fees charged by banks for credit- and debit-card transactions have long been an annoyance for technolibertarians. (It’s not clear if their objections boil down to anything aside from a preference that they, not fusty banks, get to be the money-making middlemen in all transactions.)
That’s one of the attractions of Bitcoin. The launch of the digital currency-cum-transaction-engine promised a financial fantasy: instantaneous, irreversible digital transactions, bypassing banks and payment processors.
What that ignores is that the current cumbersome credit-card system has persisted in large measure because it enables people to buy things they can’t pay for with the cash they have on hand.
It helps to remember that drugstores and grocers used to employ clerks in back rooms to track customers’ accounts and dun them for payments. The few points of interchange credit cards charged seemed like a far better deal. Handling cash, too, has cost and risk, from embezzling employees to fake bills.
Dee Hock, the technological visionary behind Visa, didn’t like to emphasize the lending aspect of credit cards. He didn’t even like the term “credit card,” according to Joe Nocera’s A Piece of the Action. But a key part of why credit cards took off is that consumers could make a purchase now and pay for it up to 30 days later, interest-free; merchants, meanwhile, got paid far faster than they might if they were the ones collecting on the debt.
Yes, all of that sounds slow compared to Bitcoin. But Bitcoin’s digital-cash-upfront approach doesn’t help consumers juggling mortgage payments and waiting for paychecks. The fact is that well-developed credit markets are clearly linked to increased economic activity.
That macroeconomic theory seems to work on the micro scale, too. Steve Allocca, the vice president in charge of PayPal Credit and related products, says that consumers who use a PayPal credit product spend an average of 30 percent more than they would otherwise.
Even Satoshi Nakamoto, the mysterious inventor of Bitcoin, acknowledged in his first paper describing the Bitcoin protocol that the present-day system “works well enough for most transactions.”
Cash isn’t king. Cash flow is.
Both A Borrower And A Lender Be
If you look at PayPal’s competitors, the most interesting rivals aren’t the ones trying to duplicate PayPal’s card-processing business, like WePay, Square, and Stripe.
They’re companies you may not have heard of. Like Klarna, a primarily European business that lets customers pay after receiving an invoice—as Swedish and German consumers prefer—or over time. Or the soon-to-launch Affirm, a company started by PayPal cofounder Max Levchin, which promises to let buyers split payments over time.
Besides the renamed BillMeLater, PayPal also offers options like Pay After Delivery, which allows buyers to schedule a payment for 14 days out. It doesn’t charge fees but it requires use of a linked bank account, which makes the transaction far more profitable for PayPal.
A couple of weeks ago, eBay announced that it will take over the cobranded credit-card line it issues with GE Capital—giving it one more way of extending credit to consumers.
In March, PayPal’s then-president, David Marcus, told me about a bridal shop to which PayPal was loaning money to buy more inventory. That shop then lets brides pay for their dresses over time with BillMeLater. Marcus may be gone, but that vision of lending money on both sides—greasing the rails of commerce with credit—remains and is animating PayPal’s latest moves.
PayPal Working Capital has lent $150 million to date, says Darrell Esch, the company’s executive in charge of small-business lending, and is making $1 million in loans a day. So far 20,000 PayPal merchants have taken loans—approximately 10 percent of those who have been offered them. (Square has a very similar program, Square Capital, which it offers to retail merchants who use its card-swiping app.)
PayPal’s Worst Enemy
PayPal has many risks here. The chief risk is risk itself—the possibility that it will lend out money and not get paid back, whether by consumers or small businesses.
Against that risk, it is wielding a decade-plus of data on consumers’ purchases and merchants’ sales, which Allocca says will let it make faster and better credit decisions than it might using credit scores and other traditional sources of data used by banks.
The other risk is complexity, the cruft of dozens of product launches, brand extensions, and acquisitions. ReadWrite has long noted PayPal’s cultural problem with imperial overreach. It wants to be in every niche within the payments world, and it seems to want that more than having a straightforward mission executed with a simple set of tools.
Marcus, who left PayPal in June for Facebook, departed with an unfinished effort to cut back on the company’s sprawling product lines. It’s not clear who’s wielding that ax now, since PayPal has yet to replace him. (eBay CEO John Donahoe is running PayPal directly on an interim basis.)
Here, the move to rename BillMeLater takes on more than just symbolic importance. PayPal Credit makes sense as part of PayPal’s core product—a flexible credit line joined at the hip with PayPal’s stored-value account. If PayPal can roll all of its cobranded cards and financing offers into one coherent product, it stands a far better chance of fending off Klarna, Affirm, and its other eager competitors.
It also points to how PayPal might make money in a Bitcoin future. Bitcoin may well drive down transaction costs over time. But digital cash won’t answer consumers’ and businesses’ need to pay for some purchases over time. It may be that moving money from point A to point B may not be PayPal’s long-term destiny. Fronting the cash to make commerce happen may be.
View full post on ReadWrite
Swipe, sign, and pay—it’s a simple ritual that we may perform several times a day with our ubiquitous plastic credit and debit cards.
But as the Target security breach showed us, the classic magnetic stripe, which shares our account number with a merchant, is a dangerously insecure technology. It’s on its way out—but it can’t go fast enough.
Here in the United States, we’re about to get entirely new kinds of physical cards already in use overseas. We are also on the cusp of a revolution that might see smartphones play a key role in how we pay for things. It all adds up to a lot of confusion. And it’s not clear we’re actually getting any safer.
What Will Replace The Stripe?
The problem with the magnetic stripe is that once someone else has your card, they have all the secure information they need to compromise it. The full 16-digit account number is embossed on the card. It’s also encoded in the magnetic stripe in a format that’s easy for anyone with the right kind of device to read—and hence copy. There’s one more security feature, the Card Verification Value, or CVV2 number—which is printed on the back of the card. Oh, and a clerk might check your signature and your driver’s license.
As the Target hack exposed, there’s another problem with these cards: They transmit your account number—and, in the case of debit cards, your PIN—to merchants. We used to think this was safe, that merchants would protect their internal systems from hacking. Thanks to Target, and previous incidents of mass card theft like the T.J. Maxx hack a decade ago, we now know better.
There are two main contenders to replace that thoroughly broken system: chip-and-PIN swipe cards and contactless, or NFC (near-field communication), cards.
Chip-and-PIN cards are a descendant of the smart cards I’m familiar with from my time selling government systems for Apple. There’s a chip in the card that communicates with a chip in newer card-processing machines, or terminals. NFC uses short-range radio waves to communicate with terminals, which means you can just tap your card to pay. You’ll sometimes see both features in newly issued cards.
Chip-and-PIN and NFC both have an advantage over the magnetic stripe: At least with the latest versions of these cards, you’re not transmitting an actual credit-card number, as you do with a magnetic stripe. Instead, they transmit a “token”—a one-time-use number that banks and card processors can match up with your account on the other end to process the transaction, but that doesn’t reveal your account number, even to the merchant.
Here’s the problem: New cards with these more-secure payment features will carry—you guessed it—an insecure magnetic stripe for “backwards compatibility” with ATMs, gas pumps, and other payment devices that are costly to upgrade. We’re paying for convenience with our safety.
I found this out myself when I talked to American Express the other day. The customer-support rep said they would be happy to send me a new chip-and-PIN credit card. However, it would come with my information encoded on the magnetic stripe. They did assure me that I have zero liability for fraud.
Someone’s going to pay for fraud, though, and it’s likely to be retailers. Right now, retailers are largely protected if they follow the rules around swiping magnetic-stripe cards. That will change once chip-and-PIN cards are widely available: Banks and card processors will shift fraud liability to retailers who let their customers swipe the old-fashioned way.
Here’s the other irony of this transition: American Express and a lot of other card issuers are favoring an approach called “chip-and-signature.” That means that while you’ll dip your card in a reader instead of swiping it, you’ll still approve transactions by signing a piece of paper instead of entering a PIN.
It’s not hard to see why they’re doing this. Chip-and-signature might work better in, say, a restaurant where the waiter brings you the bill. It will also require a lot less retraining of store clerks (and consumers). Again, though, we’re going to pay for the convenience with our security.
Just Ditch The Card
You’re seeing a pattern here: Adding security features to a physical card makes the simple, fast swipe of a card a needlessly complicated process. Yet we just can’t rely on the magnetic stripe the way we used to.
Some people have tried replacing the card with your phone. But this has been riddled with complexity, too. Google has had a big failure with trying to get people to use Google Wallet in retail stores. Isis, a joint venture backed by wireless carriers, has similarly flopped.
I’m not convinced that replacing the card with a phone is a great idea. That might be okay if your phone doesn’t get stolen, is securely protected from unauthorized use, and can be remotely wiped clean before someone has time to crack into it. But I need to hear more to be convinced.
Ultimately we may need a system that combines cards and phones. For example, what if I could tap a card and then enter a one-time PIN sent to my smartphone? That seems more secure than using the same PIN every time—we know that fraudsters have hacked ATM-card PINs to get into our bank accounts.
Ultimately, what we may realize is we don’t really need a card at all. If all the card does is carry our account number, we have machines that do a good job of storing numbers for us. And if we can’t trust retailers with our credit-card details, maybe we shouldn’t be giving them a piece of plastic printed with our account number in the first place.
The way of the future may be carrying out commerce in physical stores the same way we do on Amazon and iTunes—we click “buy” and the retailer charges our account, with the details walled off in many layers of digital security. If banks carry out their current plans, they’ll make buying things in stores more complicated without making them any less secure—and that may be the thing that kills off the magnetic-stripe card for good.
Photo by Shutterstock
View full post on ReadWrite
End Date: Tuesday Feb-25-2014 7:25:37 PST
Buy It Now for only: $5.00
Buy It Now | Add to watch list
You know how search advertising works: those listed at the top of the results page are clicked most often. You also need clicks from high-quality searchers who are more likely to buy. Begin your trek to the top of the list – visit the Bing Ads solution center on Search Engine Land and save…
Please visit Search Engine Land for the full article.
End Date: Saturday Jan-11-2014 15:53:40 PST
Buy It Now for only: $3.99
Buy It Now | Add to watch list
One night, a decade ago, I was on a sales trip. My wife called me up to complain about the $1,700 dinner that I had enjoyed in Bangkok. Of course she was mostly concerned because she knew that I was in Washington, DC, not Thailand. A copy of my credit card had made it there, however. The next day. someone using my fake card tried to buy over $2,000 in antiques in Singapore. Fortunately, the credit-card folks were on top of the situation and my only real inconvenience was waiting a few days for a new credit card to show up.
That time I was a victim of one of the then-high-tech pocketable skimmers that unscrupulous employees used while settling your bill at a restaurant. That incident happened long after most businesses quit using carbon-copy credit-card receipts where we had to worry about tearing up the copies that carried our full card number.
Fast forward ten years, and things have gotten worse, not better. The New York Times recently reported that Target is investigating a huge security breach. According to a December 19 update on the Target problem by security reporter Brian Krebs, as many as “40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.” After first claiming that ATM PINs weren’t involved, Target later conceded they were stolen, too.
A Hack On Small-Town America
If you have read some of my articles on ReadWrite, you might know that I live in fairly rural area along the North Carolina coast. I have joked that putting a hand-lettered sheet at the main intersection is a better way of getting information broadcast in our county than Twitter.
Our area is one of those places where you likely recognize the cashier at the grocery store and some places they even remember your name. It is not a place that you think might be a target for high-tech crime, but it turns out that we were an extremely inviting target for organized criminals.
A very large number of area residents were victimized in the last few months. Some estimates suggest that hundreds of people in the area had their ATM cards compromised in recent weeks. That is a lot of folks when the largest town in the area has 3,600 year-round residents. The issue became very personal when in the space of a week both my wife’s and my ATM card numbers were used fraudulently.
This came on top of a credit-card compromise that snared a rarely used card just a month ago. In dealing with these situations, we got a lot of misleading information. Multiple people who were helping us fix the problem claimed that sophisticated new skimmers could read the magnetic stripe on your card without it even being out of your pocket.
I did some research on the Internet and found the information available to be almost as confusing. Just to make us feel better as we were trying to understand the situation, we ordered some credit-card protector sleeves and a couple of blocker cards that we could carry in our wallets. I suspected these were useless, designed to protect the RFID-enabled cards that I don’t even have. However, when you have three card numbers stolen in a short space of time, you start looking for solutions quickly and hope that something will work.
What really shocked us was that our ATM cards which were compromised were from a bank that does not even have a branch in the area. I only used my card in the four local grocery stores and my ATM card never leaves my hand. Also each time I was careful when using my PIN. My wife’s card theft was even scarier in that the only time she used it in months was for a small transaction in the local US Post Office when she pulled out the wrong card.
Shortly after we finally resolved our issues with the bank, an article was published in the local newspaper. It suggested that much of the card-number theft might have happened with skimmers on gas pumps.
That was the final straw that convinced me that we were not hearing the full story. I called the regional Secret Service office—that agency is involved in both protecting the President and investigating financial crimes—and talked to the agent that was handling the investigation. He confirmed my suspicions: The problem is far worse than we imagined.
While there are no real answers yet in our area, it appears that some computer systems have been compromised either at stores or in the companies handling the processing of card transactions. In other words, a company involved in the flow of payments has been hacked. It could be more than one company. The computer hacking has exposed everyone whose cards are going through those systems. The thieves are using the ATM card information in a way that does not require the PINs.
As the agent explained it to me, what happens once the thieves have stolen a bunch of numbers from a company is that they print gift cards with their name on them and our billing information on the magnetic stripe. He said they rarely bother with printing up credit cards anymore.
So here is what we have learned.
- ATM cards with their current security are too dangerous to use. The Secret Service agent I talked to quit using his years ago. We no longer use ours. They stay in a secure place in our home. If a thief gets your ATM card, they can clean your bank account out and it can take weeks to fix the problem.
- Credit card issuers are smarter than regular banks when it comes to fraud. When someone tried to do a $7.01 trial purchase using our compromised credit-card number, we got an automated call from the credit card company 30 minutes after the transaction because they thought it was fraud. The transaction never went through.
- When someone tried a similar transaction with my compromised ATM card, we caught it ourselves and called the bank. I had to fill out a fraud affidavit and fax it back to the bank. It took 10 days to get back our money.
- The only reason a $1,400 fraudulent transaction did not go through on my wife’s compromised ATM card was that we only had $1,300 in the account.
- The standard response from the companies is that someone is reading your card number while the card is still in your pocket. That is probably not the case.
What We Can Do
I asked the Secret Service agent for some advice—aside from just not using ATM cards, period.
He said he always tests the card-reading device on a gas pump to make certain it is part of the pump and not an attachment. He also looks for anything suspicious before swiping his credit card in a store. He said if you must use an ATM machine, you should only use a trusted one at your local bank. The banks check those daily.
He also recommended checking your credit-card balances and your bank statement as often as you can, probably once every 24 hours. He also confirmed the online security precautions that most of us are already practicing such as being very careful about downloading any software that you do not trust and avoiding clicking on links that might be suspicious. He basically said that you might as well accept the fact that your cards will be compromised and be ready for it. He said his credit cards had been compromised a number of times.
We were lucky this time and did not lose any money. We have gone back to cash now that our ATM cards have been replaced. The new ones have never been used. I carry only two credit cards in my wallet and even though I suspect the card sleeves do nothing for non-RFID cards, my two credit cards are in them.
As far as RFID cards, I am not interested in one. I have read about some clever smartphone software that uses some of the newest smart phones to read your RFID card information. I do not need more risks in my wallet.
Europeans do make use of make use of chip-and-PIN cards. Those have their own problems—for starters, they’re completely unsuitable for e-commerce and mobile payments. And I suspect their protections don’t help when the thieves manage to crack into companies processing the transactions.
Right now cash sounds like a good low-tech solution to me. Maybe the banks should start hiring more tellers if they’re not going to fix this problem.
Photo by Shutterstock
View full post on ReadWrite