Can We Stop Playing Card Games with Business?
A friend who works in one of the big banks recently told me that any new-fangled approach to identity and payments is going to have a hard time getting traction while credit cards continue to work as well as they do. "Using credit cards is too easy, too normal, too entrenched in Business As Usual", he said. They used to say the same thing about Windows.
As it happens, I am in the middle of a credit-card mess right now that is certainly normal and Business As Usual, but far from easy.
See, all I'm trying to do is buy something on-line, from a retailer that's not Amazon. (I'm not going to name names, beyond saying that much.) First, the retailer's system for sorting out billing and shipping addresses was broken. Then, after I got over that hurdle (which I suppose is still there), my credit card was declined. In the course of dealing with both failures, I have pounded countless numbers and letters, over and over again, into my laptop's keyboard and my phone's screen. On top of that, I have had to give the last four digits of my social security number, plus a bunch of other information, over and over again, to too many different people at the credit-card company's call centers.
The credit-card company doesn't know (or seem to care) why my card was declined. The attempted purchase was not unusual in any way. The error message from the retailer was also unhelpful. It said, "Something went wrong when trying to process your payment. Please review the error message and try again: Braintree payment for Order #5283 (Transaction ID gb3xx6m) was declined: Declined." For the last several hours, the credit-card company also has been unable to turn off the fraud protection flag that caused it to decline the purchase in the first place, because its system for doing that is down.
Several more hours have passed between the last paragraph and this one, which I'm writing after calling the credit-card company for the Nth time and learning at last that the payment went through. The retailer's system, however, still says "awaiting payment".
I don't know if any of the new ideas for solving this kind of mess are going to succeed. Most of them probably won't. But I do believe the only answers that will finally work are ones that give us ways to be known in the virtual world that resemble the ways we are known in the physical one.
For a base-level model of that, let's say I go into coffee shop and order a cortado. A cortado has the ideal ratio of coffee and steamed milk. It's also known as a piccolo latte in some places, such as Australia. Try it out. Here is what happens around identity and payment:
I am anonymous—literally, nameless. But...
They can see I am a person, with an obvious ability to pay.
They accept payment either via cash or credit card.
If I use cash, it's also anonymous, even though there is a unique number on every piece of paper currency. The shop is not interested in those numbers.
If I use a card, they do not care about the name on the card or the number. All they care about is whether the payment goes through. In other words, they are not burdened with any details about me. (I am purposely keeping loyalty cards and other marketing gimmicks off the table here. I'll explain why below.)
If they ask for a name, it's only so they can call it out when the drink is ready. Not for any other reason.
Now, let's say this is a coffee shop where I am already known to the people behind the counter. Here the only difference is that I might be extended some friendly courtesies. If the people are honorable, I can expect that they won't be out to screw me—for example, by giving or selling information about me to people or systems I don't know.
There are permissions and agreements, casual and formal, on both sides of this system, and they have been in the vernacular of every market since the dawn of commerce. When this system works well, there is also no power asymmetry—or at least not one being exploited. The customer and the shop meet as equals in the marketplace. They trust each other. This trust has a high degree of leverage toward future business between both parties. In terms of game theory, that leverage is toward positive sum (aka win-win) outcomes.
On the whole, we have positive sum outcomes from the game played with credit cards. But there is a degree of entrapment to that game as well. We are not equals, and we do not enjoy full agency.
This is not the fault of the credit-card system, but of mass marketing's obsolete methods and assumptions, which date back to the time when Industry won the Industrial Revolution. In order to get scale—to market to masses—it was necessary for companies to treat many customers the same way, as populations rather than as individual human beings. Even in the Internet Age, attempts by business to "personalize" and "mass customize" relations with customers are made by business—not by the customer.
And, because business mostly talks only to itself about this stuff, it is easy for business to rationalize negative externalities. Among those externalities are:
Wastes heaped by others—for example, all the promotional crap that fills communication channels and brings no positive response (in other words, 99.x% of all promotional messages).
Inconveniences—such as the need by users and customers to authenticate in separate and arcane ways with every different company's different system.
Resentments and other bad feelings by users and customers toward both of the above, plus knowledge that they are being spied upon and manipulated in ways they cannot escape without giving up relationships they can't or won't do without.
Companies needing to maintain or hire the large and expensive server farms and "big data" crunching systems to process and make decisions on personal data gained by surveillance and fed back to #1, above.
All those negative externalities afflict the commercial Web today—and are spreading into brick-and-mortar retailing as well. We see this with loyalty programs that give us additional cards and key tags to carry around.
These externalities exist to a far lesser degree with credit cards than they do with marketing gimmicks (because credit cards' purposes are mostly restricted to transactions), but are still present with credit cards, as we see with my own story, above.
Einstein (is said to have) said "The significant problems we face cannot be solved at the same level of thinking we were at when we created them". I can remember like it was yesterday the feeling of futility I had when I was doing work for Sun Microsystems, back in the 1980s, enduring the torture of sitting in meetings where the pointless topic was "fixing" UNIX, which had a zillion variants, most of which were owned by somebody, including Sun. There was no way UNIX's problems could be solved at that level. We needed Gnu and Linux to solve it. (And yes, the BSDs too.) That's how I feel today about trying to fix identity and payments inside the current mass-marketing system.
The level at which we need to solve identity and payments is the individual one. It needs to happen on our side. We're the ones who need to manage our identities, how we pay for stuff, what information we hand over when we pay for things, and how we control our side of relations with the retailers and service providers of the world.
Today there are already many new projects that start with the customer and move toward business. I'm involved in many of those, through ProjectVRM. ( Here is a partial list of developers.) And, I consult some of those formally as well. But I won't name any, because I want clean new Linux geek thinking and code-writing applied to this problem.
Here's the main challenge: not using cards at all. Bitcoin is the biggest breakthrough in that direction, so far—or at least the one with the most geek interest.
What else have we got—or could we have? The answers will come, because there's a huge itch here.
So tell me who's scratching what, and how. I'd rather salute those than complain more about Business As Usual.
Doc Searls is Senior Editor of Linux Journal
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- Canonical and BQ's Aquaris M10 Ubuntu Edition Tablet
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide