Originally this post was a recap of recent events. I slowly and inadvertently focused the composition into a boring diatribe about inappropriate behavior. This too (almost inevitably) was edited into a drawn out whine about how much I suck.
This wouldn't be a personal blog if there wasn't whining.
However, I'm not one to inflict without regard to the audience. In short, I'm playing the depressed and reclusive insomniac game. So uncharacteristic! The faux revelation and predicable sarcasm are off the task list. Now, I can get some thoughts out:
There is a criminal element on the Internet. One of its interests is in the theft of money. Consumers are instructed to not release their financial information to untrustworthy parties on the Internet. Let's quickly review the flaws with this advice:
- It's impossible to securely transmit payment details.
- It's difficult to know you're communicating with a trustworthy party.
- It's inconvenient to mitigate financial damage.
When given a choice between those three, the path of least resistance is clear. Check your account statement every month and ensure nothing naughty has occurred. In the best case situation, your bank or credit institution will be receptive to the hassle-free resolution of any conflicts. In the United States, most larger institutions are consumer-friendly in this regard... at least, as long as the consumer fits within the normal risk curve.
I will now take this post two directions. The previous paragraph caused an idea to form, and I would like to share it in the hope for constructive commentary. I can imagine what for-profit banks will think of it. (Hint: not the greatest fans) Afterward, I will discuss an alternative solution and potential research topic.
Any creditor can debit from your account when armed with your financial information. Furthermore, there are no hard and fast rules about not retaining your financial information. Therefore, after shopping someplace, you are at their mercy in terms of responsible future use of your bank account. Your only recourse, as I described above, is vigilance and orneriness. The current financial transaction model is effectively a delayed try-catch model.
Programmers will understand what I am saying immediately. Non-programmers can ignore my insight. The end result is permissive model of payment with an assumption of acceptance. But, the time skew between the moment of transaction and the moment of confirmation can be upward of 30 days. The choice between maintaining careful accounting records (checkbooks) or religiously checking your institution's ledger results in the common third-option of apathy.
For-profit banks reap handsome gains from the third-option. For the consumer, it hardly seems fair: you lose either way! And, I would contend that in the connected First World, it isn't. Here is a simplistic proposal:
- A transaction is started by swiping a card / entering an account number. No personal information (name, address, etc.) is exchanged.
- The financial institution places a block on your funds.
- The financial institution contacts you, out of band, to authorize the transaction. Text message, cell phone call, e-mail alert, and instant message are all options for varying situations.
- If you authorize, the transfer occurs. Your creditor receives any relevant personal information and the payment.
- If you do not authorize, the transfer is rejected and the bank knows to start an investigation.
- If nothing happens, the transaction is either accepted or denied according to either your preference and the bank's risk mitigation policies.
Why no up-front personal information? The use of credit/debit cards, checks, and other delayed payment systems force you to reveal your personal information. However, you don't necessarily know who you're dealing with. The bank operates as a third-party. Neither party needs to trust one another if both can trust the bank.
Why out of band contact? If you contact the institution, then there is the chance of some kind of phishing-style attack. If the bank contacts you, and supplies the relevant details, you need only respond with a "yes" or "no." No risk to you!
Why a text message, cell phone call, etc...? Any method of prearranged contact is acceptable. Confidentiality is required insofar as you may not want certain purchase details exposed. But, authentication is necessary. (We're getting technical now.)
Why is my personal information transmitted at all? Because both banks and vendors want to reduce risk. For example, many websites won't ship to an address that is not associated to your credit/debit card. The practical upshot for you is that you can see what information the vendor needs. Apple does not need my home address so I can download RJD2's new album.
Wait, risk management policy? Just because you want any transaction you don't immediately respond to be authorized does not mean the bank wants that. They're on the hook for the debts you welch... and pass the savings on to you!
Gosh Scott, that's awesome! Why don't they do this? Well, I think they do in some places. However, there are constraints at the moment. Perhaps we could do it ourselves, while we wait for the banks to do it for us.
What? Bear with me, as I'm going to get all Web 2.0 for a moment. Consider writing a parser for your online banking account. This can be hooked up and every new entry can be text messaged to you as they come in. If you text-message back a "no," then your software automatically sends a detailed abuse report to the bank. The catch? Contrary to the advertisements, there is an awful lot of work to be done before real-time transactions are a reality.
I'll be a curmudgeon for a moment and note that blocks are already updated in real-time on my online banking. Obviously, the information is available somewhere...
An opportunity for research
If the banks cannot provide a solution yet, maybe the free-er market can? Getting back to the original point, a criminal element exists out there. Worse, they're able to make relatively anonymous financial transactions. They use services like e-gold to move money around. Perhaps there is an opportunity out there to help people set themselves up as self-contained, and purely virtual financial entities? Open source could lead the way here, with freely available and easily audited software for operating as your own bank.
I think a PhD hopeful could easily make a research paper on that.