Wednesday 14 October 2015

PayWave and Online Fraud

PayWave and Online Fraud

There are news reported regarding the possibility leakage of card holder information that suffices for online purchase. What is going to happen?

One of the possibility is the credit card holder doesn't know. Card Holder takes the lost, but this case really nothing much to talk about.

The next is, The credit card holder identifies this fraudulent transaction. He calls the card centre (issuer) for dispute with reason unauthorised purchase. Eventually, card holder and card issuer will win the case. That is, credit card holder and issuer doesn’t have to bear the lost, either acquirer or the merchant has to bear the lost. In most T&C, the liability will be borne by the merchant.

Please note that this is an online purchase, most merchants would ship their product within days, while the dispute would happens about 30-60 days - after the credit card holder received the statement. This will eventually result in a double lost. The merchant loses the dispute which means they couldn't receive the money, and they have shipped the product.

This is significant. Consider a merchant selling cameras makes $100 for each $1000 camera sales. A fraudulent transaction would effectively cause him $2000. He needs 20 more deals to balance that, and the problem is...

The good camera seller did nothing wrong.

That drives the good merchant to find a solution to fix this. In short, there are two theories of the solution.

The first is - put more gates to ensure every transaction is good. User registrations, verification, one time PIN, password and 3DS are part of this. Since the users have passed so many difficult gates, the issuer will now take the lost. Merchant is happy.

The second is - Merchant or Acquirer using other ways to identify a fraudulent transaction.

It downs to very complicated topics that could be covered in the future.

In layman'a term, you are using an email service which is really secure. It protects you by asking you a new strong password every 30 days with a history record of 12. It means you need to have 12 difficult passwords in 1 year. When you read an email, you have to type in an one time password sent over SMS.

That's the first theory.

The second is, the email provider identities you are using the same email client and platform, then I don’t have to ask for the password anymore.

That's like a customer always in same shirt at a pub sitting at the same table drinking the same beer talking to the same face but the bar tender doesn't know who is he but knows he is he. That guy can't be bad.

That's the second theory.

I am a big fan of the second, because online payment fraud is still very low in terms of transaction number percentage. With the right tech, it enables business with a lower barrier.

Let me re-cap in Cantonese
最近好多人話會比人隔空偷 PayWave Card 資料之後再上網買野,問題係現實既情況會點?

當然其中一個情況係個咭主係懵既,比人偷左野都唔知。

不過今時今日既人咁醒,好明天會係月結單到睇到呢一單唔係佢做既詐騙交易。之後,佢會打電話比信用咭中心(發咭行)話佢無做過。而一般尼講到最後既結果係,商戶或者收咭中心會輸,信用咭持有人或者發咭行無捐失。

但是,因為以上的是網上購物,大部份的商戶都會準快送貨,但是大部份的詐騙都會在交易三十到六十天後出現-即是當咭持有人收到月結單的時候。對於商戶來說是雙重損失,他們收不到錢又把貨運賠了。

即是說,假設一個商戶賣一台 $1000 的 相機賺 $100,一次詐騙就會令他捐失 $2000,他要多做 20 單生意才能䝶踴彌補損失。

問題是,這家好商戶會尖叫:「我無做錯野呀!」。

而這一家好商戶只好找方法解決問題。大致上有兩方面的方法。

一,就係加多幾把鎖問到個買家死為止。由用家登記,認證,一次性密碼,密碼到 3-D 認證都係同一個方法。如果咁都問唔死個用家既,咁呢一次,發咭行咪頂左佢。

二,就係商戶或者收咭行用其它方法知道個張咭係假既。

兩件事都好煩。

簡單 D 尼講,有一個 Email 公司話佢自己好 Secure,佢會要求每一個寫客戶每三十日用一個記唔到既密碼,而一年入邊又唔可以一樣既密碼咁。再加埋每睇一個 Email 你都要打返個 SMS One Time Password 咁。

呢個係極端既講法。

第二個方法係,你次次都係用呢部電腦 Check Email 咁部電腦又 Lock 左,咁唔洗次次問呀?

再簡單 D 講,即係有個人日日都係同一間 7-11 同同一個呀姐買同一樣既煙,咁個呀姐會認得架 Ma,第一次就問佢身份証咁唔洗次次問呀?

現今既世界鬥服務,好唔好既分別就係咁,如果呀姐次次問個客肯定佢問無咁煩既。網上詐騙其實依然是絕少數,其實收咭行可以利用科技幫商戶做少好多野同減少捐失。

Tuesday 24 March 2015

李光耀與組屋

李光耀逝去,作為一個在新加坡生活六年的我,感受良多。

http://leekuanyew.straitstimes.com/ST/index.html

由第一次 2002 出差到新加坡,行Orchard 似行太子,行Raffles 似行佐敦. 感覺新加坡是一個還是比香港差很多。
到 2008 年搬到新加坡,站在獅子頭往外看還是 ECP (公路) 和 Bintang。
到 2012 再搬到新加坡,ECP 已變為 Marina Bay Sand 和今天的 MCP (公路), 還有 Marina Bay Financial Center 等。

雖然經常和人說笑二十年之後的新加坡再沒有 Garden By the Bay,因為應該叫 Garden in the Bay,聽下去很好笑,但事實是新加坡的藍圖說十年之後就是這樣 - 當然不會改名。

如果用香港的話說,就是在那十年中,當香港還在說西九,九龍東,東北,大嶼山,第三條跑道,等等等等。

新加坡做完了,跟香港很大的對比。很大。

再拿另一個例子說,組屋(HDB)。一般香港的說法是新加坡的組屋很好好好好好。我想說,一些一般香港評論沒說的事。

1: MPF:新加坡 MPF (其實佢地叫 CPF) 的 contribution 大約是在 37%,老闆 20%,自己供 17%。跟住其中既 1/3 可以用尼買樓 (HDB),但係如果用返今時今日香港人計既方法係 S$1k 一尺,Total: S$600-1.2M (HK$4M - $7M)。其實新加坡既人工大致上相差不大,大部份情況一個人買唔到 HDB。即係其實係政府幫你(地兩公婆)儲錢 (~37% 既 ~1/3 = ~12%)買樓結婚後用兩個人既 MPF 加埋一齊買。
http://mycpf.cpf.gov.sg/Employers/Gen-Info/cpf-Contri/ContriRa.htm

係香港,就係呀媽叫呀仔每個月儲小小錢都開晒拖啦。

2: 交通:香港人要求好高,交通既 SLA 大約係一小時。新加坡無呢件事。無 MRT 係樓下,要坐巴士(新加坡無小巴)駁腳,仲要去到 MRT 好多班車都上唔到,又無村巴唔方便,MRT 壞得都唔萛唔密。其實呢個我講過好多次。

http://matchkk.blogspot.sg/2014/08/bus-fare-in-singapore.html

係香港,其實做過,不過有得上樓到既又唔係好想住。

3: 設計:睇返今日香港共屋居屋既設計,其實同三十年前比係好好多。即係點?新加坡既 HDB 既 HDB 都係大堂無閳(三十年前香港共屋方法),掉垃圾去一個耐唔耐有甲由走出尼既垃圾槽等等。唔好講其實外邊睇大致上同牛下一樣,其實內大部都係咁上下,唔同既係每個單位九百至千二尺,落樓下乜都無咁解, 無冷氣大當會所照市保安商場。全部 HDB 由 Ang Mo Kio 到 Woodland 都係一樣, 如果無係架巴士訓著左望正附近係唔會知係邊.

當然,可能呢個問既係其次如果真係有政府有呢個 Option 比我。
問題又去返如果我有 $7M,點解我唔買私人樓?我係咪有好 D 既 Option?
又點解我有 $7M,點解政府逼我儲錢?
如果政府有 4% 增長保証 (新加坡 MPF 是有的),係香港下一個問既問既係政府係既 Margin 係咪好高?點解政府可以有 4% 分紅?可唔可以有 6.89%?

呢 D 問題一般尼講, 見到再講 。

4: 出租:新加坡既 HDB 係可以出租,再加上新加坡既人口 (Citizen, PR, Employment Pass, Work Permit, Singapore Pass) 既比例,做就一個極大既租賃市場。

咁又會有問題,咁因為就係點解政府幫我投資, 點解點解點解點解點解點解點解點解點解。

5: 地: 新加坡一來無山無丁屋, 即係成個太平山獅子山大冒山都係 HDB 之餘, 仲可以四邊填海, 好似大家最愛既 Sentosa Universal Studio 都係.... 

當然係香港仲有好多其它問題,但係總之無限 Loop。

很大的對比。很大。

李光耀逝去,佢最厲害既地方係,用佢既 executive decision 做到一個大家都覺得唔錯既世界。新加坡六年,有幸識到好多新加坡人,係過邊生活過由 20 年到 2 年既香港人。好多好好有遠見既做法,更多好夠薑既做法。

Well,有少少似 Steve Jobs,即係做 iMac iPod iPhone iPad 既時間有無 business case?

無,岩就做。

好似呀媽講既野多數唔會害個仔, 有人鐘意聽, 有人鐘意問. 係咪真係最好?

又有幾多個人好似李光耀。光耀呢個名真係好好。

安息。