Days after discovering that Target’s latest security breach left 40 million credit and debit cards and sensitive data on 70 million customers in the hands of thieves, it’s been discovered that Neiman Marcus was also hit. Technology aimed at making the internet safer has advanced far beyond what credit card companies seem to be willing or capable of implementing. Many are wondering whether Bitcoin and other cryptocurrencies, which take fuller advantage of these security innovations, will soon replace credit cards as the default method for transacting on the web.
While transacting in Bitcoin is already, by default, more secure than a credit card transaction, full adoption will require the development of vital infrastructure already available for credit cards purchases.
What’s Wrong With Credit Cards?
Credit card transactions are slow, insecure and error-prone. Since they were developed before ecommerce was the norm, they have been clumsily retrofitted to work online.
Chargebacks are a huge problem for retailers. When a credit cardholder contacts their bank to initiate a refund, whether they changed their mind or were a victim of fraud, retailers firstly don’t get paid for the items, but also usually get stuck with an administration fee for processing the chargeback, which can range from $25 to $100 per occurrence.
LexisNexis describes this additional cost of fraud shouldered by merchants as the fraud multiplier. In 2013 the fraud multiplier increased, mainly driven by a spike in fraud happening online. On average, merchants pay a whopping $3.10 for each dollar of fraud losses incurred online. According to LexisNexis, online fraud represents merchants’ greatest liability, again because credit cards weren’t designed for this use.
Data security and theft-protection always come down to an arms race between service providers and thieves. Unfortunately, credit card companies are running with their feet bound.
One big disadvantage to credit cards is that responsibility for detecting and dealing with fraud becomes diffused amongst retailers, banks and users. A recent snafu Tim Berners-Lee described in the Washington Post highlights the deleterious effects of this diffusion. While planning a trip to Asia, Berners-Lee had three separate transactions preemptively flagged as fraudulent by his credit card company, despite three separate calls to the company assuring them they were not.
As Marc Andreessen wrote for the New York Times:
Credit card fraud is such a big deal for merchants, credit card processors, and banks, that online fraud detection systems are hair-trigger wired to stop transactions that look even slightly suspicious, whether or not they are actually fraud. As a result, many online merchants are forced to turn away between 5 to 10 percent of incoming orders, which they could have taken without fear had the customers been paying with Bitcoin, since such fraud wouldn’t be possible. And since these are orders that were already coming in, they are inherently the highest margin orders a merchant can get. So being able to accept them would dramatically boost many merchants’ profit margins.
Another impediment to credit card innovation are the hundreds of pages of regulations governing transaction disputes.
As a result, thieves find low-tech tactics, such as wrapping aluminum foil around the satellite antenna used to communicate with credit card companies, rather effective. In addition, credit card companies are still battling card skimmers, malware and network breaches like the ones that affected Target and Neiman Marcus.
Where Bitcoin Can And Can’t Help
Unlike credit cards, Bitcoin transactions are made for the web. Their transactions are irreversible and require only one step.
Cryptocurrencies work like cash in that they don’t need third-party verification. Once the money is transferred, merchants are assured of payment and don’t need to worry about chargebacks.
In assuring merchants of payment, however, Bitcoin puts all of the liability on the payer. As Tim Berners-Lee explained:
If you get tricked into sending a payment to the wrong person or hackers steal your bitcoins, you have no recourse. Many of the regulations that govern Visa and Mastercard are designed to prevent misuse of the network and to protect consumers. Bitcoin operates on a buyer-beware basis.
However, that may be changing. Bitcoin researcher Alvin Lee spoke recently with Jon Holmquist, founder of BitcoinBlackFriday.com. “There is always a risk of losing the BTC, due to a MITM attack or exchange hack, also exchange risk,” Holmquist said. “All the payment processors have been stepping up and absorbing that risk though.”
Then there’s another barrier to entry to accepting Bitcoin. “It takes a bit of knowhow to integrate it into your webshop, although a lot of plugins have made that easier,’ Holmquist said. “It takes a bit of explanation to understand Bitcoin.”
One thing that attracts merchants is the low fees. Ruggero Montalto, co-founder of 79s.com, which does accept Bitcoin, noted “the high transaction costs for credit cards/paypal transactions,” as one reason for accepting the cryptocurrency.
However, while merchants pay when customers use credit cards, customers end up having to pay any fees incurred with Bitcoin.
Berners-Lee predicts that if Bitcoiners want to attract enough users to make Bitcoin-based payments mainstream, they will have to figure out how to shift fees back onto merchants. In addition, a major benefit for retail stores to accept credit cards is all of the valuable information they will gain about their customers. This isn’t the case with Bitcoin right now.
“My general guidance is: Bitcoin is an option,” Holmquist said, “an alternative. You don’t need to hold any, you take zero risks if you accept it through a payment processor. They’ll automatically convert it for you. The upside of accepting Bitcoin is that you’ll attract Bitcoin customers, you’ll reduce your fraud rates, and you’ll pay less in fees. It takes less than 15 minutes to get setup and it can easily double your business revenues (if you’re a smaller shop!).”
Bitcoin has many inherent advantages over credit cards. It’s safer and easier, and the fees are much lower. However, total domination will most likely require more infrastructure. Safety and convenience measures, such as a way to shift even low fees off of customers and onto merchants, and a risk-absorbing function for customers will be required. And merchants will need a new way to gain valuable data from their customers, perhaps through pumped-up customer rewards programs.
These are not high hurdles to overcome. And at the very least their feasibility should prompt credit card companies to step up their game to better compete with Bitcoin. The Target and Neiman Marcus breaches, along with the rising fraud multiplier, demonstrate how and why the industry is in desperate need of competition. If nothing else, Bitcoin may turn out to be just that.