Community

"Sainsbury's and Tesco were also faced with an IT outage over the weekend"

I know that Sainsbury's and Tesco use different payment gateways, so I think it's misleading to refer to it as "an" outage.   So was it something else, an issue with their comms provider? Or one of the acquiring banks?

It's an eye-catching headline but is it really going to translate to a dip in merchant's profit & loss statements? I am sure that customers who want to buy an item and get a decline will try a different card, or perhaps PayPal for example. Or customers would become so frustrated with a site that they go to a different merchant, which is a lost sale for the first merchant, but a win for the second; and net zero for the UK industry overall. So the call-to-action should be for merchants to ensure that their payments provider is up-to-date with the latest mandated requirements because payments is not just a commodity, it can be a differentiator in the last small but vital step of capturing an online purchase.

Interesting data but wrong conclusion on point 1 "Our data indicate that during COVID-19 people started calling more regarding issues that could have been handled online — just to make sure their problems were definitely resolved." The conclusion that companies should hire more people that their customers can talk to doesn't solve the problem, which is that customers are fed up with generic answers like "your issue has been recorded and we're doing all we can to address it". Whether that comes from a chatbot, or whether someone reads it out to me from a script over the phone, it's not going to give me much assurance. Technology needs to enable meaningful communication from real people. e.g. The CSR should tell me "on average its taking 2 to 3 days before an engineer can look into your issue". And communication channels need to be kept open, e.g. the engineer should be able to add a note to the issue which sends me an email. 

Could selection bias be a factor? Clearly those people who install budgeting apps are only those who struggle to stick to a budget...

Is it in everyone's best interests to impose a 24-hour delay on all first-time transactions, irrespective of the amount. What impact would this have on VocaLink's Pay by Bank app, and similar eCommerce initiatives?  I think the payee's bank should carry some of the risk, e.g. what is the history on the account (was it recently set up), is it receiving an unusually large number of payments, etc. and then those funds should be ringfenced incase of possible disputes. What kind of KYC was performed?

Hi, when a customer opens the app he/she will be prompted to check-in, which is done by scanning a QR code displayed on a poster in the store.

In answer to your questions, the app connects to the same stack that runs eCom. Co-op don't have eCom fulfilment centres, items bought online are picked at the local store and then ready for pickup / delivery, so the eCom stack is aware of inventory at each store. 

Lynton, what about the reports of Irish people abroad who can't pay hotel bills? A cheque wouldn't be acceptable in that situation.

Hi Nick, "Barclaycard research shows the high-street loses £11.6 billion by not addressing top in-store frustrations, including long queues to pay.".   Can you share some more details about this research? I think it's credible that £11.6 bn has moved from bricks-and-mortar to online shopping, but where would you rank "long queues to pay" compared to other factors such as -difficulty to find parking, -items out of stock in the shop, -sales clerks who aren't knowlegeable about the products... ? 

@Ketharaman: Migration of an onprem system to the cloud would give a retailer very few benefits, but the PCI DSS standards do cater for it in Appendix A “Additional PCI DSS Requirements for Shared Hosting Providers”. It contains this note: Even though a hosting provider may meet these requirements [separation of entities, and physical security measures], the compliance of the entity that uses the hosting provider is not guaranteed. Each entity must comply with the PCI DSS and validate compliance as applicable. In answer to your question Amazon / Microsoft cannot make the retailer's payment system complaint with PCI-DSS, they can only provide a data centre the has the necessary requirements for the retailer to achieve PCI-DSS. In our experience the overwhelming majority of retailers have already moved, or are looking to move, to a SaaS solution because they don’t want to be burdened with the technical requirements of security, compliance with the card scheme mandates, etc.

@Rodney: my thoughts on what is now "fit for purpose" today is to separate CNP from card-present. Why is the same PAN embossed on the card, encoded in the magstripe, and in the CHIP? If they were 3 different numbers (all linked to the same account) a retailer could decide to accept EMV only (in those markets where it is already very well established) and any data passing through the payments system would be useless to fraudsters trying to create counterfeit cards or do fraudulent CNP transactions.