Recently I receive a note from HSBC about replacing my Maestro/Mastercard debit card by the debit card from Visa. The note explained that the reason for this was new feature for cardholders - ability to use their debit cards worldwide (Maestro has limited acceptance, mostly in the UK). Such HSBC care came as a surprise especially during the crisis and weak pound, i.e. when Brits have minimal interest in travelling abroad. So, I have not believed HSBC that the mentioned feature caused a dramatic campaign of card replacement. It is dramatic because the biggest UK financial institution has changed its debit card partner to its competitor - from Maestro/Mastercard to Visa.
Apparently, I was involved in some technical events last year that, I can suspect, were a part of the HSBC decision to change the partner. Here is a short story.
A few years ago Maestro/Mastercard and Visa developed new technological solution and procedure for authentication of cardholders that was supposed to prevent payment fraud via Internet. I will not overload this post with technical terms but can say that specified procedure required all merchants who accepted payments with debit cards via their Web Sites to include special formalised dialogs into their Sites. The dialogs had to help submitting secured passwords known by the cardholder and the card-issuer (bank) only to the card issuer fro verification of cardholder identity. The cardholder had to subscribe to this protection programme up-front. If submitted secured passwords matched the information kept in the bank, the debit card payment was approved, otherwise - denied.
'What's wrong with this?' you may ask. This is a great thing if we can protect cardholders. Yes, may be, but it protects the card-issuer (bank) first of all from the claims about unauthorised use of the debit cards (not necessarily stolen but used by the household members, e.g. kids). Still, it is not a problem.
The real problem is in that the card processing intermediary/organisations (acquirers), being under the pressure from Maestro/Mastercard, started to threat merchants with fees if they did not support this programme, i.e. did not modify their Web Sites and included authentication dialogs. At the same time, Visa offered its protection programme, actually, very similar to the Maestro/Mastercard one, but did not make it mandatory for the merchants.
What is the difference? Let's look at this case from the merchant perspective. The merchant has to: 1) modify and redeploy its Web Site which is not that simple thing for small and medium size organisations; 2) the merchant's Web Site should be open into uncontrolled (by the merchant) Web infrastructure used by the banks for user authentication procedures, i.e. merchant's Web Site got unmitigated risks of crash, delays, and whatever attacks; 3) cardholder easily forget the secured passwords and were not able pay, i.e. were not able to buy goods; this is direct negative impact on both merchant business and consumers.
Why all these happens? Because a company that offered a service to its customers - cardholders and merchant - decided to dictate or manage them. This company was overwhelmed with problems around debit cards, the problems that were recognised from the beginning, included into the Service Level Agreements and even covered by card maintenance fees (or whatever this fee is called). Do not you recognise a classical application-oriented behaviour? Applications used to dictate its consumers what and how to do and exposed its internal problems and constraints onto the users.
In the service oriented environment such behaviour is impossible. It is the consumer/user/client decides if offered service is good enough for the consumer's needs. If the service violates SLA, it is enough reason to switch to another service or provider. I think that HSBC thoughtfully or intuitively performed the service-oriented solution for its customers. I think this is a great example of the business action conducted in the service-oriented manner. Indeed, if a cardholder with Visa debit card does not want such protection, s/he can skip all associated burdens; if s/he wants it, s/he will push merchants to support the programme where needed.
So, being in the service business, serve. This is the SO business rule number one.
Leave a comment