Card Numbers - Are they really a necessity?
I was recently cleaning up the mess in my wallet when I saw the number of cards that I had. I had a look at the cards and I don't even remember using them for quite some time. That was when I started asking as to what is the requirement for a card number, when I did not even remember even one card number.
Then what is this fuss about card numbers. Do we really need to have card numbers to transact on our cards? Coming from a Risk Management back ground in cards, my thoughts moved towards the risk aspect.
As per the information provided by Smart Card Alliance, e-commerce growth has been steady and is likely to continue with the upward trend for some time. The reason for the growth has been the increased feeling of comfort amongst the consumers with shopping on the Internet, as businesses continue to innovate. Smart Card Alliance estimates that the sales on internet could exceed another $200 Billion only through Card Not Present Transactions.
As per a report submitted by RSA, Card Not Present (CNP) credit card fraud in USA alone has increased from $2.1 billion dollars in 2011 to an estimated $2.9 billion in 2014. This figure is expected to go up by more than 100% in the next 3 years.
These is not a solution in the short term, but as per me can help in reducing online fraud and phishing as what a person doesn't know or has not access to is not going to harm him/her.
One of the major factor that I consider in online fraud is the easy access to information that is required for online transactions. Card number, expiry date and CVV value is easily available on the card. What is the requirement for having critical information on the physical card? What would happen if the card number and CVV value is not present on the card? What if the customer has no idea as to what the card number or his card's CVV value is? What if the card number is to be used only for the Bank's internal use rather than giving the customer this information?
The next thought that came to my mind was how would a customer do internet purchases, if he has no card number or CVV value? Today on most of the websites, the customer has to key in his card number, expiry dates and CVV number to get an authorization for an online purchase. What if online purchase was modified to route the transaction to the customer's internet banking site, which has a secure log in. Once the customer logs into his internet banking site, he accesses a secure module, which can be activated through an OTP through his registered cellphone with the Bank. Once he enters the secure module, the customer gets to see the list of cards that have been issued to him, the card information in the secure module could be just the first and last 4 digits of the card and the remaining digits being blocked out. The card product can also be described to make the selection simple. The card in this secure module is to be linked to the card CVV which is not visible, but is sent across for authorization when the customer selects the card for transaction.
Most of the banks have moved away from the age old method using card numbers to access internet banking to using specific ids. So card number becomes irrelevant in these instances also. Another thought which came to my mind is in terms of customer service. If a customer needs to call up customer service to find out details of his card or any other action on his card, how can he access or provide information without a card number. Banks will have to start looking at solutions to handle this. One of the method that comes to my mind is multi-variable identification of customer using different information like date of birth, id number etc. With most of the countries having a unique id for citizens and a passport id for non-residents for their banking records, this information can be used along with the date of birth to trace the customer information rather than the card number.