“Here’s your credit card, Ma’am, no need to sign the charge slip for payments below P2,000,” the waiter at her favorite Italian restaurant says to the lady-lawyer, a regular diner. “But I want to sign the charge slip,” she insists. “See here, there is a blank space for the tip to be given, if the customer wanted the tip to be included in the credit card charge — how would I know if an outrageous tip amount was added by someone without my knowledge? How can I prove, should I question my credit card statement, that I did not write in a tip on the charge slip?”
“We won’t do that, Ma’am,” the restaurant cashier says, but she acquiesces and presents the set of charge slips. And the lawyer signs the merchant copy and the bank copy of the charge slips, after she had crossed out the space for the tip. She prefers to pay tips in cash.
It is all a matter of trust. But the lawyer knows that many things can go wrong with this new style of credit card companies that require no signatures below a certain cutoff amount. First, what happens to the “contract part” of the credit card transaction? Where’s the signature that the credit card owner has agreed to the terms of the credit card usage — particularly the promise to pay? Second, for restaurants and other service providers, there’s that tempting blank space for the tip. What obligation does the credit card owner have for an unsigned, filled in tip? Lastly, and the more dangerous: if the credit card gets lost or is stolen, the impostor-holder of the credit card can charge without question because of no need to sign for the cutoff amount and below. A fraudster can easily hop from establishment to establishment charging P2,000 and below each time, and raking up charges to hundreds of thousand pesos before the card is noticed by the owner to be lost or stolen, and reported to the credit card company for deactivation.
Just the week before, the lady-lawyer’s Mom used her bank’s offsite Automated Teller Machine (ATM) to get some cash to avail of shopping discounts — for most retailers offer up to 20% discount for not using a credit card to pay for regular-priced (not on sale) items. Being quite new to her debit card with the EMV chip, she fumbled with inputting her recently-changed six-digit PIN (password) on the ATM. Okay, the old magnetic-strip (magstripe) ATM cards were so easy to hack, hence the more secure EMV-equipped debit cards — but why does her bank’s ATMs still have those deep hoods to cover fingers keying in the PIN, groping in total darkness for estimated location of number-keys? True enough, she inputted the wrong PIN twice, and her card was sucked in by the ATM. A chilling feeling to have your debit card “captured.”
Chilling — because that one debit card allows access to all your bank accounts from the ATM, and even at the point of sale terminal of merchants, for debit payments. If the debit card is lost, mislaid, or stolen, the unscrupulous user/hacker who knows the password technology and logic, or perhaps even some maleficent bank insiders can withdraw from any of your array of bank accounts on the ATM screen. Sobra naman (too much) to think that, the branch manager chastised the complaining depositor whose debit card was captured at the offsite ATM. But it has been almost two months, and the captured debit card, though deactivated, has not yet been replaced by the bank with “unbundled” (meaning separate) debit cards for each account, as requested by the depositor. Unbundling accounts wrecks the very concept of easy and immediate access to the “total relationship” accounts, the branch manager says. Meantime, the depositor asks for on-time account statements each time she goes to the bank, to be sure there are no movements (debits) from her accounts, which are temporarily inaccessible through ATM. Imagine, in this day of the all-powerful EMV debit card, she has to physically go to her bank to do over-the-counter withdrawals and deposits!
Why don’t you just check your balances online? No way, she said — since that time a year ago when her e-mail was deluged with requests, purportedly from her bank, to provide identification details and other vital info supposedly “to update records.” The sender of the e-mail had the bank’s name, so how could this little old lady know that it was “phising” (posing as a legitimate entity to get sensitive info to impersonate victim and then do the actual financial theft). No to online banking or to mobile banking. If the Bank of Bangladesh was hacked for US$81 million, and the transfers to the illegitimate beneficiaries were allegedly so smoothly executed online by the suspect Philippine bank (by the accused bank branch officer, particularly) to the gambling casino, what better luck would a small depositor have to be spared from being chosen victim by online mechanisms?
The tornado of top-bank ATM hackings in 2017, further lashed by the “mis-posting” fiasco by the second-largest bank all but uprooted the trust of bank clients for high-technology based financial service and transactions (fintech). The Bank of the Philippine Islands (BPI) system glitch affected 1.5 million of the bank’s 8 million clients, with the bank suspending its online and electronic services for a total of 26 hours (Rappler June 21, 2017). Banco de Oro (BDO) reported that 7 of their 3,700 ATMs had been “compromised” due to skimming, as its transaction banking group admitted that all IT systems environments have potential points of failure (manilatimes.com July 01, 2017).
Can we then trust fintech? According to one survey, Filipinos make about 2.5 billion payment transactions per month worth US$74 billion. Only 1% of these consist of electronic payments, and the rest 99% are paid either in cash or checks (Fintechnews Singapore August 22, 2017.) For other transactions 25% of clients are actually using digital channels to interact with some 28,392 branches of financial institutions in the country as of December 2016, according to data from the Bangko Sentral ng Pilipinas (BSP). The numbers are growing, the BSP says (Ibid.). There is nowhere else to go but digital and electronic. No choice. The whole world is going that way, and fast.
The rushing and gushing to sophisticated financial technology by banks and financial institutions — for their own competitiveness and profitability — has probably imposed and exacted the greater weight of trust from depositors, investors and borrowers than what would have been earned by the banks and financial institutions through traditional personal service. “While ‘fintech’ used to refer to the back-end technology to run traditional financial services organizations, (it) has morphed into a term primarily used to describe disruptive financial technologies” (https://learn.g2crowd.com/fintech).
Fintech is good for the financial services industry, as it streamlines procedures, eases regulatory compliance, and facilitates B2B cooperation and sharing of information critical to recognition of risks and decision-making for loans and liability-taking. “One of the major benefits of fintech, specifically in regards to blockchain-based fintech and AI-powered regtech for the financial services industry, is the introduction of transparency. Fintech projects create auditable money trails and can help identify potentially fraudulent activity faster and more easily than a human” (Ibid.).
But what about the completely-human client? What about the risks of identity theft, of privacy of information, and the vulnerability to fraud and crime? How does the ethereal, mysterious cyberspace environment of fintech provide solid and concrete legal and basic rights protection to the consumer in trouble?
We just have to trust fintech and our rapidly changing world.
Amelia H. C. Ylagan is a Doctor of Business Administration from the University of the Philippines.