- non-real-time banking/credit systems
- global, distributed cash-access networks
- near-depression global economy
- collapse of financial markets globally
- hackers contributing to organized crime
Have you ever taken money out at an ATM [automated teller machine] only to see it appear on your statement a few days, or maybe weeks later? What about making a debit card purchase that doesn't post to your account (or count against your balance) for days? How about purchasing something on your credit card that doesn't post against your account until the end of the next business day? Have you then wondered why these things happen?
The answer is this: banking and credit systems are still largely batch-processes. These systems depend for the most part on an end-of-day job that takes the sales for the day and sends them to a processor to post through. Sometimes, in certain cases where the merchant is low-tier, these batches don't happen for days or as much as a week!
While on a road trip a year or so ago, we stopped in a mountain restaurant in Southern Carolina... had lunch and bought some gas at the fuel station across the parking lot. When I got home the next day I tried to reconcile my checking account's available cash against purchases only to discover that the nearly $100 I had spent that afternoon hadn't made it to my account. In fact, that debit did not post to my account until 4 days later! This got me thinking...
No one will contend that recent hacker activity around credit card numbers and financial fraud has skyrocketed, and is only trending upward at an alarming rate. With the global financial crisis we can anticipate more losses and hack attempts in the world's financial and credit institutions. So why is this a bigger problem today than it was years ago?
The main reason is that financial systems like credit card processing are not real time; meaning, they do not instantly transfer the money you credit/debit against your account. In fact, as my story illustrates some of the less-developed areas within this ecosystem are very much laggards. These systems aren't going away, either. With banks on the brink of being nationalized there is very little chance that tomorrow we will all wake up to a financial system that has globally performed a rip-and-replace exercise on the technology underpinnings of the credit markets. In short, non-real-time batch processing of credit/debit is here to say for the forseeable future... this presents a glaring problem.
Take a scenario where hackers break into a massive treasure trove of credit account data (such as they did at Heartland Payment Systems, recently) and then create cloned cards which can be used at ATMs to withdraw cash or POS systems to make small purchases without raising any eyebrows. These criminals can then tap into a globalized organized crime network which can take the millions of compromised, cloned cards and strike simultaneously to withdraw massive amounts of cash before any bank realizes what just happened. Massive, coordinated fraud efforts like these are being perpotrated all around the world and it is very, very difficult to find them, and even more difficult to prevent them.
The only answer to attacks of this nature is a full conversion to real-time financial systems within our banking industry. Given the anemic condition most of these banks are, this is simply not a possibility. What makes this even more improbable is that a system like this would have to be cover over to in an all-or-nothing fashion. The bandage would have to be ripped off in one clean motion otherwise the pieces not attached to the new network would systematically begin to fail. Global credit processing failure would lead to an even more serious catastrophic event... but that's neither here nor there.
So you see, the banking industry has only itself to blame for the fraud it's being subjected to right now. Hacking happens, and no matter how PCI Compliant you are, how much money you've invested in preventative technologies they will not stop the determined human attacker who could be sitting in your call center harvesting card data about your customers right now!
So the ultimate rip-off? Finding an account that has a sizeable take, but not too big as to trigger special flags, and simultaneously withdrawing a good chunk of those funds from different global locations. By the time the different batch-oriented systems go to reconcile... you'll be [ $WithdrawAmt x SizeOfMob ] overdrawn and the criminals will have gotten away with it cleanly.
Will this achilles heel ever be fixed for good? It has to be. But only time will tell when... and how painful that transition will be. As for me, I'm going to keep using the cash I've been hording in my mattress.