Search This Blog

Wednesday 21 December 2011

Is it "Safe" to View and Pay Bills online?

As Internet technology now allows bills or invoices to be presented electronically and then paid at the presenting web site (whether this is a bank’s site, merchant site or third-party site) in this brief article we investigate whether this carries any significant risk from a payee/consumer or merchant perspective.

Perhaps the very first test of potential “riskiness” when using any electronic presentment and payment (or EBPP for short) web site is whether it is secure. The vast majority of web page addresses, also known as URLs, typically begin with "http." However, to pay bills online, the web page should always start with "https," which signifies a secure socket layer or SSL connection (or one in which data is fully encrypted). This typically means that you can see a padlock icon, usually in the top or bottom corner of the browser window (or in some cases it may even turn the URL address background green or light blue). Clicking the padlock icon will often reveal the site's security certificate (and allow you to read about the particular protection that this affords).

Now that a consumer knows that he or she is on a secure site, the next step is to ensure that the login process is secure. A good site will usually give a consumer two options-to pay instantly or as a guest, and to register on the site to use it again and save time on the next occasion the consumer uses it. As a guest, a web site will typically only ask for an email address and then ask a consumer how he or she would like to pay from the options they make available. This may mean entering debit or credit card details for example, which should then give a consumer the option to confirm the transaction (and then as a further security step run the transaction through 3D secure-a process used by major credit card companies as an added XML layer for online credit and debit card transactions. Visa call this process “Verified by Visa”, MasterCard call it “MasterCard SecureCode”, JCB International call it “J/Secure” and American Express call this “SafeKey”. Overall then, a well-constructed site will offer a safe payment system for consumers (and there are card and bank protections on fraud and low limitations on consumer liability in any case). Even so, consumers should also look for extra safety in specific statements on any given EBPP site about PCI compliance (or payment card industry standard adherence) and/or that credit/debit card data or numbers will not be stored or saved in any way (and if they are, that they will be fully encrypted and tokenised as a further protection against theft or fraud).

When registering (either before or after a bill had been viewed and paid) a well-designed and safe web sites will ask a consumer to set up a user name and password that he or she can remember and that identifies the consumer every time he or she uses the site in the future. The site may also ask for additional data such as email address, physical address, date of birth, driving license number or even passport number. In some cases, they may go yet further and ask security questions to help validate a consumer’s identity in the case of a future forgotten login ID or password. Although these may seem personal and even intrusive, these steps are all designed to protect consumer security and ensure that only one person is able to see the bills posted and to effect payment of any kind. In other words, this process allows the web site operator (financial institution or merchant) to know the customer (a process they call KYC) and protect everyone’s security to the best of their ability.

In general, research suggests that consumers worry most about using credit and debit cards on online sites of any kind. However, in the world of bill payment (as opposed to online shopping for example) these risks are not as great. Even a person with a stolen credit card number is highly unlikely to pay a bill for another person (assuming he or she had the bill details to enter) and even if they did, the risk would be with the merchant and not the consumer. So what about merchant side risk?

For a merchant, the greatest risk is charge-backs. This is where the credit or debit card holder disputes the transaction anywhere up to 6 months after the transaction date. Charge backs can either be because the card holder disputes that they made the transaction at all (i.e. it was a stolen or fraudulent), or because they did receive anything in return for the payment that was made. The second reason for chargebacks in the bill pay space is very rare, but the first reason-theft or fraud is obviously quite common (with total estimated costs of just under £1 billion in the UK in 2010). This is why online billpay web sites need to take so much care to ensure that card holders (who are not present as they are in a retail transaction) are who they say they are.

Summary
In the final analysis, for those EBPP sites that have a clear secure socket payment layer (SSL), have clear statements about security of information and sound compliance and a well-structured registration process, consumers face very low levels of risk (with a very low liability even when a rare problem may arise in any case). The merchant however, faces potentially much more risk arising from both debit and credit card fraud (and therefore possible charge-backs), but risk this can be mitigated with good consumer checking processes that are made easy for every customer to the site to use.

Monday 12 December 2011

Should public sector organisations care about introducing e-billing?

Electronic billing (or E-billing for short) has now been around for several years and has been introduced in businesses like large utilities, telcos and many smaller commercial organisations (such as accounting and legal firms). However, it seems the switch to some form of e-billing has occurred mainly in the private sector and only in a limited way (if at all) in the public sector. In this blog article, we will explore why this is the case and whether this is because the barriers to adopting this approach are different in the public sector or perhaps that some of the benefits may not apply.

The “public sector” is obviously a catch-all term and one which envelopes large national government departments such as defence (including all the armed forces), education (including state run schools and colleges), employment, social security or tax) and smaller local government entities such as urban and rural councils. In addition, it also includes more directly community-focused organisations such as hospitals (of all sizes and kinds), the fire service and the police, etc. Clearly, this represents a wide range of very diverse types of organisation whose needs are likely to vary greatly when it comes to the flow of money in an out. Of course, not all of these organisations send out a bill or invoice or even provide a receipt. However, they all buy products and services of one kind or another and will often have some kind of internal charging method for services rendered (however infrequent this may be). This means that the vast majority of public sector organisations receive or issue bills (especially where they deal with consumers directly) and the volume can be very high. This is true of large council organisations, medical clinics and tax departments for instance and in some single organisations can run into millions of bills each year. For example, both the British Broadcasting Corporation (BBC) and the Driver Vehicle Licensing Centre (DVLC) in the UK issue over 20 million bills a year to consumers alone. We will therefore assume that for the purposes of this article that we are referring to the whole public sector, which includes Government to Government (G2G), Government to Business (G2B) and Government to Consumer (G2C) billing.

Based on the volumes of invoices generated (estimated to be over 2 billion bills/ invoices a year across the entire UK public sector), the automation of billing and payment collection processes (to create greater efficiency) should be a primary concern of most governmental entities. However, the evidence suggests that the generally slow take up of new approaches and online technology in particular has arisen from both many perceived barriers and a lack of perceived benefits versus commercial companies. Let’s therefore look at each of these factors in turn.

The Perceived Barriers
Although there are others, there are five main perceptions that public sector organisations often have about e-billing and payment. These are listed below:


The Perceived Benefits
A manager in the public sector can review the commonly perceived benefits of e-billing as easily as a private sector manager can do so. However, he or she may feel that these benefits may not apply as much or even at all in some cases. In the chart below, we have listed six of the major perceived benefits of modern internet based e-billing and payment portals (again such as Payswyft for example) and commented on the likely applicability of each to both private and public sector organisations.


In addition to the above benefits in each of these six categories, online presentment and payment portals provide for many other valuable features. This includes, easy upload of accounting data files (by many means), file transfer compatibly, to and from all major accounting systems, convenient and useful transactional analytics and cheaper bill-storage and retrieval. In fact, public sector organisations are often required to be able to store and retrieve many years of bills and transactional records, which can now all be done in the third party online bill presentment and payment portal. This means that bills can be easily found, referred to, appended with notes or even resent and a very low cost to the organisation in question.

Every one of the above ultimately can potentially create a much more user-friendly process to send a bill and get it paid for both the organisation and its payees (whether these are other public sector organisations, businesses or consumers). Furthermore, many of the legitimate barriers to entry of the past seemed to have disappeared and the benefits of making the change are now clearer. For this reason, e-billing should now be a key strategy for every public sector organisation.


This article was written by Dr Jon Warner of Payswyft (at www.PaySwyft.com). Jon has extensive senior executive experience and has led organizations in a variety of industries through significant transitions to achieve bottom-line results. He is an expert in developing and implementing strategies in operations, marketing, sales, and corporate turnarounds. Jon is currently CEO of PaySwyft in the UK (an innovative on-line billing and payment business) and Chairman of WCOD (a management consulting and publishing business). He can be reached at jon.warner@payswyft.com.