What If?: 
What if’s…
that became
Actually Occurred’s

by Paul F.P. Coenen

       Over the past year, about the length of time these articles have appeared, several “What if…” type events have occurred. The easiest to note is the recent earthquake and tsunami that killed hundreds of thousands on the shores of the Indian Ocean. The newscasters said the cause of the deaths had been, “…the biggest quake in 40 years.”
   To end all your doubts, the biggest quake in 40 years was in Alaska, had a tsunami involved, but killed a lot fewer people. But, “What if…” readers knew that, didn’t they?
    Before you could even say tsunami, you were probably saying ‘tidal wave’. But the “What if…” was that nothing of this sort had happened in the quake area in recent memory, at least, not for a long time.
    Such a long time, that no one remembered. Early reports said that when the sea waters receded from the shore, people followed them out to see the wonderful things that had been uncovered. But, then the waters came back in a rush, and the rest is history.
    The second notable “What if…” was the search for a lost nuclear warhead (8/04) off the Atlantic coast. Yes, a misplaced H-bomb, just off the Carolina coast. And, you thought I was kidding about misplaced or lost H-bombs, right? Wrong!
    The third “What if…” mentioned how easy it would be to knock out one or two of the Visa or MasterCard authorization centers (8/04) and create real problems: Real problems not only for the credit card companies and card Issuers, but also for Acquirers, ISOs and the consumers who have grown more and more used to using cards as payment.
    Visa recently announced that they had put in a fourth center. That makes the problem less likely to occur, but still does not address the “What if…” and how should we all act when a prolonged disaster or communications failure does occur.
    In an article (9/04), we looked at the prospects of EMV (Europay, MasterCard,Visa) and what that meant to the typical US terminal owner/leaser. We concluded that EVM, smart card based payment cards, was making considerable headway in Europe, Asia/Pacific and the Middle East and Africa.
    Well, not so fast. Yes, headway, but not considerable headway. Europe, for example, which had a January, 2005, deadline for issuance has seen that deadline pass. Predictions are now into 2007 before the goals for issuance are reached. In a 12/04 article on EMV, an author concludes that a large part of the problem has been the international EMV standards and the costs of meeting them. According to Dan Balaban, “Changes to the international standards for credit and debit smart cards, demanded by banks nearly two years ago, are clearing the final hurdles. They promise to cut costs and ease hassles for dual issuers planning to roll out smart cards.”
    In a summary of the EMV position, there is one major conclusion with two parts:
    Changes to the international EMV standards will make it less costly and complex for dual Issuers to have applications from either Visa International or MasterCard International. Common Core Definitions (CCD), released last April, will allow Issuers to avoid setting up duplicate host systems to process transactions from Visa or MasterCard branded cards. Data sent from a card to the Issuer for authorization will come in the same format with identical cryptography.
    Common Payment Application (CPA) specifications are due to be completed in the first quarter of 2005. These specifications would bring costs of purchase and personalization down and would fully define the format of the data to be stored on the card and the way the card manages risk. The first cards supporting CPA are not expected on the market until 2006 or early 2007, however.
    For the typical terminal placer, leaser, or ISO, the problem is still there and is coming, but it may just arrive a bit slower than anticipated. The terminals may buy or lease for the next years of use, especially if you expect foreign cards, should be EMV compatible. The water has receded, but it will be back…soon!
    But, I did get some other things wrong. The first article (5/04), the one that dealt with marketing and the CAN-SPAM Act of 2003, had figured some volume of spam would be reduced. Using just me (N = 1; EMJ) as a for example, the total spam volume is up roughly 37%. But, every now and then, there are reports of fines to spammers and sexual content peddlers.
    In these articles, you will sometimes see the letters: EMJ. They are short for Esoteric Mumbo Jumbo. When you see EMJ, think ‘hocus-pocus’, but the concept usually has a basis in fact and often takes a long time to explain exactly.
    There are some very large “What if…” questions still out there. Let’s just mention a few of those that could make a big difference to the credit card issuing and accepting world:
    What about if the Rapture occurs? You know, the event mentioned in the Book of Revelations, the final book of the Bible? It’s when thousands of cardholders suddenly vanish from the face of the Earth; they’re raptured into the air.
    Since the level of household debt on credit card is now so high, what if a major economic downturn takes place and millions of bankruptcies or people who just cannot pay occur?
    How about if hackers break into a large Issuer’s card file? Or, what if some one or ones broke into Visa or MasterCard and sniffed hundreds of thousands of passing transactions? There would now be valid, but invalid, cards everywhere.
    So, this past year has not convinced you that “What if…” is just a matter of time? You cannot agree that life is a series of Poisson probabilities (12/04)? It makes no sense that the longer something has not happened; the more likely it is that it will happen?
    Who cares about Poisson variables, you say. Just remember that Poisson variables are sort of like fishing: If you haven’t gotten a bite lately, it is more likely that you will get a bite soon.
    If you have a “What if…” type question, please feel free to send it to me. I’ll try to fit your questions into these articles and give you a thoughtful and innovative answer.
    Let’s just say there are three guidelines:

  • Answers must be limited to the size of this column. That’s a nice way of saying that questions that have long and detailed answers are probably not objects that can be addressed;
  • No questions like “How high is up?” can be fully and correctly answered without significant artificial assistance, like lots of beer or EMJ. Always remember, the world cannot end today, because it’s already tomorrow in Australia; and
  • This column, as good as it may get, cannot replace a full study and analysis. Again, a nice way of saying I probably can’t solve a specific problem without seeing and knowing all of the details.