Saturday, July 31, 2010

RCBC AccessOne Internet Banking

Rizal Commercial Banking Corporation, or RCBC for short, is one of the top 10 commercial banks in the Philippines. It offers a full range of personal and corporate banking services. Its corporate website is www.rcbc.com and its Internet banking website is called AccessOne.

RCBC has a savings bank subsidiary called RCBC Savings Bank. As of this writing, RCBC Savings does not offer Internet banking. RCBC also offers a cash card system called MyWallet similar to Unionbank EON or BDO Cash Card. As of this writing, MyWallet accounts may not yet be enrolled to RCBC AccessOne. Only regular savings and checking accounts are allowed.

RCBC AccessOne runs on Microsoft IIS 6.0 and ASP.NET 2.0 technology. It is most likely running on a Microsoft Windows 2003 host operation system under the hood. The Internet banking software used, in most likelihood, came from the same vendor used by Unionbank Internet banking. The look-and-feel, process flow, as well as, the url naming conventions look too similar to be a coincidence. Since Unionbank has been offering Internet banking a longer time than RCBC, it follows that RCBC must have based their system on Unionbank's.

RCBC AccessOne provides all the basic online banking services including balance inquiry; viewing of transaction history, and funds transfer. Funds transfer can be done from regular RCBC accounts to third party RCBC or RCBC Savings accounts. The reverse is, of course, not possible because RCBC Savings account holders do not have access to AccessOne. A separate transaction password is also required for financial transactions such as funds transfer. A password expiration policy also forces you to keep changing passwords every 180 days or so.

RCBC is the flagship bank of the Yuchengco Group of Companies whose diverse business interests range from insurance, tourism, travel, education, IT, construction to automotive vehicles (Honda and Isuzu dealership), health care and advertising. It is a member of the BancNet ATM consortium. The basic RCBC savings account has a minimum maintaining balance of PHP3,000. As of this writing, RCBC has more than 300 branches nationwide.

RCBC account holders may purchase from online merchants with Dragonpay using their AccessOne Internet banking facility. RCBC users who have not enabled their AccessOne Internet banking may do so for free by registering at the RCBC AccessOne website. Activation only takes about a day or two.

Tuesday, July 27, 2010

Unionbank Regular CA/SA Internet Banking

For regular Checking/Savings Accounts (CASA) customers, Unionbank maintains a separate Internet banking site. I don't know why they made it separate from their EON Internet banking site since the functionality is just the same. Perhaps EON users are defined in a separate database.

One notable difference is in the login process. With EON, you type in your user id and 4-digit ATM PIN. With the regular CASA Internet banking, you type in your user id, then when you navigate to the PIN input field, it pops up an on-screen keypad. You would use the mouse to "click" in your 4-digit PIN. This is obviously a security feature to thwart keyloggers. But it can be a bit annoying and tedious, as compared to the more common type-in method.

The rest of the functions are similar to EON Internet banking. You can perform account balance inquiry; view your transaction history; pay utility bills; perform funds transfer to another Unionbank account or to an EON account; and so on. Fund transfers also need to be validated using a transaction password, which is different from your login password. From experience, the site seems to experience frequent downtime or maintenance and is often unavailable.

Unionbank is owned by the Cebu-based Aboitiz Group. It is a member of the Megalink ATM consortium and is the lead proponent for Megalink's online payment system through The PORT. The Unionbank regular CASA account requires a minimum maintaining balance of PHP10,000.

Unionbank regular CASA account holders may purchase from online merchants with Dragonpay using their Internet banking account. Users who have not enabled their Internet banking access may do so for free by enrolling their ATM card number and PIN at the Unionbank website.

Sunday, July 25, 2010

Unionbank EON Internet Banking

Unionbank of the Philippines, or Unionbank for short, is listed among the top 10 biggest local banks. It is progressive, tech-savvy and has shown interest in pushing the adoption of e-commerce. It is one of the first local banks to offer essentially a prepaid Visa called Visa Electron under its EON brand. EON is an electronic-only account. It does not come with a passbook. You just register online for a Cyber Account to manage your EON account. You can use your Visa Electron card to make purchases which are debited against your account.

Unionbank EON became well known in the local e-commerce industry as being the pioneer in allowing PayPal to be funded by a Philippine bank account. It is not really a bank funding in the same way that US PayPal users can fund their PayPal account using their bank account. It is really closer to a credit card funding because, after all, the Visa Electron card is really a full-fledged Visa card. And since PayPal allows credit cards to be linked to it, it follows that it can treat the Visa tied to your EON account to be linked also.

The Unionbank EON Internet banking facility runs on Microsoft IIS 6.0 and ASP.NET 1.1 technology. Most likely, its host OS is Windows 2003 Server. Like Chinabank Online, it also has the annoying behavior of opening up a new full-screen window when you click on the EON Cyber Account link. I don't understand why banks seem to enjoy doing that since it clutters the desktop. If like me, you find this annoying, you might consider bookmarking this URL instead. It will open the EON Internet banking site on the current page or tab.

Unlike the Internet banking facility of other banks, Unionbank chose to implement its login password by synchronizing it to your EON's ATM Personal Identification Number (PIN). Since Unionbank uses a 4-digit PIN system for its ATM, that limits you to just 10,000 possible combinations. That is not really a very strong password system. But the system will lock you out after 3 consecutive erroneous attempts.

Unionbank EON Cyber Account provides all the features that you would expect from an online banking facility. You can perform account balance inquiry, view your transaction history, pay bills, perform fund transfers to 3rd party Unionbank accounts (EON or otherwise). You can even transfer funds to other bank accounts for only PHP10, one of the lowest fee I've seen in the local market.

For additional security, transactions such as fund transfers require a transaction password. This is different from your login password. Unionbank password security policy require that you change your passwords every 180 days. While this is good practice, it can be inconvenient at times for end-users as you are forced to keep coming up with new passwords until you eventually are forced to write it down somewhere so you will not forget (which is another security hazard by itself). Unlike the login password, you are no longer constrained to use a 4-digit PIN. You can use very long case-sensitive alphanumeric passwords.

Unionbank is owned by the Cebu-based Aboitiz Group whose business interest range from power generation (Visayas Electric) to logistics (2GO). It is a member of the Megalink ATM consortium and is the lead proponent for Megalink's online payment system through The PORT. The Unionbank EON account does not require a minimum maintaining balance. However, there is an annual fee of PHP350.00 to keep it active. As of this writing, Unionbank has 180 branches nationwide.

Unionbank EON account holders may purchase from online merchants with Dragonpay using their EON Internet banking account. EON users who have not enabled their Cyber Account Internet banking access may do so for free by enrolling their ATM card number and PIN at the Unionbank website. Activation only takes about a day.

Friday, July 23, 2010

Chinabank Internet Banking

China Banking Corporation (CBC) or Chinabank, for short, is one of the older local banks but is a relatively newcomer to the online world. Its corporate website is http://www.chinabank.ph and its Chinabank Online Internet banking website is https://online.chinabank.ph.

The Chinabank Online website is functional although it can be a bit slow most of the time. Its graphical interface is also a bit old. What I really find annoying about its interface is when you click on the Retail User Login link at Chinabank Online, it pops open a new, full-screen browser window instead of just using the existing one.

Without doing much guesswork, one can easily tell that Chinabank Online is running on a Sun technology platform. They did not bother to change the Sun logo that appears on the browser's title or tab bar. Looking a bit more under-the-hood shows that their web server is the Sun ONE Web Server v6.1, the web server formerly known as Netscape Enterprise Server.

The standard features one would expect from Internet banking are all here: balance inquiry; viewing of transaction history; bills payment; funds transfer to own or 3rd party accounts. Transfers to 3rd party accounts are limited to PHP50,000 a day. Aside from the standard user id and login password, Chinabank Online also requires a transaction password when performing tasks such as funds transfer. This transaction password is different from the login password for added security.

Chinabank is owned by the Sy Group of SM and Banco de Oro (BDO). It recently opened its thrift banking subsidiary, Chinabank Savings. Chinabank Savings currently does not have Internet banking facilities. Chinabank is one of the earliest members of the Bancnet ATM consortium. The minimum maintaining balance for a personal savings ATM account is only PHP1,000, one of the lowest in the local market.

Chinabank account holders can make purchases from Dragonpay merchants using their Chinabank Online account. Chinabank customers who do not have access yet to Chinabank Online Internet banking can simply go to their branch and request for one. The facility is provided by the bank at no extra charge. Activation over-the-ATM-machine only takes a day.

Wednesday, July 21, 2010

EastWest Bank Internet Banking

EastWest Bank's online banking facility is called EastWestBanker.com. Among the many Internet banking facilities that I've used, I have to say that its one of my favorites because:
  1. It loads pretty fast.
  2. The interface is clean and streamlined.
  3. Its almost always available.
EastWestBanker is running on Microsoft IIS 6.0. That means it is most likely running on a Windows 2003 host operating system with the ASP.NET runtime. Most banks seem to be running on a Unix/Java platform, which I find a bit more sluggish in comparison. In the many years I've used it, I hardly recall a time when the site was down due to maintenance. In contrast, most of the other local Internet banking sites go down for regular maintenance (scheduled or otherwise). EastWestBanker has won the Philippine Webby Awards for the banking category a couple of times in the past.

The back-end database service is Sybase. Their corporate Internet banking site has been spewing out errors the past few days that reveal it is running a Sybase ADO connector. The consumer website does not seem to have the same problem though.

All the standard bank functions are available. You can inquire balances; list your transactions; pay bills; request for fund transfers to your own or other EastWest bank accounts. With other banks, you usually have to go through the hassle to register 3rd party accounts and submit signed documents before you can execute a funds transfer to that 3rd party's account. In most other countries, this is also unnecessary. Online funds transfer are limited up to PHP50,000 per day.

EastWest Bank is owned by the Gotianun-led Filinvest Group. It currently has a little over a hundred branches nationwide. The minimum maintaining balance to open a personal savings account is only PHP3,000. EastWest Bank is a member of the Bancnet ATM consortium.

EastWest Bank account holders can make purchases from Dragonpay merchants using their EastWestBanker account. EastWest Bank customers who do not have access yet to EastWestBanker online Internet banking can simply go to their branch and request for one. The facility is provided by the bank free of charge.

Monday, July 12, 2010

Saturday, July 10, 2010

High cost of credit card transactions frustrate online retailers

Online payments based on credit cards or PayPal are charged to merchants based on a percentage of gross sales plus a fixed fee portion. In the case of PayEasy and Asiapay, the fee is 4.5% + PHP 6.00. With PayPal, the percentage fee can vary from 2% to 3.75% depending on the volume. The fixed fee portion for Philippine-based merchants, however, is PHP 15.00.

Merchants often neglect the fixed fee portion and just concern themselves with the variable, percentage-based portion. But the two when taken together, can actually come out to be significant especially if the gross value of the item being purchases is small. Take for example, an item worth PHP 200. If you apply PayPal's default rate of 3.75% percentage fee; add the PHP 15.00 fixed transaction fee; add another 2% that PayPal charges for withdrawal to cover their foreign exchange exposure; you actually end up paying PHP 26.50 in fees, which is 13.25% of the total amount!

There are several types of merchants where a percentage fee is not acceptable or palatable:
  1. For merchant selling luxury goods, even a 2% or a 3% fee is already considered very large because the value of the transaction is also large.
  2. Merchants selling products with razor-thin margins such as consumer electronics often make only 1% or 2% and rely on volume. So if the payment system charges 3% or more, there will not be enough left to turn a profit.
  3. Service providers such as schools and hospitals, where the amount billed is large, also do not find percentage-based commissions attractive.
It is common for retailers to get charged 2.5% to 3% for physical swiping of credit cards at their brick-and-mortar retail store. Online fees, however, are usually higher because of the higher risk involved in card-not-present scenarios. The usual justification of banks is the merchant also have lower cost of operations with online retailing. So this just compensates for the higher bank fees. Here's a recent news in UK where online retailers are also frustrated with high rates of credit cards.

Is Dragonpay more secure than credit cards?

Many people do not realize that it is incredibly easy to steal credit card information. They have the misconception that if they avoid using their credit cards to make online purchases, they are safe from prying eyes and fingers and will not get their account used in fraudulent transactions. This is farthest from the truth. It doesn't matter whether or not you use your credit card online. Stealing credit card information can be done easily without even resorting to any high-tech gadgetry!

While credit card security is slowly moving towards the 3D Secure standard (ie. Verified by Visa, Mastercard Securecode), these types of transactions are just a drop in the bucket as far as the total online credit card transactions are concerned. Locally, I think only HSBC, and maybe Citibank, have the capability to offer 3D secure on their cards -- and a huge majority of their cardholders are not even aware of this and therefore have not enabled the feature. Even the large card issuers like BDO and Metrobank do not offer this as far as I know.

So what is the main "security" feature of credit cards -- the Card Verification Code (CVC, or sometimes known as CVV)! This is a 3-digit (for Visa/MC) or 4-digit (for Amex) code printed at the back of the card (usually on the signature strip). Its a static code that remains for the duration of the life of your card. Its printed in plain text for anyone to see. There are no attempts to hide it or obscure it from prying eyes.

Anybody from the gasoline station attendant, to the waiter at the restaurant, or the cashier at the clothing store, can easily copy your card details (card number, expiry and CVV) while you are happily waiting in your car or table. Then when that person gets home, he can easily type in your card at an online store and make a purchase charged to your card!

Of course, when you see your bill, you will most likely file a chargeback citing you never made that purchase. The bank will most likely rule in your favor since online transactions do not have signed charge slips that can be used by the merchant as proof of purchase. So the bank will charge the online store/merchant who may have already shipped the package to the fraudulent customer. The merchant is left with no choice but to absorb the loss.

In other counties, like the US, card companies use the Address Verfication Service (AVS). Using a centralized database of cardholder info, the bank can look at the billing addressed you entered and try to match it with the one registered to your card. Its a crude method and mainly relies only on the numeric info on your billing address (ex. street number, postal code) and does not really bother to parse the alpha details. Besides, getting billing address is also quite trivial with "dumpster diving" (ie. going through someone's trash can). In any case, Philippine-based cards, or Southeast Asia for that matter, do not support AVS.

In contrast, the above scenario is not likely to happen with online bank payments. For one, Internet banking systems usually require complicated user id and password combinations with case-sensitive letters and digits of at least 8-characters long. Some banks even have a policy of expiring the password every 90 days or so. Compare that to the simplistic 3-digit CVC that stays with your card for 2 years or more depending on the expiry date of your card and displayed in plain sight!

Some Internet banking facilities require a second password to perform a transaction. This password is different from the login password. Examples of banks that require this are Chinabank, RCBC and Unionbank. Other banks require a second factor authentication mechanism thats passes through other medium like email or mobile. Standard Chartered sends a one-time PIN via SMS to the accountholder's registered mobile phone when the user tries to perform a transaction like a funds transfer. UCPB gives its users the option to have the transaction PIN sent either by SMS or by email. Banks like HSBC use a physical device that looks like a small pager. It is synchronized with the bank's time servers and generates a unique code for every use.

Regardless of what method your bank uses to authenticate and verify your online identity, it is without a doubt lightyears more advanced than the 3-digit CVC security of your credit card!

Friday, July 9, 2010

Facebook Looks To Alternative Payments for Selling Credits

Realizing that the Southeast Asian market (including the Philippines) has severely low penetration of credit cards and has higher incidence of fraud, social networking giant Facebook resorted to alternative payments to make its online currency, Facebook Credits, available in this part of the world. This validates the rationale behind the business model of Dragonpay Online Payment System.

While the MOL model described in the Facebook article from Mashable mainly resorted to prepaid cards, over-the-counter bank deposits are just as convenient. They will most likely be more affordable to the merchant also because the prepaid card distribution industry in the Philippines, in particular, demands a large piece of the pie in terms of commissions.

Dragonpay aims to pursue both over-the-counter bank payment and over-the-counter non-traditional brick-and-mortar outlets (convenience stores, pawnshops, business centers) as payment channels to give the widest and most affordable payment options to the mass market.

Thursday, July 8, 2010

Benefits to Online Merchants

With credit cards being the most prevalent form of online payment, and PayPal a distant second, merchants might ask why is there a need to accept yet another online payment service. Our previous posting has highlighted the fact that the untapped market segment with no credit cards is very large -- significantly larger than the credit card market. And studies have shown that even those with credit cards would rather not use it online if there were more secure alternatives.

As of this posting, PayPal can only be funded by credit cards in the Philippines. So it follows that Philippine PayPal users are just a small subset of the (relatively) small credit card population in the Philippines. This brings us again to the point that merchants are missing a huge market who cannot pay for their goods and services simply because they have no credit cards or are afraid to use their card online for fear of fraud.

One sensitive topic that is often not understood by merchants is the issue of chargebacks. A chargeback basically happens when a credit card holder disputes a billing that is charged to him. This dispute may be legitimate or not.

Example of valid disputes are as follows:
  • is if the merchant really failed to deliver the goods or service
  • the item ship was damaged and the merchant refused to replace it
On the other hand, the following are examples of illegitimate chargebacks:
  • there are really just people who honestly forgot about doing a transaction and files a chargeback thinking it was done fraudulently
  • some cardholders may abuse the system and intentionally do chargebacks to avoid paying for the goods or services they procured
Regardless whether or not the chargeback claim is valid, the onus on proving it falls on the merchant. Not only does it takes up valuable time, it also costs money. Majority of online payment services, especially credit cards, will slap the merchant with a chargeback fee whether or not the claim is legitimate. This fee basically covers the card company's administrative work involved in processing chargeback cases. The fee can be anywhere from PHP 500 to PHP 1,500 -- sometimes more than the cost of the item being disputed.

Not only is the merchant slapped with the fee, the card company would normally immediately retrieve the amount it settled to the merchant previously. Only when proven wrong will it return the money. This behavior seems to be particularly true for Visa and Mastercard, who tend to be more pro-cardholder. They usually work on the assumption that the merchant is guilty unless proven otherwise.

After this long discussion of chargebacks, the obvious question now is -- does Dragonpay support chargebacks? The answer is 'no' because:
  1. All our payment options (online banking, over-the-counter banking and over-the-counter non-traditional) do not have the concept of a chargeback
  2. The password and authentication system involved with online banking is so much more advanced compared to the CVV-checking of credit cards that for one to successfully use it to make a payment, it has to be the legitimate owner of the account.
As a merchant, you have the comfort of knowing that once you get paid, you stay paid. Furthermore, this allows our merchant to sell higher risk products like intangible goods (ex. music download, online consulting services), which credit card-dependent merchants are usually not allowed to sell.

Wednesday, July 7, 2010

Welcome to Dragonpay!

As the Philippine e-commerce scene starts to pickup, we are beginning to see the rise of online payment solution providers. Mozcom PayEasy is one such excellent system which offers a complete suite of payments covering credit cards, PayPal, Bancnet and Megalink ATM cards, and mobile payments like Globe G-Cash and Smart Money. There are also the traditional banks which provide credit card processing online. So you might wonder -- is there really a need for yet another online payment system?

A large majority of online transactions today are done using credit cards. This severely limits the market because only about 4% of the Philippine population owns a credit card. Merchants who focus on this market are barely scraping the surface of a larger market of young people with no credit history, or even a bank account.

Here are some more interesting information based on market studies
  • More than 70% of the world population does not have a credit card [PayPal]
  • 75% of Internet users do not like to give out their credit card info [Pew Internet]
  • More than 75% of online shoppers have access to online banking [Forrester Consulting]
  • Internet retailers offering multiple payment options see a conversion rate increase of 20% [Quality Research Associates]
  • 4% of international orders turn out to be fraud vs. 1.1% for domestic [Cybersource 2009]
Dragonpay was created specifically to allow this broader market to buy goods and services online through the following channels:
  1. Online Banking - anybody with a local bank account can apply for Internet banking from their bank for free. Using this facility, they will be able to make online purchases from Dragonpay-affiliated merchants in real-time.
  2. Over-the-Counter Banking - customers can go to any branch of a bank that we support and make an over-the-counter deposit. In a matter of minutes, our system will detect the payment and appropriately notify the online merchant that a payment has been made. We expect to have more than 3,000 bank branches in the network where customers can go to make a deposit/payment by year-end 2010.
  3. Over-the-Counter, Non-traditional Payment Centers - we will be working with convenience stores, pawnshops, remittance centers, business centers and Internet cafes to allow our customers to make their payments there. We will notify the merchant in near real-time once a payment is made.
As an alternative payment provider, Dragonpay will work side-by-side with the other, more "traditional", payment providers. We do not plan to supplement them but to complement them. After all, at the end of the day, the common goal is to develop the local e-commerce industry.