Widespread wine availability has long been an issue, especially in the USA. In this case, it is a hangover from Prohibition, which ended by having the federal government simply hand control of alcohol distribution back to the states, who each then went their own way. So, the infamous three-tier system came into being, wherein a state-based distributor must act as one extra middleman between the purchaser and the source (The dilemma of wine availability, why you’re so angry about it, and why it just won’t go away).
The issue of online wine sales has come into sharper focus in the past year, with the increase due to Covid-19 retail restrictions (eg. Online alcohol sales tripled in 2020). This unplanned increase has apparently concentrated the economy in fewer hands (How Covid-19 supercharged the advertising ‘Triopoly’ of Google, Facebook and Amazon), and also helped make the rich even richer (The pandemic is accentuating a trend among billionaires). It has also high-lighted certain issues when trying to buy wine online (Seven things I’ve learned while buying wine online during the pandemic), including: unhelpful web-sites, variable pricing, poor wine descriptions, vintage substitution, and a hoard of future marketing emails.
However, one thing that is less discussed is the business of paying for the stuff online. An increase in online sales means an increase in online financial traffic; and it seems to me that neither the wine world nor the customers are quite ready for this.
Indeed, the only aspect that seems to get much media attention is wine fraud (eg. A new world of wine fraud). I guess that scams are a more exciting topic than the one I am raising here. My concern is with the individual purchaser, and how financial institutions are reacting to their customers making lots of online purchases, from lots of retailers, especially ones from overseas. How do banks and customers stay financially safe?
There are basically only two ways to pay online:
- using a traditional facility provided by a bank or similar financial institution
- using a purpose-designed online system.
Bank facilities consist mainly of cash cards and credit cards, which are linked to separate bank accounts. I am old enough to remember when credit cards did not exist, and your (single) bank account was accessed via a printed passbook. So, these cards are fiddly modern doo-dads to me, along with the existence of two accounts (one for each type of card). But I have gotten used to them over the decades. Cash cards were originally used in automatic teller machines (ATMs), to get actual cash; and credit cards were used at point-of-sale machines, where you got a copy of a scrap of paper (and the merchant sent one copy to the bank, and kept one copy for themselves). These days, ATMs are much rarer in many parts of the world, and merchants have electronic machines, in many places under a sign saying "No cash sales".
So, even going to a shop is a bit like buying online, except that the merchant can (if they choose) verify that you are, indeed, the owner of the card that you are using. Online verification is another matter altogether. Banks are rightly concerned about methods of online verification, including restricting use of their facilities until verification has occurred. For example, I recently discovered that my own bank, here in Sweden, requires me to manually "unlock" my credit card each time I use it online, and it remains unlocked for only 10 minutes. I have described this ridiculous requirement at the bottom of this post. Hopefully, it can be changed to something more customer-friendly.
The second payment type, purpose-designed online systems, include "Shop now, Pay later" systems, such as PayPal, Google Wallet, Amazon Payments (see Top PayPal competitors). These were designed originally as a sort of credit facility for use via an internet-connected computer. These days, they also include mobile apps for real-time payments using a smart phone or tablet (eg. we have Swish here in Sweden). They even include Bitcoin-type set-ups, in which you pre-purchase an electronic "coin", which can be used in lieu of any national monetary system.
So, you certainly have a choice. However, that choice is actually among a bunch of options designed for an earlier age. They have all been adjusted, bit by bit, to bring them into a more recent age. If we were to design something new, for use now, it might look quite different to any of the options that we currently have.
In essence, most of these set-ups simply provide a middle layer between you and a bank (so that they are sometimes called a Payment Gateway). The online facility might be linked to a bank account of some sort, and therefore subject to the bank's rules of use. For example, a PayPal account might be linked to a bank credit-card account, and any PayPal purchases simply appear as credit-card transactions. Unfortunately, in my own case, my Bank's manual-unlock requirement means that I cannot link my PayPal account to my credit card, because any PayPal transaction is definitely treated as a credit-card transaction, and is subject to the same need-to-unlock restriction. Alternatively, you might receive an invoice that you later pay separately via your bank, rather than by directly linking an account (eg. we have Klarna here in Sweden). This works much better for me; but it is currently restricted to local transactions, not international ones.
The fundamental issue in all of these cases is security. With a massive increase in online purchases, we are learning a lot more about how to make online facilities safe. Advice such as The buying wine on-line checklist need to include recommendations for how to remain safe, as well as how to get what you think you are paying for.
The basis of any transaction is making purchases both easy and safe, simultaneously. This requires independent verification of the identity of the purchaser, and also authorization of the payment, but in some manner that does not inconvenience that purchaser. Wine purchases are not often very cheap, so it would be foolish for either the merchant, the bank or the customer to proceed with a transaction blindly.
Hence the concept of 2-step verification, in which an independent piece of information is provided by the purchaser, not just the access code for an account.
Back in the old days, all we did to authenticate an online purchase was provide a 3-digit code printed on the back of the credit card. However, this did nothing more than verify that we have access to the physical credit card, not that we are authorized to actually use that card. In the modern world, this is effectively useless, although the numbers are still printed on the cards.
So, these days, we are subjected to the potentially annoying process of providing a unique single-use verification code. This is usually sent to a mobile device associated with the person paying, who must then confirm that they received it. Simultaneous access to both the account and the mobile device is taken as independent verification. We are yet to learn whether this is a long-term solution; and it is certainly of no use without a mobile phone.
There are other, similar, processes, some of which can bypass the latter restriction. For example, here in Sweden we have BankID, which works via either a computer or a mobile device. Essentially, we provide a personal log-in code to identify ourselves, rather than being sent a code. Similar to the above, it is our simultaneous access to the computer or the mobile device (along with the credit-card account) that constitutes the independent verification — the computer version is very convenient when making purchases at home.
The bottom line is that making a transaction safe from the bank's point-of-view can make it inconvenient from the customer's perspective. We still do not have an ideal solution for merchant + bank + customer. For me personally, online purchases are quite safe in Sweden, but they may have been made a bit too safe, to the extent of being annoying, rather than helpful (as described below). I give my bank credit for trying to deal with the new world (but not yet successfully), whereas it seems to me that many other places are not even trying.
A credit card so safe that even I can't even use it, myself
My bank requires me to unlock my credit-card account for each online purchase. Otherwise, the payment will not be given the "okay", when the merchant's system attempts to electronically contact my bank for approval of my (alleged) payment. This contact does not always happen, of course. For example, small purchases may be approved by the merchant without contacting my bank, and they will simply appear on my credit-card account anyway.
This unlocking procedure requires me to use BankID to unlock the credit card, in order to make the purchase, rather than simply using it to approve the transaction. If I make a purchase using my computer, my bank thus adds oodles more clicks, making a mockery of Amazon's 1-click service, for example. :
open new browser windowSo, 1-click becomes 1 + 13 clicks.
navigate to bank login page
click login button
start hand-held device
start ID program on that device
scan QR code from that device
enter PIN code on that device
put that device away
back in the bank's window, navigate to credit card preferences page
click Change Permissions button to allow the merchant's request for money
confirm that change (which will apply for one hour only)
logout of bank window
close bank window.
I can shorten this process by making payments using a mobile device. In this case, I can use my bank's app, which eliminates a few of the steps by talking directly to the other apps on the device. But this still cannot be described as customer-friendly.