Friday, January 1, 2010

International Payment Card Processing Provides a Model for Aviation Security

Like many other bloggers, I have been contemplating the Christmas Day "crotch bomber" attack on Northwest Flight 253. President Obama, among others, has cited the failure of government agencies to properly share information. I'd like to propose a Global Transportation Safety System (GTSS) based on our international systems for processing credit and debit card payments.

These systems allow any cardholder to pay any merchant with an account at an acquiring institution. The acquirer then uses a payment network to contact the issuing institution, which automatically decides whether to authorize the transaction. Periodically, the merchant sends a batch of authorized transactions to the acquirer, which sends the batch through the credit card organization (e.g. MasterCard, Visa) to the issuer. Once the issuer pays the acquirer, the acquirer reimburses the merchant, less fees. In the background, sophisticated computer software detects suspicious activity. At the core of this system is the notion of transaction processing, which reliably completes and durably records each successful transaction, and cleans up any partial transactions resulting from system failures or user errors.

GTSS would enable authorized airline and government personnel to electronically share standardized information about suspicious individuals and events with their national coordinating agency. Each national agency would automatically use GTSS to automatically determine whether that individual could fly there. GTSS would use a standard risk assessment method that individual nations could customize, and would direct ambiguous results to an analyst who would promptly resolve them. GTSS would insert each determination in a national flight risk database, which officials would check before issuing passports, visas, tickets or boarding passes for travel to or through that nation. GTSS would authorize or decline each of these actions via additional transactions. Therefore, if additional information surfaced about a passenger after an authorization transaction, GTSS would automatically re-evaluate the risk and alert authorities. In addition, airline software would automatically send GTSS information about events such as a cash payment for an expensive ticket or a passenger check-in without luggage for a long flight.

GTSS would depend on reliable identification of all passengers. Participating governments would be required to issue biometric passports compliant with international standards. Wealthier countries and airlines would motivate and help their poorer counterparts to issue robust credentials and participate in GTSS. Individuals flying or connecting from non-participating countries, airports or airlines would be subject to additional security checks.

Certainly, there are other practices that governments and airlines could adopt on higher-risk flights, such as the vaunted security procedures of the Israeli airline El Al.   Also, mistakes would still occur with GTSS, but they could be corrected quickly and reliably.  The cooperative, real-time nature of GTSS would foster consistent and efficient security, while preserving national sovereignty, much as our card payment processing systems enable the ubiquity, speed, and issuer control of payment card transactions.