May 4, 2020
There appears to be a consensus among the experts that a very wide sweeping testing and certification system may be necessary before the economy can really be opened up.
The news is loaded with discussions of testing – what went wrong, what is happening, what are the options and alternatives. We need to begin here because there is so much confusion.
We need to ask, what are the kinds of testing? Let us suggest that there are three categories for testing: Universal Testing, Random Sampling, and Targeted Testing.
Universal Testing means test everyone, and perhaps even regularly. Maybe this will happen. But it seems unlikely that it will occur any time soon and at an expense level that would be astonishing.
Random Sampling is a form of testing that allows analysts and officials to estimate what is happening in the overall populations. A good random sample will give you an accurate estimate of the big numbers. For example, what percentage of the overall population have contracted the virus – Nationally, by State, by County. (See: Stanford COVID-19 Study, issued April 17, 2020, for an example of an imperfect random sample.)
Targeted testing:
Individuals requesting testing. The request is enough to get it. But the person also may have symptoms. This allows people to make responsible decisions, regarding family, going to work, going to even small group meetings, restaurants, etc. Should be tied to individual responsibility and this should be discussed all of the time: if you are sick at all, isolate yourself. If you test positive, immediately self-quarantine.
Employers demanding tests for employees before coming back on job: airline attendants and pilots. Gate agents. TSA. Waiters and waitresses. Hair cutters. Fitness coaches. In other words, people who come into close contact with their customers should be regularly tested. The public has a right to some assurance that they are entering into a safe zone. If an employee fails, he/she must self-quarantine.
An individual who has been identified during a test-identify-trace process as having been too close for comfort with an infected person. If the individual fails the test, he/she enters into self-quarantine.
The remainder of this piece deals only with targeted testing.
If you do all of this testing and follow CDC rules might the virus still be very active in your community? This is a frequently asked question. The answer being given to us by science is yes, it might.
Targeted testing should be followed up with tracing, that is, tracking down who also might have the virus because of contact with the infected person. Bill Gates says that you must have test results within at most 24 hrs. to make this work. Tracing a person’s movements after a day is too much to ask. Gates says you won’t be able to hold down the virus without immediate tracing.
If you target test and assiduously obey CDC guidelines in work and play you have a chance to hold down the virus.
Leveraging the consumer payments infrastructure
We will start this discussion with a few assumptions:
- Widespread targeted testing will be occurring as fast as possible, perhaps accomplishing material reach within a couple months.
- Test results will be aggregated and transmitted to a central site, which will probably be under the control or supervision of the CDC, or appropriate Federal Government organization.
- Individuals would like to be certified that they are free of the virus. This would also help employers. This would also help consumers to know that the other people sharing their space are also virus free. The Government would probably like to be able to certify that an individual is free of the virus if it could handle the security and privacy parts of this process.
- Certain activities and places may only be available to people who are certified, for example, airports and airline travel, or may be allowed to be much more open than otherwise would be the case.
It has been reported that Apple and Google are aligning their resources to bring the smart phone into the center of solutions for identification and tracking of people.
Given that, one could evaluate the smart phone architecture as an appropriate mechanism for providing a certificate of health through some form of certificate app. The digital certificate could be displayed or read at any gateway, thereby allowing entry.
Another option is to add the test certificate capability to the modern, debt and credit card-based payments system and to allow a certification transaction to ride the payment systems rails. Those rails already exist. No deep dive, hush hush software project is required. If the banks committed, small, but very precise changes, could make this work.
There are some very important social, economic, and technical reasons why taking a look at the consumer payments system, run by banks and suppliers to banks, makes sense:
- The biggest banks are already regulated by the Federal Government, through three different agencies.
- The government has been deeply involved in the development of the payments system.
- The Federal Reserve has always been in the forefront of a digital payments system.
- The banks are accustomed to dealing with issues of privacy associated with sensitive information. It is what they do.
- The electronic payments system is the most sophisticated consumer authentication system ever built.
- The banking system has already built an enormous technical infrastructure to exchange digital money at a point of transaction from a buyer to a seller.
- The government could use this program as a way to get the unbanked into the banking system. I raise this as a placeholder. A lot to be discussed here. But there are over 50 million unbanked people in the United States.
- Debit and credit cards cover a much wider part of the population that smart phones. 75% of Americans have one or more cards. But, 25% have none.
The other important questions are what it would cost and how long would it take?
To some degree, Apple and Google are starting further back than the banks. They understand the consumer contact point. But the payments challenges are in the plumbing. Furthermore, the banks have a long history of moving money between authenticated parties efficiently and effectively.
Let’s think about the banks in terms of a COVID-19 certification authentication and authorization system.
The point of transaction is any place where a commercial activity takes place. However, in this case we also need to think about it as an entry point. Beyond that point, only a certified individual is permitted to pass: the entry to a store, a restaurant, a stadium, an airport, the security screening point at the airport, a bus terminal, a train station, a hair salon, and about any other place you can imagine. There are already POS terminals at just about every serious point of sale.
Most consumers have a debit or credit card. These days, they ride much the same railway. Banks could be instructed/recruited to issue a zero-balance payment card, identical in all respects with a debit card, except there are no funds behind it. (This could be used in the future as a pathway for evolving everyone into the banking system.)
The card is used at the point of entry almost precisely as it is used today except that the consumer knows to input a digit or function key that signifies this as a COVID-19 certification request. Almost no cost involved. This is one example.
Processing networks exist to collect transaction at the point of sale. Applications switches – as opposed to backbone tele-communications switches – exist to route the transactions to the appropriate end points. Huge data bases exist to store hundreds of millions of customer records.
Another entry point method might require the POS terminal to add something like a SIC code, where a COVID-19 transaction would be handled as if it were a merchant identifier. Most of the POS terminals these days are programmable.
The network recognizes the SIC code like it would identify a merchant and switches the transaction to the centralized certificate data base, as it would to the Merchant’s bank. The approval or denial comes back to the point of transaction.
In this case, the technical challenges and infrastructure challenges are with the small POS terminal.
Yet another method would be to implement the new transaction in software alone. This affects what payments people might call the “plumbing” behind the visible components of digital payments. This is complicated stuff. But these inner workings are very well understood by banking technology people.
A very large challenge in all payments systems is to bring the banks together to agree on the operating rules and the design specifications for any software changes. It ought to be quite easy to accomplish the agreements in this instance, given the national security implications of COVID-19. The mantra would be let’s just get it done. Having lived in the middle of this, I know firsthand that the challenges we had building consumer payments systems were always more politics and competitive positioning than technology.
Viewing this as a choice between a mobile phone-based application and a card based one might not be necessary. In a real sense, the phone is just another terminal. The big issue with a phone is that a card is not present which makes authentication more difficult. Both approaches could be pursued. We will find out which could be done most quickly and which would cost the least, both to build and to operate per transaction.
All consumer payment transactions get logged to both sides of the payment transaction – the bank from which the funds were withdrawn and the bank to which the funds are deposited. As the transaction works its way through the payments network, at some point a switch recognizes it as a certification approval transaction and switches it off to the CDC certification data base rather than to a merchant bank or an issuer bank.
The lead banks and the CDC would work out how they construct and manage the back end. The banks have already been recruited to move PPP funds authorized by the recent Congressional action, with Chase Morgan and B of A in the lead.
A process will get created to move the test data from the test processing sites into the network which facilitates routing to a centralized data base. Certain stuff will need to happen to assure that the data is real and is associated with the right person. Supposedly, the States are sending this data to the CDC. The State’s test collection point would be responsible for making sure that the certification data is real, accurate, associated with a person, and that person’s bank. State.gov service centers all over the United States ask citizens to input their bank’s R & T number and their account number to complete some form of a transaction, such as paying fees or taxes.
How would it work?
Each individual goes online with the CDC and creates his/her own record. They plug in name, bank account info, and routing and account number. At some point a PIN number needs to be associated with this data. Now the backend file is established.
Thereafter:
Individual gets tested.
Individual passes or fails.
The results are downloaded to the central data base, the outcome is recorded as a pass/fail state, and the record is good for a predetermined period of time.
Suppose now that the registered and now tested consumer wants to enter a baseball stadium. At the point where that is done, he/she inserts the debit or credit card, inserts their PIN (for either card), and is either authorized or denied. If authorized, they are free to enter. Consumers understand this method. The physical infrastructure is largely in place. The consumer has already been trained.
The hardest part of this should occur on the State/CDC side of getting the testing done and into their data base. This is all new. When it comes to this kind of consumer data management, the banks could help.
Obviously, the exact details and policy parameters would need to be worked out.
If banks started now, they might be ready when large scale testing actually becomes a reality.
