About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

June 11, 2018


Consumer Habits and Cash Use

As my colleague Doug King pointed out last month, cash is not going away anytime soon, Yanny/Laurel notwithstanding. By number, almost one-third of U.S. consumer payments were made in cash in 2017. Every year since 2008, the Survey of Consumer Payment Choice has found that cash is consumers' most popular or next-most-popular way to pay.

Many factors underlie cash's resilience, including access, current shopping habits, consumer ratings, and demographics.

Universal access. Paypal's chief financial officer commented to the Wall Street Journal earlier this year, "I don't think we will ever be entirely cashless, maybe in large part because I don't know if we will ever be in a world that every person has a smartphone or a mobile device."

Shopping habits. Most purchases—nine in 10—are made in person, not online (2015 Survey of Consumer Payment Choice). And when shopping in person, consumers prefer cash for small-dollar transactions. Two-thirds of U.S. consumers report that they prefer cash for in-person payments of less than $10 (2016 Dairy of Consumer Payment Choice). Forty percent prefer cash for in-person payments between $10 and $25.

Consumer ratings. Consumers say cash is the most cost-effective way to pay. The Survey of Consumer Payment Choice asks respondents to rate the cost of using a particular payment method, taking into account that fees, penalties, interest paid, etc. can raise the cost of a payment method, while discounts and rewards can lower it.

Demographics. People with fewer payment options use cash. That includes low-income people who have less access to credit cards as well as people without bank accounts who have no access to non-prepaid debit cards. It also includes millennials, who used cash for almost 30 percent of their payments in 2016 (Diary of Consumer Payment Choice).

You probably already know that card payments dwarf cash payments—almost 60 percent of consumer payments are made with some type of card, whether it's debit, prepaid, or credit. Yet cash persists. Recently, a new acquaintance told me he "never" uses cash. As evidence, he reported that he had no cash in his pocket, explaining "that's because I used my last $2 to buy coffee this morning."

Hmm. What does this say about the health of cash? What Dave Lott wrote in 2016 is still true today: not dead yet.

Next post: Merchant acceptance and the use of cash

To learn more about consumer payment choices and preferences, visit the Federal Reserve Bank of Atlanta’s new consumer payments web page that houses a variety of surveys, studies, and research reports on the topic.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 11, 2018 in cards, currency, debit cards, emerging payments, mobile payments, payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 29, 2018


Laurel or Yanny? Cash or Card?

The latest and greatest trend on the Internet is the debate over whether you hear a recorded voice say "Laurel" or "Yanny." While I don't intend to get into the science of the phenomenon, I do find it fascinating (and completely ridiculous) that anyone would hear "Yanny." As I was thinking about this current crazed conundrum, the payments geek in me started to relate the Laurel-versus-Yanny debate to the payments industry.

It seems that we in the Retail Payments Risk Forum get asked at least monthly when the United States will become cashless. Our short answer is "never." Some people still prefer to pay with cash for many items, especially small-dollar purchases. In fact, a hamburger chain launched a cashless location during the past year only to find out that some of its customers were not happy that they were unable to pay with cash. And a large online retailer just announced a partnership that will allow its customers to use cash for purchasing gift cards to use on its website.

On the flip side, there are those (and I am smiling at one of my Risk Forum colleagues) who wince at the thought of making a paper-based payment, including cash, for anything. Here in the United States, we have embraced payments choice for consumers. And while I might be someone who prefers to pay with a credit card, I have close friends who prefer debit cards. I even know a few people who prefer to use their mobile phones.

Science can explain why people might hear a word differently. Perhaps we also need science to understand the factors that have a role in driving payment preferences—factors that might include past behavior and experiences, socioeconomic status, and incentives. Nevertheless, the fact remains that you will have your Laurels and your Yannys in payments, and oftentimes the two sides won't understand why the other would ever want to pay with their preferred method.

Research can get caught up in the hysteria that surrounds emerging payments and fintech and overlook established forms of payments. But let the Laurel-and-Yanny debate serve as a reminder that differences among consumers in payment preferences will always exist. Let's not lose sight of those established forms of payments that remain vitally important to commerce, even as the industry races to implement new technologies and systems.

To learn more about consumer payment choices and preferences, be on the lookout for the June 1 launch of the Federal Reserve Bank of Atlanta's new consumer payments web pages that house a variety of surveys, studies, and research reports on the topic.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 29, 2018 in cards, fintech, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 21, 2018


Heading toward A New Era of POS Portability?

At recent conferences I've attended, exhibitors in the point-of-sale (POS) terminal and acquiring business were all showing off their portable devices. With one of these, a restaurant server could take a payment at the table or a retail employee could conduct a transaction in a store aisle. The exhibitors said that these devices allow for a more high-touch, personalized customer experience than traditional counter-top POS devices. In fact, while walking the exhibit floor, I noted that countertop POS devices were extremely hard to find.

The theme of POS portability was also evident in the session rooms. Multiple panel discussions and keynote speeches focused on the Payment Card Industry's (PCI) PIN-on-glass security standard, which would give already-in-the-marketplace devices for using mobile phones and tablets as card readers the ability to use PIN-based authentication. In essence, the standard allows customers to enter their PINs on merchants' commercial off-the-shelf (COTS) devices—such as bring-your-own-device tablets or phones—rather than on PCI-certified devices that a merchant owns or leases through its acquiring relationship. PIN on glass has been widely implemented in Australia and, based on what I've heard at these conferences, it is probably one to three years from making any headway here in the United States.

I first wrote about portable POS devices in the restaurant industry nearly six years ago. Since then, I can count on my hands the number of times I've swiped or dipped my card at a portable POS terminal (and several of these interactions occurred in Mexico). Most experiences were positive. On numerous occasions, I've used my card with a COTS device, also with mostly positive experiences. I have honestly never envisioned using or yearned to use a PIN for these transactions.

Little has changed in the way of mobile POS adoption since I wrote that post. So, do I believe we are moving towards a new era of POS mobility? Yes, but very slowly. With the proliferation of independent software providers and their mobile-based solutions for payment processing, I think the industry is now better positioned than it was six years ago for a change. However, I learned from speaking with others in the industry that the conversion process remains time consuming and costly. As far as PIN on glass goes, will the consumer be an obstacle to adoption? I'm not convinced that consumers will be comfortable entering their PIN on someone else's mobile device.

What is your take on the future of POS portability?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 21, 2018 in biometrics, card networks, cards, debit cards, emerging payments, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 7, 2018


Evidence of the Digital Age

Are you one of the estimated 90 percent of Americans who have shopped online over the past year? According to the most recent data published by the Federal Reserve Payment Study, remote payments grew faster than in-person payments by both volume and value. For example, from 2015 to 2016, remote general-purpose credit card payments grew at the rate of 16.6 percent, compared to 7.9 percent for in-person credit card payments. (See the chart.) Remote spending drove almost all of the growth of the general-purpose prepaid card during 2015–16, according to the study. If we had any doubts before, this growth shows us clearly that we're in the digital age, a time in history when digital technology has become ubiquitous.

General-purpose-card-payments-growth-rates

The shift from in-person payment to remote payment is certainly telling a story that will affect our future conversations and research. We need to take into consideration that as remote payments grow, they will become less and less connected to a physical card. Eventually, consumers may stop considering them to be card payments at all. They will likely start thinking first of their ability to make a payment with a digital account, with subsequent transactions eligible to ride a number of different payment rails, like ledger transfers, ACH, or other faster payments models.

The U.S. Census Bureau estimated that total ecommerce sales for 2017 were about $453.5 billion, an increase of 16 percent from the year before and accounting for 8.9 percent of total sales in 2017. Last year the Department of Commerce reported ecommerce sales have been growing nine times faster than traditional in-store sales since 1998. And remote payments will continue to accelerate. Consider the top retail trends of the year, according to research from the National Retail Federation:

  • Online purchase, store pickup: Stores are adding lockers for easier pickup.
  • Talking tech: Virtual assistants are rapidly growing in popularity and are ready and able to help customers make purchases.
  • Showrooms without inventory: Stores offer browsing, testing, and fitting, with the customer subsequently making the purchase online. This approach helps showrooms reduce their overhead and give consumers customized options.
  • Membership clubs: Stores collect customers' money upfront (sort of like prepaid) and send merchandise later, depending on what analytics have taught them about their customers and consultative sales touchpoints.

Future Federal Reserve Payment Studies will continue to track shifts in payments. However, we may need to adapt the ways we discuss these types of payments as the digital-first age leads to innovative transaction accounts with subsequent remote payments untethered from plastic cards.

Photo of Jessica Washington By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 7, 2018 in cards, debit cards, prepaid | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 30, 2018


Cash Discount Programs: The Flip Side of Surcharging?

In a recent post, I reviewed the structure of credit card surcharging programs that a panel discussed at the Southeast Acquirers Association conference earlier this year. Since that post, some of my colleagues who have encountered cash discount programs asked me if they were simply the flip side of credit card surcharging. While there are some similarities in the requirements of the two programs, there are some key differences.

Cash discount programs became legal across the United States in October 2011, following the passage of the Durbin amendment of the Dodd–Frank Act. That amendment permitted merchants to offer a discount to cash (or check) customers as an incentive to use those payment methods instead of cards. The way it works is that the merchant charges a service fee to all transactions that the merchant then reverses or discounts if the customer pays with cash or check.

The sample receipts below illustrate the difference between a purchase made with a payment card and a cash payment from a merchant who uses a flat service charge pricing option.

Images-of-reciepts

Unlike surcharges, which apply only to credit card payments, service fees are applied against all types of card payments. And while surcharge program fees are always a certain percentage of the transaction, a cash discount program can use a flat fee (usually based on the average ticket size) or a percentage of the transaction amount. Businesses with a wide range of sales values would best be served using the percentage model, while a flat fee works better for businesses with relatively consistent ticket sizes. Credit card surcharge program rates are capped at 4 percent of the transaction amount, but cash discounting has no restriction. Of course, the higher the service fee the more likely the customer will be to notice and possibly move to another merchant who does not have such a program.

As with surcharges, the cash discount merchant must prominently display consumer notices at the entry points of the store as well as at the register about the service charge—that the customer can reduce or avoid by using cash. In addition, the sales receipt must explicitly display the service charge and, when applicable, the cash discount.

Among the possible benefits, merchants can lower their effective card processing expenses by collecting the service charge. Colleagues at the Boston Fed authored a discussion paper titled "Why Don't Most Merchants Use Price Discounts to Steer Consumer Payment Choice?" in late 2012 that reviewed a number of factors that might cause merchants to think twice about implementing a cash discount program. I believe the factors they reviewed are as relevant today as they were at the time of the paper. As for the credit card surcharge, the merchant has to consider customers' potentially negative response to such a fee, especially if they believe that the merchant has already built much of the cost of payment acceptance into the goods and services.

Merchants have to register credit card surcharge programs with the card brands prior to implementation. However, cash discount programs have no such requirement, so their adoption rate among the merchant community is difficult to quantify. One indicator may be from the Federal Reserve's 2015 Diary of Consumer Payment Choices. According to an analysis of the data, the national sample of respondents indicated they received a cash discount on 1.9 percent of their non-bill transactions that had a median value of $20. Interestingly, in a breakdown by industry type, transactions at automobile/vehicle-related and entertainment/transportation businesses were more likely to offer a cash discount—of 8.2 percent and 5.1 percent, respectively.

What has been your experience with cash discount or credit card surcharging programs? Did such a program cause you to change your initial form of payment?

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 30, 2018 in cards, payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 23, 2018


Paying with PlasticMetal

I recently had the opportunity to watch a panel of eight millennials discuss their thoughts on money and payments. (The Pew Research Center defines a millennial as anyone born between 1981 and 1996.) While realizing that a sample size of eight young adults is far from representative, I was completely caught off guard at times by what they had to say based on everything I have read or heard about this generation's banking and payment preferences. None of these people lived with their parents and all of them held full-time jobs. So what did I learn from these eight millennials?

  • Demand deposit accounts (DDA) with financial institutions are still important. I was surprised that all eight panelists maintain a DDA.
  • Credit card reward programs are strong drivers of payment usage. Six out of the eight panelists stated that credit cards were their preferred method of payment, primarily because of the rewards that their cards offered. One panelist preferred debit cards while another panelist preferred cash. Of the six credit card-preferring millennials, all stated they were purely transactors that pay off their monthly balance, opting not to revolve them.
  • Another strong driver of credit card usage is card design. All of the panelists raved about metal cards. They love how metal cards feel and they love the sound that they make when they drop them on a counter or table to pay. Several expressed that they wanted cards to be even thicker and heavier. In general, the panel thought that paying with a metal card was "cooler" than paying with a mobile phone.
  • Person-to-person (P2P) wallets and applications are used extensively, but primarily for transacting between individuals, not for storing money. All of the panelists use a P2P mobile wallet or application on their phone. However, none maintain a significant balance in their preferred wallet. They opt to transfer their balance to their DDA. A primary reason for not holding funds in a mobile wallet is concern over security. They feel their money is safer with a financial institution.
  • Mobile phones are vital to their livelihood, yet mobile proximity payments have not fully caught on with them. Half of the panel uses their phone at point-of-sale terminals that accept mobile payments; one panelist mentioned the rewards that he receives from his mobile wallet as driving his mobile payment usage. A majority expressed enthusiasm about mobile order-ahead functionality and use it whenever it's available. However, the availability of mobile payments does not drive decisions to shop at specific stores. All use mobile phones for comparison shopping, oftentimes in a physical store.

A key takeaway from synthesizing all of this information is that it's not just mobile phones that pose a major threat to paying with plastic—it's also metal cards. They certainly seem to appeal to the millennials that I heard on stage and drive loyalty from a usage perspective. And while I don't have data to back up this claim, I do think this metal phenomenon spans generations, as I have had people of all ages show off their metal cards to me. Cards as a form factor are here to stay, but could plastic (especially for credit cards) be on its way out?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 23, 2018 in banks and banking, cards, debit cards, mobile banking | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 16, 2018


Merchant Surcharging: Winners and Losers

It isn't too often that we at the Retail Payments Risk Forum get to interact with card-acquiring stakeholders on such an interactive basis, so it was especially interesting—and valuable—for me to attend a lively session on surcharging at the Southeast Acquirers Association conference in March. I found the session to be quite informative about credit card surcharging and cash discounting programs that processors and independent sales organizations offer.

Incidentally, Jim Daly, senior editor of Digital Transactions, recently wrote an article for the publication—"Surcharging Is the Wave of the Future, ISO Executives Say"—on this very session.

Card brands have allowed merchants to levy surcharges on credit cards since 2013, after a legal settlement with merchants. Under the rules, merchants can charge what it costs them to accept a credit card. This rate, normally defined as the contracted discount rate, is capped at 4 percent of the transaction amount. Ten states have statutes prohibiting surcharging, but recent court decisions in some of those states have found the prohibitions to be unconstitutional. More legal challenges are under way.

While the panel at the conference was highly optimistic about the proliferation of these programs, their viewpoint is understandable since their companies offer these programs as revenue generators. Other industry stakeholders I have talked to since the conference have been less optimistic and view the potential as a niche market currently representing less than 1 percent of the U.S. merchant base.

In any case, I can understand why a merchant might want to pass that incremental cost on to me if my payment method costs the merchant more than other payment methods. It's my choice to use that particular method. Of course, the merchant who chooses to implement such a program takes the financial and reputational risk of driving its customers to other businesses that do not impose such a surcharge or that have a lower surcharge.

So how does the implementation of a credit card surcharge affect the various stakeholders of a transaction? Let's assume a merchant pays a 3 percent discount rate under its current processing agreement for accepting credit cards. In the non-surcharge environment, for a $45 transaction, the cardholder customer is billed $45; the merchant receives a net $43.65; and the merchant's processor collects $1.35, which is the 3 percent discount rate. In a surcharge environment, the cardholder would be charged $46.35; the merchant would receive $45; and the processor would collect the same $1.35. So the cardholder pays more, the merchant retains that extra money, and the processor maintains the same revenue amount.

Under the terms of the 2012 legal settlement, the merchant can assess the surcharge only on credit card transactions, not debit or prepaid cards, and must place clear disclosures for the customer at entryways and the point of sale. Additionally, the customer's receipt must have an itemized entry identifying the surcharge.

It will be interesting to see whether surcharge programs proliferate in the future, as the panelists forecast. What do you think?

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 16, 2018 in cards | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 26, 2018


Convenience Always Wins, In One Form or Another

My colleagues and I often write about the frustration that security professionals have that consumer convenience will almost always win over the adoption of more secure practices. We've seen this over the decades with poor password and PIN management and the often lackadaisical approach consumers take to keeping their payment devices safe and secure. This post will take a slightly different tack—it will explore the influence convenience has on the payment card issuance strategy of U.S. financial institutions (FI) and how convenience always seems to win, though sometimes in unexpected ways.

When the various mobile pay wallets were being launched, many observers speculated that they might be the beginning of the end for plastic payment cards. Some, presuming that mobile was a more convenient way to pay, opined that the day would come when FIs would have no reason to continue issuing cards since everyone was going to be using their phones. Although adoption has been increasing, the reality is that mobile payments at the point of sale have been slow to gain traction. Recently released results of a survey of FIs in seven of the Federal Reserve Bank districts revealed that 75 percent of respondents thought it would be at least three years before consumer adoption rates of mobile payments would exceed 50 percent; 40 percent said it would take five years or longer. Consumer surveys consistently indicate that consumers aren't adopting mobile payments because they find their plastic payment card more convenient. So for mobile devices, convenience still has a ways to go.

Some financial-institution-owned ATM operators, continuing efforts to provide alternatives to plastic cards, have recently begun supporting cardless ATM transactions. With this service, you use your FI's mobile banking application to set up or stage an ATM withdrawal, identifying the account and amount to be dispensed. The details of the various technologies differ, but they all work like this: you go to the FI's ATM, select the cardless ATM function, and use a smartphone to either scan a QR bar code or enter a one-time transaction code. (Sometimes you may have to use a PIN.) Nice and convenient! And you don't have to worry about damaged or forgotten cards, or getting your card skimmed. We'll have to wait to see how consumers react to this feature's convenience.

Some FIs currently issue, or plan to issue, dual interface cards when it's time for customers to replace their existing chip card. While costlier to the FI, the new cards include a contactless feature that allows an NFC-enabled terminal such as an ATM or point-of-service device to read the data on the chip when you pass the card within a couple of inches of the reader. Contactless transactions, which are quite popular in Canada and Europe and greatly desired by mass transit systems in the United States, are faster. And we all know that faster means more convenience—right? Like cardless ATM transactions, contactless offers some security benefits. But merchant terminal acceptance remains a concern, just as it has been for the various pay wallet applications.

So it seems that convenience comes in different forms, and it appears that many FIs are betting that, like currency and checks, the plastic payment card is going to be around for quite some time. Perhaps that is the best strategy: offer a wide range of options and let the customers decide for themselves which are the most convenient.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 26, 2018 in cards, debit cards, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 19, 2018


Mobile Banking and Payments' Weakest Link: Me

What's the biggest hole in mobile banking security? As my colleague Dave Lott reported in January, bankers say it's consumers' lack of protective behavior when using mobile devices. That means you and me.

In response, financial institutions (FI) have implemented controls including inactivity timeouts and multifactor authentication, as noted in Mobile Banking and Payment Practices of U.S. Financial Institutions, which reported the findings of a 2016 Federal Reserve survey.

Baking these controls into mobile apps makes sense because research on consumer behavior suggests that expecting consumers to independently take steps to protect their accounts and data is not realistic. Take as one example: I co-wrote a paper with Joanna Stavins for the Boston Fed reporting the results of our investigation into consumers' responses to the massive Target data breach. We found that while consumers do react to reports of fraud, their reactions can be short-lived. In addition, consumers' opinions may change, but their behavior may not. In other words, considerations aside from security could take priority. (See also a report on the 2012 South Carolina Department of Revenue breach.)

Debit and credit card data for 40 million cards used in Target stores were stolen in late 2013. The breach was widely reported in the news media and caused many financial institutions to reissue cards. Because it was primarily a debit card breach, one might reasonably expect consumers to take a jaundiced view of debit cards after the breach.

And, indeed, that was the case. The Survey of Consumer Payment Choice was in the field at the time of the Target breach. Some consumers answered questions about the security of debit cards before the breach became public. Others answered after.

Consumers who rated card security after the breach rated debit cards more poorly relative to the average rating of the other payment instruments—cash, paper checks, ACH methods, prepaid cards, and credit cards. So in that sense, they reacted to the news.

One year later, consumers in 2014 rated the security of debit cards more poorly both relative to their ratings of other payment instruments and absolutely (that is, a greater percentage of consumers rated debit cards as risky or very risky). In contrast, compared to 2013, the absolute security ratings of cash improved. There was no change in the security ratings of credit cards.

The more important question: Did consumers change their behavior in response to this massive and widely reported data breach? The answer: not according to this survey data. There was no statistically significant change in consumers' method of payment mix in 2014. Debit cards remained the most popular payment instrument among consumers in 2014, accounting for almost one-third of their payments per month.

What does this mean for financial institutions? Realism about my willingness to take action is well placed. You can't count on me.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 19, 2018 in account takeovers, banks and banking, cards, debit cards, identity theft, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 12, 2018


If the Password Is Dying, Is the PIN Far Behind?

Back in January, I wrote a post that highlighted the rising incidence of lost-and-stolen card fraud in the United Kingdom. I concluded that the decades-old PIN solution for the card-present environment is now showing signs of weakness. Results of a recent Minneapolis Fed survey of 283 financial institutions offer some validity to my conclusion: the survey found that losses on PIN-based debit increased by 50 percent from 2015 to 2016. In fact, 81 percent of the respondents reported fraud losses from PIN-based debit, compared to only 77 percent for credit cards.

The news wasn't all bad for PIN-based debit. Signature-based debit and credit cards still had more fraud attempts than any other payment instrument. At 63 percent, signature debit fraud actually had a higher increase in fraud losses from 2015 to 2016 than did PIN debit. The PIN is a far superior verification method for card payments, but I'm willing to bet that the PIN, much like the password, has become less effective.

Is this coming at a time when the PIN is about to become more prominent? In late January, the PCI Security Standards Council announced a new security standard for software-based PIN entry, also known as "PIN on glass." This standard specifies the security requirements for accepting a PIN on a mobile point-of-sale device such as a Square card reader.

As an aside, I am a bit surprised by this announcement. Apparently, mobile phones are safe enough for entering PINs, but when someone uses a pay wallet such as Apple Pay or Samsung Pay, the card's PAN, or primary account number, is tokenized for security purposes. I'll save a discussion of this inconsistency for another post.

People have been talking for years now about how the password has passed its prime as a standalone authentication solution. Yet it continues to live, and it's as difficult as ever to mitigate its vulnerabilities. In my opinion, attempts to do so have increased customer friction and had minimal impact. I think the PIN is following a similar path. It creates customer friction (especially for me as I now have different PINs for multiple cards that I struggle to keep straight) and is losing its effectiveness, according to the data I mentioned in the first paragraph. But it appears that, with the PCI's recent announcement, the PIN could become even more prevalent for cardholders. Is it time, in the name of security and customer friction, for us to replace PINs and passwords with more modern authentication technologies such as biometrics?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

February 12, 2018 in authentication, banks and banking, cards, chip-and-pin, consumer fraud, debit cards, EMV, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad