Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
February 27, 2017
Wouldn't It Be Nice to Tap and Pay?
In the mid-2000s, after setting up a new checking account following a move, I received a debit card that, in addition to the magnetic stripe, had contactless functionality. I remember thinking how "cool" this feature would be, not having to swipe the magnetic stripe but simply tapping the card on the point-of-sale (POS) terminal. However, I quickly became disappointed, as I couldn't use the tap functionality in most places that I shopped. In the few places that did allow for taps, I don't recall the tap ever working properly. After a few months, I never attempted to tap it again and reverted to the traditional swipe.
Fast forward to 2017, and contactless card usage is surging in the United Kingdom, Australia, and Canada while remaining all but nonexistent in the United States. In November 2016, contactless cards accounted for nearly 25 percent of all card payments in the United Kingdom, up from 11 percent since November 2015. In Australia, Visa reported that 75 percent of face-to-face transactions over their network happen via their contactless solution. And in Canada, 99 percent of Mastercard's consumer credit cards are contactless-enabled. A 2016 report found that Canadian consumers were frustrated by merchants that didn't accept contactless payments. All of these countries have also gone through a migration of their payments cards to EMV chip cards. Did the United States miss a great opportunity when chip cards replaced the magnetic-stripe-only payment cards?
Interestingly, in these markets where contactless card adoption rates are surging, contactless cards are leading the contactless payment push ahead of mobile payments. In the United States, we are heading in the opposite direction, with mobile contactless attempting, and struggling, to get traction. No doubt, mobile is the more challenging environment, with a variety of form factors (iPhone, GalaxyS7, Pixel, and more), different ways that the form factor can interact with the POS terminal (such as near-field communication, magnetic source transmission, and barcode), and a variety of different wallets compatible with the different form factors. With a contactless card, you get one form factor—a card—and one method of contactless interaction. (Multiple-interface cards can still be swiped or dipped at the POS.)
I am convinced that the investments made in mobile contactless to this point are one of several factors holding up this country's transition to a contactless card environment. Consumers are confused by the experience and merchants and issuers are struggling with the wide range of options to consider, such as which wallets to enable and which technologies to support. Contactless cards have the ability to create a ubiquitous experience for both consumers and merchants. And this writer believes that a payment experience can't get any easier than a tap of the card.
It's hard for me to believe that it has been 20 years since I received my keychain Speedpass fob. I have positive memories of the simple and seamless transactions that I experienced when purchasing gas by touching the contactless fob to the gas pump reader. Unfortunately, I moved to a location with very few stations that accepted my fob. I always wished that I could have a similar experience for other purchases. Contactless cards allow for that and in a much easier and simpler fashion than my mobile phone allows. So can we get on with contactless cards? I am ready to tap and pay everywhere. Are you?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 19, 2016
Mobile Wallets: Is This the Year?
In our 2015 year-end retrospective post, we commented on the slow pace of adoption of mobile payments despite the introduction of several major mobile wallets. While some consumer research continues to point to widespread consumer usage of mobile wallets in the coming years, we have seen similar projections from past research fail to materialize.
So what have been the major barriers to adopting mobile wallets? And for those who have adopted them, what functions are the most important? As I have noted before, I am a firm believer in former Intel CEO Andrew Grove's 10X rule: a new technology experience must be at least 10 times better than the previous method to achieve widespread consumer adoption and usage. A number of different elements—speed, cost, convenience, personalized experience, ease of use, and so on—can all contribute to achieve that 10X factor. Another critical element is the consumer's trust in the security of the wallet to ensure that payment credentials and transaction information will not be compromised in some way. The market research and strategy firm Chadwick Martin Bailey (CMB) conducted mobile wallet research in March–April 2015 on a nationally representative sample of smartphone owners and specifically asked mobile wallet nonusers what were their particular security concerns. As the chart shows, identity theft and the interception of personal information during the transaction were the top two reasons given.
The tokenization of payment credentials goes a long way to providing a higher level of security, but a major educational effort is required to relay this knowledge to consumers to increase their level of confidence. The CMB study found that 58 percent of nonusers would be somewhat or extremely likely to use a wallet if tokenization of their payment account information were performed.
But is it enough to convince consumers that mobile payments are more secure to significantly speed up adoption and usage? Mobile wallet proponents have been saying for years that the mobile wallet must deliver more than just a payment function, that it should include incorporate loyalty, couponing, identification, or other functions.
So if the desired end state is known, why is it taking so long for the mobile wallet providers to achieve that winning solution? The retailer consortium MCX is going into its fourth year of development and has just recently begun a pilot program of its CurrentC wallet in the Columbus, Ohio, market. Two of MCX's owners and major U.S. retailers, Walmart and Target, have announced in the last couple of months their plans to develop and operate their own mobile wallet. While these companies still profess their support of the MCX program, have they concluded that a common mobile wallet solution among competing retailers doesn't meet all their specific needs? Or is it a desire to offer their customers a wider choice of shopping experience options and differentiate their experience? Or is it another reason altogether? Only time will tell.
So do you believe that 2016 will be the year of the mobile wallet? Let us know what you think.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 9, 2012
Can clouds and contactless chips coexist?
Mobile wallets have started to make their way into the market this year. Inevitably, industry stakeholders are joining opposing camps on the technology that these wallets use to keep payment information and other personal data safe and secure: contactless chips or cloud-based technology. The chips are embedded in a mobile handset that communicates with a terminal via near field communication (NFC), while the cloud-based technology involves an application downloaded to the mobile handset.
If the critical mass necessary for the successful adoption of a payment system relies on acceptance interoperability and technical standardization, can these two solutions coexist in a future mobile payments system? Or will technology debates threaten near-term interoperability and consumer adoption?
The first generation of mobile wallet trials such as Isis and Google are using contactless NFC technology. This is not surprising as early discussions found consensus on the need to move as an industry to NFC for mobile payments. In fact, as my coauthors and I noted in our 2011 paper, "Mobile Payments in the United States: Mapping out the Road Ahead," one of the key tenets agreed upon at the time by industry stakeholders for a safe and secure mobile payments system was the use of contactless NFC technology.
However, since that time, new mobile providers have been rolling out wallets that do not use NFC. Instead, they rely on store payment credentials in remotely based servers, more commonly referred to as the "cloud." The PayPal wallet, for example, leverages consumers' existing PayPal accounts where payment credentials are stored.
Benefits and challenges
Numerous complex variables are at play in the debate on NFC versus the cloud. A recently published TSYS whitepaper authored by Scot Yarbrough and Simon Taylor, "The Future of Payments: Is it in the Cloud or NFC?," provides a comprehensive explanation of the benefits and the challenges that opposing business models face.
The authors summarize the case for NFC by noting that it is backed by the major card networks and offers the capability to store and send information other than payment, such as contacts and videos. The case for payments in the cloud has a supply-side incentive in that the infrastructure costs are much lower for the merchants at the point of sale.
Both systems face challenges, of course, as evidenced by the current low adoption levels for any particular wallet. The TSYS authors note that cloud technology payments may offer so many different choices, "how many ways to pay will the consumer want to learn and adopt, especially when he or she can simply reach into their pocket, pull out their credit or debit card and pay?"
They also note that NFC is also not without flaws. Building consumer experience will require compelling value propositions to encourage new payment behaviors. Further, the complexity of the ecosystem to manage the payment credentials in the chip inside the mobile device among various players in the business model creates economic challenges as well.
In the near term, cloud-based solutions will likely disrupt the payments landscape as merchants look to manage their share of the infrastructure investment for new payments. As wallet providers identify efficiencies and optimal security propositions for data residence and transit, it is possible that hybrid business models will emerge. Finally, the TSYS authors aptly note that future game changers will likely alter the current argument completely. Will merchant investment costs matter in a future where the mobile handset is also the merchant's acceptance terminal?
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Can clouds and contactless chips coexist?:
February 27, 2012
QR codes versus NFC: Cheaper, but worth the risk?
In recent years, we've seen discussions on the value and viability of near-field communications (NFC) apps morph from the hypothetical to some actual real-life deployments. Google has rolled out an NFC mobile wallet, and others are on their way for trial rollouts, as we discussed in last week's post. As this burgeoning industry takes shape and the costs and barriers become more apparent, some interim and quite disruptive technological alternatives are gaining attention—namely QR (short for "quick response") codes. In fact, many merchants today are touting QR codes as the near-term alternative to a more costly deployment of contact and contactless chip-based payments using NFC and EMV interoperability and security technology standards. They are touting these QR codes despite the superior security that chip technology affords. These discussions beg the question: are short-term economic gains realized from less costly QR code technology adoption at the expense of payment security?
How do QR codes work?
QR codes are a two-dimensional form of barcode whose contents can be decoded electronically at high speed. QR code use exploded in 2011, and telephonic technology has expanded to support their application for storing all kinds of data, including URLs. As a result, consumers are increasingly using QR codes to access magazines and newspapers on the Internet and to find online product reviews by scanning price tags. The camera in a smartphone captures the picture of the QR code, and then decoding software helps the phone connect to a website or a file download.
QR codes and malware
Unfortunately, there is no way to visually discern whether the data contained in the QR code will direct the user to a malicious website or application. Infected QR code problems are just beginning to emerge because most people simply don't know the best way to protect their mobile device. According to Marian Merritt, a Norton online safety advocate, "fewer than 5 percent of people have got some form of security on their mobile devices." 2011 in particular witnessed an upsurge in hackers using QR codes as a means of transmitting mobile viruses in Russia. According to a recent report by AVG Technologies, scanning a QR code and executing its hidden applications on a mobile device is akin to "running an unknown executable on your computer." Mobile-related hacking events are expected to rise in 2012 with the advent of more advanced QR code-enabled mobile applications.
Should economy trump security?
QR codes fulfill a wide range of functionalities, but should they be used for payments? Starbucks has realized considerable success with its QR code-based mobile payment app with millions of transactions since it launched one year ago, and merchants are receptive to a more affordable point-of-sale payment acceptance system generally.
The risk of fraud in micropayments and closed-loop payment systems—such as the QR code prepaid business model that Starbucks uses for a cup of coffee—may not be as significant as for larger, open-loop transactions. Ultimately, QR codes may play a viable role in some smaller, and less risky, payment applications. Payments industry participants should carefully consider the ramifications of a strategy that expands their use more generally in lieu of NFC-enabled payments.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
February 14, 2011
Can mobile address the rising tide of fraud in card-not-present transactions?
Combating fraud in credit and debit card payments is a challenge for all payment system participants, from the banks that issue the cards to the merchants that accept those cards as payments for goods and services. One particularly troubling channel, with a rising incidence of card fraud, is on the Internet. Retailers are increasing their efforts to attract customers online with discounts, online-only specials, and free shipping and returns. While the use of cards for website payments, also known as card-not-present (CNP) transactions, is inherently riskier than face-to-face transactions at a merchant's point-of-sale, the dramatic rise in e-commerce suggests it is a trend that is here to stay. As the mobile channel develops for card payments, can the security capabilities of mobile handsets protect consumers against CNP fraud?
CNP fraud: The U.K. experience
While data regarding fraud loss and mitigation costs are hard to come by in the United States, the U.K. Card Association gathers information that we can use as a good proxy for gauging experiences in other markets. This organization found that as the Internet environment has become an increasingly hospitable environment for commerce, CNP has risen dramatically, from just 16 percent in 1999 to 60 percent of total card fraud losses in 2009.
As we noted in an earlier 2010 post, CNP fraud escalated when the U.K. migrated from magnetic stripe technology to credit cards with microcomputer chips. Consequently, the more secure technology at the point of sale drove fraudsters to the more vulnerable online channel.
However, the U.K. took quick action against CNP fraud, implementing better screening and detection tools and, in 2009, U.K. CNP fraud actually declined 19 percent.
Though not directly measurable, CNP fraud, industry experts agree, has made its way to the United States, where the magnetic stripe card technology remains prevalent. In fact, according to the U.K. Card Association's 2010 report, the majority of online payment fraud involves the use of card data obtained through illicit means such as card skimming, a crime that is actually mitigated with chip technology.
Growing Internet sales and CNP: A perfect storm?
According to a report by Javelin Strategy & Research, which forecasts online retail payments, the United States has fostered a robust online transaction market in recent years despite the economic downturn. This trend is expected to continue as consumers and merchants alike become increasingly comfortable conducting e-commerce for everyday goods and services.
The proliferation of smartphone applications for retailer websites along with a broader use of social media to distribute coupons and loyalty rewards are working together to drive consumers to shop online where card payments are widely accepted.
As merchants embrace a rise in retail sales, how do we mitigate the growing threat of CNP fraud in the United States?
Mobile security advantages
One benefit of a contactless mobile payments system is the potential to reduce fraud by eliminating magnetic stripe technology in favor of more intelligent chip technology, which has better security features for combating CNP fraud. The future mobile payments system introduces the ability to layer security tools unique to both the hardware and software resident in the mobile handset. Furthermore, the chip that enables the payment can contain account credentials and additional authentication factors, including location awareness applications, which can enhance the security of the payments transaction.
It is time that merchants, issuers, and payment regulators seriously consider the growing threat of CNP fraud in the debate on how and when to move to more secure payment methods.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
October 25, 2010
Can mobile payment adoption define the "end game" for technology investment?
Payment cards in the United States have been stuck for years in a chicken-and-egg quandary when it comes to chip technology. Merchants are reluctant to invest in developing the technology until consumer demand for it is there. But without the technology, it may be that consumer demand just won't be there. Add to this the competing forces that are at play: various stakeholders are pulled in different directions—contact versus contactless technology—and the cost of capital for technological investment is borne disproportionately among these stakeholders.
At the same time, we hear anecdotal evidence that losses from payment card fraud are on the rise. As we've described in previous posts, like this one, this trend could change the paradigm, spurring those in the industry to invest in more fraud-resilient, smart-card technologies. With this pressure, it's inevitable that payments card will shift from magnetic strip to chip card technology. But the problem is that chip card technology is constantly evolving, and those stakeholders bearing the costs for investment in new computer chips and terminal hardware infrastructure want some assurance that their investments are sound before they choose which technology path to follow, contact, or contactless.
In the interest of promoting global interoperability as well as battling magnetic-strip payment card fraud, now may be the time for an industry dialogue on a strategy for investment in smart technology. One question we should be asking ourselves in this discussion is, should we avoid investing in contact card technology if contactless mobile payments represent the end game?
Smart card basics: Contact versus contactless
Contact and contactless smart cards are so named because of the way that the embedded computer chip communicates with a terminal at a merchant's point-of-sale or at an ATM. In the case of contact technology, the data stored in the embedded computer chip is transferred to the reader when the card physically touches the reader. With a contactless card, the data is transferred using some type of radio frequency transmission such as near-field-communication (NFC) technology, which is the current contactless card technology standard. NFC technology, of course, precludes the need for a physical connection between the card and the reader. The user can use it in a variety of devices, including the mobile phone. Importantly, contactless technology in the chip can work with the phone itself to authenticate the user and thereby reduce payments fraud.
Countries that rely on smart card payments are using various combinations of contact and contactless payments that conform to certain security standards and specifications to protect consumers and merchants from payments fraud. To encourage consumer adoption, some issuers have introduced dual-interface cards, with both contact and contactless functionality, so that consumers can use either card at the point-of-sale terminal. This approach, with a dual-interface card, optimizes utility for consumers as retail payments evolve to the mobile channel, potentially empowering both the use of contact cards and contactless mobile payments.
The outlook for contactless mobile payments
Although the evolution of mobile payments in the United States has so far been slow, merchants are introducing new pilots with increasing frequency, and many industry stakeholders want to accelerate the deployment of a universal contactless mobile payments infrastructure. Moreover, U.S. consumers are relying more and more on their mobile phones for new and unexpected applications, which points to a good chance of success for mobile-based payments and related activities in the future. In fact, according to a report from the Pew Research Center, 85 percent of American adults today own a mobile phone, more than any other device.
Building consensus in the face of market forces
The recent deployment of contactless card payments in global markets is contributing to the establishment of an infrastructure for contactless mobile. In essence, here in the United States, we can go in either direction, contact or contactless. However, in a world where all stakeholders shared the same fully transparent information and vision for the future, could it be possible to leapfrog spending our investment dollars on contact cards and readers and instead use capital on contactless technology? We can avoid the costs for interim technology solutions if industry stakeholders can agree on a future direction despite the different economic incentives and costs demanded. Really, if NFC deployment is the ultimate endgame for mobile payments, bypassing the investment in contact technology as an interim step is a viable, if not ambitious, consideration.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
June 14, 2010
Boston and Atlanta Feds cohost mobile payments industry roundtable meeting
It is an established fact that the United States lags Asian and African countries in embracing mobile payments technology. The question is why. To examine the reasons for the lag, the Atlanta Fed's Retail Payments Risk Forum and the Boston Fed's Consumer Payments Research Center convened a meeting on January 27 and 28 of key industry stakeholders involved in the emerging mobile payments industry. The group engaged in a cross-industry dialogue to develop a mutual understanding of industry direction and a noncompetitive strategy to address barriers to adoption of mobile payments. Ultimately, the group sought to answer this question: "If mobile payments can function effectively and efficiently in Africa and Asia, why not in developed countries like the United States?" (Portals and Rails examined the same topic in its April 5 blog, "Consumer confidence the key to U.S. mobile payments future.")
Below is a summary of the meeting's discussion.
Drivers of and barriers to adoption
The United States has been slow to adopt mobile payments technology primarily because many existing payment alternatives are available and because a variety of different entrepreneural business models and pilot rollouts are currently under way. Many new proprietary services lack uniformity, so do not encourage trust and do not attain the critical mass necessary to succeed. Furthermore, the true state of consumer demand is clouded with conflicting perceptions concerning security and the value proposition for mobile payments. Industry participants need to understand exactly what consumers want in mobile payments, whose perceived value may in turn rely on some added feature or functionality rather than just the payment itself.
The transit industry—which is moving to contactless, card-based fare payments systems—has some of this additional functionality. These systems are being modified to allow use for the purchase of nontransit goods and services at merchants' point-of-sale locations that accept the major card brands. This trend is noteworthy because it leverages the transit system’s existing network to expand the payment functionality of the transit card to an open-loop environment.
Similarly, contactless technology, also known as near field communication (NFC), is finding its way into mobile payments, where the phone, as opposed to the card, is the form factor enabled with the chip technology. However, few chip-enabled mobile devices are available on the market today. Some vendors are offering peripheral devices, such as NFC stickers that adhere to the mobile phone, until more handset makers embed the technology in the phone itself. While this strategy provides a plausible interim solution, it also has the potential to confuse the market and delay the goal of full NFC deployment and adoption.
Merchants represent a key variable in the adoption equation. Because the capital investment in contactless point-of-sale equipment is expensive, merchants may delay investment decisions necessary for contactless payments via cards or mobile devices until they are certain of widespread adoption and use. Additional incentives such as mobile coupons or loyalty reward programs may be needed to create a viable business case for NFC payments.
Industry roles and responsibilities
A number of key topics arose out of the discussion surrounding industry roles and responsibilities.
- Customer ownership: The mobile payments environment is evolving to include a wide range of players—many new to financial services—who share the customer relationship in some way. Consequently, as mobile business models emerge, complications may arise in the sharing of customer data and revenue. No one group in the mobile ecosystem totally owns the customer, although some may bear more responsibility and liability than others, depending on the business model and infrastructure. Ultimately, customer ownership may be defined by the consumer's perception of ownership and who the consumer believes has committed an error in a payments transaction. It will be important for industry stakeholders to discuss scenarios in which customer protection and privacy are at stake, and decide which party will assume responsibility in the payment chain when something goes wrong. It will also be important for stakeholders to agree on collective customer data sharing in order to optimize fraud reduction efforts.
- Security: Security is a complex issue in the context of roles and responsibilities. For example, who is responsible for provisioning security for transactions that expand across the mobile space from the phone, to the carrier, to the processor, to the bank, and finally to settlement? While strong encryption methods exist for protecting user data during transmission, complexities may arise when different parties begin to share data in order to execute a payment transaction.
- Regulatory environment: The U.S. banking industry is highly regulated and guided by well-defined standards. The telecom industry, on the other hand, has a different regulatory environment, one that is focused on nonfinancial risk issues. The establishment of a trusted service manager may ultimately serve the role of facilitator to manage and bring together different industry participants.
- Gaps in oversight: With regard to the regulatory front, gaps may emerge in oversight for the conjoined telecom and banking industries, making it important for industry participants to work with regulators to identify oversight roles and close gaps in advance of widespread deployment. In that context, the Fed is interested in ensuring the integrity of emerging payments systems without taking any action that might stifle innovation and efficiency.
The meeting concluded on the theme that industry participants should work collaboratively to develop a uniform system to provide a common user experience that is safe and secure. While competition often fosters innovation, the industry should address interoperability and common standards in a cooperative rather than competitive context. Meeting participants agreed on broad actions intended to address adoption barriers and establish a viable mobile payments infrastructure. The meeting summary is available on the Boston and Atlanta Fed websites.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Boston and Atlanta Feds cohost mobile payments industry roundtable meeting:
March 22, 2010
Can mass transit agencies drive the business case for contactless payments?
While smart cards have replaced magnetic strip cards for point-of-sale and ATM transactions in most other countries, the United States has been slow to adopt chip-driven technology despite improved security for transacting payments. For example, one form of smart cards, the EMV (Europay, MasterCard, Visa) chip and PIN-based card programs, is gaining wide acceptance outside the United States.
But one U.S. industry has found a way to make sense out of contactless payments—the mass transit sector. Transit providers in major cities are moving from proprietary coin and paper-based systems to card-based systems, advancing the use of contactless cards. A discussion paper authored by the Philadelphia Federal Reserve Bank's Payment Cards Center analyzes the influence of the transit industry on electronic payments and suggests that transit's adoption of contactless card payments is likely to drive increased use of electronic payments overall. In fact, the paper describes a potential future system in which transit also acts as an "open-platform merchant" capable of accepting open-loop major card company-sponsored credit and debit cards.
Will contactless adoption achieve sufficient critical mass necessary to transition to the magnetic stripe? As with other emerging payments, future network effects are difficult to predict, and both sides of the argument can be compelling.
The benefits: Contactless technologies fight fraud
Proponents of contactless payments assert their superior benefits. First of all, their high transaction speeds support mass transit applications, but more importantly, contactless technologies are more resistant to fraud. Magnetic strip cards are vulnerable to counterfeiting because the information contained in the strip can be skimmed at the reader location and then cloned, thereby permitting unauthorized use. In contrast, the near-field chip technology used in contactless smart cards is difficult to duplicate and promotes a more sophisticated and secure processing environment. Another advantage of contactless technology is its higher memory capacity than magnetic which can be used to promote improved identity authentication at the merchant's point of sale.
Credit card fraud plummeted for point-of-sale transactions in the United Kingdom after chip cards were deployed. According to the U.K. Card Association's January 2010 release of new card and banking fraud figures, the success of chip and PIN has reduced counterfeit card fraud losses to their lowest level since 1999. While fraud in online channels increased in response to smart card deployment, as fraudsters moved to more vulnerable environments, this latest report cited a decrease in card-not-present fraud. A loss of 19 percent is purported to be the first year-on-year decrease and is attributed to the use of more sophisticated fraud screening detection tools by banks and merchants.
|Annual plastic card fraud losses on UK-issued cards 2005 to 2009|
|Card Fraud Type (on UK-issued credit and debit cards)||2005||2006||2007||2008||2009||+/-(08/09)|
|Phone, Internet, and mail-order fraud (card-not-present fraud)||£183.2m||£212.7m||£290.5m||£328.4m||£266.4m||-19%|
|Counterfeit fraud (skimmed/cloned)||£96.8m||£98.6m||£144.3m||£169.8m||£80.9m||-52%|
|Fraud on lost or stolen cards||£89.0m||£68.5m||£56.2m||£54.1m||£47.9m||-11%|
|Card ID theft||£30.5m||£31.9m||£34.1m||£47.4m||£38.2m||-20%|
|Contained within this total:||UK retail face-to-face transactions||£135.9m||£72.1m||£73.0m||£98.5m||£72.1m||-27%|
|UK cash machine fraud||£65.8m||£62.0m||£35.0m||£45.7m||£36.7m||-20%|
|Source: UKCARDS Association: http://www.theukcardsassociation.org.uk/media_centre/press_releases_new/-/page/922|
Economic reality—for now
If the industry is concerned with fraud, and contactless payments are more secure, why is the United States resistant to change? The answer lies in the "chicken-and-egg" problem, as adoption relies on the need for contemporaneous adoption by both merchants and consumers. Consumers are accustomed to swiping their cards and may not realize their payment cards are enabled with smart technology in addition to the mag stripe. Merchants want safer payments but remain hesitant to invest in contactless hardware technology because of concerns that more advanced alternatives could follow in the near-term, forcing them to allocate additional capital. While millions of chip cards have been issued in the United States, the cost of hardware deployment at the point of sale represents a hurdle to widespread adoption.
Overcoming hurdles in the transit industry
According to ContactlessNews a number of transit providers are working with the major card networks to trial the issuance of credit and debit cards. One noteworthy example is the Utah Transit Authority of Salt Lake City, which has employed a system on an open-payment network. The Utah transit system accepts major contactless cards such as Visa payWave, MasterCard PayPass, and American Express ExpressPay. Contactless has proven beneficial in the transit sector as collection efficiencies have driven down operational costs and created convenience for the consumer by eliminating the need to purchase fare media from station agents, often through a a card-based payment. Whether or not this positive consumer experience in transit can drive more wide-scale adoption in the United States is certain to be a hot debate topic for some time to come.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
September 14, 2009
Stickers and skins--the next phase in proximity payments and mobile payments
I just became the owner of a GO-Tag, an example of a sticker that contains contactless payment technology that you can adhere to an item of your choice. I removed the adhesive backing and attached it to the back of my iPhone, enabling it as a proximity payment device. The sticker contains an embedded chip that uses a technology called near-field communication, or NFC for short, which allows short-range contactless payments. This embedded chip technology is more ubiquitous than you might think. It's also used in transit cards and toll road transponders, in addition to plastic payment cards. In developing countries that did not invest as heavily in magnetic stripe infrastructure as we did here in the United States, chip cards are much more prevalent. And the lack of a legacy infrastructure in those countries has accommodated a smoother transition to the adoption of mobile handsets embedded with contactless technology.
Another innovation is the mobile phone payment "skin," which wraps and adheres to the phone and is embedded with a contactless payment chip. One product we found is called Phoolah. The skin-wrapped phone can be waved at a merchant’s point-of-sale reader to effect a transaction. Both the skin and the sticker are similar in that they work as open-loop, stored-value payments that are limited to a specific population of merchants participating in the rollout phase of both products. And what might make them the next phase in contactless payments is that they separate the payment functionality from the legacy plastic card to some other device, typically a mobile phone.
Both examples of the mobile phone skin and sticker are issued by Metabank and run on the major card association rails. Some of the retailers accepting stickers and skins include 7-Eleven, McDonald's, and CVS, to name a few.
Magnetic stripe inertia
Advocates of chip technology assert that chip technology is more secure than the magnetic stripe variety because it is more difficult to duplicate, a process known as "skimming." Furthermore, because they store more information than stripes, the chips can accommodate more sophisticated security functions such as encryption and authentication. These enhanced security features have influenced the European Payments Council (EPC) to announce recently that it is considering a ban on magnetic stripe cards within the next few years in favor of chip cards augmented by PIN authentication.
However, chip technology has faced some hurdles in the United States as merchants and consumers are comfortable with legacy magnetic stripe products. The infrastructure has been long established in the United States and is expensive to change. Pilot contactless cards have been introduced running the parallel technologies, affording the use of both the chip and the magnetic stripe. The distribution of readers for both contactless and stripe is not consistent and has resulted in a certain degree of confusion for both consumers and operators at the merchant’s point of sale. What may overcome this confusion is the use of mobile phones as devices with embedded chips. The prevelance of mobile telephones in the marketplace may increase the likelihood that consumers will try out the technology.
Implications for mobile payments
The industry is hard at work addressing the obstacles to mobile payments—different legal frameworks for telecom and financial institutions, the large number of carriers and handset makers, and the need to establish technical standards for consistent interoperability among all industry participants. For now, stickers and skins may provide a low-cost opportunity to both test consumer and merchant acceptance and transition the industry to the next phase of payment innovation.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Stickers and skins--the next phase in proximity payments and mobile payments:
- In Payments, What I Say May Not Match What I Do
- Organizational Muscle Memory and the Right of Boom
- Remote Card Fraud: A Growing Concern
- Three Views of Noncash Payments Fraud
- An Ounce of Prevention
- Safeguarding Things When They’re All Connected
- Racing Ahead in the Wireless Space
- Insuring against Business Email Compromise Fraud
- The Case of the Disappearing ATM
- The First Step in Risk Management
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud