October 25, 2010
Can mobile payment adoption define the "end game" for technology investment?
Payment cards in the United States have been stuck for years in a chicken-and-egg quandary when it comes to chip technology. Merchants are reluctant to invest in developing the technology until consumer demand for it is there. But without the technology, it may be that consumer demand just won't be there. Add to this the competing forces that are at play: various stakeholders are pulled in different directions—contact versus contactless technology—and the cost of capital for technological investment is borne disproportionately among these stakeholders.
At the same time, we hear anecdotal evidence that losses from payment card fraud are on the rise. As we've described in previous posts, like this one, this trend could change the paradigm, spurring those in the industry to invest in more fraud-resilient, smart-card technologies. With this pressure, it's inevitable that payments card will shift from magnetic strip to chip card technology. But the problem is that chip card technology is constantly evolving, and those stakeholders bearing the costs for investment in new computer chips and terminal hardware infrastructure want some assurance that their investments are sound before they choose which technology path to follow, contact, or contactless.
In the interest of promoting global interoperability as well as battling magnetic-strip payment card fraud, now may be the time for an industry dialogue on a strategy for investment in smart technology. One question we should be asking ourselves in this discussion is, should we avoid investing in contact card technology if contactless mobile payments represent the end game?
Smart card basics: Contact versus contactless
Contact and contactless smart cards are so named because of the way that the embedded computer chip communicates with a terminal at a merchant's point-of-sale or at an ATM. In the case of contact technology, the data stored in the embedded computer chip is transferred to the reader when the card physically touches the reader. With a contactless card, the data is transferred using some type of radio frequency transmission such as near-field-communication (NFC) technology, which is the current contactless card technology standard. NFC technology, of course, precludes the need for a physical connection between the card and the reader. The user can use it in a variety of devices, including the mobile phone. Importantly, contactless technology in the chip can work with the phone itself to authenticate the user and thereby reduce payments fraud.
Countries that rely on smart card payments are using various combinations of contact and contactless payments that conform to certain security standards and specifications to protect consumers and merchants from payments fraud. To encourage consumer adoption, some issuers have introduced dual-interface cards, with both contact and contactless functionality, so that consumers can use either card at the point-of-sale terminal. This approach, with a dual-interface card, optimizes utility for consumers as retail payments evolve to the mobile channel, potentially empowering both the use of contact cards and contactless mobile payments.
The outlook for contactless mobile payments
Although the evolution of mobile payments in the United States has so far been slow, merchants are introducing new pilots with increasing frequency, and many industry stakeholders want to accelerate the deployment of a universal contactless mobile payments infrastructure. Moreover, U.S. consumers are relying more and more on their mobile phones for new and unexpected applications, which points to a good chance of success for mobile-based payments and related activities in the future. In fact, according to a report from the Pew Research Center, 85 percent of American adults today own a mobile phone, more than any other device.
|
|
|
|
Building consensus in the face of market forces
The recent deployment of contactless card payments in global markets is contributing to the establishment of an infrastructure for contactless mobile. In essence, here in the United States, we can go in either direction, contact or contactless. However, in a world where all stakeholders shared the same fully transparent information and vision for the future, could it be possible to leapfrog spending our investment dollars on contact cards and readers and instead use capital on contactless technology? We can avoid the costs for interim technology solutions if industry stakeholders can agree on a future direction despite the different economic incentives and costs demanded. Really, if NFC deployment is the ultimate endgame for mobile payments, bypassing the investment in contact technology as an interim step is a viable, if not ambitious, consideration.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
October 25, 2010 in cards, chip-and-pin, consumer protection, contactless, mobile payments | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c013488750d21970c
Listed below are links to blogs that reference Can mobile payment adoption define the "end game" for technology investment?:
Comments
August 16, 2010
States tackle information security with a focus on payments fraud
In response to increased data breaches like the Heartland Payment System incident, some states have passed laws requiring businesses to comply with the Payment Card Industry Data Security Standard (PCI DSS), while others have passed laws with enhanced privacy and encryption requirements for organizations that handle consumers' credit and debit card numbers. But can state laws be changed quickly enough to keep pace with the creative approaches of individuals who commit fraud?
According to Javelin Strategy & Research's 2010 Data Breach Prevention and Response study, approximately 26 percent of U.S. consumers received data breach notifications in 2009. The study also found that one in four consumers had their credit or debit card replaced in 2009 due to security concerns. Additionally, data collected by the Identity Theft Resource Center shows that though the number of breaches may rise and fall, overall, the number data breaches has doubled since 2007.
Source: http://idtheftcenter.org
*Adjusted Heartland number from 30 million to 130 million as per alleged breaches in Justice Department documentation.
Enhanced state encryption and payment card laws
States such as Massachusetts, Arizona, and Nevada have enacted encryption laws, while other states such as Washington and Minnesota have enacted payment card laws. However, to date, only Nevada and Washington have enacted a combination of both encryption and payment card laws.
Massachusetts was the first state to adopt enhanced encryption standards for organizations that own, license, store or maintain personal financial data about its residents. Massachusetts' new encryption law is said to add teeth to a key requirement that many security breach notification laws lack by specifically delineating the security requirements that organizations must adopt to ensure their security measures are "reasonable" and "adequate." Some of those specifications include securing user authentication protocols, encrypting all personal information that travels across public networks and wirelessly, monitoring systems for unauthorized use or access, and updating security systems.
States that have adopted both enhanced encryption and payment card laws go a step further, requiring not only compliance with PCI DSS but also that the organization have an annual security assessment validating its compliance. The assessment must be performed annually to ensure compliance with PCI DSS.
What about out-of-state business?
Businesses that transact with consumers from one of the states that have enacted these laws may be required to comply with the new state laws. For instance, the Nevada encryption law applies to businesses in the state of Nevada but may extend its reach to businesses outside the state if they have a strong enough presence in Nevada.
Laws assign liability to payments participants
Some state laws address liability among payments participants to ensure that the participant in the best position to prevent loss carries its share, if not all, of the costs associated with the loss and subsequent loss prevention efforts. Determining which participant is responsible has undergone changes in the states that have adopted enhanced payment card laws. The states of Washington, Nevada and Minnesota, for example, make merchants who are not compliant with PCI DSS liable to financial institutions for associated costs in instances of security breaches. Washington state holds a business or processor liable to a financial institution for costs related to a data breach even if the financial institution has suffered no loss. Under Washington state's new payment card law, a vendor may also be held liable to a financial institution for damages that occurred as a direct result of the vendor's negligence.
Conclusion
Since the loss of data can be an indicator that fraud is being perpetrated, these latest state laws look to ensure that businesses who hold such data do so in a manner that appropriately safeguards consumers' privacy. Data breach and loss containment are ongoing challenges for organizations that handle consumers' nonpublic personal information, including credit and debit card numbers. The new encryption and payment card laws may require organizations handling consumer payments information to fundamentally reexamine their corporate security compliance obligations and evaluate the technical resources required to comply with specific state standards.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
August 16, 2010 in consumer fraud, consumer protection, fraud, law enforcement | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0134863da345970c
Listed below are links to blogs that reference States tackle information security with a focus on payments fraud:
Comments
May 17, 2010
New Payments Spotlight podcast on mobile payments and banking
Play podcast: Mobile Payments and Banking (MP3 7:58)
Transcript
Hardly a day goes by without an announcement or press release about a new mobile payments application. Although U.S. consumers have not readily embraced mobile banking and payments services, we must consider legal and regulatory questions if an eventual uptick in consumer adoption is to occur. For example, what are the implications of mobile financial services on consumer protection laws? What are the risks to the consumer, if any, when telecoms and other private companies are involved in payments clearing and settlement?
We explored these issues in our interview with Mark Budnitz, a law professor at Georgia State University's college of law and a member of the Retail Payments Risk Forum's Advisory Group. Budnitz lectures widely on payments systems before groups such as the American Bar Association and specializes in consumer protection with a special interest in electronic payments systems. This interview is our latest installment in the Payments Spotlight series, which features recorded interviews with experts in the payments industry on relevant risk and fraud issues.
Among the topics discussed in the podcast is the increased interest in mobile financial services in the United States. Recent consumer demand for access to smart phone applications that simplify everyday activities has prompted financial institutions to explore offering mobile financial services. Banks and nonbanks are entering this emerging ecosystem. Software developers, phone manufacturers, telecoms, and others are all looking for ways to participate in the mobile payments and banking value chain.
Consumer protection is a consideration with adoption of mobile payments
Budnitz also expressed his concerns about the implications of mobile payments and banking for consumer protection laws. One example he provided was the potential confusion consumers may face when trying to resolve billing disputes. He noted that the Electronic Funds Transfer Act (EFTA) typically covers error resolution for consumer electronic funds transfers involving a financial institution, but it is not always clear what law applies when a telecom or private company is involved in payments processing.
For now, Budnitz said, consumer protection laws generally regulate the consumer-card issuer and the consumer-merchant relationship but not the multiple relationships among consumers, telecoms, nonbank private companies, and others that are potentially present in the mobile payments world. This omission presents a valid consumer concern and explains consumers' hesitancy with fully adopting mobile banking and payments and how that hesitancy has affected the pace of growth in the United States.
Privacy and security concerns take center stage with consumers
Another concern raised with mobile banking and payments is the potential privacy and security risks. As Budnitz described, "Mobile financial services offer companies new avenues for invading privacy." These companies are able to collect data about consumers that they can sell to other companies.
Surveys have shown that security concerns are a major factor inhibiting consumer acceptance of mobile banking. For example, a 2008 Javelin Strategy & Research study on mobile banking security found that 47 percent of consumers surveyed did not use mobile banking because of security concerns. Furthermore, the survey found that consumers' top fear is having hackers steal sensitive banking data (73 percent) despite available mobile encryption and authentication tools.
Addressing gaps in regulatory and legal infrastructure for mobile commerce
As with most innovation, there is a potential that the legal and regulatory infrastructure will lag behind the development of new mobile banking products and services. Budnitz suggested that the federal regulatory agencies should work cooperatively to anticipate new developments and quickly respond. One way they could respond to a problem is with regulation or interagency guidance. However, he cautioned that the agencies must strike the delicate balance of making regulation that is not so specific that it stifles innovation and not so vague that it is easily misunderstood by consumers and businesses.
Consumer adoption of mobile payments in the United States will partly hinge on addressing the lingering concerns that consumers have about data privacy and security. Budnitz contends that having strong consumer laws in place benefits both consumers and the mobile financial services industry. Consumers who have greater confidence in the system will more readily embrace mobile payments, thereby building the demand needed to make it an attractive business investment.
By Jennifer Grier, senior payments risk analyst at the Atlanta Fed
May 17, 2010 in consumer fraud, consumer protection, mobile payments | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c013480ee5f49970c
Listed below are links to blogs that reference New Payments Spotlight podcast on mobile payments and banking:
Comments
April 19, 2010
Fed aids consumers by providing financial education and tools
This week's blog features a reprinted speech by Federal Reserve Chairman Bernanke on fostering financial literacy in today's economic environment and the financial literacy resources available through the Federal Reserve System. The speech highlights the importance of financial literacy and how poor financial literacy skills can heighten consumers’ vulnerability to financial fraud. The Federal Reserve encourages financial education for all and offers various resources such as online credit card calculators and interactive tools that can help consumers make sound financial choices.
The original speech was released by the Board of Governors of the Federal Reserve System and is available at: http://www.federalreserve.gov/newsevents/speech/bernanke20100413a.htm.
Chairman Ben S. Bernanke
National Bankers Association Foundation Financial Literacy Summit Reception
Washington, D.C.
April 13, 2010
Fostering Financial Literacy
It is a distinct pleasure to visit with the National Bankers Association Foundation this evening. I am very pleased to be among your honorees. The foundation does important work, including helping consumers make wise financial choices, connecting the "unbanked" with mainstream providers of financial services, and providing assistance and support to minority bankers and entrepreneurs.
April is Financial Literacy Month, and so it is fitting that you are hosting this event. I note that you also plan to hold a Financial Literacy Summit later this year on the Howard University campus. The summit will bring scholars, bankers, community activists, and others together to brainstorm strategies for educating consumers of financial products.
Many American families are struggling in the aftermath of the financial crisis, which reinforces the need for reliable and useful information to facilitate good financial choices. Helping people better understand how to borrow and save wisely and how to build personal wealth is one of the best things we can do to improve the well-being of families and communities. The foundation is making great contributions to this effort, for example, through your online library of personal finance educational materials.
The Federal Reserve very much shares your abiding interest in helping consumers successfully navigate the financial marketplace. Our approach is two-pronged. First, we work actively to foster financial and economic education. Second, recognizing that basic financial knowledge is not sufficient to keep people safe from fraud and deceptive practices, we are committed to developing and enforcing strong rules to protect consumers.
On the financial education front, examples of the Federal Reserve's many resources available to the public are
- an online credit card calculator that helps consumers estimate how long it will take to pay off a credit card bill under different payment scenarios,
- concise brochures—in both English and Spanish—offering consumer tips on such topics as avoiding mortgage foreclosure scams and protecting their checking accounts, and
- interactive Web sites that provide consumers with what they need to know about new protections for credit card accounts and overdraft protection programs that recently took effect.
As for consumer protection, the Federal Reserve continues to demonstrate its commitment in this area. We have recently issued rules pertaining to mortgages, credit cards, student loans, and overdraft protection programs, among others. I should note that in recent years we have used extensive consumer testing, both to improve financial disclosures and to highlight practices that simply cannot be understood by consumers even with the best disclosures and thus must be prohibited. We've also stepped up our consumer protection supervision and enforcement, including at the nonbank subsidiaries of bank holding companies and foreign banking organizations.
Again, let me congratulate the foundation for organizing tomorrow's financial literacy summit and for all the good work that it does. I would also like to recognize and congratulate the others honored this evening—John Bryant, founder of Operation Hope; the late Jack Kemp, who served as Secretary of Housing and Urban Development and as congressman of western New York; and Congresswoman Sheila Jackson Lee of Texas. It is wonderful to see so many individuals and organizations working toward the common goal of helping Americans make the best choices for their financial futures.
Thank you again.
April 19, 2010 in consumer protection | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01347ffa643f970c
Listed below are links to blogs that reference Fed aids consumers by providing financial education and tools:
