When I pay for my coffee in the morning — whether I hold my phone up to the scanner, insert my chip card into a reader or swipe the old-fashioned way — I take for granted that my valuable credit card information is being sent through the “system” in a way that is both secure and fast.
We barely notice the few seconds it takes to process a transaction. But those seconds ultimately determine whether we can buy the things we want and need without worrying about whether someone is stealing our card information.
Unfortunately, there is reason to worry. The U.S. payments system is powered by a complex architecture that is simply not state-of-the-art. Until recently, we relied on a signature — often a meaningless, illegible scrawl — to determine whether the person with a card in their hand was the legitimate cardholder. Credit cards stored data on a magnetic stripe not much more sophisticated than an eight-track tape from the 1960s. Even the new EMV chip cards have their faults. As a result, the United States was responsible for $9 billion of the world’s $22.8 billion in card fraud in 2016. That number is expected to grow to over $14 billion by 2025.
The United States was responsible for $9 billion of the world’s $22.8 billion in card fraud in 2016.
The main reason for this is that today’s payments system was built with very few of the knowledgeable players at the table. The system and its security standards were established and are still controlled largely by the two dominant card networks — Visa and Mastercard — without sufficient input from competing card networks, merchants, consumers or financial institutions. That makes it very difficult to create competition or deploy the best ideas and technology — those that ensure that consumers experience both fast and safe transactions.
When you use your smartphone to pay for your coffee, for example, you likely unlock that phone with your fingerprint or through facial recognition. That’s the result of innovation by the maker of the phone or a financial technology company, not the credit card companies. Or when you make online payments at some major retailers, they can make sure you are who you say you are by using a complex anti-fraud algorithm. We need more of this kind of advanced thinking around speed and security. But it is unlikely to come from giant card companies that are mainly interested in deploying their own proprietary technology.
Chips do nothing to prevent the fraudulent use of a lost or stolen card, and that fraud cost is still borne by retailers — and ultimately their customers.
The problem is the lack of any financial motive to innovate and compete — unless it benefits the card companies and card-issuing banks themselves. For example, banks traditionally ate the cost when a counterfeit credit card was used, so EMV chip cards were created largely to make it harder to make a counterfeit card and reduce banks’ fraud costs. But the chips do nothing to prevent the fraudulent use of a lost or stolen card, and that fraud cost is still borne by retailers — and ultimately their customers. Retailers have repeatedly asked the card networks to enable PINs, which would stop lost/stolen credit card fraud and have been the standard around the world for more than a decade. But the card industry has refused.
All of this is why NRF and a number of other merchant associations, debit card networks and individual retailers have formed a new coalition to advocate for an open and transparent process for improving our payments system. The Secure Payments Partnership has four goals:
- Stronger authentication — whether it’s a PIN, biometrics or technology yet to come — to make sure you are who you say you are when you use your card.
- Payment security innovation to modernize our payments system and think of new ways to buy things.
- Open security standards — rather than the proprietary regulations set by the card-dominated Payment Card Industry Security Standards Council — that would grant a seat at the table for everyone involved in payments.
- Competition among networks for routing of payments, to make sure consumers and merchants have real and clear choices for how they send their payment information around the globe.
SPP was just launched, so there is still more news and information to come as NRF continues to engage with its members and partners to develop insights in this critical area. In the meantime, keep up with our progress at the Secure Payments Partnership.