Merchants globally will ignore Chip and PIN because the cost, flexibility and the user experience of software models based in the cloud and commodity infrastructure will be superior. This is going to happen despite all of the resistance by those that have spent billions of dollars on new fleets of hardware including Apple.
OK – So Why?
- EMV contactless on mobile will out compete on merchant experience
- Alternative “off scheme rails” will continue to gain momentum particularly in countries where cash volumes above 80% pervade
The global upgrade from magnetic strip to “EMV” chip based cards is now largely a done deal. As with cheque writing, the USA has been the last vestige of quills and ink to sign a transaction and has caught up with the rest of the world around electronic signatures aka PIN.
EMV cards are supposed to reduce fraud due to a range of security features. It used to be very easy for example to take a video cassette apart, rip out the tape, encode it with stolen credit card data and glue it to a credit card and then go shopping. Chips are better as they move us towards a cryptographic layer for security and PINS over ink based signature. Yet a number of EMV hacks have been known for some time. In 2010, researchers at the University of Cambridge, showed us how card-reader terminals can be hacked to accept any PIN the cardholder enters.
In parallel, near-field communications (NFC) allows card users to pay by tapping their card or mobile wallet against a reader. The unencrypted card number and expiration date, which emit from the chip, can be intercepted with a remote RFID device and subsequently used to transact.
And all the while the line between card present and card not present has got very very blurry. What is the difference between a consumer going into a cafe , browsing the menu and ordering their food on an app that is then passed to the kitchen for delivery and ordering it from a seller who does the same thing – enters the order on their app which sends the order to the kitchen? None! But the card schemes would have the first be transacted card not present and the second card present.
All of this requires the card issuers, “banks” to wear the increased costs in card production and the merchants to wear the cost of the new card reading devices by either buying them, if you’re a giant like Woolworths, Walmart et al, or renting them if you’re not a giant. Merchants, particularly the smaller ones, will face a conundrum between more expensive terminals that offer both contact and contactless EMV payments, and, ignoring contact ‘CHIP and PIN” EMV in preference for less expensive contactless only terminals and commodity tablets with inbuilt NFC readers.
The roll out of EMV in America over their winter has lead to queues and all manner of bother as people couldn’t figure out whether to dip or swipe. These slower checkout experiences will drive many merchants to drop CHIP and PIn for contactless only so the very time sensitive consumer, armed with a mobile wallet or EMV chipped card, doesn’t have to think – just swipe.
Moroku has released Marrakash on Google Play today for Android users with these handsets and with just this capability. Download the app onto an NFC enables Android device, connect your Stripe Merchant account and you are good to go – No, Nada, Nicht hardware investment. Stripe take care of all of the fraud and chargebacks and offer some of the most competitive merchant acquiring fees around 1.75% and 30 cents per transaction. This is comparable to the MSF many merchants are getting charged for card present EMV transactions, kyboshing the whole higher risk higher fees argument. Marrakash is built as a white able product for banks to provide their Small to Medium Sized business customers a business platform that takes payments as opposed to being hardware resellers for terminal manufacturers.
As Apple Pay, Samsung Pay, Google Pay and all host of other mobile wallet providers get to scale, consumer interest in paying contactless will eventually leave merchants wondering why they bother with expensive terminals.
As if this wasn’t enough, we’re seeing an abundance of off scheme payment systems arrive on the scene, i.e. not EMV (amEx, Mastercard, Visa etc). They’re sexy, built for the modern decentralised world of digital. There are two significant developments that most readers will be familiar with here and that will contribute to a real alternative at the Point of Sale: Bank Rails and Crypto Currencies. As well as promising to be faster, the significant upgrades to the underlying bank payments systems, such as NPP in Australia and FPS in the UK, with richer messaging sets and more flexible identity systems should see a host of innovative P2B (Person to Business) and P2P (Person to Person) payment instruments evolve. While many P2P pilots such as PingIT and Kaching offered closed loop models (merchant and customer need to be with the same bank) and flopped, their evolution lead by the success of platforms such as M-Pesa and G-Cash will hit the POS hard through the guarantee that the customer will almost certainly now be a smart phone holder.
There are some new communication stacks that offer real promise in this area. One that we’re experimenting with in the Moroku labs is Google Nearby. Where Bump showed some initial promise for device to device authentication, relying on third party servers and systems like GPS can be fraught with danger and there was no communications layer. Nearby exposes simple publish and subscribe methods that utilise proximity. Nearby uses a combination of BLE, Wi-Fi and near-ultrasonic audio to communicate a unique-in-time pairing code between devices, as required for P2B payloads. We’ll keep you up to date with progress.
As these prevail, particularly in the developing world, more and more banks will look at their investments in getting merchants to adopt contact based EMV and at the very least carve out significant portions of their spend on ensuring that their strategy is principled on ensuring multi instrument mobile centric payment models for their merchants.