Amidst the furore surrounding the launch ofApple Pay in the USA, more news of data breaches in the US broke over the lastfew weeks as Staples joined the ranks of well-known retailers facing similarbreaches including Home Depot, Sally Beauty, Dairy Queen, Supervalu, Michael’sand Target. The situation has now grabbed the attention of President Obama whosigned an executive order on Friday 17th October to improve securityfor government credit and debit cards by ensuring they use Chip and PINtechnology.
“Last year . . . more than 100 millionAmericans had information that was compromised in data breaches in some of ourlargest companies,” said Obama, “The idea that somebody halfway around theworld could run up thousands of dollars in charges in your name just becausethey stole your number or because you swiped your card at the wrong place atthe wrong time—that’s infuriating.”
TheWhite House issued a statement which called on Congress to pass data breach andcybersecurity legislation: “The current patchwork of laws governing a company’sobligations in the event of a data breach is unsustainable, and helps no one.”
TheEMV Solution
So will EMV be the ‘magic bullet’ thatresolves the problems facing US retailers and take the attention of cybercriminals around the world away from their customer’s data?
Visa and MasterCard’s timing for EMVadoption are fairly similar with the main deadline set at October 1st2015. Counterfeit card liability will shift to acquirers on this date forcard-present POS transactions where the merchant does not have an EMV enabledPOS device (transactions at automated fuel dispenser have until October2017). Both Visa and MasterCard alsooffer incentives so that if Merchants are processing the majority (95%) oftheir transactions on EMV devices, then the merchant can avoid fines for databreaches. There are similar benefits for EMV adopters with regard to PCI DSSreporting: although merchants must comply with PCI regulation, they’re relievedof the burden of completing yearly assessments and audits. This may, in manycases, offset the cost of replacing payment terminals, currently estimated ascosting merchants more than $2.5 billion collectively. *
Speedyadoption?
Deadlines aside, how likely is it that USretailers are going to move to EMV with any degree of urgency? Despite thenumerous data breaches, potential losses financially and to reputation, costsof replacing terminals and replacing cards are so high that there is likely to besome dragging of feet. There are also strong indications that while there areplans to introduce EMV cards, there is likely to be a period of Chip &signature before card issuers move to Chip and PIN.
Against this background, the launch ofApple Pay, and competing ‘mobile wallet’ solutions like PayPal and GoogleWallet, which take advantage of NFC contactless payments, have the potential toleapfrog traditional card payments in the US marketplace by offering highersecurity and less risk of fraud and identity theft.
Mobilesecurity
Apple Pay is offering what appears to behighly secure transactions, including tokenization and biometric finger printidentification.
Two potential issues for Apple Pay are:
– the recent theft of data from iCloudwhich may confuse the consumer into thinking Apple Pay is not secure: in fact,transactions are more secure than magnetic stripe card payment, and due to thebiometric identification, are more secure than Chip and signature transactionstoo.
– CurrentC, the payment solution being puttogether by a retailer consortium which has led to Apple Pay being rejected andNFC terminals switched off in some high profile retailers like Rite Aid inrecent weeks. However, CurrentC has suffered a data breach of its own and presshas been mixed on the technology behind the payment system.
So, mobile payments, dependent on how thesemessages are communicated to the public in the US, have huge potential forgrowth, especially against a background of data theft stories which have beenhitting the headlines month on month since last Christmas.
In Europe and the rest of the world theadvantages are less clear when EMV Chip and PIN transactions are already thenorm for most locations. However, it will be interesting watching what happensboth in the US and in Europe, where Apple Pay launches in 2015.
About Alisa Bates
Ailsa Batesis an experienced marketer and entrepreneur. She is the Marketing Director atTailwind Solutions Ltd, a global company creating point of sale stands for cardpayment machines, tablets and payment technologies. Founded in 2006, thecompany sells all over the world with channel partners in over 40countries and customers in all sectors where face-to-face payments areimportant. Tailwind aims to help any firm taking payment from customers at afixed point of sale to understand the advantages of mounting their technology,whether that be their card payment machines or their tablet based point of salesystems, to ensure the best customer experience aesthetically, from a securityperspective and by extending the lifetime of the technology. For moreinformation visit: www.tailwind-solutions.com
*Source: http://www.tsys.com/acquiring/engage/white-papers/United-States-EMV-Adoption.cfm
