Most consumers still pay offline, like in restaurants or stores. But I have no doubt that in future all these businesses will be connected to the Internet and then, virtually all payments will be made online.[From Globes [online] – Israel business news – For PayPal, it is only the beginning]
Gulp. We’ve spent billions installing a legacy payment system and it isn’t even finished yet. Everything else is going online, bank-issued cards are going offline.
EMVCo, the EMV standards body owned by JCB International, MasterCard Worldwide and Visa Inc., has today announced plans to broaden industry participation in the development work of the organisation and establish a regular, formal dialogue between EMVCo and the global payments industry, through the launch of a new website subscription programme and annual user meeting.[From Finextra: EMVCo looks to broaden industry participation]
So is chip and PIN doomed? Well, in the long run, of course it is, just as cheques are doomed. Yet at the very moment the nagging doubts about EMV creep in, there are those in the world’s least EMV-centric market, the U.S.A., who are beginning to wonder whether it might be time to start looking at chip and PIN again in the light of massive data breaches (eg, T.J. Maxx) and escalating fraud as the card sharps in, for example, the U.K., begin to target the U.S. on a larger scale.
In one of the first interviews by a top TJX executive following a record security breach, vice chairman Donald G. Campbell told the Globe that the US payment system should follow countries in Europe and Asia that have rolled out credit and debit cards embedded with computer chips. If the cards were in use worldwide, he said, the technology would have ruined a scheme in which thieves stole as many as 100 million account numbers from TJX since 2005, by making the numbers harder to reuse.[From Could this chip have prevented the TJX breach? – The Boston Globe]
Well, maybe. But card fraud actually isn’t that big of a deal in the U.S. is it? WIth charge-offs currently running at something like 600+ basis points, who cares about 6 basis points of fraud?
David Robertson, publisher of The Nilson Report, a trade newsletter that tracks the payment industry, estimates that $1.24 billion was lost to fraud in 2007 in the United States, up from $1.14 billion in 2006. But in both years, that works out to just 5.7 cents for every $100 that customers charged on their credit cards. Worldwide fraud was $5.68 billion, or 4.8 cents per $100 spent.[From Could this chip have prevented the TJX breach? – The Boston Globe]
In the not-too-distant future, the idea of being off line will seem peverse, so I just can’t see how chip and PIN can gain traction in the U.S. in time before cards vanish into mobile phones and other devices. Given the years it would take to migrate the U.S. POS infrastructure, I’m sure that what will actually happen is that terminal replacement because of contactless and mobile will be the key factor. Then, in time, the U.S. will have a chip-based infrastructure (since contactless card and mobile phones both have chips in them). But will it be an EMV infrastructure? That’s not obvious.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]