The transition to Chip and PIN credit cards in America currently looks like just a big conversion cost – good for vendors and consultants and a big extra cost and time suck for everybody else.
However, below the surface something bigger is brewing. Chip on plastic is incremental change, but Chip on mobile phone is a game-changer.
Payments has been the boulevard of broken dreams for entrepreneurs, but there is a reason it attracted so much attention – it is a massive market. According to Boston Consulting Group:
“In 2013, payments businesses generated $425 billion in transaction revenues, $336 billion in account-related revenues, and $248 billion in net interest income and penalty fees related to credit cards. The total represented roughly one-quarter of all banking revenues globally. Banks handled $410 trillion in noncash transactions in 2013, more than five times the amount of global GDP.”
The accepted wisdom is that dreams of disrupting those credit card rails is foolish. You can see that wisdom baked into the stock price of Visa and Mastercard (just shy of $300 billion as I put keys to pixel).For a while, the disruptive crowd looked to Bitcoin but that hope has faded. The accepted wisdom now is that you can only make money within the existing credit card rails.
That maybe about to change (and it is nothing to do with Bitcoin).
First, lets look at the big switch from mag stripe to chip cards in America
The big switch from mag stripe to chip cards in America
To the rest of the world, America moving from mag stripe to chip cards merits this reaction – “what took you so long?”
AITE Group has run the numbers. Here is one of the headlines from their report:
“the cost to implement PIN for all cards at merchants with PIN pads already installed is low, the costs are much higher for merchants that have yet to install PIN capability”
That is why many merchants in America are currently implementing a strange variant called Chip and Signature – you know, those signatures that nobody ever checks! Signatures are a relic of the past, useless in the digital age. That is why in countries that went to Chip cards a long time ago, it is all now Chip + PIN (but there was a period of transition where checkout staff were clearly trained to look at the signature, although what they could actually check is unclear). That combo of Chip + PIN is pretty secure and that is a big deal for retailers because they now have the liability for fraud.
Chip cards alone are more secure than mag stripe cards. A criminal can steal the PAN (Primary Account Number) if they have your mag stripe card for a minute (one crooked waiter is enough) but with a Chip card they need the card itself to get cash or goods and consumers know when they have lost a card and will report it lost to the bank/issuer, so the time window for a criminal is less. This is a better Single Factor Authentication – something you have.
However Two Factor Authentication – something you have + something you know is better. That is Chip + PIN.
Where the puck is headed. At some point merchants must start saying “if we are responsible for fraud and all the costs to prevent fraud, why are we paying such a big transaction fee?” Credit Card networks rely on all the parties – consumers, merchants, banks – having aligned interests. If one or more starts to question “what’s in it for me” the network starts to break down.
The next headline focuses on the issuers/banks:
“Issuers would also face significant incremental expense, including the costs to reissue cards, establish and maintain a PIN management system, educate customers, and modify ATMs and interactive voice response platforms. Issuer costs total more than US$2.6 billion, which would result in a five-year fraud-avoidance benefit of about US$850 million”.
Well, that sounds like a lousy ROI argument – invest US$2.6 billion and get back US$850 million! Pass, thanks. Of course, one can argue with those numbers, but even if they are wrong by a lot, the ROI still looks lousy. Maybe those numbers are so far off that the ROI is viable. Common sense says that they may be way off because issuers did all that in other countries and they would not have done that if the ROI was that bad. Does anybody have better data?
Where the puck is headed. To Issuers (aka Banks), credit cards are the way to to do unsecured consumer lending at the point of need aka point of sale. A consumers is at a store and wants to buy a $1,000 item and not confident I have $1,000 in their account so they opt for credit. Unsecured consumer lending is what Marketplace Lenders do. Banks want to be there at the point of need/sale because that means low Customer Acquisition Cost (CAC). So Banks will tighten up limits and be more selective on who they give credit to. That has happened in countries that moved to Chip + PIN. That means that Issuers will implement Chip + PIN no matter what it costs because it is way to stay at the front end of unsecured consumer lending. Any vendors helping them reduce those costs will do well. However, the big picture is that while we use the term issuer and bank interchangeably because most issuers are banks, you do not need to be a bank to be an issuer. You could be an Altfi Lender or MarketPlace Lender or a Merchant.
King Consumer is OK with the big switch
So much for merchants and issuers. What about the critical third player in this network – you and I?
Consumers find Chip + PIN easy enough (spoken as somebody who lived in America for many years and then moved to Europe). Sure, it is a muscle memory change, but it really is not that hard.
Retailers will make the switch because they have to and Issuers/Banks will make the switch because they have to. There will be lots of debate about who pays and how much, but the switch has to happen. The mag stripe alternative is simply not viable – it is a relic like a fax machine.
But lets consider the other switch, the ones that the criminals do.
The criminal big switch
After Chip + PIN is introduced, fraud in Card Present transactions (aka physical retail) becomes too hard, so criminals shift attention to Card Not Present (CNP aka e-commerce).
Again, who has liability is key. If retailers have liability, they will impose one more step on consumers.
Both Visa and Mastercard have a solution. MasterCard has SecurePay. Visa has Custom Payment Service.
Using myself as a market panel of one, I can tell you that it is no more than a minor irritant, like learning to use a PIN.
So far, the 4 cornered marketplace – consumers, merchants, and issuers and payment networks – is intact and the credit card companies sit in the middle earning their fees as the 4th corner.
However, the big change is when we go to mobile transactions.
Three factor authentication is better
Chip is better than mag stripe for single factor. Chip + PIN is better two factor than Chip + Signature. But 3 factor is best and that is what mobile phones enable:
- Factor 1: something I own (can be a chip on a card or a chip in a phone)
- Factor 2: something I know (PIN)
- Factor 3: something you know about me (location in a mobile phone, not possible with a Chip card).
If the payment authoriser (basically what a credit card company does) knows all three, the chance of fraud is very low. If you reduce fraud costs, the actually costs of making a payment are a blip of attention in one of your servers i.e. so close to zero that you might as well count it that way.
The Mobile Payment tipping point.
If this data from eMarketer is even close to right, we are at the Mobile Payment tipping point:
When Merchants move into Payments via Tokenisation
Shh, don’t tell, but Uber is really a payments company with an e-commerce skin. So is Amazon. So is AirBnB. People make a big deal about Uber, Amazon and AirBnB not owning the actual physical stuff/service that we buy – as if vertical integration was an issue in the 21st century. What is much more critical is when Merchants become payment businesses through Tokenization.
Tokenization 101
Tokenization is the one-time password that a student of cold war espionage stories would recognize. If you steal the token/one-time password, you can steal the contents of that message/payment and only that message. That is fundamentally different from stealing the Primary Account Number (PAN). If you steal the PAN (by physically stealing a card or reading the mag stripe encoded data from a merchant) you can steal a lot of money.
Remember those merchants upset by the cost of switching to Chip + PIN? They would like to do this as well. Any entrepreneur who figures out how to offer that to small merchants will do well – maybe Square?
It is an aggregation job. If you aggregate a large number of tokens (ie consumers who trust you enough to do payments through you) you have a valuable business.
Think about these giant commerce players – Uber and Amazon and AirBnB – in terms of the 4 cornered marketplace:
- King Consumer – well somebody has to pay
- Merchant – tick
- Issuer – Merchants can also be Issuers. They can lend (they often do, calling it Supply Chain Finance or something)
- Payment processor. This is where we need to look at Debit Interchange Fees & Mobile Wallets.
Interchange fees & Mobile Wallets.
If you pay via Debit from your bank account, it is simply a blip in a server somewhere i.e. cost is close to zero and where regulation around Interchange Fees come into the picture.
If you pay via Debit from your bank account Debit from cash in your mobile wallet, the cost should be zero. It is like paying in folding notes and coins, with no intermediary. If a merchant who already has your consumer trust, offers you mobile cash as an option at a lower cost it is an easy call. Even in a drunken Uber cab ride home you can peek into your mobile wallet and see if you have enough cash. This is where mobile wallet interoperability and the leapfrogging to mobile money in the Rest (which is a big theme on Daily Fintech) is key.
Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge platform.