The payments Black Swan that we’ve all been cautiously awaiting has finally arrived. True to form, it caught everyone by surprise, and it has the potential to change the course of the payments ecosystem for perhaps decades to come.
That Black Swan? The Target data breach.
In this Black Swan’s wake is EMV, and an industrywide call to action to accelerate the implementation of this 30-year-old plastic, card-centric chip technology.
This call to action is prompted, in large measure, by Target’s PR move to become the public face of an effort to push EMV in order to keep consumer confidence in using their cards at retailers. By using the bully pulpit of every news outlet that will listen, it has now put pressure on all merchants to spend time, money and resources to deploy a three-decade old technology standard that comes embedded in a plastic card. This is happening at the exact moment in time that mobile is being hailed as a way to keep transacting secure while bringing customers into merchant storefronts so that they can sell more stuff – which is what merchants want most of all. After all, what’s the point of pouring money into safeguarding transacting at the physical point of sale if consumers are abandoning it for online alternatives, which real data now show they’re doing at a precipitous clip?
And, what’s the point of pouring more money into initiatives that are plastic card-centric when the entire world – not just the U.S. – is moving to mobile?
The payments security cure-all for what Target says ails all merchants is this: a plastic card with a chip in it. . This innovation was invented by Frenchman, Roland Moreno, who was obsessed with putting microchips into stuff.
Moreno started out by wanting to embed chips in signet rings (the first wearable?) but later settled for plastic cards and a use case around payment transactions in 1975. He demonstrated his innovation using a jerry-rigged system that year. It took him seven more years to deploy the aforementioned pilot in France in 1982, it was said, because of its high product development costs. Carte Bleue, a national debit card, was introduced across all of France using Moreno’s vintage 1970’s technology in 1993.
Catching Up, But Why?
Target and others now claim that it’s about time that the U.S. “catch up” with the rest of the world and embrace what now is the global EMV chip card standard. But take a look at this chart, as extracted from EMVCo’s website. If you look closely, the only real part of the world that has “gone EMV” is Europe “Zone 1”—basically the highly developed countries— where Moreno’s experiment began and where there was a real problem to be solved 30 years ago. Technology and telecommunication infrastructure was not as accessible in Europe as it was in the U.S. then and merchants needed a way to authenticate card transactions. Chip and PIN was that solution.
But EMV Chip and PIN isn’t the solution today for emerging economies that represent the future drivers of payments. They instead will probably want to and will embrace mobile technologies as the way in which consumers and merchants will interact. Plastic cards just won’t be that relevant.
And, does anyone really think that Africa is going EMV any time soon? Nope. Africa likely will leapfrog plastic entirely and all of the infrastructure that’s tied to it. Countries where mobile penetration is high – which is most of the world now or soon will be– will, too.
As for the U.S., analysts say that 80 percent of Americans will own a smartphone by the end of this year, and 70 percent of affluent Americans – those who drive spend – already do. Consumers tote their mobile devices everywhere, including in stores, and they use them while there.
Before the Target breach, mobile and all of the potential of accompanying cloud-based payment technologies, were gathering enough momentum and the support of merchants to make EMV a less relevant option in the world’s largest payments market. In a nod to the growing momentum of mobile, in 2013 the payments networks also came out openly with talk of creating a cloud-based tokenization standard. Across the ecosystem, innovators have been hard at work devising a variety of solutions to safeguard data without degrading the consumer and merchant experience at the physical point of sale. Let’s face it. Chip and PIN is a dreadful consumer experience. Moving to EMV will not be perceived by U.S. consumers as a value-add. Just ask anyone who has both swiped and “dipped.”
Hey, Remember Me, Mobile – The Future of Retail?
Now it appears that we will have merchants and the entire ecosystem scrambling to divert people, time and money away from those efforts in favor of a plastic card/chip- based payments technology that has remained largely unchanged for 30 years to solve a problem for which many other alternatives now exist. And because one merchant whose internal systems were found vulnerable revved up their PR machine and insodoing, uniformly decided what was best for all merchants.
Before you all start screaming for my head on a platter, I absolutely respect the seriousness of the data breaches and what’s at stake – most specifically the public’s perception of the safety and soundness of our payments system. I realize that we need to take action and to do it in a way that protects all of the payments industry stakeholders, and to do it soon.
But that’s what frankly has me puzzled.
Moving to EMV in the U.S. will take two years or more, and the Target rallying cry does nothing to keep payments transacting today, right this very instant, any more secure than it was before the breach. So if we’re going to take two years to deploy a standard that’s all about making the transaction secure, why don’t we do it in a way that also improves the merchant and consumer experience at the point of sale? And do it with a 7-year-old technology—smart mobile phones—that combined with the cloud results in an exponential increase in security and a better merchant/consumer experience overall - eEven if it takes a bit more time in my view.
A Look Back At, And Since, 1982
To give us all a little perspective and maybe even some credence to this idea, I thought it might be worthwhile to look at several other technologies also introduced in 1982, the year that Chip-and-PIN smart card technology came into the world, to see how they have evolved over time.
Take a look.
Here’s state-of-the-art mobile in 1982. This model, introduced to the world by Nokia, weighed in at 21 pounds and was installed primarily in cars. Raise your hands if you’d rather have this than your iPhone. It would be ten years before “mobile” phones portable enough to carry around would be brought to market.
This was state-of-the-art personal stereo technology in 1982. Who needs iPods and earbuds when you can have The “Music Muff?” The headphones themselves where spring-loaded and came equipped with an FM stereo radio and a microcassette player. At least they wouldn’t fall off of your head.
Make room for Mathes! The Curtis Mathes TV Home Entertainment Center was entertainment innovation on steroids back then. In addition to a color TV, it had a belt turntable for playing vinyl records, and built in 8-track and cassette tape players. It even had an AM/FM radio!
This was Apple in 1982. This Apple II sold in the U.S. came equipped with an astonishing 4k or 48k of RAM, a six-color display, and an external cassette drive for use with floppy disks. MacAirs look hopelessly inadequate by comparison.
Dropbox, schmopbox. Who needs it when you can store everything you need for the day in thousands of floppy disk drives? For all you youngsters who’ve never seen such a thing, PCs didn’t have hard drives in the Stone Age, and floppy drives were the only way that applications could interact with these machines and data saved. Oh, and references to “the cloud” in 1982 were only about those white puffy things up in the sky. It turns out that 1982 was a banner year for floppy disks since their capacity increased to about 720 KB or the average size of a typical email attachment these days.
DOS (Disk Operating System) was what powered almost all PCs during the 1980s. Ah, yes, the glory days of computing when those who knew their way around the C-prompt ruled the world. Maybe we’ve all gotten just too soft with our fancy browsers and point-and-click computing.
Chip + PIN Cards – You Haven’t Aged A Bit in 30 Years!
Thank goodness for our sanity, our living rooms and overall productivity the world has moved on in really innovative and creative ways since the days of floppy disks and Music Muffs and Curtis Mathias Entertainment Centers. But, yes, payments peeps, our industry is about to spend a massive amount of time, energy and money implementing a technology created in the 1970’s, piloted in 1982, and launched in 1993 that hasn’t aged a bit since then.
I don’t know about you, but I’m really glad that when computer viruses became a big problem we didn’t decide to throw in the towel and make everyone go back to using manual or IBM Selectric typewriters.
Work On A New Standard
So here’s a crazy idea.
Why don’t we harness all of the creative minds and technology innovation in the payments ecosystem today and use the next 2 years to develop a global cloud-based standard that actually accomplishes everything on our payments and commerce checklist in a 5- to 7-year period of time: securing payments transactions and creating a frictionless and value-added consumer and merchant experience. And, get those who are being asked to actually deploy and pay for it – the merchants – engaged in those conversations.
Let’s say we simultaneously created the payments industry equivalent of Seal Team Six to deploy “bridge” solutions right now to make transacting at the physical point of sale more secure today. They’d use the tools that we have available today that hadn’t even been dreamed about 30 years ago, and a slew of entrepreneurs who have innovated around secure payments transacting using tokenization, encryption and biometrics. They’d have as their mission the development of a standard that supports a mobile/digital payments and commerce experience that’s secure and moves us in the direction of the payments future that we can all see before us –commerce thru connected devices.
I’d even be willing to bet that we even have some of those solutions staring us right in the face right now.
Yeah, sure, call me Pollyanna. But my fear is that not doing something like this will only force merchants to invest in something that won’t help them solve their larger problem – getting consumers in their stores to buy the stuff they want to sell.
And, that is the biggest risk and threat facing merchants today. I’ve written recently about the real data that show that increasingly people don’t visit their bricks-and-mortar retailers and shop there the way they once did. Many merchants would probably happily trade the good old days of “showrooming” for what they are experiencing now – a dearth of foot traffic. At least when people “showroom” they’re in stores and merchants have a shot at engaging them.
Keep Eye On The Goal: Consumers In Stores
What merchants really want is a standard that enables them to leverage the connected devices their customers and prospective customers are toting around everywhere so that they can use those devices to communicate with those consumers in ways never before possible. But what they’re now being asked to pay for is the deployment of a technology that does nothing to help that and at the same time creates a slower and more clunky user experience at the physical point of sale. And, it’s not as if countries that have embraced EMV have scaled mobile payments. In fact, it’s just the opposite: EMV hasn’t been the onramp for mobile in the places it has been deployed.
Looking back at what technology was like in 1982 was eye-opening since it shows us how far we’ve come in a relatively short period of time in innovating the things that touch our everyday lives: personal computing, mobile phones, television and even portable music. Every single one of them has been innovated by the cloud, new technology and the devices that connect to them. We’re finally beginning as a payments ecosystem to leverage all of that. It’s only been the last 7 years that the last Black Swan, the iPhone, really opened everyone’s eyes to the potential that connected devices could deliver to merchants and consumers and payments.
Let’s hope that there are other Black Swans that might swim our way that bring with them new solutions and methods and rails and security standards that leapfrog the status quo. There are a number of candidates who could play that role – Apple, Amazon, PayPal, MCX, Square and Chase, to name a few. We’ll all be keeping our eyes peeled, ready to catch a glimpse. It would be a shame if their wings were clipped and their journey stunted by the one that just swam toward us two months ago.