What every bank, credit union, end-user organization and payments disruptor like Apple is chasing right now is the ability to enable consumers to conduct commerce on devices connected to the internet. But The Payments Authority CEO Amy Smith says financial institutions will have to make some critical decisions in 2015 if they want to avoid being left behind. PYMNTS spoke with Smith to get her POV on the key trends she thinks will impact FIs and how teaming up with game-changing mobile commerce disruptors may have merit in the year to come.
Based on what you have been able to observe in the market this year, what are the most important trends in payments today?
AS: Earlier this month, we hosted our 17th annual Concepts Conference which included thought leadership from all over the country who gathered to talk about trends in payments across all channels. Obviously, to no one’s surprise, mobile payments and wallets topped the list. The message was that consumers need to be enabled to make commerce decisions that affect the purchase of goods and services using mobile devices. Naturally the conversation included ease of use, secure transaction and messaging, which coincides with what others in the industry are problem solving daily.
In addition, there was interest in and appetite for knowledge on virtual currency as we look at the diminishing use of paper checks in the U.S. and a global economy where people are interfacing with each other in business virtually. What’s the future of virtual currency – how do we adopt it in the future? That’s a trend we’re spending a lot of time watching and educating our members on. We touched on cards, too – the physical plastic that’s being used by consumers and how that’s going to change going forward, with the adoption of mobile wallets and the move to the EMV standard of security via chip and PIN.
A lot of the companies that attended our conference were very interested in learning about business-to-business transactions and how to enable not just the payment of goods and services but also the movement of payment related information in a timely and effective manner, and in a way that is secure. It all comes full circle back to some of these other trends and how they might solve some of the challenges we’ve had related to fraud.
We can’t talk about trends in payments without mentioning the U.S. migration to EMV. About 30 percent of terminals are equipped to accept EMV cards, leaving millions of terminals that still must be converted. In your opinion, is the U.S. setup for the EMV challenge?
AS: It depends on who you are. EMV is interesting – it’s the use of chip and PIN on a physical, present card. In the current environment in the U.S., most credit cards carried by consumers and business people are magstripe based. That’s where we’re having issues. If someone swipes a card at the POS, that information is held by the merchant, the merchant gets hacked, and we have fraudulent transactions.
EMV is a global standard, and the U.S. is actually the last to adopt EMV. But everyone is expected to adopt it to some extent. The interesting misnomer that people have is that it’s a mandate, so for financial institutions, they are not being mandated to issue cards using the EMV coded chips. But as you look at the rollout and the shift in responsibility and accountability for those transactions, it will be interesting to see what financial institutions do. By adopting EMV and issuing the cards, they can reduce their liability for fraudulent transactions.
So are we on track with 30 percent of the terminals ready? It’s hard to say because I think our touch points for credit cards in the U.S. are greater than many other countries that have had a smoother transition to EMV. But we’re having a lot of financial institutions contact The Payments Authority looking for guidance. Every community bank, credit union, and regional bank issues cards – whether they issue them themselves or through a partnership with somebody else. They’re trying to decide when to move to EMV.
On average, that move to EMV costs roughly $5 more per card. That poses a challenge – it’s very expensive. So financial institutions are calling us and asking if they have to issue these cards. The answer that we give them is “Yes, eventually you’ll likely have to issue these cards.” Eventually, here in the U.S., every merchant (including gas pumps) will have to be enabled in order to take that chip. Is it going to be a race to the end? I think it will be.
One credit union wondered if it was critical for them to deploy EMV cards when few of their customers travelled abroad. Their interim solution is to offer stored value cards on an ad-hoc basis to those who travel internationally.
People are looking for ways to keep their costs down as the terminals migrate to the EMV standard. The challenge that everyone is going to face is the shift in liability – that shift could come down as early as October 2015. Now, there will be decision-making. If for any reason somebody’s card information gets stolen, we’ll look at the players in that transaction – was there an EMV card issued to that consumer? Was the merchant equipped to receive EMV? Who was prepared to circumvent fraud? That’s where this will get sticky, and financial institutions will be making an investment in EMV because they don’t want to see that fraud liability shift to them. But some of the smaller institutions will move a bit slower and have broader conversations.
Do I think we’re going to be ready? We’re going to have to be ready, but there’s a lot of back and forth on this.
There is a lot of discussion in the market today concerning data privacy, ownership and regulation. In your opinion, who really owns the POS card customer data?
AS: Unfortunately in today’s environment, when you swipe that card at Home Depot, for example, they now carry that 16-digit card number. And, that’s where the hacks are happening. Technically, the POS information should be held at the paying financial institution – whoever is underwriting that card. Our problem with our current system is that without chip and PIN, we don’t have a way to change that process. Who owns that information? It should be the card issuer – it shouldn’t be the merchants. The merchants are simply providing a product for a payment. If there’s some way for them to enable that transaction without ever having the credit card number, we could really eliminate a lot of this fraud.
That’s why with Apple Pay, as an example, tokenization has become a really interesting conversation. If a unique token is issued in lieu of passing along the 16-digit card number, and that token is only available to that cardholder at that merchant at that moment, then if someone hacks in and gets that token number, they won’t be able to do anything. They’re not going to be able to affect an actual financial transaction using that token because it’s now expired. In that case, when we get to a point where those transactions are safely tokenized, it really is going to sit with the financial institution who’s issuing those cards.
We have seen some disruption in payments lately from Apple entering mobile payments, to PayPal and EBay splitting. What do you expect for 2015?
AS: I really expect more of the same. Currently, as we talk to the financial institutions that we serve, a lot of them are spending time on mobile – how they can enable account holders to conduct business safely and securely via mobile devices.
Apple Pay is a really interesting proposition. Apple is obviously a giant in providing products and technology to consumers, and making them consumer-friendly. I think it’s a brilliant format – it’s like a rebirth of NFC mixed with biometrics. Then, a token is generated that enables a consumer to use the credit card on their iPhone 6. It’s a nice combination because Apple, although they’re enabling the transaction and are part of the transaction with its front-end technology, hasn’t had to go out and buy a payments company. Instead they are allowing people to use the plastic cards they have today in a more safe and secure environment. It’s all very smart.
So what do I see happening in 2015? Obviously, we’ll see something for the Android users – maybe it will be an app, or something similar to what Apple Pay is doing. PayPal, Google Wallet, and non-financial institutions may understand the consumers and what they need, but at the end of the day, it’s the FIs who have the solid advisory relationship with the consumer. We’re encouraging FIs to understand who these players are – they’re disruptors, but it could be in a good way. They could be potential partners.
We’re also encouraging FIs to go in and look at their work, especially coming through the ACH – take a look at inbound transactions and see what the company description field says. Does it say PayPal? Does it say Square, or Apple Pay? It gives them a better sense of who their account holders are, and of the solution providers they’re exposed to, whether they’re good or bad. From that, FIs can build a strategy to invite those people to the table, or identify an opportunity to provide a better solution to circumvent the use of those.
So I think there will be a lot of integration between FIs and these solution providers, and a lot more consolidation among those providers.
At the end of the day, what everyone’s chasing – whether they’re a bank, a credit union, a company end-user, or a solution provider – is the ability to enable a consumers to use a small, pocket-sized handheld computer in a safe and secure manner to conduct commerce.
To learn more about hot topics in the payments industry, including data security, risk mitigation and more, click here to visit The Payments Authority’s on-demand webinar library.
President & CEO at The Payments Authority
Amy brings 26 years of banking and treasury management experience to The Payments Authority. She is an Accredited ACH Professional, a Certified Association Executive and graduate of Eastern Michigan University.
Professionals in every trade have an association they rely on for industry education, support and resources. The Payments Authority is the association for payments people, with expertise in ACH, check, card and wire transfer payment systems.