How the Target data breach could boost mobile payments
Following Target’s recent data breach, the retailer announced plans to speed up its transition to the chip-based payment standard called EMV, a move that could give mobile payments a boost.
The transition to EMV, which uses chip-based cards and requires special terminals and readers necessary for processing, has been slow in the United States compared to many other markets, where it is already commonplace. However, because EMV promises enhanced security attributes over magnetic stripe cards, some U.S. retailers have new found enthusiasm for installing the necessary hardware, with expectations that many will also install the contactless readers needed for NFC-based mobile payments at the same time.
“Big box retailers like Target have already put EMV in fast-forward and banks/issuers may also be planning to switch to high gear with chip-pin rollout projects,” said Sai Casula, management consultant for Carlisle & Gallagher Consulting Group, Charlotte, NC. “Specifically, switching ATMs to SmartCard acceptance and issuing SmartCards to customers.
“EMV migration by retailers POS will help overall mobile payments adoption,” he said. “However, there are other challenges that remain for the NFC Tap & Pay mobile wallet.”
The shift to contactless
Not too long ago, NFC was heralded as the expected standard for mobile payments.
However, NFC-based mobile payments services such as Isis and Google Wallet have struggled to find wide acceptance, in part because not enough retailers have the necessary hardware in place to process tap-and-go payments. It also has not helped that a lot of smartphones, including the iPhone, do not have embedded NFC chips.
Further dampening the mood for mobile payments in general is a lack of perceived benefit for consumers.
If there is a rush of retailers installing contactless readers, this would at least put one of the needed steps in place.
“If retailers do indeed make a shift to EMV and contactless payments, and take additional moves to incent customers to shift to mobile, i.e., mobile-based loyalty, incentives and offers, then it’s possible mobile payments become more widely available,” said Jeff Crawford, manager at First Annapolis Consulting, Linthicum, MD.
However, not everyone is convinced retailers will accelerate their transition to EMV simply because of the recent data breaches. Which means NFC-based mobile payments could continue to sputter along for another 18 months, during which time another mobile payment solution might gain ground.
“While EMV would have impeded the criminals’ ability to monetize the breaches, it would by no means have stopped the breaches, so I think we will not see many merchants speed their terminal upgrade plans,” said Julie Conroy, research director at Aite Group, Boston.
“The payment networks have reaffirmed their plans for an October 2015 liability shift, so I think we can expect to see many large merchants upgrade their terminal infrastructure in time for that date, while smaller merchants will lag behind a bit,” she said.
Following Target’s data breach, the retailer said it would push up its schedule for transitioning to EMV because the standard makes hacking of the kind Target was a victim more difficult.
MasterCard and Visa, who are behind the EMV standard, have put a deadline of October 2015 in place for when U.S. retailers need to have upgraded their terminals or else risk being held liable for any fraud that takes place at their stores.
By transitioning to EMV, retailers hope to address some of the concerns about the security of the consumer data when credit cards are used to pay.
However, security is also a big concern for consumers when it comes to mobile payments, with mobile providers actively chasing a solution.
One solution that has been suggested by card networks and card issues is tokenization that converts credit card numbers into randomly generated tokens that can be used to authenticate a payment.
Apple, which so far has stayed away from jumping into mobile payments, is thought to be working on a service that would use its Touch ID fingerprint sensor to authenticate payments. If and when Apple makes a move, it could have a significant impact given how many consumers already have iPhones as well as stored credit card information on iTunes.
There are still problems with all of the proposed mobile payments security solutions, and no single one has gained widespread acceptance.
“Mobile payment security, just like plastic card security, will need to balance increased friction caused by additional steps required of a consumer to complete a transaction and the risk that the card issuer, network and merchant are willing to accept,” First Annapolis Consulting’s Mr. Crawford said.
“With the ability to pinpoint consumer location, and with the introduction of biometric recognition, mobile devices offer interesting possibilities to enhance to traditional card security,” he said.
“Time, trials and many inevitable errors will be likely before this bears out in the mass market.”
In the end, issues such as security and the ability to tap a phone to a terminal to make a payment may not be what decides whether or not mobile payments take off, but they are important stepping stones along the way.
“I don’t think the recent breaches have had an impact one way or the other on mobile payment interest, except among a select group of consumers that are especially security conscious,” Aite Group’s Ms. Conroy said.
“At the end of the day, consumers don’t bear the liability for fraud resulting from the compromised cards, so they have very little skin in the game,” she said.
“Increased availability of mobile payments will certainly have a positive impact on adoption, but the greater impact will come from solutions that provide a consumer with the incentive to change their behavior, such as via rewards or offers.”
Chantal Tode is associate editor on Mobile Commerce Daily, New York