The President and the Standard: Does an Executive Order make payments more secure in the USA?
Last Friday afternoon, as work was winding down, an executive order came down from the President of the United States, nearly knocking me out of my chair.
This year has been so bad for merchant data breaches, with more likely in the margins, that the President felt the need to ensure that the government would offer itself as a more safe and secure place to do business with, by advancing the timeframes to be EMV-compliant at government points of sale. The chip card standard, where the magnetic stripe in a face-to-face transaction will be phased out and replaced with a SIM-card looking chip built into your credit and debit card, should serve to increase the security of payments in card present transactions. This is the leadership that I’ve been looking for, where the government has required something faster than the private market has, for the collective benefit of the financial system. Opponents (yes, there are, I hear from some at least weekly!) have been saying that chip cards will be too expensive, the technology is not comprehensive enough to really secure plastic payments, and that we don’t need the change.
Moving through these concerns in reverse order:
- We don’t need the change: Let’s break this down a bit. In the last calendar year, we have had two of the most significant merchant data breaches on record affecting over 96MM cardholders. Additionally, there continues to be a steady flow of not-so-insignificant payment card breaches and as a result, various calls for moving back to cash and/or widespread adoption of newly emerging technologies to maintain payment security (and contrary to popular belief, not everyone wants a new iPhone 6 with Apple Pay).
- The technology is not comprehensive enough: Yes, fine. It’s not a silver bullet. What is? The capacity for this development to dramatically increase the security of card present payments at POS will ultimately reduce the frequency and volume of merchant data breaches that include payment data. I sometimes hear from security professionals that some of the card data is sent in clear text within an EMV transaction, that the technology doesn’t do enough to protect the payment information. To this, I usually respond with the following: UK card present fraud declined by 75% after implementation. We will get to the additional security technologies on the card not present side shortly, with the next step, tokenization, which is already on the march.
- It’s too expensive: This one is particularly ill-founded. Let’s ask some high-profile merchants who were compromised last year how fast they would trade their data breach for a POS terminal conversion project. At a cost of nearly $200 per record in the U.S.A. (Poneman Study), merchant data breaches cost the affected retailer a lot more than they may think in indirect costs. Further, the new POS devices themselves come in at prices just below that. OK, yes, there is a lot more to it, but my point is that it’s a small price to pay to get on the train.
So, it’s an easy case to make, right? I have one more for you, and it will come in as an anecdote. Every fraud manager I know has had at least one situation where they declined someone special with a fraud rule, and eventually got into a mess over it. For me, it was the CEO of a credit union I was consulting with years ago. He was declined over the weekend for a card at the very institution he managed, and it embarrassed him in front of his friends. Everything I had done with them was then called into question and all work scrutinized. Eventually, he was made more confident in his fraud program after all the facts and metrics were laid out on the table, but there was a heightened visibility into the strategies after that. It was wise for the CEO to hear us out, understand why his decline was valid and appreciate the benefits of our strategies.
The same scenario was put forth to the CEO of the U.S.A., who was declined at a restaurant with his wife. Apparently, he rarely used the card, and a strategy caught up with him. The President ultimately decided that the problem was not the strategy, the problem was the rampant abuse of our merchants, banks and their cardholders. His progressive perspective on the matter leads me to the belief that this shift in policy will begin to change others’ perspectives in the coming year.
As we move toward International Fraud Awareness Week in early November, I’ll share more in another blog update about how to begin to tackle the challenge of engaging your customers in the fight.
Related Blog Posts
How to be a Payments Trailblazer – The Seven Habits of Highly Innovative Organizations
The new Culture of Innovation Index from Ovum and ACI identified segments—from banks to intermediaries to merchants to corporates—at the cutting edge (of innovation) across the payments ecosystem. But what is most notable about those segments that have reached ‘trailblazing’ status is the apparent lack of commonality between them. No one segment, nor one region fosters better innovation. In fact, what’s driving these segments/organizations to be best of breed is their own culture of excellence. The only thing they have in common is their attitude.
Customer Innovation: Erste Bank [Q&A]
The global banking sector is becoming both more strategically focused and technologically advanced, responding to rising consumer expectations while trying to defend market share against an increasing array of competitors. A great deal of emphasis is being placed on digitizing core business processes, and reassessing organizational structures and internal talent to be better prepared for the future of banking.
Regulating for Real-Time: The Role of Government in Payments Modernization
Dr. Leo Lipis and Craig Ramsey, Head of Real-Time Payments for ACI Worldwide, continue their discussion on real-time payments and the findings of the new white paper, Get More from Real-Time.
Issuing and Acquiring in a Real-Time and Open Payments Ecosystem – The Global Picture
Dr Leo Lipis and Craig Ramsey, Head of Real-Time Payments for ACI Worldwide, continue their discussion on real-time payments, stemming from the findings of the new white paper, Get More from Real-Time. See part one.
Four Questions to Drive Your Retail Banking Payments Strategy in 2019
I keep hearing that it’s “an exciting time to be in payments,” and I certainly agree that there is a lot of noise. However, when I look below the surface, I’d argue that the interesting activity is not with the payment itself, but with all the related events and steps in the value chain.
What Can the Re-Regulation of Other Industries Tell Us About Open Banking One Year On?
UK Open Banking just reached its first birthday milestone (on January 13 to be precise) and given my own commentary – including in the ACI blog – on this topic, the first anniversary of Open Banking in the UK certainly won’t pass without a debrief on the progress that’s been made and what challenges lie ahead.
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
To Regulate Or Not To Regulate – Is That Thy Question?
Debates are healthy, and as someone who spent a little time during my college years dabbling around the edges of the speech and debate team, I can tell you it’s something that I personally relish. A chance to really talk through the pros and cons of an argument and lay out the bare facts… and then be judged based not only on those facts, but on the presentation and power of persuasion—sign me up!
Request for Pay – What Does It Mean For Financial Institutions?
What do banks – one with $60B+ in assets, one a mid-size regional bank, and one, a small innovative credit union – have in common with payment networks and the ‘Big 4’ consulting firms? They were all part of the first ACI #PaymentsForBreakfast event in North America! The theme was real-time payments, but the focus was more specifically on Request for Pay.
Why Open Banking Might Need to Rely on a Magic Illusion of 24x7 Availability
The adage “the more things change, the more they stay the same” appears to ring true when applied to the early phases of the evolution of open banking (or open payments). Especially when you contrast it with the early days of ATM withdrawals; particularly those made in the dead of night so you could pay cash for your after-party greasy feast.