By Laura Haight
Originally published as The Digital Maven in Upstate Business Journal on Nov. 6, 2014
Recently, for the fourth time this year, I replaced my debit card. Despite being an early adapter to — and staunch defender of — online payments, events of the past few years have shaken my resolve.
At a time when so little is safe, along comes a whole new crop of mobile payment methods that beg the question: If it’s not safe to use my debit card, how safe can it be to carry this financial information around in my phone?
Nonetheless, the answer to the problem can’t be “back to cash” or other retrenchment strategies. Then, the terrorists win.
A closer look at the hacks of the past year or two, reveal that banks and credit card companies, for the most part do a great job of protecting your sensitive information. The big vulnerability in the system is the merchant. Target, Home Depot and other large retailers are often where the hacks occur.
There are five mobile payment options already launched or close to it that work with your smartphone. While they may use different technologies and approaches, they are all similar in that they don’t give the merchant your credit card or bank account info. From the get go, this makes almost any of these systems a safer bet than swiping your credit card at your supermarket or big box retailer.
The iPhone 6 and 6 Plus come equipped with near-field communications (NFC) which enables a two-way conversation between your phone and other devices, such as payment terminals. That laid the groundwork for Apple Pay. This is being treated like new tech, but it’s actually been available on some Android phones for close to three years. Many Android OS phones have NFC chips and can take advantage of Google’s own mobile method, Google Wallet.
In fact, Terry Garner, senior vice president of deposit operations at Southern First, thinks Google Pay may be the best payment option that no one knows about. Garner has been digging into all these payment methods over the past several weeks to try and chart out the pros and cons of each.
“Google didn’t make the big splash that Apple did. They’ve not done a great job in educating the consumer,” she notes. But they should have because they have a lot of advantages: tokenization, cross platform capability (use NFC or bar code readers), fraud monitoring, 24X7 fraud protection. “Their problem is that they haven’t done a good job of making people aware of them.”
Apple Pay does get high marks from analysts on both security and accessibility. The crowded field now includes other players like Current C, PayPal and Softcard (an offering from mobile carriers AT&T, Verizon and T-Mobile). They are also dividing and conquering, splitting up retailers, locking them in with costly contracts and exclusivity clauses. To be fully mobile, you may need three or four apps on your phone (not all achieving the same level of security). Tap to pay could be just as much of a pain as digging through your purse or wallet for the right credit card.
But regardless of who wins the consumer vote, which will determine where the retailers go, one thing binds every retailer together: the payment terminal. This part is critically important even if you don’t even have a smartphone so listen up.
The US is the only major industrialized country in the world still using magnetic stripe cards. They are inherently insecure and the root of every major retailer hack of the last five years. In a glacially slow implementation, the credit card industry agreed years ago to adopt the much more secure EMV cards. Finally, a hard deadline approaches and, not surprisingly most US merchants aren’t going to be ready. Garner says current research estimates fewer than 46 percent will have new terminals in place by October 2015. The terminals are not expensive, ranging from $150 to $275, but the risks of not being ready can be quite costly. Come next October, the liability for credit card losses will shift to the retailer or merchant if they have not upgraded to the new terminals.
You probably have one EMV card already; more are coming as cards expire and you can request one from your card issuer. But taking advantage of its protections is dependent on the merchant.
Based on current data, it seems like you’ve got less than a 50 percent chance of your favorite shop caring as much about your security as they do about your business. Vote with your feet!
So is the debit card dead: Convenience comes with a price and requires a lot of vigilance. But Garner and others think the debit function is valuable and will be even moreso if the technology infrastructure can help protect it.
Next Time: A comparison of the five new mobile payment efforts and why they are safer than the card in your wallet.