Payments And Payment Security In 2014
There were many events in the payments sphere that took place in 2014 – a new focus on NFC and mobile payments, the upcoming change to EMV, and the aftermath of the Target breach. There were also major events just outside the industry – but none was as momentous as theSony hack. As always, you can check out Google’s 2014 Year in Search to see what the United States and the world spent the most time looking for. For more involved readers – check out BCG Perspectives’ Interactive Global Payments 2014.
Home Depot. JP Morgan Chase. Sony. Goodwill. Staples. Dozens of smaller hacks. Millions of payment cards, email addresses, and various pieces of personal information compromised. This year, the entire nation learned the importance of having and using security software. It was a sad year for security professional, an expensive one for businesses, and a stressful one for customers.
While contactless payments are not a new idea, Apple brought them into the spotlight with iBeacon, tokenization, and the iPhone 6. Despite these advances, it hasn’t picked up very quickly, likely hindering by security and convenience.
Riding on the heels of ApplePay’s announcement was a similar announcement that some major retailers would be unanimously dropping support for NFC. This move punished all mobile wallet users for a small percentage of transactions, and led to many unhappy customers and lost sales.
Tokenization, thanks to ApplePay, has gained much more visibility as a security measure against fraudulent transactions. Tokenization substitutes a token in place of a sensitive piece of data. Think of an amusement park or arcade room – you pay for tokens, and use the tokens to operate the machines. Although the tokens have no value, the machines only accept tokens, as they represent value. Having your tokens stolen isn’t as bad as having a card or wallet stolen, and nobody can figure out your card info or where your wallet is by looking at your tokens. Instead of transmitting payment card data, tokenization creates a unique ‘token’ that is transmitted in its place. It is recognized by the terminal and the payment is approved.
Near Field Communication
NFC got a kick start. Softcard (which changed it’s name to distinguish itself from a terrorist group), Google Wallet, and others were brought to the stage as ApplePay stole the spotlight, allowing thousands of iPhone users to pay with their mobile devices, even if those thousands of people never materialized. Predictions for the mobile payments industry have always been optimistic, they just tend to be overly optimistic.
NFC also dodged a kick in the teeth with the release and subsequent hacking of CurrentC. CurrentC was released by Merchant Customer Exchange (MCX, a retailer group led by Walmart), and was hacked before the app was officially released. It should be noted that CurrentC does not use NFC technology; instead it utilizes QR codes and directly transfers funds from a customer’s bank account.
Bitcoin was expected to take off – but didn’t. Prices were expected to be in the thousands – it’s in the hundreds. It’s the most volatile currency by far, and always has been. Bitcoin may not make it, but it may be the right step towards a universal currency. None of this is to say that it is not a popular, frequently traded currency.
What about alternative lending? It took off in a big way. Lending Club and OnDeck both had IPOs, a good sign for the industry. With banks unwilling or unable to support small businesses, these events have shown a glimpse of the future of small business lending, where banks don’t play as a large a role.
Now, take a step back from this 2014 review and think about how consumers payed for purchases. There were many breaches this year, with millions of cards compromised. Mobile wallets took off but didn’t get too far – many businesses simply do not accept NFC, and many consumers are afraid to pay with their mobile devices. What does this say about the payments industry, and how will we overcome it? Consumer actions always make the final decision – what will happen if they decide if their payments can be so easily compromised (or appear that way)?
What’s going to happen in 2015?
Our light predictions for 2015 start with increased payment security. 2014 exposed many openings in payment security and data security, ones that we hope 2015 will close.
Next is further adoption of NFC – possibly with the closing of NFC vs other QR codes as a method of authentication. However, a true standard for mobile payments is many years in the future.
EMV will come into effect in October, but not all merchants will change their hardware on time – to their detriment.
Anything can happen, so we’re not crossing our fingers. See you next year!