Arch rival MasterCard has a similar view and last week announced a pilot program with First Tech Federal Credit Union in the US to use biometrics such as facial and voice recognition as well as fingerprint matching to authenticate transactions. Tokens are also on MasterCard’s agenda.
There’s no doubt extra security is important and will become increasingly so.
But is it enough to drive the sort of take up seen in Australia with tap’n’go cards? The secret to the phenomenal success of this is people already had the cards (new cards were gradually introduced with the technology), the system worked and it was more convenient.
Now people already have smart phones (well at least 70 per cent in Australia) but is it more convenient than the existing card?
Already in the US, where payment schemes are much less sophisticated than Australia and most of Asia, there has been some backlash against mobile payment devices such as Apple Pay not because they don’t work or are insecure but because they are less convenient than the existing card.
Visa and MasterCard need only dust off some of their other Australian research from the mid 90s when the first “smart” cards were introduced. Although they had a chip rather than magnetic stripe, these cards were simply electronic cash cards or “stored value cards”.
Large scale pilots were held on the Gold Coast and in Canberra and they went very well. But as soon as the marketing and pilot caravans moved on, people stopped using the cards. There was a large scale roll out too in the hip Tokyo suburb of Shibuya. That too shrivelled away.
The problem was there were existing, efficient alternatives to electronic cash. Including cash. And credit cards. The idea that the cards would replace cash was fanciful because no one was going to stop carrying cash at that time.
And one suspects this will be the challenge for mobile payments. Sure, the phone can do everything the plastic tap’n’go card can do but it is still difficult to imagine anyone venturing out with just their phone as a payment means.
Mobile payments don’t solve a clear and present problem like the Diners Club card did. Or indeed the original Bankcard in Australia which allowed merchants to largely do away with costly, bad debt ridden personal charge accounts.
A new layer of security is not enough. In the US, chip cards are only now being rolled out but in many US markets the logical next step in the security chain, using only Personal Identification Numbers (PINs) to authorise transactions is considered a step too far. So the US will stick with vastly less secure signature authorisation.
In the market, cool technology and an extra layer of security don’t always trump habit and convenience.
Stephen Karpin, Visa’s group country manager for Visa in Australia, New Zealand and South Pacific, disagrees.
He told BlueNotes that while the new layer of security tokenisation will bring will be largely invisible to consumers and merchants, it will nevertheless enhance the shift to pay by smart phone.
But Karpin does believe mobile payments need to do even more and the real impetus will come from bundling extra services in with the mobile payment, such as special offers or pre-orders, where the phone’s capabilities including location, loyalty, membership and payment can be brought together.
More significantly though is the advantage tokens will bring to online transactions. Because a token doesn’t represent the whole account number of a payment card, if it is compromised – either individually or via one of the all too frequent mass breaches – only the token need be disabled.
“Tokenisation will not only accelerate the move to mobile payments in Australia but also provide a secure foundation for previously unimagined ways to pay,” Karpin says. “In the future, any internet-connected device could become a secure way to make payments.”
This is certainly a convenience for consumers and merchants.
Visa’s head of emerging products and innovation George Lawson says another advantage of tokens is they can be programmed to be quite specific, preventing their broader use and lessoning the attraction for fraud.
“It is much more efficient to cancel a token than an account,” he says. “You can have multiple tokens on one anchor account. For digital transactions you can restrict domains, merchants, channels even.”
Karpin argues while security anxiety has hardly held up the surge in tap’n’go transactions it remains a major impediment for consumers.
“But equally it is merchants, banks and regulators who are most concentrated on security. That’s why these innovations are important,” he says.
The lessons of payments innovation tends to suggest there needs to be more than incremental improvement for consumers to change behaviour.
Those conditions don’t appear to exist yet for smart phones although if new service propositions emerge they might. As Karpin argues, tokenisation breaks down the barrier of risk around putting sensitive account information into more and varied devices.
Added layers of security for online transactions is however slightly different. That is where there is genuine consumer (and government and regulatory) concern. And opportunity.
After all, Diners started as a simple cardboard card. Today’s payment card is already an app on a mobile device.
Infographic by Visa Australia.