US EMV Migration: Looking for the Silver Lining in the Clouds

It would be easy to assume that the migration to EMV in the US has gone terribly. The press is full of stories about slow transactions, inconsistent customer experiences and slow merchant adoption. Whilst not living this day-to-day, I also experienced this frustration first-hand on my trips to the US earlier this year; I wrote about it in a previous blog.

And yet, while the end customer experience clearly must improve, real progress has been made. Back in June, Visa reported "over 300 million chip cards in market and 1.2 million merchant locations." In August, MasterCard announced that "80 percent of its U.S. consumer credit cards have chips" and reported seeing "1.7 million chip-active merchant locations on its network, representing nearly 30 percent of the U.S. merchant population and a 374 percent increase in chip terminal adoption since October 1, 2015." Of course, these numbers would be far more impressive if the liability shift was happening in October of this year rather than last. However, EMV migration does not happen overnight, and in the market as complex and diverse as the US, it was always expected to take many years, especially considering the early reluctance and skepticism of the industry, and the additional complications in debit.

One of the challenges for merchants is getting their new EMV terminals certified, which can take a long time, especially when there is a backlog of demand. To alleviate the problem, in June both Visa and MasterCard have relaxed terminal certification requirements by reducing the number of tests, giving acquirers more freedom and responsibility in the certification process, allowing standard configurations and providing more resources to value-added resellers (VARs).

Also, recognising that it's not always the merchants' fault that they are behind with EMV implementation, both networks introduced measures to minimize chargeback costs to merchants who have not yet transitioned to EMV. For example, MasterCard has "checks and blocks to ensure that chargebacks follow the liability shift guidelines", such as not allowing chargebacks on fraudulent ATM and fuel transactions, where the liability shift has not yet taken place. Visa has taken a step further and announced that from July 22, Visa would "block all U.S. counterfeit fraud chargebacks under $25", while from October 2016  "issuers will also be limited to charging back 10 fraudulent counterfeit transactions per account."

Of course, there is a risk that rather than incentivising merchants to speed up EMV adoption, these changes to the network chargeback policies will reduce the pressure on merchants to migrate. Verifone, one of the largest POS companies, has reported lower revenues for Q316, partly as a result of "lingering EMV adoption issues", and has stated that their "outlook for Q4 now assumes a significantly slower EMV rollout." Not surprisingly, Paul Galant, CEO of Verifone, has emphasised the company's "relentless execution" on "the long-term vision for Verifone to transform from a box shipper to a services provider."

Nobody is under illusion that EMV migration in the US will be over any time soon. However, we must recognise that real progress is being made. Changes introduced by the networks, as well as new liability shift dates, such as for MasterCard ATM transactions coming into effect in October this year, should help keep the momentum going. And while the consumer adoption of various contactless pays, such as Apple Pay and others, has yet to "set the world on fire", perhaps they will end up giving another reason for merchants to invest into chip terminals? After all, for the optimists amongst us, every cloud has a silver lining.

First-time success rate of my Apple Pay transactions today: 0%

Yes, you did read this right – today I could not complete a single Apple Pay transaction successfully first time. This was my experience today:
  • I tried using Apple Pay five times – four times to get in and out of the London transport network and once at a coffee shop to buy an espresso.
  • Not once did I manage to complete the transaction right away.
  • Only once I could complete the transaction via the fingerprint. And before you accuse me of sweaty fingers, on all occasions I made extra efforts to wipe clean my phone’s TouchID reader and my fingers before approaching the terminal. And while I did have some issues with TouchID in the past, now the fingerprint unlocks the phone just fine most of the time.
  • Three other times, I had to type in my password, which then completed the transaction.
  • I could not get my coffee on Apple Pay at all – no matter what I did, the transaction would not go through. My default card is Amex, so I asked the merchant if they accepted Amex cards in the first place (I couldn’t see any obvious signs that they did). He confirmed that they accepted Amex, but not if the card was contactless! Which I guess explains my lack of success in that instance, but there was no way of me knowing it in advance – the shop clearly had contactless terminals, so I assumed my Amex inside Apple Pay would work just fine. In the end, I embarrassingly put my phone away and paid cash.
OK, I admit, the sample size is not big – only five transactions and I haven’t tried a diverse POS environment (TfL and a coffee shop), so maybe I’ve just been unlucky. But it’s not the first time this is happening to me. I already highlighted my trepidation of going up with Apple Pay to the tube gates in an earlier blog. And I had other bad experiences: after trying to pay with Apple Pay and failing at a local Co-op shop, I was told that I couldn’t just use a plastic contactless card or pay by cash – I had to insert my actual Amex card into the reader and type in the PIN code to complete the transaction. Really?? Looks like I am not alone struggling with Apple Pay in the UK, as this Twitter conversation demonstrates: I also have a Visa debit card registered with Apple Pay, so I will try it out as well, but based on Richard’s comment, it doesn’t look like it’s a card type-specific issue at the moment… I love the idea of Apple Pay and easy payments by mobile phone. And I know that people like Jeremy and Richard are just as passionate about payments as I am, so we will continue to persevere and keep trying. But what will a “normal” consumer do if they have a bad experience? Will they be excited enough to come back and try again or will they just give up on mobile payments before they had a chance to succeed? I hope they don’t, but these early Apple Pay glitches clearly show how difficult it is to create a truly great customer experience in payments, especially at the POS.

The Power of Headlines

We are all familiar with the power of a good headline – it grabs our attention and compels us to read the rest of the story. In the world of printed newspapers, front-page headlines are there to sell papers. And it seems that ability to write a witty headline is a pre-requisite to getting a job at any of the UK’s tabloid newspapers. Headlines also have the power to mis-lead. Just a few days ago, a news story caught my eye, which implied that 42% of the US POS terminals were infected by malware. With a healthy dose of disbelief, I clicked on the link and sure enough, it became clear from the article itself that 42% of all known instances of a single malware type were detected on the US terminals. The story and the headline’s implication couldn’t be further apart. As someone who keeps an eye on the developments in mobile payments, naturally, I was intrigued by some other recent headlines announcing that “the UK banks were to launch mobile P2P network next year.” Did I miss something? No, there was indeed a new announcement by the UK Payments Council, but it was talking about the same initiative announced nearly a year ago on 21st Feb 2012. And it became clear shortly thereafter that the service would likely be launched in 2014. As far as I can tell, the main piece of news this time is the list of 8 banks who have now committed to launching the service. Again, given that it was expected to be an industry-wide initiative from the start, it is no surprise to see all the major UK banks signing up to this, including Barclays, which has its own P2P service, PingIt. For our non-UK readers who may have missed the story last year, The UK Payments Council has commissioned VocaLink to build a central database that will allow bank customers to link their mobile phone number to their bank account. Having done so, they will be able to send a payment from their mobile phone by simply entering someone else’s mobile phone number and would not need to know their banking details. The actual payment would run over Faster Payments, a system that’s run by VocaLink and settles payments in nearly real-time. Is P2P really that important in the UK? Despite some early successes of PingIt, I think the jury is still out. Obviously, it simplifies making a payment to another person (or potentially, business) which is a good thing. However, in the UK it is already quite common to tell someone your bank account details for them to make a one-off payment. As I pointed out in my blog commenting on the original announcement, the ever-popular “splitting a restaurant bill” example is over-used – most people in the UK would settle the bill by asking the waiter to split the total onto multiple cards right there at the restaurant. And the popularity of Direct Debit drastically reduces the need to proactively pay regular bills. Paying to a small business/ merchant/ tradesman appears the most promising scenario, but there this payment method is going to compete against the new mobile POS solutions, which enable those same tradesmen accept cards, and more realistically, cheque and cash payments, the ingrained practices of today. Having said all this, it’s a very welcome initiative and it could be just a start. As the service grows, I would expect it will allow use of other proxies in addition to the mobile phone number (e.g. email, Facebook account, etc.) and will enable them to be linked to multiple bank accounts. And once the infrastructure is built, other services (e.g. merchant payments) can be developed, which would help the UK banks maintain their leadership in payments. I am looking forward to the real news announcing the launch of the actual service in 2014.

PayPal’s March Into the High Street

The readers of this blog and Celent clients with access to our reports will know that when we talk about “mobile payments” we are careful to specify what we mean by it. While many talk about NFC payments, we prefer to discuss “mobile at the retail point-of-sale”, recognising the diversity of ways how a mobile could be used to make a payment. Last year we predicted that the biggest rival to the emerging NFC solutions (and a threat to the banks and card issuers) would be PayPal with its “wallet-in-the-cloud” approach to in-store mobile payments. This week PayPal announced two massive steps in that direction – a deal with two large POS manufacturers, Verifone and Equinox, and new relationships with 15 retailers, including household names, such as Abercrombie & Fitch, American Eagle Outfitters, Barnes & Noble, Foot Locker, JC Penney, Office Depot, and Toys “R” Us among others. This is in addition to the last year’s pilot with Home Depot, which has now seen the solution rolled out to 2,000 stores. Some of the press has already called PayPal the “world’s fifth payments network.” In case you are not familiar with PayPal’s in-store vision, essentially, you are checking out with your PayPal account rather than your Visa/ MasterCard/ Amex card or cash. You may have a PayPal card, but it’s simply a way to identify and communicate your PayPal account credentials. The same could be achieved by entering your mobile phone and a PIN into the terminal. The solution does not rely on NFC, so the consumers don’t have to purchase NFC-equipped handsets and merchants don’t have to do hardware upgrades to their terminals. Usually, software upgrade is sufficient, which is why the deals with POS manufacturers as well as POS software developers are crucial to make it easy to the merchants. Of course, the merchants still need to have a commercial agreement with PayPal to accept it as a payment method, which is why securing relationships with the US leading merchants is so important. However, PayPal understands very well that scaling up the merchant relationships on a global basis is going to be the hardest task in creating a truly universal payments scheme. That could be one of the reasons why PayPal continues to position itself as a “bank’s friend” – it understands how difficult it would be to achieve the necessary global scale on its own. However, that would require to “open up the scheme” and go from a three-party to a four-party model. Would PayPal be prepared to do that? Would banks be willing to join in?

Bank Mobile Wallets: NFC or Cloud?

Extensive travel tends to wreak havoc on the usual patterns and the best intentions. As a result, I haven’t yet had a chance to blog about an interesting development first announced a couple of weeks ago. FIS, a large technology and services provider, has announced a new m-payments system, developed in partnership with Paydiant, a mobile technology company. Celent clients may recall my recent report, “What’s In Your Mobile Wallet? Winning the Battle for Mobile at the Retail POS” where I described the four major domains which represent the key battlegrounds for bringing mobile payments to the physical stores in the developed markets. In that report, I suggested that banks are in danger of losing control over POS payments to cloud-based wallet providers, such as PayPal and others. I also said that NFC, despite all the concerns around infrastructure and business models, represents the best chance for banks to keep their payments credentials used at the POS in the mobile world. With the announcement from FIS, it seems that banks can take on the cloud-based wallet providers at their own game. FIS and Paydiant developed a cloud-based solution that can be integrated into the bank’s mobile app and simply requires downloadable apps for consumers and retailers. Because the app resides in the cloud, no payment credentials need to be exchanged at the POS, giving everyone an additional piece of mind and alleviating the retailers from PCI compliance requirements. In the demo showed to Celent in Boston, the POS terminal produced a QR code, which a consumer would scan with his app on a mobile phone, which then triggers the payment transaction. The QR code is only one possible communications technology – NFC could be used instead if both the terminal and the phone were NFC-capable. The payment is done via one of the payment instruments (e.g. a card) that the consumer has pre-registered with the app and the retailer already accepts. The app could also be developed by retailers rather than banks. In fact, the retailers might find the solution easier to implement than banks, as they can control the acceptance side. The banks wishing to use this solution must ensure that there are enough merchants that have downloaded the appropriate app and are willing to let customers use it. All of which points for the need to create and manage a new scheme, one that consumers recognise as they decide which app to pull up on their mobile phone at the POS. Still, I think it’s a very interesting solution and one that allows the FIs and retailers explore the opportunities around cloud-based wallets.