In the world of retail, where the cardholder presents the goods they wish to purchase to the cashier who totals the goods and processes the payment, this all works very well since, without a successful authorization from the issuer, the cardholder doesn’t get his goods! But take that card into any other environment, especially transit, and the experience — and risks — are very different.
One of the benefits of the contactless magnetic stripe is its fast transaction speed: it takes just around 200 milliseconds to complete the transaction. This is comparable with proprietary technologies and significantly faster than EMV cards. However, this is only a 10th of the story, as we’ve previously discussed. The “real” transaction is performed with the issuer while the cardholder waits for a response. This is a real problem for operators who are demanding fast transaction times to meet throughput and safety requirements at the same time as managing the risk of not completing a fully authorized transaction.
There is some mitigation to this problem. The first is to rely on high-speed communication networks, both fixed and cellular, to pass the authorization request and response to and from the issuer while the cardholder waits at the bus or subway entrance. But are these networks reliable enough? What happens if an engineer drills through a cable? What guarantees payment if the cellular network is down in the area the bus is picking up passengers? Or if there is a power outage? Or if lightning strikes? The point is — there are no guarantees.
The other option is to get cardholders to pre-register. They would register via the transit operator’s Website, where suitable authorizations and address verifications could be carried out in advance of travel and when successful, the card number can be added to a white list that is held on the readers. This certainly is the most resilient and risk-free method, but how can it support the traveler who wants to turn up and travel. The walker, who is caught in a rain shower?
So this doesn’t really have the feel of a 21st-century solution. It can only end up forcing passengers back to queuing up for paper tickets as they demand an instant solution to their immediate need to travel.
So are we left with trying to perform end-to-end transactions at the point of entry? This seems to be the solution employed so far by some transit operators who have had to build the additional pre-registration systems or who have specific agreements with single issuers for acceptance.
If that’s not enough for transit operators to worry about, the stability of the magnetic strip payment mechanism is definitely more in question now than it has ever been with data breaches at Heartland and TJ Maxx and the resultant fraudulent use of the magnetic stripe card data signaling the start of the end of the technology.
So What’s Next?
Some commentators talk about the impending use of mobile technology as the future of payments; however, a mobile device on its own does not have the capability to perform payments without an application to carry it out. In this space we are starting to see the modern IT giants PayPal and Google presenting their ideas on a modern payments network in competition with the established technologies of the traditional banking industry, EMV.
Contactless EMV cards, issued widely in Canada, Mexico and much of Europe, have been developed with offline capabilities. That is, the card does not require online authorization for the merchant to be guaranteed funds; the card has the capability of authorizing small amounts offline.
So why are merchants in the United States demanding migration? Primarily, this is due to the reduction in card fraud EMV delivers against magnetic stripe. In the United Kingdom, the Payments Association has reported a dramatic drop in fraud: “Fraud on lost and stolen cards is now at its lowest level for two decades and counterfeit card fraud losses have also fallen and are at their lowest level since 1999. Losses at U.K. retailers have fallen by 67 percent since 2004; lost and stolen card fraud fell by 58 percent between 2004 and 2009; and mail non-receipt fraud has fallen by 91 percent since 2004.”
In Australia, a recent adopter of EMV, reductions on skimming fraud of 25 percent and a 50 percent drop in fraud on overseas cards has vindicated the adoption of EMV.