If you are a credit card user or a merchant who accepts credit cards, big changes are ahead. Consumers can choose to change or not, but merchants MUST make some changes in order to stay PCI compliant or face fines. Other merchant changes are optional, but not implementing these changes risks upsetting customers who may spend their dollars at other stores.
Details at http://mtanenbaum.us/the-changing-world-of-transaction-pay…/ (see below).
With regard to alternate payment systems like Apple Pay, Samsung Pay and CurrentC, those are all optional. All three of them and the others send a one time token to the credit card company- the merchant never gets to see your credit card number. That token is only good once, so if a hacker gets it, it doesn’t do them any good. At least with Apple Pay (and I suspect the others), the credit card number is not stored in your phone either, so if your phone gets hacked, lost or stolen, they cancel the encryption key in the phone and issue a new one – which happens all behind the scenes. You do not need to get a new credit card. That being said, merchants are not fond of Apple Pay and Samsung Pay because both of those try to steal the customer relationship from the retailer (can you imagine Apple would do that?). CurrentC, which is from all of the major retailers, allows the retailer to control the relationship. Apple Pay only works on iPhone 6s right now. Samsung pay only works on Galaxy 6s. Apple Pay only works on a few merchant credit card readers (those with near field communications enabled). Samsung pay works on those credit card readers and the normal ones. Merchants haven’t spent much effort at training their employees on how these payment systems work since they want them to fail. We will see if they do any better at training when CurrentC gets released in the next few months.
All of these will also require that the customer (you) be trained in how to use them and interact with the store. All of these systems also only work at brick and mortar stores like Starbucks or McDonalds.
This will all sort itself out in the next 5-10 years. Google Wallet, one of the technologies I mentioned in the original post below, has been around for 3 or 4 years and has not gathered much traction, but with a half a dozen choices this year, consumers will either get on board with one or more of these systems or pay cash! Merchants will need to figure out which of these systems they want to support, integrate, train their staff and troubleshoot problems with. In addition to all the changes they need to deal with on the PCI Standard front that I mentioned.
Here is the original post:
THE CHANGING WORLD OF TRANSACTION PAYMENTS
APRIL 4, 2015 MITCH TANENBAUM
If you either use credit cards or are a merchant that accepts credit cards (I think that covers most of us), your world is changing and changing rapidly.
Sorry, this is going to be long, so you might want to get a cup of coffee and possibly some aspirin before you start reading.
First, if you are a merchant that accepts credit cards, effective Oct 1, 2015, if you do not accept Chip based credit cards (the so called EMV card that has been the standard in Europe for 10 years – we are just a little bit behind), if there is credit card fraud, you, as the merchant, become financially liable for the loss (for gas stations that does not happen until 2017).
This means that as a merchant, you have to change your credit card reader equipment, train your employees and if your credit card process is tied into your point of sale system, likely have to change that as well. All this is at your cost as a merchant. Here is Visa’s guide for merchants on how to migrate from the old mag stripe credit cards to the new chip based card.
One thing that is still different between the U.S. and Europe is that Europe requires that you enter a PIN with the chip card and we are going to use the old fashioned signature. PIN is likely much more secure – retail clerks rarely check whether your signature matches the back of the credit card. Mastercard and Visa opted not to use a PIN because they thought that people might use their cards less if they were harder to use – and that is like a knife to the heart for credit card processors. They would rather eat the losses, which they pass on to the merchants in the form of fees, who pass them on to you and me in the form of higher prices.
The second change that will affect merchants is the release, in April 2015, of the PCI 3.1 standard. The main reason for this change is because of all of the SSL bugs that I and others have been writing about for months (including Heartbleed, POODLE, FREAK and Bar Mitzvah, among others). This likely will require a number of software upgrades as SSL is no longer allowed, only the current version of TLS.
In addition, as of PCI 3.0, released in January, merchants are now required to conduct penetration tests at least annually, which are much more complicated than that the old requirement for doing vulnerability scans (see guidance on conducting penetration tests here ) . Merchants also have to implement intrusion detection and prevention technology.
Now the part that affects consumers – which, of course, also affects merchants if they choose. Apple released Apple Pay earlier this year. Some merchants embraced this; others are totally fighting it – by either turning off the NFC feature on their credit card terminals that are required to make it work or not fixing that part of the terminal if it breaks. This is so much of a problem that some customers have reported that they have only completed ONE Apple Pay transaction successfully since they registered their cards.
But if that wasn’t confusing enough, customers and merchants will have to deal with other competitors to Apple Pay, including:
Samsung Pay – which only works with the Samsung Galaxy 6
Google Wallet – which has been around for a few years, but has not gained much acceptance.
CurrentC – the big merchants alternative to Apple Pay. This is supported by the retailers and they will give you discounts and freebees if you use this rather than Apple Pay. This will be hard for Apple to counteract because the merchants are in control of these discounts and freebees.
Stratos – a small high tech startup with their own solution
Here is a guide to these options (http://www.csmonitor.com/Business/Saving-Money/2015/0329/Apple-Pay-Samsung-Pay-Google-Wallet-and-more-A-guide-to-mobile-payment-apps).
If you are a consumer, you can choose to use one of these alternatives or not.
If you are a merchant, you will need to make a bunch of decisions – running the risk of offending customers and having them go elsewhere.
And, I am sure, there will be more choices before this all settles out.