As mentioned yesterday, the regulator tries to keep up with
the banks who try to keep up with customer, and I said that banks often
innovate too slowly.
There are many examples of this, but the one that I come
back to regularly is Chip & PIN.
Chip & PIN has been an enormous success, lauded and
applauded by the Payments Council and now emulated worldwide with just the USA
to follow.
The program was agreed in principle back in 2000 through
APACS, the Association of Payments Clearing Services, and the implementation
plan sorted out in 2003. The EMV-based
Chip & PIN program was introduced to the UK in 2005 and made mandatory in
February 2006.
The great news is that after Chip & PIN was introduced card
fraud decreased considerably, with lost and stolen cards down over half …
... but
the criminals just moved to targeting other areas where card not present and online
fraud gave opportunity:
Key trends in UK cards from 2004 to
2008
Abuse of authentic
cards:
- Lost and stolen: down 53% to $54.1m
- Mail non-receipt: down 86% to $10.2m
Counterfeit: up
31% to $169.8m
Non-card security:
- Card-not-present: up 118% to $328.4m
- ID theft: up 28% to $47.4m
- Online: up 330% to $52.5m
- Check: down 9% to $41.9m
Total: dip in
2005–2006, but up 25% to $704.3m
Slide and detail from a presentation by Stephen Murdoch of
Cambridge University, 2009
Admittedly this was the case after Chip & PIN was introduced
but, as retailers and banks cracked down on the Card Not Present fraud too, the
UK example is held up by one and all as the best illustration of security.
For example, here are a few charts from Douglas King of the US Federal Reserve Bank of Atlanta who, along with many colleagues, is
trying to convince the USA to incorporate Chip & PIN.
Fraud Losses on UK-issued Cards (doubeclick image to enlarge)
Card-Not-Present Fraud Losses on UK-issued Cards (doubeclick image to enlarge)
So Chip & PIN is fandabadoozy and the best thing since
sliced bread, yes?
Maybe not.
In fact, Chip & PIN is an example fo an industry moving
at a snail’s pace and hten slapping each other on the back on how effecigtve it
has been.
Rewind to my opening paragraphs and you realise it took the
UK Payments Council six years to determine, agree and then implement Chip &
PIN.
Six years.
During those six years another technology blossomed and matured:
mobile technologies.
Pre-Chip & PIN, in 1997, a Hungarian bank had proven
that mobile technology was just as good at reducing fraud as Chip & PIN, if
not better.
The bank is OTP Bank, and was one of the first to use text
message SMS alerts to inform customers of potentially fraudulent transactions.
Their experience proved that fraud could be reduced from over twice the
market average at that time, to a third of the average within a year.
And it was by using a simple text message.
Cheap and easy and, oh yes, the customer pays.
Why?
Because they want to.
The customer sets the payment alert for transactions at the level
that suits their risk appetitie. Each
text costs 30 cents, but they don’t mind paying as it allows them control over
their account.
The idea took off rapidly in Eastern European and Russian
markets.
When I asked one of the bankers who made the decision to go
Chip & PIN rather than mobile text alerts in 2007, seven years after the decision
was taken, he said: “because we did not believe then that mobile technologies
were secure enough.”
He also said they would have made a different decision in retrospect but, as they committed to the Chip & PIN, this is their direction.
Six years, seven years, a decade (in the case of SEPA) …
things change rapidly.
Take eight years ago.
Eight years ago, 2004, the things we talked most about were
second homes, buy to lets, easy mortgages and easy credit. We talked a lot about European harmonisation,
the start of EU directives to create a single financial market, and the early
draft text of MiFID and the plans for SEPA.
There was no Facebook or iPhone, just Nokia and Friends Reunited. George W Bush had started his campaign for
his second term in office and Justin Bieber was a ten year old boy (still is
really).
Eight years is a long time and a lot changes.
In 2007, my first book: “the future of banking in a
globalised world” appeared, and the index makes no mention of subprime or liquidity risk.
Today, all we talk about is subprime and liquidity risk. We avoid discussions of re-mortgaging and
credit markets, and instead focus upon regulations to avoid further collapse of
the financial house of cards. The EU
dream has turned into a bit of a nightmare, and commitments to further
harmonisation are on hold for many. Nokia has been joined by Microsoft to try
to beat off the Apple and Google war, and no-one talks about reuniting with
friends other than on Facebook.
Eight years is a long time, and it is far too long to make
industry-wide strategic decisions to change.
Instead, countries, banks and institutions need to take
steps to future-proof themselves from this march of consumer-led change.
A final thought.
I recently held up Poland as an example of how to get
contactless right.
Poland
is Europe’s leading market for contactless payments, with over 54,000 terminals
and 5.7 million Visa contactless cards deployed as of March 2012.
All
of the acquirers and key merchants were on board from the start and, between
December 2010 and December 2011:
- The number of cards in use increased
five-fold; - The number of contactless
transactions increased forty-fold; - The value of transactions increased
by a factor of 43.1 times; and - Poland’s use of contactless payments
has overtaken the UK’s usage in just one year.
Why?
- Because the issuance of contactless
cards in Poland was coordinated across the industry (the UK was uncoordinated); - The rollout was national, whereas the
UK had a partial rollout; - Poland’s program focused upon Tier 1
merchants first, rather than Tier 2 in the UK; - Transaction limits were appropriate
for the Polish markets, whereas the UK’s limit was too low at the start; - The commercial framework was based
upon the payment value for each transaction in Poland, rather than the UK
program which used the same interchange structures as higher value payments;
and - The technologies for the POS systems
in Poland were proven and reliable, rather than a pilot terminal that was unproven
in the UK at launch.
All
in all, by entering into contactless later rather than sooner, the Polish
deployment has seen far more success than the UK.
So when I start talking about NFC and contactless being well
past its sell-by date,
they took a little offence and asked me if I really believed this and, if so,
what should they do about it?
And here’s where I take a different tack, as the fact they
did something innovative and early is a good thing.
The UK has been pushing contactless in an uncoordinated way
for over four years. It’s too long and
too slow such that, now, the opportunity they could have grasped has been
missed.
The investment to make contactless work in the UK now is not
going to payback in time, as other technologies like QR codes and Proximity
Payment Apps have taken over.
However, the fact that Poland acted fast and did something
early in a co-ordinated way within commitment, means that they made the appropriate
investment at the appropriate time with the right level of commitment.
The net:net of that comment is that: if you are going to innovate and take a lead, commit to it and make it
happen before the timescale opportunity is lost.
And that comment applies equally to the UK Chip & PIN project, e.g. doing something is better than doing nothing at all.
Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...