By Patti Murphy
As 2018 draws to a close and 2019 approaches, merchant services providers are assessing what was and what may be the shape of things to come. And several trends stand out as worthy of consideration. Among them: the expanding role of financial technology firms, combating payments fraud, data security and ongoing merchant concerns over the cost of payment acceptance.
Merchant grousing over the cost of payment acceptance is nothing new. The complaints have led to litigation that has taken many twists and turns, including a proposed agreement earlier this year that would have Visa and Mastercard pay out $6.2 billion to settle claims that merchants were being overcharged on interchange. They have also led to legislation, in the form of the Durbin Amendment to the 2010 Dodd-Frank Act, which paved the way for federally mandated caps on debit interchange. And complaints have led to innovation, as in the emergence of cash discounting and decoupled debit programs.
Decoupled debit programs, through which consumers authorize nonbank card issuers to initiate debits against their checking accounts via the automated clearing house system, have been around since the 1980s when Mobil Oil (now part of ExxonMobile) added a debit feature to its proprietary credit card. (The feature was dropped before Mobil merged with Exxon to form ExxonMobil.)
Target Corp. breathed new life into the concept with its 2007 introduction of the RedCard. That was followed by CurrentC, a decoupled debit-based mobile payment network. It was launched by a consortium of retailers in 2012 and shuttered four years later. More recently, at least two companies serving state-regulated cannabis businesses, CanPay and Hypur, have introduced mobile payment apps that use decoupled debit in an end run around card brand rules banning cannabis-related transactions from their networks. Meanwhile, a number of more traditional merchants are adding payment functionality to mobile loyalty apps and encouraging customer adoption with discounts. Cumberland Farms, a convenience store chain with 700-plus locations in New England and New York, offers a discount of 10 cents per gallon to customers who pay for gas with its SmartPay mobile app.
This year, the big push has been on cash discounting. ISOs and merchant level salespeople (MLSs) have been positioning cash discounting as a way to help businesses reduce payment acceptance costs without hindering their own opportunities to drive residuals. Most ISOs and MLSs selling cash discounting say it has been a lucrative undertaking. Matt Nern, vice president for sales and marketing at SignaPay, an ISO that introduced cash discounting to merchants in 2017, related earlier this year that about 60 percent of new merchants the Irving, Texas-based ISO signs each month now opt for cash discounting.
But the betting is that cash discount programs will be short lived. Visa raised concerns over cash discounting in October when it issued a bulletin reminding acquirers and their sales partners the programs must comply with its rules. Visa rules require that discounts for cash be applied to stated prices, akin to the way gas stations offer discounts for cash payments.
"It is just a matter of time before Visa and Mastercard become vicious about enforcing the rules, or some shopper who happens to be a grandmother of a U.S. Congressman or Senator starts making a fuss," Steve Norell, director of sales at US Merchant Services Inc., wrote in his Dec. 10, 2018 Street SmartsSM column, "The next to last word on surcharging – maybe."
Many industry insiders believe cash discounting will give way to more merchants surcharging credit card transactions, which the card brands permit provided specific disclosure and other rules are followed.
Currently, laws in 10 states and Puerto Rico prohibit surcharging. However, laws in four of those states – California, Florida, New York and Texas – have been successfully challenged in federal courts. The courts ruled that the laws infringe upon merchants' First Amendment rights to free speech because they allow merchants to offer discounts for cash but not to surcharge credit card transactions. The U.S. Supreme Court seemed to side with those lower courts when in 2017 it instructed a federal appeals court in New York to reconsider a ruling on that state's anti-surcharging law with an eye toward Constitutional free speech protections.
While pricing concerns persist, card fraud appears to be the number one concern facing merchants today. Among merchants surveyed this year for the State of Retail Payments, a biennial study prepared by Forrester Research and the National Retail Federation, 55 percent identified fraud as the top payment-related challenge facing them, ahead of cost of acceptance, which was cited by 45 percent of respondents. This is despite the migration to the EMV (Europay, MasterCard and Visa) technical standard for smart cards, which the NRF reported is now being used by a majority of merchants (81 percent of small retailers and 99 percent of midsize and larger merchants).
"In a post-EMV world, fraud is shifting from in-person to ecommerce channels, so retailers have been busy bolstering their defenses to mitigate the increasing costs and risks of ecommerce fraud," the report stated.
According to Forrester, ecommerce fraud grew by 13 percent in 2017. This followed a 35 percent hike in ecommerce card fraud between 2015 (when most merchants were encouraged to have terminals in place that could read EMV chip cards) and 2016, according to an analysis by the Federal Reserve Board.
To help better combat fraud, the NRF-Forrester report said, retailers want better cardholder authentication procedures for both in-person and card-not-present (CNP) purchases. Fifty-one percent of those surveyed said biometrics would be the best way to verify transactions. Fifty-three percent expressed interest in specific biometrics techniques, such as fingerprints and facial recognition. Once the stuff of science fiction, biometrics-based authentication has become a reality in payments, with Apple Pay, Google Pay and Samsung Pay, all featuring fingerprint and facial recognition for payment authentication.
In January, Mastercard decreed that issuers must support biometric authentication for CNP transactions alongside PIN and password verification by April 2019. The new requirement also applies to in-person payments using mobile devices. Mastercard said the move is in keeping with regulations for strong customer authentication spelled out in the latest Payment Services Directive (PSD2) implemented this year by European Union member states.
That directive paves the way for nonbanks (such as fintechs), acting on behalf of business and consumer customers, to initiate payments directly from those customers' bank accounts – hence its requirements for advanced security protocols. Mastercard also pointed to research suggesting most consumers and bankers support greater use of biometrics.
Interest in PIN authentication is also strong. Among merchants surveyed by the NRF and Forrester this fall, 95 percent said they believed requiring PINs would improve the security of card transactions; 92 percent said they would implement PIN authentication if it were available.
While EMV chips make it difficult to counterfeit credit and debit cards, they do little to stop criminals from using stolen cards, Stephanie Martz, NRF senior vice president and general counsel noted. Decisions by the major card brands to drop signature requirements for card-present transactions create even greater vulnerabilities, she suggested. "If we want to stop card fraud, we need a better way of authenticating users, and it should be one that's affordable, easy and safe," she added.
Data breaches continue to dominate the headlines, including the massive breach that exposed the personal information (including from credit cards and passports) for up to half a billion customers of the giant hotel chain Marriott International. The breach, revealed on Nov. 30, triggered an outcry from lawmakers and calls for legislative remedies.
Among them, Senator Ron Wyden, D-Ore., who announced he would introduce legislation in January that closely mirrors PSD2 requirements around data security. Wyden wants government fines for companies that fall short on securing customers data. He and other House and Senate Democrats also have suggested executives at breached companies should face jail time.
News of the Marriott breach came on the heels of a report from Verizon indicating a downward trend in businesses compliance with the Payment Card Industry (PCI) Data Security Standard. According to Verizon's 2018 Payment Security Report, just 52.5 percent of businesses achieved full compliance with PCI DSS in 2017, down from 55.4 percent in 2016. Verizon found that among retailers 56.3 percent were in full compliance; among financial services firms just 47.9 percent were fully compliant.
Mobile payments remain a nascent trend as evidenced by several studies. Auriemma Consulting, for example, reported this year that mobile payments account for just 0.6 percent of all debit card payments in the United States.
According to Auriemma, Apple Pay is the top choice among consumers who use mobile wallets – 77 percent of mobile POS transactions – but Samsung Pay users are more engaged, averaging 7.3 transactions a month compared with 5.5 transactions per month for users of Google Pay and Apple Pay. Anita Solaman, director of Auriemma's Debit Management Roundtable, said this difference may be attributed to Samsung's technology strategy. Unlike Apple Pay and Google Pay, which work only with NFC card readers, Samsung Pay also is compatible with the traditional card readers most merchants already use.
Mobile payments appear poised to gain ground, however, as more banks see the value in offering mobile options. Zelle, the person-to-person mobile payment app launched in 2017 by a consortium of banks, said it grew by more than 73 percent this year, and in the 12 months ending on Sept. 30, it processed more than 375 million transactions valued at $106 billion.
Fintechs also continue to enter the fray and appear to be gaining ground with regulators. In July, the Office of the Comptroller of the Currency, the U.S. Treasury Department agency that regulates commercial banks, said it was opening its charter approval process to fintechs, and in September, the agency gave a preliminary OK to Vario Money Inc. to open the nation's first mobile-only bank.
"Companies that provide banking services in innovative ways deserve the opportunity to pursue that business on a national scale as a federally chartered, regulated bank," comptroller Joseph M. Otting said in publicizing the new charter application process.
Patti Murphy is senior editor at The Green Sheet and president of ProScribes Inc. Follow her on Twitter @GS_PayMaven.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next