Q: My credit card had to be re-issued because of the Home Depot security breach; are there newer payment systems that will be more secure?
A: In light of the JPMorgan, Home Depot, and Target security breaches, President Obama recently signed an executive order encouraging movement towards chip-and-PIN technology in 2015. This will work concurrently with law changes already in place that will shift the burden of fraud liability to the merchant or bank that has not invested in new technology.
This means that at some point soon, most of us will need to start paying for merchandise at stores or online using different systems. Most likely chip-and-PIN smartcards will replace our current credit cards that have the 'magnetic strip and security code' on the back. With the new cards, the merchant's reader will connect with a chip embedded in your card, prompting you to enter a PIN to complete the purchase. This process is encrypted and therefore is more secure.
A more interesting skirmish is breaking out over 'tap and pay' systems, where the consumer can touch the merchant's reader with a device to make payment. Remember the battle between VHS and Betamax as to which video technology was more superior? Ironically both are now obsolete.
In one corner, we have "CurrentC" developed by MCX, a company organized by retailers including Walmart.. This system uses QR codes to make payment. You'd sign up with CurrentC, register your bank account for ACH debiting and download their app onto your smartphone.
At the cash register, you'll either use your phone to scan the QR code generated by the store for your purchase approval, or the cashier might scan the QR code on your app to apply frequent buyer rewards or coupons. To make purchases without scanning (for example, at the gas pump), the app might generate a PIN code for you to enter into the merchant's system.
This system is favored by retailers as their way of saving the 2-3% cost of working with VISA/Mastercard, and does not require replacing existing point of sale machinery. Thus, merchants like Walmart, Best Buy, CVS and Rite-Aid are currently declining to work with other tap-and-pay solutions in favor of CurrentC.
This brings us to the new contender, ApplePay. The latest Apple devices come with TouchID, a fingerprint reader, as well as a NFC antenna, enabling consumers to simply point their phone near a merchant's machine and place a finger on TouchID to approve the payment. When you register your bank card with ApplePay, a unique number is assigned, encrypted, and securely stored in a dedicated chip inside the Apple device (not on Apple servers). The device number, along with a transaction-specific one time code, is used to process your payment. The consumer enjoys convenience and security.
However, only about a dozen large banking institutions are on board at ApplePay's launch, so you may not be able to register your card until its bank joins their system. Merchants need to invest in infrastructure, since they'll need to replace their checkout hardware. Target, Whole Foods, and Macy's are included in ApplePay's current group of participating retailers.
Initial pundit reaction is that CurrentC is geared towards its merchants' goals, with its ability to circumvent the VISA/MC charges and track of its customer purchases, while NFC systems like ApplePay and GoogleWallet focus more on consumers' anonymity, convenience and security.
We'll be watching with interest as to which system wins out, as consumers vote with their buying habits. I wonder how many people will throw up their hands and switch over to using cash currency.