Proprietary standards for crucial technologies like EMV and tokenization are crimping competition in the payments industry. Here’s how to fix that.
As new payments technologies evolve and quickly become mainstream, businesses and consumers should have the whole story. The public has been told these new technologies are stronger and more secure, and drive more innovation than other payments systems.
We’re asked to believe a single solution owned and operated by a few of the biggest players in the industry can manage digital payments more quickly, more securely, and more efficiently.
Here’s the rest of the story.
Proprietary technology—solutions like EMV and tokenization—do enhance security, no question. But the application of these solutions is also quietly increasing control and influence over the payments industry by the largest players.
These proprietary technologies limit issuer, merchant, and consumer access to debit accounts. The most significant (and maybe the most subtle) influence is being exerted by privately owned organizations that own the technology and concurrently control the operating rules, which creates and concentrates massive influence over the industry.
These EMV and tokenization technologies have placed commerce in the United States in a bind. The adoption of these new technologies has swept over us like a tidal wave quickly and powerfully.
Now, our task is to swim back against the tide. We should stop to take stock and understand what impact these technologies will have in the long run. We must discern whether these technologies will create a healthy payments environment for the future of American commerce.
Open Standards
I recently had the opportunity to see how an effective alternative payments system operates when I visited Europe. As I traveled the continent, every transaction I witnessed on a debit or credit card included the use of a PIN to authenticate the consumer and the transaction. This was true of every transaction I witnessed, but not those I performed.
You see, the transactions I executed myself were on an American card that didn’t require a PIN or even allow me to use a PIN. The technology that’s a “must” for the rest of the world is apparently not as critical for consumer authentication in the U.S. Why?
In the United States, the answer lies in our increasingly competitive system where several PIN-debit networks operate alongside the global brands. In recent years, these global players have entered the PIN-debit space and, conversely, PIN-debit brands are enabling dual-message transactions.
In theory, the playing field is leveling and competition is ramping up. In practice, though, there are still issues of closed standards and restricted interoperability, which subsequently leads to limited choice, decreased flexibility, and stifled competition.
Our industry has the responsibility to ensure the technology we use is based on open standards. Together, we must build a baseline of interoperability for authentication and data-protection protocols across the ecosystem.
Limited Competition
Let’s start with the PIN. Use of a PIN secures the transaction. Decades of fraud statistics prove that. Arguably, the best attribute of the PIN is a consumer’s ability to change it by using various methods and in real time.
Certainly, security benefits from a layered approach. Attributes like biometrics or geolocation strengthen, but do not replace, the unique value of the PIN. Further, none of this should suggest PIN is a replacement for the encryption or tokenization of card data. All of these should be available to maximize security, choice, and flexibility.
Tokenization is another example. The current issuer-based tokenization strategy to protect card data would be a good one if it were not restricted. Tokenization takes data protection out of the hands of the banks and credit unions that issue the cards and gives complete control to the largest networks.
In essence, a bank or credit-union customer only has access to their money if their purchase routes through a single organization … which owns the technology and controls the rules that govern interoperability.
The result is limited competition, which creates pricing risk. The automated clearing house (ACH) has effectively resolved this issue by maintaining a set of standards and ensuring interoperability. This could serve as a useful model.
Limitless Potential
The U.S. payments system is excellent, yet it could be better. It’s time for the electronic-payments ecosystem in the United States to take the lessons learned and grow to maturity in an informed and organized way. We have the opportunity to build a world-class payments system based on open standards and governance.
Industry leaders, along with standards organizations like ANSI and ISO, are well-suited to lead the charge to facilitate collaboration, create standards, and craft governance. All will benefit from the innovation, interoperability, and non-discriminatory access that will surely result.
The future of payments is too important to leave in the hands of a few. We all have a part to play in deciding the future of payments. And we should all have a voice to ensure the system we serve is always chasing its limitless potential.
—Terry Dooley is executive vice president and chief information officer at The Shazam Network, Johnston, Iowa. Reach him at tdooley@shazam.net.
By Saying, “Hey Siri,” RBC Mobile Users Can Pay Their Bills
E-billing alerts aren’t the only way EBPP technology providers are making it easier for mobile users to pay their bills electronically. Royal Bank of Canada recently upgraded its mobile-bank app to allow customers to pay their bills using Siri, Apple Inc.’s voice-activated, digital personal assistant for the iPhone.
RBC app users instruct Siri what bill to pay, saying, “Siri, pay my electric bill,” for example. Next, the customer tells Siri the amount to be paid and the date to send the payment. Payment details appear on the screen of the user’s phone for confirmation before the user provides final authorization of payment using Touch ID, a fingerprint sensor available on iPhones using Apple’s iOS 10.3 or higher. To turn on the service, consumers select the Siri option in the RBC app’s settings. RBC customers cannot receive or view their bills through the RBC app.
In addition to paying bills using Siri, RBC app users can make person-to-person transfers using Messages, Apple’s instant-messaging service. App users can send an Interac e-Transfer P2P payment through Messages without leaving their messaging window.
“By offering bill payments through Siri and P2P transfers through Messages, we’re providing another convenient solution to support our clients’ payment needs by giving them the ability to choose how they pay,” says Peter Tilton, senior vice president, digital, for RBC.
While RBC’s Siri bill-pay feature is a first for Canadian consumers, Sydney, Australia’s Tyro bank offers bill pay through Siri on its mobile app. The Siri bill-pay feature builds on Apple’s integration of Siri and Messages to payment applications, such as Square Cash. Mobile-app integration to Siri is made possible through SiriKit, a software development kit Apple introduced for iOS 10 in 2016. The kit provides app developers with the tools to send messages, place calls, make payments, and more, using Siri.
RBC believes that offering bill payments through Siri and P2P transfers through Messages will provide another customer convenience by giving them the option to choose how they pay, Tilton says.