12th Annual The 10 Most Pressing Issues in E-Payments

If understanding a problem is the first step toward a remedy, here are 10 first steps for the executives who must grapple with the complexities of payments every day.

Well, here we are with our annual list of the 10 issues causing the most sleepless nights for payments executives these days. Our compilation this time ranges from that perennial headache, EMV, to related issues surrounding contactless and near-field communication technology, to online checkouts, with much in between.

We’re not really trying to keep you up at night, but we do feel it’s important to catalog, periodically, the top-of-mind issues in this dynamic business. This isn’t because we need to prove that all isn’t sweetness and light—nobody who works in payments needs that reminder—but because this catalog serves as a sort of checklist, a handy reference, for busy managers who must constantly sort the overriding problems from the everyday nuisances.

So here are the super-nuisances, ranked and described. Perhaps we’ve missed a few that you think ought to be on this list, or included some that you feel we should have omitted. If that’s the case, drop me an email at john@digitaltransactions.net. Who knows, your suggestion might make next year’s list. If it’s really that big a deal, chances are it will still be a pressing issue by then.

1. The Expensive Fuel-Pump EMV Retrofit

Convenience-store operators and other retailers selling fuel have two years left on a deadline extension to install EMV at the pump and avoid liability for fraud if they can’t process EMV chip card transactions.

The prognosis, however, even with 24 months remaining, isn’t completely optimistic. A big sticking point is the cost. At an estimated $4 billion to $6 billion industrywide, the conversion not only requires new point-of-sale systems and new card readers at the pump, but also installation scheduling and staff training.

The odds of the industry making the deadline? Not good, said Terry Mahoney, a partner at W. Capra Consulting Group, earlier this year. According to estimates he presented at a payments conference, anywhere from 30% to 50% of locations had already converted their in-store systems to EMV acceptance. He figures that will reach 90% by the end of the year. All told, there are about 150,000 fueling sites in the United States, he said.

Still, strides are being made. A company called Gas Pos launched a service that puts EMV-compliant card readers in fuel dispenses and in stores with no hardware costs for the merchants. Instead, they pay for processing and a monthly fee for each pump card reader.

Fuel-pump maker Gilbarco Veeder-Root launched an EMV-dispenser program for Chevron and Texaco retailers earlier this year. Dispenser maker Dover Fueling Solutions exhibited its EMV product in October at a c-store operators’ conference.

And, late last year, NCR Corp. said a fuel retailer completed its first outdoor EMV transaction using its Optic upgrade kit, which offers retailers a choice of two screen sizes for their dispensers. Multiple payment types, including EMV and contactless, are included with the devices.

2. Will 3-D Secure 2.0 Solve Online Fraud?

Fraud is the scourge of online retailers. One report said e-commerce fraud increased 7% from 2015 to 2017. Merchants have to contend, too, with account takeovers, when a criminal attempts to pose as a legitimate customer. The card brands, having learned that their first incarnation of 3-D Secure interfered too much with the checkout experience, are poised to offer a new 3-D Secure product, one they promise will be less intrusive, yet aid retailers and issuers alike in fighting fraud.

Payments provider Adyen already is offering a 3-D Secure 2.0 service. Adyen said its 3DS 2.0 is capable of authenticating a transaction in the background without customer intervention, “creating a seamless payments experience and helping merchants increase conversion rates.”

3-D Secure 2.0 also incorporates stronger authentication methods, enabling consumers to use biometrics like fingerprints, voice recognition, or facial scans, and text-based two-factor authentication, in a transaction.

3-D Secure 2.0 may even help root out account-takeover attempts if the criminal’s device doesn’t match that previously associated with a legitimate customer.

For example, on mobile devices, 3-D Secure 2.0 collects 12 bits of data, regardless of if a smart phone is an Android, iOS, or Windows 10 Mobile device, plus more than 130 other parameters for Android, 14 for iOS, and more than 25 for Windows Mobile 10. This can include time zone, system font, whether the device is roaming on a cellular network, and language preferences.

But time is of the essence. Visa, which says 3-D Secure 2.0 could reduce transaction times from the earlier version by 85% and reduce cart-abandonment rates by as much as 70%, announced the new protocol is set to be enforced beginning in April.

3. The Common Buy Button

When consumers walk into a store, they may use any of a number of payment cards at the cashier stand, but they deal with just one terminal. This spring, the major card networks began talking publicly about plans for a similar experience online—multiple card brands, but one checkout “button.”

Sounds logical. It also promises, the brands say, to sweep away all the confusion surrounding the typical experience on a checkout page, making for easier, faster eheckouts. Just one catch: merchants aren’t necessarily onboard with this new idea.

The so-called common buy button idea stems from a set of technical specifications that are part of the Secure Remote Commerce rules recently drawn up by EMVCo, a standards body controlled by six global card networks, including Visa Inc., Mastercard Inc., American Express Co., Discover Financial Services, Japan’s JCB, and China UnionPay. A technical framework for the spec was released a year ago, but the spec itself so far has been restricted to subscribers, a move that stokes suspicions among some merchants who are already disposed to distrust the card networks.

These merchants fear the big networks may shut them out of the development work and possibly disregard their routing rights when it comes to debit checkouts. The problem is compounded by the fact that at the time Visa indicated it might be ready to move its digital wallet, Visa Checkout, to the SRC spec by year’s end.

“It’s a speed-to-market challenge for merchants that have their own pay buttons,” Laura Townsend, senior vice president of operations for the Merchant Advisory Group, a Minneapolis-based trade group for major retail chains and airlines, told Digital Transactions in May. And yet, she said, “We don’t have access to the spec.” Still, some observers estimate full implementation of a common checkout will take much longer.

To be sure, the networks are under pressure to act soon. Cart-abandonment rates are dismal, and checkouts like PayPal and Stripe have long since stolen a march on the likes of Visa Checkout and Mastercard’s Masterpass wallet. PayPal and Stripe are available at 4.36% and 3.62% of the top 10,000 Web sites, respectively, compared to 0.18% for Visa Checkout and 0.30% for Masterpass, according to Similartech.com.

4. Faster Payments And the Fed’s 2020 Deadline

In the summer of 2017, the Federal Reserve set an ambitious deadline for real-time payments in the United States: It wanted a national system operating by 2020. Is that going to happen?

To be sure, for a nation that lags badly behind much of the developed world in faster payments, getting to real time within just three years requires some heavy lifting. Efforts are under way. The Clearing House, for example, is signing banks directly—and many small and mid-size institutions through their core processors—for a real-time payments system it built with help from Vocalink Holdings Ltd., the technology company that developed real-time payments in the United Kingdom 10 years ago (see the Trends & Tactics section in this issue for more).

Mastercard Inc. saw enough value in Vocalink’s capabilities—and enough potential business in moving to real-time applications—that it shelled out $920 million for Vocalink in 2016. Now, it’s starting to roll out those applications, starting with real-time bill payments. And just last month the Fed indicated it might itself jump into the game with a real-time settlement system, an announcement that came as a somewhat unsettling development for The Clearing House.

But some observers worry that, in the headlong rush to build real-time systems, the country might be courting a surge in fraud, particularly if new safeguards aren’t introduced. With transactions clearing and settling in seconds, banks have to make fraud decision in the blink of an eye compared to the time they have even with same-day automated clearing house transactions.

For the nation’s banking system, will it come down to meeting that 2020 deadline at the expense of more fraud losses?

5. Overdue Changes in Card-Not-Present Payments

Back in October of 2012, the headline for an e-commerce story in this magazine asked, “Just What Does Card-Present Mean These Days?” Six years later, we still don’t have an answer.

Even earlier, online merchants and their payment processors had begun to question the hard-and-fast pricing distinctions in bank card interchange rates for card-present and card-not-present transactions.

When e-commerce began gaining momentum in the mid-1990s, the logic was clear: a face-to-face transaction was much less risky than one in the new online channel, so a pricing premium of about 50 basis points or more for card-not-present purchases was justified.

Since then, however, e-commerce risk control has vastly improved thanks to new technology that authenticates cards, computers, and mobile devices, as well as tokenization that hides cardholder data from cyberthieves.

But merchants’ card-acceptance costs for online transactions still don’t fully reflect today’s better fraud-control techniques. Nor do costs and transaction procedures reflect the blurring of the card-present and card-not-present payment environments created by the new gig economy.

At a recent payments conference, Ashwin Raj, the vice president responsible for payments at Lyft, said legacy payment systems for authorizations, funds movement, and chargebacks all create inefficiencies for the ride-share service.

For example, even though the passenger who orders a ride is in the same vehicle as the driver, Lyft is assessed card-not-present interchange rates. “That creates a fundamental disconnect in the process,” Raj said, adding that processing tips and handling chargebacks involve other inefficiencies.

Lyft is far from the only gig-economy or e-commerce merchant to question current card pricing and procedures, but it remains unclear if or when banks and payment networks will respond with something the merchants deem satisfactory.

6. Merchant Suspicions About NFC

Many payments executives have high hopes that near-field communication will transform clunky U.S. payment card transactions into smooth, speedy contactless ones. But controversy never strays far from NFC, a subset of radio-frequency identification technology that now comes installed in many smart phones and powers the Apple Pay, Google Pay, and Samsung Pay mobile wallets.

At the start of this year, only about 1% of U.S. point-of-sale general-purpose payment card transactions were contactless. Some experts expect that figure to rise quickly, however, because almost all of the new EMV chip card terminals in stores are capable of accepting contactless NFC payments, and more merchants are actually turning that functionality on.

Most notably, Costco Wholesale Corp. recently activated NFC in more than 500 stores.

NFC could get a further boost from new tap-and-go fare systems being installed on mass-transit systems in New York City, Boston, and Philadelphia. And more credit and debit card issuers are expected to give cardholders so-called dual-interface cards that support both contact EMV and contactless NFC payments when they replace their first generation of contact-only EMV cards.

But some big-box retailers are suspicious about payment-network policies that they believe require them to accept all of the NFC-based mobile wallets into which consumers can load credit and debit cards.

The retailers have two big objections. The wallets might enable competitors to see what their customers are buying. They also might prevent debit-card-based transactions from reaching the lower-cost PIN-debit networks, as required by the Dodd-Frank Act’s Durbin Amendment, instead routing them only to the Visa and Mastercard networks.

Networks indicate contactless debit transactions will work like other debit purchases and comply with all applicable regulations.

Mobile wallets and dual-interface cards still have too little payment share to confirm if merchants’ initial fears should be a long-term concern. Yet as long as that uneasiness exists, it could put a brake on NFC adoption.

7. Dual-Interface Decisions

They struck out the first time, but so-called dual-interface chip cards that support both contact and contactless credit and debit payments are at bat again, and this time they might get on base.

The first wave of EMV chip cards, which appeared in 2014 and 2015, is getting near the end of its normal lifecycle and coming up for replacement. With few exceptions, these cards were of the contact variety in which the card is inserted, or dipped, into the point-of-sale terminal.

In contrast, dual-interface cards not only have an EMV chip for contact transactions, they also use near-field communication technology to support contactless payments. But when EMV debuted, such cards cost about twice that of a contact-only card.

And while merchants’ new chip-card-accepting POS terminals almost invariably supported contactless transactions, few retailers had activated that functionality. Issuers cited the lack of consumer and merchant demand as well as the cheaper economics in going with contact-only chip cards.

But the cost spread between the two card types is narrowing. What’s more, issuers can no longer cite merchant indifference as a reason to stick with contact-only cards: Visa says that as of June, 50% of its U.S. face-to-face transactions happened at contactless-enabled merchant locations.

Some of the nation’s biggest payment card issuers are getting the contactless religion. Citigroup Inc.’s cobranded Visa credit card for Costco Wholesale Corp. is a dual-interface piece of plastic that doubles as a Costco membership card. Early issuers of dual-interface cards for at least part of their portfolios include TCF Financial Corp., American Express Co., Capital One Financial Corp., Wells Fargo & Co., and Oklahoma’s Banc First.

A year ago, contactless cards generated less than 1% of general-purpose card transactions, and only about 5% of cards in issue were of the dual-interface variety. A year from now, those numbers are likely to be higher, though how much higher is a matter of speculation.

8. Tech Companies’ Banking Aspirations

Technology companies with a stake in payments are showing signs they’d like to take on a broader role in financial services. That could be bad news for traditional banks that already have their hands full competing in payments.

Would consumers welcome services from, say, an Amazon.com Inc. or a Square Inc.? A survey out last month from Brookfield, Wis.-based bank processor Fiserv Inc. suggests they just might—and that they’re considerably more likely to do so than they were only a year ago.

The survey says 55% of consumers feel comfortable using a company like Apple Inc. or Alphabet Inc.’s Google to pay bills, up from 40% in 2017. Thirty-nine percent would take out a loan from a tech-company service, up 10 percentage points, and 52% would use a tech-company service for person-to-person payments, up 14 points.

The results, based on an online survey of 3,050 consumers by The Harris Poll, comes as payments and e-commerce companies are testing the boundaries of what non-bank, technology-oriented companies can do in financial services.

Square this summer withdrew an application with the Federal Deposit Insurance Corp. for an industrial loan corporation, a type of bank that would support the company’s growing lending business, but said it plans to refile. Nearly at the same time, the Office of the Comptroller of the Currency opened the door for nonbanks with a decision to allow financial-technology firms to apply for national banking charters.

Other recent research indicates Amazon could find considerable consumer interest in its reputed banking ambitions. Earlier this year, for example, the e-commerce and payments giant was said to be in talks with major banks about a checking product for consumers.

9. The Incomplete EMV Conversion

Three years after the liability shift that spurred widespread consumer, merchant, and issuer adoption of EMV contact cards in the United States, pockets of merchants continue to hold out against the card technology. Still, considerable progress has been made.

In August, Visa Inc. said more than 3.1 million merchant locations accepted the chip cards as of June 30, a significant increase from 392,000 in September 2015, just before the October 2015 liability shift became active. Consumers have EMV cards in hand, too. Nearly 500 million Visa credit and debit cards bore an EMV chip at mid-year.

But there are holdouts among merchants. The U.S. Payments Forum, using data from all four card brands, said in August that contact chip transactions were enabled at 58% of all U.S. merchant locations. That leaves 42% still reliant on magnetic-stripe acceptance technology.

One initiative to spur more EMV transactions, and perhaps persuade some holdouts to adopt the technology, is a push to make contactless payments more common. In September, Visa began preparing an adoption campaign involving issuers, merchants, and consumers.

The card brands promoted contactless payments for mag-stripe cards more than 10 years ago. That campaign failed dismally. This time, Visa said, merchants are ready: half of the card brand’s U.S. face-to-face transactions happen at contactless-enabled merchant locations.

Other segments continue to work on EMV adoption. Many point-of-sale system developers lacked the resources to update their software with the EMV specification for each POS terminal that could be used with it. Many turned to semi-integrated payments services, which placed the payment-processing step outside of the POS software itself. Sensitive card data captured by the POS device bypasses the POS software and connects to a gateway for processing.

10. Banking on Pot

Legal marijuana is all over the news lately as growers, medicinal cannabis providers, and retailers in states where pot is permitted proliferate. Recreational-marijuana sales are now legal in eight states and the District of Columbia, and medical cannabis is legal in 30 states and D.C, according to Governing magazine.

Pot also is hot in Canada, where recreational marijuana sales began Oct. 17. A number of publicly traded U.S.-based cannabis companies now list their shares in Canada.

The federal government remains the big impediment to this budding industry’s growth. The U.S. Drug Enforcement Administration still classifies cannabis as a so-called Schedule 1 drug, along with heroin, LSD, and other nasty stuff the DEA says has no currently accepted medical use and a high potential for abuse.

More and more consumers and entrepreneurs beg to disagree. The ArcView Group, which tracks the legal cannabis industry, estimates the U.S. market will have $11 billion in sales this year, which will more than double to $23 billion-plus by 2023.

Yet banks and payment processors mostly shun cannabis companies because of the federal ban, making the industry heavily cash-dependent—with all of the attendant downsides. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), however, says 411 depository institutions actively served the industry in states where marijuana is legal as of March, up 13% from 365 a year earlier.

But some observers question FinCEN’s figures. They note that while specialty payment processors and a handful of financial institutions openly serve the legal industry, many banks either discreetly serve just a few cannabis providers or cut them off after discovering that they had unwittingly booked a marijuana business.

The real solution to the dilemma remains an act of Congress that legalizes cannabis on the federal level, opening the door to full-service payment and banking services.