January 9, 2015
Anyone who has been paying attention to the security of credit card purchases should be concerned. Starting in 2007 a major clothing retailer holding company experienced the theft of data from 45.6 million credit and debit cards. Since then, there has been an explosion in theft of email addresses, credit card information and other personal data which has been stolen, resold and reused by the hackers for financial gain.
For shoppers, these thefts are mainly a nuisance. They must replace a card, check records for fraudulent purchases, and worry about further problems in the future. The merchant or banker — the responsibility depends on the precise terms of the transaction—has the more immediate loss that can add up to hundreds of billions. The numbers of thefts suggest that even vigilant merchants have a very hard time losing customer information, including names, credit card numbers, the card verification code (the three-digit check card on the back), and sometimes passwords and addresses.
The Search for a Secure Solution
Given the situation, it is no surprise that vendors, card processors, and banks are looking for use of better security. What is surprising is that technologies that have been around for many years are only now being promoted in the U.S. And progress may be further slowed by a fight between banks and small vendors backing one technology and big vendors the other.
The Current Technologies
One technology has been around for a long time but is only now attracting common use. It depends on a device to securely store customer information and transmit it without loss. The other is short-range wireless radio to connect with the network. The techniques mainly used are EMV (for Eurocard-MasterCard-Visa) to handle the data and NFC (near field communication) to transmit it.
The EMV technology was designed around 1990. It is endorsed by most of the world’s credit card companies, most recently China’s UnionPay. Some manufacturers, starting with Nokia, used EMV to enable mobile phones to replace credit cards. NFC has been around since Nokia, Philips, and Sony established the Near Field Communication Forum, and Nokia brought out its first NFC-equipped phone in 2006. Google brought out easier credit card technology with Google Wallet for store purchase in 2012, and most of the up-market Android phones have the required EMV and NFC components.
Then came Apple Pay. The technology, standard in the new iPhone 6 and 6 plus, benefits from the Touch ID finger reader used to identify the buyer. The software is built into the iOS 8 operating system.
The Showdown: Banks vs Retailers
Apple Pay was part of the heavy promotion of iPhone 6 and many companies supporting its use, especially the members of the bank group that signed up and began promoting Apple Pay even before the new iPhone shipped. The hardware and software of Apple Pay and Google Wallet are somewhat similar. But Apple is getting the promotion from participating banks and vendors, who have mostly been quiet about Google Wallet. Meanwhile, Samsung and other Android manufacturers rarely publicize the availability of Google Wallet. This explains why the reaction to Apple Pay has been so much more exciting.
The competition that really matters is coming not from other phone makers but a consortium of large venders such as Wal-Mart and Target. They are supporting a rival technology from the Merchant Commerce Exchange (MCX) that has developed its own technique, CurrentC.
CurrentC is designed to be used on the existing hardware of many phones, though detail of the software has not been made available. Communication of information from the phone is provided not by radio but by a QR barcode to be read by a receiver in the store. Like Apple Pay, the information attractive to thieves is no longer available as in standard credit card transactions.
The problem is that CurrentC is just running a trial and the service is not yet available. Meanwhile, Apple Pay and Google Wallet, which require the same information on the store end, are out and being used now. And while Apple Pay only works on the iPhone 6 (and, in a limited way to protect internet purchases, on the new iPad), the sales of the new models has put millions in use.
So the battle boils down to the retailers behind CurrentC and the army of banks and credit card companies—including Visa, MasterCard, Citicorp, and Wells Fargo—backing Apple. The first skirmish in a real fight started just after the release of the iPhone 6. Customers who were buying in stores equipped with NFC readers started using merchants who had not formally agreed with Apple. MCX ordered chains, including CVS and Rite Aid, which have signed contracts giving exclusive rights to CurrentC to block the use of Apple Pay in stores.
With the dispute between retailers and financial companies over the processing of sales not going away, the dispute is likely to intensify once CurrentC launches fully this year. It will probably be a fairly long battle between the technologies, and maybe both will survive. Either way, though, consumers are likely to benefit from the services that make the theft of credit card information much harder.
Steve Wildstrom is a technology writer, analyst and consultant. He wrote BusinessWeek's Technology & You column from its creation in 1994 until BusinessWeek's acquisition by Bloomberg in December, 2009. Before starting Technology & You, Steve served as senior news editor in BusinessWeek's Washington bureau and edited the Washington Outlook column. Used with the permission of http://thenetwork.cisco.com/.