No More Pin Pads

I recently had a conversation with a client who said acquirers want to be innovative and get rid of terminals (pin pads). But they did not know how.

In the light on Pin On Glass emerging, I think this is a relevant question. Hence I wanted to share some of my thoughts.

Why talk about this?

• Terminals are expensive, as they must adhere to strict security standards
• Terminal management is a cost for an acquirer. When using off the shelve consumer products (like iPads), this could be delegated to the merchant. At least to a certain degree.
• Financial institutions want to stay at the forefront of fast changing FinTech, or even aspire to become disruptors. The reality probably is though that most just don’t want to lag behind.

What is already out there?

There are some solutions that already work without PIN Pads:

• Some markets allow terminals that only have a contactless reader without PIN Pad. This is for low amount industries, such as vending machines. Even though this probably goes against the “Honor all Cards” rules of the schemes.
• Apple Pay uses EMV to communicate with the contactless interface of the terminal. To circumvent the pin pad, Apple Pay uses “On Device CVM (cardholder verification method), or CDCVM”. With On Device CVM, the terminal assumes that the cardholder has been verified by the “card” before the card is being waved. In this case, the card is the phone. Apple Pay uses the finger print reader for authentication (to replace the pin). Simply put, this means that Apple Pay could be used in a secure way with a simple NFC reader, without pin.
• There are trials with chip cards that have a finger print reader (Mastercard’s new credit card has a built-in fingerprint scanner). These must work in the same way as Apple Pay and also do not require entering a pin.
• My opinion is that Pin On Glass will be widely adopted in the future. See this interview on the PCI web site: Mobile Payment Acceptance: A Look at PCI’s New Software-Based PIN-Entry Initiative. This has the potential to change the terminal world because with software security there is no more need for expensive, highly secure pin pads.
  This seems to be pushed by Square (Visa): Square gets green light to take on banks with 'PIN on glass' mobile technology
• There are many solutions out there that work on some sort of “card on file” method. E.g. PayPal’s Hands Free Payment: PayPal Beacon Hands Free Payments

Let’s take a step back

When taking a step back, what problems does the combination of terminal, card and pin solve?

1. Two-factor authentication with PAN (card) and PIN
2. The acceptance problem, aka chicken and egg problem (no merchant pays to enable acceptance of a payment instrument that no one uses / No one uses a payment instrument that no merchant accepts). Credit cards and terminals solve this problem on a huge scale (compared to other payment instruments) and do so in a secure, standardized, globally applicable way.

What can be done?

To replace pin pads, new ways to solve these problems must be found.

1. Two-factor authentication
   Two-factor authentication can be done in a number of ways. Some solutions are already mentioned above, e.g. introducing biometrics. One could also imagine the use of voice recognition or face recognition (MasterCard 'Selfie Pay' coming to Australia in 2017). However, this could also be as simple as to use someone’s e-banking credentials, phone number (SMS Code) or similar.
   The problem here is not the authentication options, the problem is how to bring your new form of authentication to the POS. There is a range of options that can be pursued. The most obvious one would be using a mobile app. The challenge is to create a simple transaction process and to gain acceptance, see below.
2. Acceptance Problem
   If we are to keep a similar level of security, we have to introduce a solution to point 1. This means changing the current payment process.
   How do you compete with a process that is already widely accepted, used all over the world, secure, trusted and most of all, fairly simple?
   The fact that I can buy a drink in Europe with my Australian card using the same process is hard to compete with. Say an issuer or acquirer in Australia introduces a new payment instrument, taking this to a global stage is a completely different challenge.
   And why is Apple Pay adoption sluggish? The answer to this is probably that consumers only change their habits if they see a benefit, or if the process is remarkably simpler. This article by Karen Webster makes total sense to me: What Walmart Pay Knows That Apple Pay Doesn’t

Conclusion

What does this mean for an acquirer/issuer that wants to disrupt?

Challenging the existing process with a generic and new payment instrument seems to be a bold step that is probably expensive and likely to fail. However, financial institutions that are acquirers and issuers could profit from an existing client/merchant base. This is an advantage they have over the myriad of FinTech startups out there (the ones they don’t already own).

Leveraging this potential and, for example creating a proprietary installment and small credit program, would enable a new revenue stream while providing a benefit to the cardholders. A neat integration with the existing merchants for in-store payments would certainly increase adoption.

This avenue seems to be more likely to succeed.

What are your thoughts?