Skip to Main Content
PCBB Banc Investment Daily April 02, 2014
Banc Investment Daily
April 02, 2014

Locking Down Risk Or Playing Hopscotch

The retail store Target has an interesting history, starting out being as part of a large retail chain that began in MN in 1902 as Dayton's Dry Goods Company. The first Target store opened outside Minneapolis in 1962 and over time became the largest division of Dayton, prompting the company to change its name in 2000 to Target Corporation. The store name "Target" was coined by the company's publicity department in the 1960s and was intended to differentiate the discount chain from the department store Dayton's. Sadly, it would seem that with the recent data breach affecting some 110mm shoppers, Target has indeed become a target.
Security experts would say a big reason for this breach (as well as others) is that U.S. credit cards still use magnetic stripes, while most of the rest of the world has moved on to chip and PIN systems that require dual authentication at the time of purchase. When such cards are stolen, the PIN can be changed so the stolen card is useless. The system we use is certainly less secure and thus has a big target painted on its back.
Of note, starting Oct. 2015, consumers will no longer swipe a credit card and will instead insert it into a slot in a new machine. The machine then reads a microchip (not the stripe) and allows for a PIN number or signature. The expenses for this shift are high and the scope of the job is enormous. Think of every merchant terminal and every single place a card can be used as needing an upgrade. The "stick" being used by the credit card companies to assure the switchover occurs is to transfer fraud liability to any party that has not upgraded its equipment by the cutover date. After that point, those who don't switch will have to pay for any fraud that occurs.
These new payment terminals for chip and PIN cards are designed to generate a unique random number to authenticate transactions and this approach has mostly provided protection from fraud. There are exceptions, of course, and research in the UK found some terminals were producing unique numbers with predictable patterns that could be replicated by thieves, so there is still room to improve. To be sure, there will always be exceptions, but the developing technology certainly makes it harder for thieves.
At a recent financial technology conference attended by many international financial service providers, we found that an explosion in mobile payment technologies is taking over in many markets, especially in Europe. While there are certainly security issues surrounding mobile payments, we wonder if this avenue could offer the U.S. payment landscape an opportunity to hopscotch over the replacement of physical machines in every place of business. Consider that there are merchant specific mobile payment technologies already available (like at Starbucks), but overall the use of mobile payments through digital wallets is still pretty rare. The latest data finds Google Wallet is accepted at around 20 merchants and Apple Passbook can manage app and loyalty cards but not debit or credit cards. Meanwhile, Lemon Wallet can store cards and uses a PIN to access the information, but once again the merchant needs to have the technology to accept the payment.
We think the next 12 to 18 months in the payments space are going to be a very interesting time as Americans shift the way we pay for goods and services. Some may say it will take longer for behavior to change, but looking at how quickly mobile banking has transformed our industry, we think 18 months is a long time these days--stay tuned.