Our payments system is built on trust. When you swipe a plastic card, the merchant trusts a bank to transfer your money. The bank trusts you to pay your bill. And everyone trusts each other to keep data like account numbers and transaction details private and secure.
A series of attacks on large retailers have called that trust into question. When you swiped a card at Target last year, it turns out you weren’t just sharing your 16-digit account number with the retailer: You were sharing it with overseas hackers who had penetrated Target’s network.
The good news is that the credit-card swipe is an endangered species. Banks are already starting to replace magnetic-stripe cards with new chip cards. And in a little over a year, they will start putting the risk of credit-card fraud on retailers who allow you to swipe your card rather than dip it in a chip-card reader. (You’ll still be able to swipe a card, in theory, but you may get a suspicious once-over if you try to do it.)
So far, mobile apps and online wallets haven’t taken off, because they’re more complicated than the good old-fashioned plastic cards . But if hundreds of millions of consumers are being asked to change the way they pay, it’s not a foregone conclusion that we’ll just switch from a swipe of the card to a dip of the chip.
The next 12 months are the moment to get consumers thinking about mobile payments. Because when they realize they can’t just swipe their cards anymore, they’ll be ready to try new things.
The Payments Players
This is why Apple is widely expected to get into the payments business, after holding back for years. It’s why Google, after a series of embarrassing setbacks, is still pushing Google Wallet. It’s why Amazon is getting into in-store payments with aggressive pricing. And it’s why PayPal is continuing to make its push into retail payments.
See also: Apple Is Walking Into Payments Naked
Apple’s interest here is twofold: It wants to protect its smartphone business by adding more features to the iPhone, and it wants to advance its iTunes system, already widely used for digital purchases. It might also sell some iPads as cash registers along the way.
If Apple adds NFC to new iPhones, that will mean you can bump your phone against a terminal to make a payment—including the handheld EasyPay terminals used in Apple Stores. But it seems likely that an Apple payment service will also address existing iPhone models, which lack NFC but have Bluetooth, which can be used to verify a customer’s physical presence in a store—a helpful point of data in preventing fraud.
The challenge for Apple, especially in light of the recent incidents of celebrity hacking, will be convincing consumers that it takes their security seriously. There are various technological ways of layering extra security around payment accounts. None of those will matter unless consumers trust Apple. It’s hard to underestimate the damage Apple has suffered here.
Google has made a lot of missteps with Wallet—chiefly by pushing NFC, or near-field communication, as a technology for transmitting payment information from a phone to a credit-card terminal. A technology called Host Card Emulation, or HCE, could change things for Google, by allowing Google to store payment-card information on its servers rather than in a phone’s “secure element,” a step that required cooperation from cellphone carriers. With HCE, Google can widen the number of phones and merchants who can accept phone-based payments.
PayPal is taking a different approach: It is eliminating the need for a swipe, dip, or tap. When you take a ride with Uber, PayPal’s Braintree service charges the ride against a stored card. When you order food from a restaurant with the PayPal app, you similarly don’t have to use a card or a phone—the payment’s taken care of online. This frictionless model of payment will seem especially appealing when we’re confronted with the swipe-or-dip dilemma next year.
The Swipe Holdouts
Amazon, Square, and a startup called Coin have a problem: Their local-retail payments services are built around the swipe.
Square is replacing its original, iconic card reader with a new model that can handle chip cards. But that reader won’t handle PIN entry, the standard in Europe. (In the United States, chip cards won’t require a PIN—instead, we’ll just sign our name on receipts as we do now.)
Amazon has just introduced a Square-like card reader called Amazon Local Register. It is pricing its swipes at a very low rate: 1.75 percent until 2016. That’s an appropriate discount for a product that won’t be on the market much longer. Presumably Amazon will have to replace its readers, as Square is doing. (An Amazon representative didn’t respond to a request for comment.)
It’s far less clear what will happen with Coin, a startup that lets you skim your own cards onto a single card which can switch between them. Coin has struggled to deliver its product, and recently warned customers who had preordered it of delays and missing features. It’s not clear how Coin will work in the age of the chip card—a cautionary tale of how startups can be as vulnerable to rapid technological change as large companies.
We can be grateful to Square, though, for showing that card readers and registers don’t need to be expensive. The hype about how costly switching out card terminals will be for merchants is vastly overplayed: Someone will gladly give away hardware to secure a merchant’s payment-processing business. Amazon and Square already effectively do that, charging $10 for a reader but giving that back to the merchant in a credit after they sign up. Upgrading from the swipe to a dip or a tap doesn’t have to be expensive.
Payments Without Plastic
I suspect that the real effect of this uncertainty over plastic cards will be to push more transactions online. Dipping a chip card is inherently slower than swiping plastic, which will slow things down at retail counters. (Add to that the delays as confused consumers struggle to figure out how they’re supposed to pay.)
The rational response won’t be to switch from swiping to dipping: It will be to avoid the whole process, by ordering through an app which has our payment credentials on file. We may still go to stores, but only to pick up merchandise that we’ve already paid for. Macy’s, for example, is rolling out same-day pickup for online orders. And Amazon, Google, and PayPal’s parent company, eBay, are all pushing into same-day delivery services, where the payment’s taken care of online. None of that requires a tap, a swipe, a dip, or a bump.
In just a few years, it will seem strange to hand over a plastic card with our full 16-digit account number to a stranger. It will seem strange, in fact, to hand it over to a retail establishment like Target or Home Depot. We may trust those businesses to stock their shelves with interesting merchandise—but protecting our credit-card accounts from hackers? That hardly seems like their core competency.
We’ll leave payments to the experts—and that will likely be big, established Internet brand names who already handle much of our commerce. That’s Amazon and PayPal, certainly; perhaps Google. Apple seemed like a contender until very recently. We’ll see if it mounts a convincing comeback against charges that it didn’t secure its customers’ accounts sufficiently.
Can we live in a swipe-free world? I have for 15 years. One of my credit cards actually doesn’t carry a magnetic stripe—it’s a specialty card issued in the 1990s purely for online use. Unlike my primary magnetic-stripe card, which routinely gets reissued due to retail-store fraud, it’s only been replaced by my bank once.
What will we do with those old plastic credit cards? Well, they’re great at removing gum.
Lead image by Joel Kramer