|
By David Benitez and Michael Milchanowski
Mobile payment technology, or the ability to pay for goods and services via mobile phone, has experienced a rise in adoption and popularity in the past few years. Its rise stems from companies and consumers alike looking for new ways not only to make payments more accessible and convenient, but also to help decrease certain types of fraud.
According to the 2013 Federal Reserve Payments Study, the estimated number of unauthorized transactions (or third-party fraud) in 2012 was 31.1 million, with a value of $6.1 billion.1 General purpose cards—including credit, debit and prepaid cards, and ATM withdrawals—were used in the majority of these transactions, accounting for 92 percent of the number and 65 percent of the total value.
Much of this vulnerability stems from outmoded magnetic strip technology used in today's credit cards, which dates back to World War II and allows thieves to easily steal and clone payment data by reading the static information stored on each card's strip. In 2012, the major credit card networks (Visa, MasterCard, Discover and American Express) announced that they would migrate to EMV,2 a more secure technology already adopted worldwide that uses "chip" technology. To speed up the implementation of EMV cards and readers, the credit card networks will initiate a liability shift in October 2015, meaning that whoever possesses the lesser of the credit card technologies at the point of sale (merchant or card issuer) would be liable for any fraud.
Within this changing environment, multiple companies have put forth technological payment innovations that attempt to improve both security and convenience for consumers. From adding user-friendly card readers to merchant terminals to allowing payments with mobile phones through near-field communication chips (which allow devices to communicate with each other when a few inches away), payment technology has gradually intertwined with continuously upgraded consumer electronics.
At the heart of this innovation surge is a security feature known as "tokenization," or the act of replacing sensitive information (credit card numbers) with a token or a nonsensitive equivalent (that is, a unique security code). These tokens are produced by the chip that is a part of EMV technology for credit cards and also mobile phone payments. The process of tokenization decreases the sharing of sensitive information with merchants, people and applications, making each purchase unique and unrepeatable.
While mobile payments have existed in the U.S. for a number of years, the introduction of Apple Pay in 2014 has made them an increasingly common means of payment. The success of Apple Pay has sparked numerous rival companies, including Google and Samsung, to announce their own forms of mobile payments to be released in the near future. Competition and the rapid pace of mobile phone technological advancement will help ensure that advances in security and convenience reach consumers quickly.
As the payments field advances and changes, it is a certainty that companies will continue to listen to both consumer desires and industry needs. The transition from magnetic strip credit cards to more secure EMV technology is estimated to take years to complete, but in the meantime, consumer demand will continue to drive technological innovation in hopes of bridging the current security gap.
Michael Milchanowski is a senior manager responsible for the Supervisory Policy and Risk Analysis unit within the St. Louis Fed's Bank Supervision and Regulation division.
David Benitez is a policy analyst in the Supervisory Policy and Risk Analysis unit within the St. Louis Fed's Bank Supervision and Regulation division.
