You Are You, Beyond the Card Present vs. Card Not Present Binary
In the payments industry, one primary logic gate that dictates interchange fees is card present vs. card not present.
Terminology this prosaic is exactly what it sounds like: either you’re making a purchase with the card in your hand, which the merchant can see, or you’re online, and the card might be in your hand, but the merchant must still take a leap of faith. The merchant gets charged a small fee for a card present transaction, but for the card not present transaction, there is an increase to this fee of 50 to 100 basis points to account for theoretical increased risk.
The card present vs. card not present cost increase was logical enough for a long time, but it’s rooted in some outdated ideas. The first is that all relevant parties–the credit card, the human that’s holding it, the merchant, and the item you, the consumer, are buying–are all in one location: the store. But this simply isn’t the typical shopping experience anymore. Even before the Covid-19 pandemic, we’d largely moved beyond the days of shopping in person. The second outdated belief is that the card carries the intrinsic value, instead of you, to whom the card belongs. We need to leave this binary behind in favor of a new paradigm. In this article, I’ll explain why.
Your Wallet vs. the Cloud
Why are we still holding onto the idea that the credit card itself has any security? The truth is, the number stored on a credit card in your wallet is not as secure as the same number you entered in the cloud. We should associate the person with the account number; it’s more secure than associating the person with the piece of plastic. Two-factor authentication makes that association quick and easy for the customer and secure for both sides, even when it’s virtual. It must perform two of three authentications: know something you know (your password), be something you are (your thumbprint), or have something you have (usually your cell phone). The process, in my view, is far more secure than a person holding a credit card the merchant can see.
The Risk Factor That Doesn’t Exist
Let’s take a closer look at those risk factors. Of course, when a consumer shops online, there’s no authentication interaction, which makes the transaction inherently less secure. The biggest fear is the possibility that the consumer is not real. But that’s not all. The address could be wrong, and there’s also a period of theoretical regret: a consumer impulse buys something late at night or under the influence, and by the time it arrives on their porch, they’ve got buyer’s remorse. This can lead to “friendly fraud,” where a consumer attempts to avoid responsibility for a purchase by claiming that their credit card was stolen. All of these factors add up to an increased risk.
However, there is a big fallacy in the philosophy that drives the thinking, the understanding of risk, and the rates borne out of those risks: that merchants are checking IDs when they ring up an order. When was the last time a cashier asked you for your ID for anything other than alcohol? Merchants have this extra layer of identification, but they aren’t using it anymore. So where is that extra safety in the card-present transaction? It doesn’t exist anymore. So, whether the card (and the person) is actually present or not doesn’t mean much anymore.
Two-Step Authentication
Forward-looking online shopping platform companies have put some serious effort into separating the act of payment from the person’s physical presence. This is how we should define risk: whether the person is present, even digitally. We can call this new category person present. Two-step authentication understands and recognizes that the person is connected to their payment device. The platform embeds an identifier on your computer, and from then on it knows–or at least hopes–that you are you. This identifier registers your payment device, address, and cell phone number, and sends a message to your phone that confirms your identity.
With its savvy second form of authentication (sending you a code and asking you to input before purchasing), The platform confirms that you have your cell phone in your possession. It’s also asking for something you know because you’ve entered that information from a code the platform sent to something you have (your cell phone) previously. In my view, this process is simple, not an extra chore for the customer.
Of course, more sophisticated authentications exist. In a very secure facility, a retina or voice scan replaces the thumbprint and an RSA key with a rotating set of numbers replaces your cell phone. Google has switched their entire company to something you are. They’ve abandoned “something you have”–RSA keys and sending the code to a phone–and replaced it with a thumbprint. What many people don’t realize is that the device you plug into your computer to register your thumbprint, which then unlocks your computer, costs only around $30.
It’s not expensive to perform two-form authentication. This “security problem” is so simple to solve, the rest of the developed world has largely left it behind. In the Netherlands, every ecommerce transaction uses two-form authentication by way of an authentication device that is person agnostic, making it easy to share, and gives you a one-time card number to complete the transaction. This is one example of why Europe doesn’t have nearly the same level of problems with fraud that the US does.
The Solution
So, how do we fully step into this new era dominated by ecommerce and cloud technology, and slough off the systems that don’t serve us anymore? The solution for the United States, going forward, is twofold. First, we in the payments industry need to push for the adoption of the Digital ID program already in the works. We also need card brands to understand that their model is flawed. Merchants, who are too busy to advocate for themselves, deserve a fairer shake. Card brands should introduce the person present rate that would define the transaction more in line with card present rates. That would be fairer all around. The payments industry has institutionalized complexity, but it doesn’t always serve the greater good.
Overall, we need to change the way we think. The person, not the card, embodies the transaction. Let’s change the interchange fees so they reflect that.