EMV, NFC, AAPL and MCX: Understanding the Electronic Payments Alphabet

This year has brought a surge in interest around electronic payments—both from retailers and consumers. With Apple’s rollout of Apple Pay earlier this fall, these technologies were suddenly launched into the public spotlight, prompting fascination around their ease of use and casting speculation around their perceived security. But Apple Pay is hardly alone. There are a number of new and evolving electronics payment technologies being employed, and understanding their unique advantages and intended uses can arm retailers with increased security of their point-of-sale (POS) systems, reduce instances of credit card fraud and, ultimately, lower costs. With that in mind, here’s an explanation of what’s coming:
EMV (Europay/MasterCard/Visa): EMV is the new worldwide standard for processing face-to-face card transactions, and its stated purpose is to reduce instances of fraud. The technology involves a “smart” card with an embedded computer chip, which is read by special termi­nals. Unlike traditional magstripe cards—which are swiped at terminals—the new chip card is inserted into a terminal for a few seconds while the transaction occurs. The card itself uses dynamic data, which means it’s exceptionally difficult to counterfeit.

For those retailers adopting or updating EMV systems, keep in mind that October 1, 2015 is the “liability shift” date for credit card fraud.  On that date, the liability for any card fraud will shift from the card issuer to the party that has the least EMV-compliant systems in place. In other words, if the card issuer has issued chip-based cards, but a merchant hasn’t yet updated their system with terminals to accept those cards,then the merchant will be liable for the fraud at their store. 

NFC (Near-Field Communications): NFC is a method of sending data using very short electronic signals from a device to a terminal. It works when a device with an NFC antenna is held near a contactless card reader.  Mobile payment apps (e.g., Google Wallet) use smartphones with NFC capabilities to allow purchases at a contactless terminal.  However, acceptance across the industry has been weak, partly because most retailers still do not have NFC-capable terminals, and because many customers do not want to provide information on themselves and their shopping habits.  However, with more retailers upgrading their terminals for EMV, they’re also including the contactless (NFC) capability within their terminals.

AAPL (Apple Pay): Earlier this fall, Apple introduced its latest smartphones.  They have NFC capability, as well as the ability to purchase using Apple Pay. To set-up Apple Pay on an iPhone, the user “loads” up to eight cards, simply by either taking a picture of the card or entering the card data. To pay, the user holds their iPhone near a contactless terminal very briefly with their finger on the secure Touch ID. Then, using its EMV chip, a unique Device Account Number and dynamic security code are generated and transmitted for payment. Aside from consumers’ ease of use, Apple also claims its technology is more secure, as it includes a number of features to mitigate fraud. Another difference with this NFC approach is that the transfer of customer information is minimized.  

MCX (Merchant Customer Exchange): MCX is a mobile payments venture owned by over 50 major U.S. retailers, and CurrentC is their mobile wallet app that’s currently under development.  The pilot program began this year, with a rollout scheduled for 2015.  MCX’s major goals are twofold: Reduce the fees paid to card networks and incentivize customers to make more purchases by offering discounts for products and services.  To set it up, the consumer provides personal and banking information, and then downloads both the CurrentC app and each individual retailer’s app. At the point of sale, they simply enter their QR code from their smartphone. Originally, CurrentC would not accept Visa, MasterCard, Discover or American Express cards to avoid payment of interchange fees. Instead, the customer’s bank account will be debited. Very recently, however, MCX announced it will support NFC for payments and will also allow credit cards to use its service when it launches, which is a large shift from its original goal of reducing card processing fees.  It also stated in early November that its rule preventing member retailers from accepting other mobile payment will expire in months—not years.

Although the QR code scanning technology may be secure, it still will be collecting and maintaining customers’ personal, banking and shopping-related information, which could lead to hesitation from consumers. Before it’s released, we expect the company to provide more clarity around these questions, such as how much personal data will be collected, and how the customer will be protected from any fraudulent charges to their bank account.

Faced with these emerging technologies, where should retailers focus their attention? For brick-and-mortar retailers, adopting EMV capable terminals with contactless capabilities is an important place to start. Doing so will help lower card fraud, possibly reduce Payment Card Industry (PCI) compliance requirements, and allow the acceptance of NFC payments from customers that want to pay with smartphones—as that technology may very well catch on. Meanwhile, internet retailers should start investigating stronger payment security methods than just security code and address verification. EMV will likely be pushing more card fraud to the internet, as it already has in other countries.