Smart Card Talk : May 2011 : Executive Director’s Letter

Executive Director’s Letter

Dear members and friends of the Alliance,

Summing up the essence of the 2011 Annual Conference: Roadmap to EMV Payments and Secure ID in a single word or phrase is difficult. What comes to mind is “speculative tension” over EMV and cybersecurity. Heightened market awareness about both topics and questions about when key market decisions will be made pushed Annual Conference attendance to a record 459 people, a 55% increase over 2010. Although the payments sessions outnumbered the identity and security sessions about two to one, both tracks had the audiences engaged from the start. It wasn’t just the size of the audience that was impressive, but the combination of very informed, high-level speakers and attendees who mixed it up with controversial (and sometimes opposing) viewpoints during the keynotes and panel sessions, in the open roundtable discussions, and during hotly debated Q&A sessions that followed each session.

What stood out for me was listening to Toni Merschen and Dave Birch, two of our keynote speakers and veteran European payments consultants, try to rationalize why the U.S. market has so far resisted the move to EMV and then to articulate, with equal measures of seriousness and humor, an objective outsider’s view of how completely out of synch the U.S. payments market is with the rest of the world. I thought the exchange over whether the U.S. should deploy chip & PIN, as the EU, UK, and Canada has done, or chip & signature, was especially captivating. The Walmart representative took the position that we need to authenticate the cardholder with a PIN or we have only solved half the fraud problem, while the Wells Fargo speaker (soon to be issuing EMV chip cards) argued that static PIN is a service nightmare and will ruin the consumer payments experience. If you expected that these two sides would agree on anything related to EMV, I think you learned firsthand that merchants and issuers have very different ideas about how EMV should be deployed. At least they both agree that, for EMV in some form, the time has come.

So, who is going to decide what path the U.S. market will take regarding EMV? The answer to that remains unclear and the Annual Conference sessions didn’t provide an answer. The Durbin Amendment and pending Federal Reserve Bank rules on debit interchange remain polarizing issues that are part of any discussion about issuers investing in new security measures. Although the discussion led by Steve Mott on whether Durbin was going to inhibit or accelerate innovation in the payments industry was interesting, it didn’t sway anyone in one direction or the other. Everything that I’ve observed in the banking lobby and issuer responses to the Durbin legislation points to a growing realization that this is a done deal in the merchants’ favor. Financial institutions are trying to salvage whatever revenue they can for debit cards, hoping that they have something they can bargain with when attention shifts to credit card rates and consumer protections coming from the Consumer Finance Protection Agency. We could be days, weeks, or months from the decision involving the Durbin regulations, but one thing is clear, nothing will be the same for U.S. issuers and merchants once that decision is made. The losers will cry foul and the winners (if there can be a clear winner) will say that the democratic process prevailed. What this points out more than anything else, is how imperfect a free enterprise market is when all sides are not equally represented in an industry clinging to an outdated business model–which is about to be forever altered by mobile phones, cloud computing, and an always-connected consumer who demands convenience and freedom to select or reject its service providers, and who is anxious to find the next great mobile experience.

In stark contrast to the emotional and sometimes contentious EMV debate, the discussion on cybersecurity, federal government ID, and Medicaid fraud was much more unifying. Even though both involve government policy and regulatory involvement in the private sector, cybersecurity and identity security initiatives are not being fought by the entrenched establishment as is happening in the payments markets. The keynote presentation by Michael Garcia, from the Department of Homeland Security, on the National Strategy for Trusted Identities in Cyberspace (NSTIC) illustrated what happens when government steps in to fill a void in a market where the stakeholders have a common interest in fighting fraud, but don’t want or need to protect a dying business model that one side or the other wants. Instead of opposition and pushback, Mr. Garcia’s speech had people asking for more leadership from the government, not less. The “speculative tension” was more about whether a set of identity standards would emerge that private industry could adopt quickly and cost effectively to stem the fraud losses currently burdening economic growth from eCommerce. Also in contrast to EMV, NSTIC is an initiative that is home-grown by the U.S. government and private industry and whose goal is to make transacting over the Internet safer through stronger authentication of digital identities. NSTIC has global industry support and interest, rather being viewed as something coming from Europe and Asia and being forced onto the U.S. market. It makes one wonder if things would be dramatically different in the payments industry if the solution to the problem hadn’t been invented in France.

Next month, the Smart Card Alliance will be administering its annual member survey. This is an opportunity for the Alliance to listen to each of our members and to assess what programs are meeting your needs and interests and determine how we can improve. Please take the time to complete the survey and give us your feedback. Thank you.

Randy Vanderhoof
Executive Director