"Your credit card may soon be worthless."
That's the notion being promoted by many in the investment industry these days. They are referring to a new technology that is supposedly Visa's (V) worst nightmare and a threat to the status quo of the credit card industry that is worth billions. And they are positioning one small company as the holder of the secret keys to cash in on what is promised to be a multibillion-dollar shift in the way we pay for everything from a candy bar to an oil change. But is it really true? Will this technology really turn the credit card industry on its head?
Doubtful. That's because all the popular analysis on the nascent new technology ignores the fundamental underpinnings of all successful technologies. In fact, it ignores basic economics.
The supposedly revolutionary technology involves a specialized chip in your cellphone that communicates wirelessly with other devices within very close proximity in order to pass data between two devices. This "Near Field Communication" (or NFC) chip could pass the equivalent of digital business cards between devices -- especially smartphones, where it makes the most sense to be deployed -- by simply holding them up to each other. Your phone or tablet could be used to identify you when entering a secure business or even your home, as well as to connect to a rental car's speakerphone or access the local Starbucks wi-fi, just by waving it near a device that activates the link. Pass two devices within a few centimeters of each other, and voilà, data is moved between them.
Thus, the theory goes, you can simply wave your phone by a payment terminal at the gas station, grocery store, or other location where credit cards are accepted.
This weekend, I encountered a situation where NFC would have been useful. I was boarding a United Airlines (UAL) plane, and the passenger in front of me went to swipe her virtual boarding pass across the bar-code reader, only to have it not work. In the time she'd been waiting in line, her screen had timed out. Thus, she was trying to swipe a blank screen over a bar-code reader. Near Field Communication would have alleviated that problem and made it so we were not all held up while the well-meaning woman tried to type in her phone's passcode and bring the browser back up (only to find she had to refresh the page and re-enter her ticket number… leaving us all waiting while the gate agent assisted her).
So NFC could be a major improvement for the ticketing and access control industry, given that it works wirelessly and can be completely non-interactive when desired.
But does that make it a logical choice for contactless payment, the promised multibillion-dollar opportunity? Many seem to think so, and not just our fellow stock pickers. Germany, Austria, Finland, and New Zealand are among the nations that have trialed NFC ticketing for public transport, allowing users to swipe their phones or NFC-enabled payment cards to grab a ride and get billed later. It's basically E-ZPass without the car, and like E-ZPass, it works well in some closely defined scenarios.
But outside of those circumstances, things get messier. Markets dislike messy. So, in order for a new technology to hit the mainstream, it is critically important that one of the players in the value chain today has an overwhelming reason to support the technology. Is that the case here?
Today, the overwhelming majority of electronic payments -- I'm talking 99% plus -- are processed by the credit- and debit-card providers of the world. That's Visa -- the 800-lb. gorilla of the industry -- MasterCard (MA), and American Express (AXP), along with lesser known names like Novus, Star, Maestro, and others from the debit/ATM world.
These companies already have well-established networks of equipment, merchants who accept their cards, and businesses and consumers who use them.
NFC promises to bring two changes to the industry:
- Introduce new players into the ecosystem with an incentive for adoption, in the form of whomever supplies the software operating the NFC device the consumer carries.
- Help secure transactions by only submitting the credit-card information over encrypted channels, allowing interactive security controls, and limiting the range of the devices.
But the consequences of these changes may not be as straightforward as they first seem.
Is NFC Another PayPal?
The first of those two changes is most unwelcome for the industry's leaders. However, it's one that they've faced in the past with PayPal and other direct-payment providers. When PayPal began life, it was meant to facilitate direct consumer-to-consumer transfers of money. I sell a trinket on eBay (EBAY), you buy it, and PayPal moves the money from your bank account to mine for a small fee. Essentially, that's the same business Visa is in.
Luckily for Visa, eBay soon experienced a large rise in fraud. The credit-card companies saw a massive opportunity there to put their considerable financial assets and longtime experience dealing with fraudsters to use, and chose to increase the amount of indemnity they provided customers against fraud. They marketed this heavily and drove demand for users to use credit cards instead of PayPal-type accounts online.
At the same time, PayPal's potential users also frequently griped about not wanting to sign up for an account and provide a bunch of banking info just to buy something. So PayPal caved to pressure from sellers on eBay who were losing business to the requirement and made it easy for buyers to just check out with a credit card. While through their website checking accounts are still the default, most of PayPal's business today is as a plain old credit-card merchant-services provider, behind the scenes and unseen, processing credit and debit cards.
It also meant that the fees to sellers included both credit-card fees and PayPal fees on most transactions, a double dip that put a serious dent into PayPal's attractiveness to merchants. Other than on sites like eBay (which basically forced sellers to use PayPal), there was little reason for broad adoption.
This cut seriously into the account growth at PayPal, and reduced its threat as an end run around Visa.
Instead, PayPal's success outside of eBay came from making it simple for someone to become a merchant. Signing up for a PayPal account was faster and easier than getting set up with a traditional merchant account. For Visa and company, that was a win, as they had a firm that would get paid to reach a market filled with merchants too small to be reached individually. PayPal transformed from an end run around the payment providers into the world's most popular payment gateway, funneling the overwhelming majority of that traffic right through to the credit-card providers. Threat averted.
But providers of NFC-equipped phones, such as Google (GOOG), are gearing up to provide services similar to PayPal. Google's Wallet software lets a user store multiple cards in a single account and choose the appropriate one to use when checking out. One of the potential options for payment is Google's own Checkout service, which works just like PayPal and does it for less than typical charge-card fees -- something merchants could get excited about, much the way they did with cheaper debit-card payments. Just swipe your phone and choose the card on your screen (or vice versa), and you are using Google's services to pay and get paid, whether that service is from Visa or directly through Google.
This sudden entry into the space by big, powerful, connected companies like Google or Apple (AAPL) (which has yet to load NFC into any of its phones, but has long been rumored to be looking at such an option) -- with their preexisting relationships with hundreds of millions of global consumers -- into the payment chain is a far more pressing threat than PayPal ever was. These companies don't face the "cold start" problem on registrations, have rabidly loyal fan bases, and reach into nearly every home and business in the industrialized world.
On the other hand, they also don't have the expertise to combat fraud, putting them into a potentially risky situation if they fail to do their job effectively.
The phone companies -- the other potential middlemen which could support putting NFC in the hands of millions of consumers if they thought they could get value out of it -- have seen this movie before:
- Long-distance "bumping"
- 900 numbers
- TXT subscription services
Many times in the past, telephone network operators have tried to insert themselves into the billing relationships of their clients and other parties, and nearly every time, it has ended in disaster. Fraud was rampant. Client complaints skyrocketed, boosting costs of keeping customers happy and problem-free. Overall, it was a series of giant headaches, and one would assume that not only did they learn their lesson, but that maybe Apple and Google would learn it from them as well.
Payment-card providers have every incentive in the world to prevent adding another middleman -- especially one with big influence on consumers -- into the equation. They'll do that with a combination of marketing, lobbying, and threatening behind the scenes, doing everything in their power to stop the technology from taking off, unless they control its use and dictate its terms. And those middlemen may just find themselves treading over treacherous paths that their business models have not prepared them for.
The other argument for NFC is a technical one. Proponents of the technology say that NFC will be far more secure than the traditional magnetic-stripe card. They point to examples of widespread adoption of "chip + pin" technology in Canada, Europe, and Latin America as evidence that magnetic-stripe cards are faced with fraud problems, and that technology can overcome them.
NFC is pitched as something far more convenient than the traditional credit card, without the security holes associated with previous wireless payment technologies. Thanks to the interaction between the NFC device and its host (a phone in most cases), layers of security can be added to require passwords, PIN codes, and other protections prior to the credit-card data being sent across to the merchant's payment terminal.
Unlike previous wireless technology, the data stream between the merchant and the consumer is encrypted for extra security.
However, all this security becomes moot when a device simply transmits that data to an unsecured machine or network. Over the past few years, the overwhelming majority of credit-card theft has happened at the system level. Hackers have done everything from cloning cards -- something NFC theoretically could prevent, but more on that below -- to hacking hundreds of readers that broadcast card info wirelessly; to breaking into websites, telephone networks, and corporate intranets to steal cards; and even to hacking the networks of large credit-card-transaction aggregators to steal thousands or millions of cards at a time. NFC does nothing to deal with the latter, a far more pressing and larger-ticket fraud than consumer-level security issues today.
With consumers educated to protect their cards and indemnified from damages, and lower-level credit-card fraud a well-understood and easily policed threat, Visa and company have little reason to get behind NFC, even if it does offer some minor security benefits.
This is why only a single bank, CitiBank (C), and a single card company, the distant third-place MasterCard, have signed on for using the technology. And even they are hedging their bets. "NFC may become really important in the future," says Ed Olebe, head of PayPass Wallet services for MasterCard. But "we are waiting to see how the industry works out its issues."
Enter The Merchants
Even if credit card companies don't want to see that middleman, won't their direct customers -- the merchants who accept their cards -- be willing to jump on the bandwagon and push the card providers to support it?
Probably not. In order to add NFC, they would need to upgrade their payment terminals. For small businesses leasing the terminals, the account provider would have to foot the bill for the new technology. And with that, they would have to take on more technical support calls for any issues that creep up from adopting NFC, a far more complex technology stack than a magnetic-card reader, or even than a traditional radio-frequency card. That dynamic has always ensured slow adoption of new payment technology for small retailers.
For larger vendors -- like market-leading retailers and restaurants -- the ultimate decision point is checkout time. A busy Starbucks (SBUX) or crowded Target (TGT) will quickly lose money from frustrated customers who walk away from long lines. So they do whatever they can to optimize the checkout process. Checks are discouraged heavily, as they are the slowest. Cash isn't too bad. But cards -- especially now that they have lobbied card companies to do away with signatures on small purchases -- are king.
NFC potentially complicates the payment chain -- especially if advanced security features are used.
The point is that the payment providers and most merchants have little real incentive to support this new technology. Their businesses are less complicated and quite secure enough already.
Nor are mobile phone companies in the United States apt to jump into this space. Visa and company will firmly protect their turf, squeezing margins from any attempt by mobile providers to insert themselves into the existing payment chain. The AT&Ts (T) and Verizons (VZ), with their teams of lawyers, accountants, and economists, will recognize the magnitude of the challenge and are likely to take a pass.
All of this leaves only consumer demand to drive adoption. If there is enough of that, carriers will have no choice but to accept the technology, and payment-services providers to support it. Sure, carriers will drag their feet. And payment providers may even attempt to fight it, by making it less convenient still than the current system. But if the technology is well designed, widely implemented, and serves a need for the consumer, no matter the business model behind it, it will prevail in the market.
Is there any reason why consumers would demand the use of NFC? We are adopting smartphones at an astounding rate, after all. More than 50% of all phones sold in the U.S. are smartphones now, up from low single-digit percentages just five years ago. That's a clear sign that a simple fear of technology is not holding back consumer demand.
And we sure picked up on other convenient technologies quickly as well... like wi-fi.
The reason, of course, for our adoption of these new devices, and these new wireless capabilities, is that they directly eliminated a pain point or provided an entirely new convenience.
Before wi-fi, laptops were mostly tethered to a wall. You had to wire your laptop to an Ethernet port to get access, rendering your portable computer a digital ball and chain. No sitting out on the porch to work from home on a sunny day.
Before the smartphone or tablet, if you wanted to get an email, to see what your friends were up to online, or just to find some news or videos to pass the time, you were stuck flipping open a five-pound laptop. Now it's all in the palm of our hands.
Consumers are quick to embrace any technology that makes their lives easier. Credit and debit cards do, and they now comprise nearly 50% of all transactions per person per month, as this pie chart from the Consumer Payments Research Center shows:
Does NFC similarly provide a benefit or solve a problem?
Maybe taking a look at its failed predecessor -- RFID -- will give us some insight into how high the bar to supplant the credit card actually is. These small Radio-Frequency ID chips -- which can transmit a signal from an otherwise inert little device (like a plastic card) when passed near enough to a reader -- were the last hot new invention that was supposed to end the supremacy of the magnetic-stripe credit card.
You would be freed from the terrible, awful, painful hassle of removing a credit card from your wallet, thanks to RFID. Heck, they didn't even have to be cards. Instead, companies like Mobil gas stations created keychain versions of the same and gave them useful sounding names like "SpeedPass."
However, there was a simple logistical problem: most people carry more than one card. If you wanted to simply swipe your wallet or purse by a machine, or even walk through an E-ZPass-for-people-style gateway, how would it tell which card to use? Interference problems from multiple cards notwithstanding, if a reader could get a clear list of all the cards, then it would still have to prompt a customer for their choice of cards...
Quick, which of your cards is AMEX ... 6057 versus AMEX ... 7221?
Again, you have customers reaching into their wallets to avoid confusion and adding to checkout delays. Visit any Target or Starbucks during prime hours, and tell me if you think another 30 seconds per transaction would be no big deal.
Then pile on the security problems. In theory, anyone with a relatively cheap reader could pass by you on a sidewalk and read your card(s) from the outside. RFID would have all but put pickpockets out of business... at least, the less technically savvy ones.
In either event, the answer was to make the devices so low-power that they had to be held up next to the reader to work (still not alleviating the wallet issue, meaning you have to get out a specific card).
Needless to say, after one simple look at the problems, merchants weren't exactly beating down the door to install costly new RFID readers in place of their current equipment. It was no better at speeding customers through checkout during busy times, and it was no more convenient. Customers weren't exactly complaining about the failures of their credit cards, and with all the potential problems coming from RFID, the bandwagon for consumers, for merchants, or for payment providers never really filled up.
So let's tally up the scorecard for RFID:
- New equipment for merchants
- Less secure than the magnetic stripe
Enter NFC to save the day!
First, let's tackle those pesky duplicate reads. Few people carry more than one cellphone. Even if they did, chances are they are not going to turn on the NFC features of both and load them up with payment details. A problem affecting 99% of customers just became one affecting less than 1%.
Then there is security. Unlike RFID, NFC transmissions can be encrypted. The two devices that talk -- up to a maximum of 20 centimeters apart from each other (a nominal distance intended to limit the chance of accidental cross signals and make spying harder), establish their connection in a few milliseconds, and then set up an encrypted channel to talk through before exchanging any sensitive information, like your credit card number -- further reducing the likelihood of that data being intercepted.
In addition, NFC Forum, the industry trade group pushing the technology (similar to the wi-fi alliance and the Bluetooth working group, each of which helped popularize their respective protocols and create huge businesses in the process), made sure NFC was fully compatible with old RFID tags and reading infrastructure, to accommodate that small number of merchants already invested in RFID readers, like McDonald's.
Thanks to the fact that the NFC hardware can store multiple potential payment methods in its secure vault, choice in payment to match the good old-fashioned wallet is restored. And it can do this trick with just one device, prompting you on screen to choose your account of choice (or simply defaulting to a standard payment method until you choose differently).
So what's not to like about NFC, then? Well, let me ask you a quick question: Has your cellphone battery ever died? Yeah, that's what I thought.
After I was done waiting in that United line, I was greeted on the plane by another interesting situation courtesy of the cellphone boarding passes. Once seated, I noted a man being asked again and again by the people around me to leave his seat. He'd sit down, the next person on would tell him it was their seat, and he'd move back a row. Again and again. After some discussion, it turned out that his cellphone battery had gotten him only as far as the door to the plane and then died. He had no idea what seat he was supposed to be in. Upon asking the flight attendant for help, she told him that he would have to wait until everyone was boarded and she could get a copy of the manifest. In the meantime, he was to sit down "anywhere" until everyone else was on board.
NFC is intended to address this problem, of course. The electronics in the phone for the NFC are activated not by the phone's battery but by the actual reader, wirelessly. In this regard it works much like RFID. In fact, any NFC reader can read a standards-compliant RFID tag too. Problem solved, right?
For the ticketing industry, maybe. But for payments, not so much. More than just transmitting a device ID, the NFC system has to transmit credit-card data. If a phone is dead, that means the NFC system will have to make a choice: transmit the data RFID-style to any application that requests it without prompting the user, or stop functioning. That's either a pretty big security hole or a pain-in-the-butt inconvenience.
Further, have you ever had a hard time getting a program on your computer or phone to work reliably? Or just fumbled trying to find the notification or popup for an application that needs your attention? Now imagine the kind, older woman in front of you in line at Kohl's (KSS) selecting her payment method on the touchscreen of her iPhone, tapping in the specific PIN code for that card, then swiping her phone across the reader in the time provided. Sure, the workflow can be altered a little. Enter that PIN after swiping, maybe. Or have the PIN entry on the payment terminal like they do today with debit cards -- just don't move the phone out of range when you do.
The practical implementation of NFC leaves a lot of open questions about security, about complexity, about who ultimately controls the experience -- credit-card provider, hardware maker, mobile-network operator, or merchant -- and about who handles all the support calls that will result.
After all of that, the result is no faster or more convenient than a simple magnetic-stripe card reader. And you introduce the complexities of battery life and other mobile-phone-specific issues to a process that otherwise works great as is.
Credit cards took off because they were infinitely safer, more convenient, and faster than cash -- all valuable benefits in these harried lives we lead. The debit card made small leaps from there, in cost for merchants, and in convenience for the many Americans who have no credit or prefer to use it more cautiously.
But NFC -- just like RFID before it -- provides no real improvement in any part of the credit/debit card value chain. Almost no one is demonstrably better off for adopting NFC, and thus chances are very low that it will find wide success in the payments industry. There may be other reasons it comes into massive scale adoption -- another "killer app" as they say -- and that will change the equation down the line. But until then, Visa has little to nothing to fear from NFC. And those other investors hopping on the supposedly multibillion-dollar bandwagon should think long and hard about whether their investment is likely to succeed in the long run.