It’s one of my favourite days of the year today! I am a payments romantic, so you will undoubtedly know why! Today across the civilised world, we celebrate Saint Valentine, the patron saint of customer verification methods (CVMs). We buy flowers and eat chocolates on this day every year cto commemorate the introduction of chip and PIN. Yes, chip and PIN was launched in the UK on 14th February 2006.
Yes, it’s lovely St. Valentine’s Day. Was it really thirteen years ago? The beautiful day, the day unromantically dubbed “chip and PIN day”, when we stopped pretending that anyone was looking at cardholders’ signatures on the backs of cards and instead mechanised the “computer says no” alternative. It really was! Thirteen years!
We English, we love out heritage. We still write our laws on vellum, we still say “what an interesting idea” when somebody says something that is transparently insane and, for now at least, we still use cards to buy things in shops. We cling to tradition. And chip and PIN is a tradition. Or at least it was.
I’m sorry to say that in Merrie England, chip and PIN is on the wane. The majority of card transactions are contactless and, according to Worldpay (who should know), they have been for a few months now. Fraud is manageable because most transactions are authorised online now and would be whether we had chip and PIN or not. The offline PIN and “floor limit” world has gone. The world’s first optimised-for-offline payment system was launched after the world had already got online. This is why you see Brian Rommele writing that “by the time the UK implemented chip & PIN, the base concept and much of the technology was already almost 40 years old”.
Early chip and PIN focus group.
It is time to remind people what Saint Valentine stood for and reiterate why we are using chip and PIN at all. In ancient times, when European retailers could not go online to verify PINs due to the anticompetitive pricing of the monopoly public telephone providers, it made sense to verify the PIN locally (ie, offline). But this is 2019. We have smart phones and laser beams and holiday snaps of Ultima Thule. We can probably think about verifying PINs online again, or even replacing PINs with fingerprints or DNA or whatever.
Smart phone in particular mean change and, as I have bored people on Twitter senseless by repeatedly tagging “#appandpay rather than #tapandpay”, this will take us forward to a new retail payment environment in which the retail payment experience will converge across channels to the app. As payments shift in-app so the whole dynamic of the industry will change. Introducing a new payment mechanism faces the well-known “two-sided market” problem: retailers won’t implement the new payment mechanism until lots of consumers use it, consumers won’t use it until they see lots of retailers accepting it. This gives EMV a huge lock-in, since the cost of adding new terminals is too great to justify speculative investment.
When you go in-app, however, the economics change vastly. For Tesco to accept DavePay in store is a big investment in terminals, staff training, management and so on. But for the Tesco app to accept DavePay is… nothing, really. Just a bit of software. However traditional we might be, the marginal cost of adding new payment mechanisms is falling (particularly direct-to-account mechanisms because of open banking) and our industry needs to think about what that means.
I’m not saying that cards and PINs are going to go away any time soon, but what I am saying is that it’s time to start thinking about what might come next. Right now, that looks like smartphones with biometric authentication, but who knows what technologies are lurking around to corner to link identification and continuous passive authentication to create an ambient payments environment in which cards (and for the matter, terminals) are present only in a very limited number of use cases.