By Alicia Fiorletta, Senior Editor
The retail industry is in a state of payment flux. Mobile wallets and mobile POS have been touted as the next wave of payment, promising to make the shopping experience more compelling and memorable for connected consumers.
But following the recent high-profile data breaches at Target and Neiman Marcus, mobile innovations are taking a figurative back seat to discussions around payment security — specifically how to prevent future breaches.
Many industry executives are speculating that if EMV had been in place, the breaches may not have occurred. Although industry experts offer different opinions on the potential effect of EMV on any type of data breach, most are in agreement that EMV would create a more secure overall retail environment. And with the fraud liability shift set to occur in October 2015, the discussions are heating up.
Although U.S. retailers have a reputation for being slow to accept EMV compared to other countries, more recently they have “taken on a new sense of urgency after the data breach announcements of last year, ” said Lynn Holland, Vice President and General Manager of Retail Payment Solutions at ACI Worldwide. “[Our] conversations with retailers have evolved from ‘We’re planning our EMV strategy,’ to ‘We need to get our strategy finalized and a pilot planned so we can make that October 2015 deadline.’”
New predictions from the EMV Migration Forum assert that nationwide EMV chip adoption is poised for exponential growth in the next year. Today, there are between 17 million and 20 million EMV chip cards, and “millions of EMV-capable terminals and ATMs, some of which already accept EMV chip cards,” according to a statement from the Forum.
“In the last few months we have seen a dramatic shift in the interest and understanding of the benefits that EMV chip cards provide, particularly in helping to lessen the impacts of payment data breaches and to prevent counterfeit card fraud,” said Randy Vanderhoof, Director of the EMV Migration Forum. “As a result, the U.S. migration is accelerating and there is a refreshed urgency in resolving issues and moving forward as quickly as possible. I think in the next year we could see a hundred million or more chip cards issued and more than double the number of installed terminals.”
Yet there are a variety of challenges retailers face when embarking on the EMV journey, such as upgrading acceptance equipment including payment terminals and PIN pads; updating POS software that runs on the hardware; and assessing all “the bits and pieces that affect payment,” according to Erik Vlugt, VP of Product Marketing at VeriFone. “They all have to be looked at from an upgrade or certification standpoint.”
Since there are so many factors to consider, some sources indicate that the EMV transition is a big “wait and see” for retailers.
“I get the feeling everyone is going to wait and see if card companies can actually issue all the cards, see if PINs are going to be required, and most importantly, if the hardware that’s needed is going to be purchased and installed within the next 18 months,” noted Andy Graham, President and Co-Founder of Infinite Peripherals.
While the move to EMV is important, it is not a panacea to end all security troubles. It also can be very costly, which is prompting retailers to rethink security investment plans and overall strategies.
“The cost of making the EMV cards and implementing the equipment are both high,” Graham said. “I think the hesitancy regarding EMV comes from the fact that all these data breaches are back-end hacks into servers; they don’t have as much to do with the POS terminal being tampered with or altered. That’s not where the big loss is coming from.”
Customers “dipping” or “tapping” their smart chip-enabled cards may help improve security at the point of sale, but EMV card data can still be used fraudulently, Vlugt noted. “EMV doesn’t take care of the data that comes from the card through the retailer’s network, so if a retailer gets breached in a meaningful way and data gets stolen, even if it came from an EMV chip card, there is still value to that data.”
Retailers also need to consider consumers who decide to use other forms of payment, such as cash, check or even mag stripe cards, while completing their purchases. In addition, it’s important to note that while EMV can help mitigate fraud for card-present payments, it doesn’t do much to address card-not-present payment, such as online transactions.
“Retailers should be prepared for EMV compliance, but they should also look at protecting data from legacy customers using mag stripe, contactless and mobile payment,” Vlugt said. “Using end-to-end encryption or tokenization can help encrypt all cardholder data so it’s not decrypted until it gets to the processor.”
Beyond conversations around EMV, more retailers also are looking to ensure compliance with PCI Security Standards, according to Holland. “After the very public data breaches took place in 2013, all retailers are focused on their PCI scope management and securing private payment data.”
The Target and Neiman Marcus data breaches caused turmoil for millions of consumers and undoubtedly damaged the image of these retailers for an extended period of time. But these events also have sparked a renewed focus on payment and data security, which can easily be considered a “silver lining,” according to Vlugt. “Merchants are looking at end-to-end encryption and want to step up security beyond the minimum compliance. It also has encouraged the entire industry to regroup on EMV.”
To that end, the National Retail Federation (NRF) and the Retail Industry Leaders Association (RILA) both issued statements urging the industry to take measures necessary to better safeguard consumer data, as reported in a Retail TouchPoints article.
NRF President and CEO Matthew Shay issued a challenge to Congress to focus more on supporting “chip and PIN” technology, enforcing federal cybersecurity law and developing a uniform federal breach notification law. Shay also encouraged banks and card issuers to help move the industry forward. RILA supports some of the same initiatives, and stresses the importance of eliminating the mag stripe card and establishing more comprehensive guidelines for protecting consumer data.
Payment security has become a priority investment for many retailers. In light of the looming 2015 EMV deadline, many merchants are implementing EMV capabilities coinciding with POS upgrades or adding peripherals that accept contact and contactless payment.
Because EMV implementations can be very costly, some merchants are putting off the investment. But as many as 30% of retailers, are planning to make a POS purchase decision within the next 12 months, according to IHL Group, which could translate to a sharp increase in EMV adoption.
These hardware and software upgrades help facilitate the ability for retailers to accept alternative payment types, such as NFC and mobile wallets. As a result, the entire payment experience can be transformed from merely a necessary part of the purchase process to a far more enriching and palatable shopping experience.
While security has undoubtedly been a hot topic among retailers of all sizes and segments, other payment upgrades — such as mobile wallets and payment solutions — are not being completely ignored. After all, mobile payment solutions can actually help improve payment safety in the interim before full EMV adoption, according to industry experts.
Mobility and security “build upon each other,” noted Erik Vlugt, VP of Product Marketing at VeriFone. “Both consumer-device mobile payment and mobile POS bring better security to a store because they’re definitely more secure and ahead of the technology we’ve been using for the past 50 years: mag stripe cards. If you’re doing mobile that means you’re bringing additional security to your stores.”
New mobile payment solutions also are enabling retailers to turn the transaction experience into a point of differentiation, according to Henry Helgeson, CEO of Merchant Warehouse — especially if rewards and loyalty programs are seamlessly integrated into the technology.
“The plastic card in your wallet is really the reason why mobile hasn’t taken off,” said Helgeson in an interview with Retail TouchPoints. “For the most part, consumers don’t use loyalty. But executives in the mobile payment space all know loyalty is important and that it can be baked into every transaction.”
Consumers also are seeking solutions to improve their loyalty program and overall payment experiences. As shoppers become more tech-savvy and reliant on their mobile devices, they’ve actually become more eager and willing to use mobile wallet and payment solutions. The majority (55%) of U.S. consumers said stores need devices to allow them to pay using their smartphones, according to a study from VeriFone and Wakefield Research.
Additionally, approximately two thirds (66%) of U.S. consumers indicated that they believe there are a variety of advantages to using a smartphone to pay, including: It’s faster than traditional methods (34%); they no longer need to carry a physical wallet (28%); and they get easy access to mobile deals (25%).
Some merchants, such as Starbucks, Orange Leaf Frozen Yogurt and LUX Beauty Boutique, are creating their own branded mobile experiences to seamlessly connect the loyalty and payment worlds, and in turn, create better customer experiences.
Starbucks has been hailed as one of the frontrunners in the mobile payment space. With more than 10 million active users, the retailer’s mobile app generates more than 11% of all in-store transactions.
In an effort to continue innovation in the area of mobile payment, Starbucks recently updated its iPhone app to include digital tipping and shake-to-pay features to make the checkout process faster and easier.
“This update to the Starbucks App for iPhone is an important next step in digital innovation at Starbucks and one of the many ways we’ll expand and improve our digital experience in the months to come,” noted Adam Brotman, Chief Digital Officer at Starbucks.
The new digital tipping feature allows customers to tip Starbucks baristas via the app in the following denominations: $0.50, $1.00 or $2.00. With the shake-to-pay feature, customers can bring the barcode of their Starbucks card to the front of their screen by shaking their mobile device.
“As more customers are using their phone to pay, they have asked for a convenient and meaningful way to show their appreciation to our store partners,” said Cliff Burrows, Group President of the U.S., Americas and Teavana at Starbucks. “We’re proud to offer digital tipping as an option through the updated Starbucks App for iPhone to customers in the U.S.”
The payment app is linked to the Starbucks loyalty program, so as consumers use their device to pay, they can rack up more points and rewards and track their progress.
With more than 300 locations, Orange Leaf Frozen Yogurt is striving to engage its Millennial consumers with a mobile loyalty and payment app.
The mobile app is taking the Orange Leaf loyalty program, called Ounce Back, to the next level. Powered by FIS Mobile Wallet, the new app will allow Orange Leaf to offer seamless payment capabilities, rewards and program updates within its own branded mobile app.
“We plan to improve not just the technical experience but also the overall customer experience with the deployment of the new mobile app and wallet,” said Michael Christy, Director of Information Technology at Orange Leaf Frozen Yogurt, in an interview with Retail TouchPoints. “It will improve the overall speed of service and provide Orange Leaf the ability to reach our customers via a media better-suited for our brand.”
Although loyalty programs have been key to retailers’ acquisition and marketing methods for decades, “when paired with a mobile wallet, we feel it will give our customers something to get excited about,” Christy said. “Our new app will add value to our Ounce Back program and offer customers more opportunities for in-store discounts and coupons.”
Canada-based apothecary LUX Beauty Boutique is bringing payment to the aisles using SelfPay, an in-aisle commerce application from Digital Retail Apps.
Consumers who use the SelfPay solution at the boutique can access product information, and purchase items anywhere in the store using their smartphones.
“Nothing stresses me out more than seeing frustrated faces in a slow-moving line,” said Jennifer Grimm, Owner and Chief Visionary Officer of LUX Beauty Boutique. “We are thrilled to launch SelfPay…and offer clients the ability to skip the line during the hectic shopping season.”
Although more businesses are banking on mobile wallets and payment apps, other retailers, such as Moosejaw and Nordstrom, are seeing success with mPOS solutions.
Offering a more compelling, interactive customer-to-associate experience, mPOS helps retailers breathe new life into the brick-and-mortar store. And the value of mPOS is becoming clearer every day.
“The ROI for implementing mPOS is definitely there,” said Andy Graham, President of Infinite Peripherals, which provided the hardware for Moosejaw’s mPOS rollout. “Retailers are catching sales that might have left the store, they’re offering better customer service and reducing the cost of in-store POS equipment.”
As time goes on, “the advantages are going to outweigh the disadvantages,” Graham said. “Security isn’t the issue. The cost of other POS hardware and missing out are a bigger risk.”
But before rolling out a mobile strategy — or even considering a mobile solution — retailers need to consider their target audience, the products they sell and what added value they’re trying to bring to shoppers.
“If I were a retailer, I would make sure I understood the mobile use cases I needed to deploy,” said Lynn Holland, Vice President and General Manager of Retail Payment Solutions at ACI Worldwide. “For example, NFC wallet technology is probably very important or valuable to a quick-serve restaurant. But a department store such as Saks needs to offer a more personalized experience.”
Above all, retailers should know “where you want to go, even if you don’t have a time table and a stack of business cases,” Holland added. “At the end of the day, you live with those payment terminals for about 10 years, so think about the business cases you’d like to deploy. It truly varies from retailer to retailer on what they can or need to do.”