Chip & PIN ten years on: evolution at the check-out?

From its humble beginnings in Northampton more than a decade ago, Chip & PIN has grown to nationwide adoption. Since that original trial, the technology has had its fair share of ups and downs.

Advances in smart technologies, for example, have highlighted security vulnerabilities both in face to face payments and card not present transactions such as those made via telephone, internet and mail order. There have also been commercial problems in terms of liability in the case of unauthorised use.

In 2009 the FSA Payment Services Regulations addressed this issue by giving greater protection to cardholders, putting the onus on banks to prove that the cardholder was at fault. The trust users now have in the technology is reinforced by latest figures from the UK Cards Association which show card expenditure increasing, with spending on plastic cards in March 2013 up over 3% year-on-year, to £42 billion.

Despite widespread implementation, it is starting to be overtaken by emerging technologies such as contactless and near-field communications (NFC), with some industry experts predicting that the demise of chip and PIN may not be too far away.

However, these more recent technologies have also not been without their fair share of growing pains, with M&S's contactless system coming under media scrutiny and Tesco publicly questioning NFC's viability at a recent mobile payments conference just the latest examples of the problems faced by alternative payment technologies.

Invariably, robust security remains central to the successful adoption of any new in-store technology. From a retailer's perspective this fits into two categories: avoiding fraud and protecting internal and customer data.

For credit card transactions, all devices must be compliant with the Payment Card Industry Data Security Standard (PCI DSS), which demands that all companies that process, store or transmit any cardholder information, irrespective of their size, maintain a secure environment.

For this reason, retailers enabling Wi-Fi access to customers typically keep the customer network entirely separate from the store's own network, so ensuring data integrity and minimising opportunities for fraudulent activity.

As a result, concerns consumers once had concerning chip and PIN transactions are firmly consigned to the past, with today's transactions subject to the highest levels of security. The slightest challenge to the device – from power spikes to deliberate tampering – will automatically shut the device down and remove any data.

For the most part, today's consumers are comfortable with traditional payment transactions such as Chip & PIN, either at the checkout or, say, at the table in a restaurant. Yet they are naturally cautious about new in-store technologies such as contactless and typically express security concerns when considering innovations around payments.

According to the UK Cards Association, credit card fraud hit a ten-year low in 2011, with losses down by 36%. Last year, net remote banking fraud losses were flat as criminals reacted to the more sophisticated safety features and detection tools by switching to deceiving consumers into parting with their own cards, PINs and financial passwords.

Online banking fraud also rose in 2012 for similar reasons, as consumers fell victim to phishing attacks in divulging their log-in details. This has led to highly targeted education programmes aimed at those groups of customers at greatest risk.

The introduction of PayPal however has been much more successful. From a data protection standpoint this is highly secure, as the store doesn't 'see' customer information at any stage of the transaction, as it remains within PayPal.

Above all, security remains at the top of the retailer's agenda when considering new technologies. Not only is fraud illegal and costly, it is also potentially highly damaging to the retailer's reputation, knocking consumer confidence in the brand. 

As a result, retailers are determined, both for themselves and on the consumer's behalf, to ensure that nothing gets into or out of their network that shouldn't. For this reason, despite their appeal in bringing the store and the customer closer together, initial take-up of exciting new retail technologies has in some cases been slower than expected, as major chains make certain that the consumer experience is seamless, uniformly positive and secure.

While predictions of the demise of Chip & PIN may have been premature, the emergence of mobile technologies is undoubtedly changing the in-store environment.

As the growth of mobile concepts such the digital wallet and account-to-account payments highlights, the key to success of any new payment method will centre on whether it enhances the purchasing experience by making it easier for the customer. The technology that delivers this securely will surely be well-placed to overtake Chip & PIN as the mass-market means of paying for goods and services continues to evolve.

Vista Support