The debit interchange proposal in the regulatory reform bill is expected to hurt issuers' bottom lines but could lead to new revenue opportunities for terminal makers.
The proposal, which would give the Federal Reserve authority to set "reasonable and proportional" interchange rates for debit transactions, allows issuers' fraud-prevention expenses to be factored into rate calculations.
It would let the Fed set standards for determining such costs and require issuers "to take effective steps to reduce the occurrence of, and costs from, fraud in relation to electronic debit transactions, including through the development and implementation of cost-effective fraud-prevention technology."
Depending on its interpretation, the language could give Visa Inc., MasterCard Inc. and the other card associations more muscle to enforce payment card industry security requirements and might boost sales for payment terminal makers such as VeriFone Systems Inc. and Hypercom Corp., according to Darrin Peller, an analyst with Barclays Capital.
"If there is legislation that says, 'We the Fed technically can review issuers to make sure they are [using]all the fraud-preventing technologies" available, "that might give a little more teeth to PCI overall," Peller said in an interview this week.
More stringent enforcement by the card brands would drive merchants with out-of-date systems to upgrade.
"It really could benefit any terminal manufacturer," Peller said.
The interchange proposal does not specifically mention PCI requirements, but in a research note issued Monday, Peller noted that Visa had reportedly granted a deadline extension to Exxon Mobil Corp. to Dec. 31 for new PCI requirements that take effect today.
Visa also has indicated it will not fine retailers for failing to upgrade their PIN pads to PCI-compliant ones until August 2012, under other PCI requirements that take effect Thursday, according to Peller.
Visa and MasterCard did not respond to inquiries this week.
Pete Bartolik, a spokesman for VeriFone of San Jose, Calif., wrote in an e-mail that it was premature for the company to speculate on the impact of the legislation. A spokesman for Hypercom in Scottsdale, Ariz., also declined to comment.
Bob Carr, the chairman and chief executive of the Princeton, N.J., payments processor Heartland Payment Systems Inc., said Wednesday that he doubts the card associations need more muscle to enforce PCI requirements but agreed the proposal could have positive implications for technology providers.
"I think the Federal Reserve might come up with security ideas above and beyond PCI" that are not necessarily requirements but guidelines for additional steps merchants can take to prevent fraud, Carr said.
Heartland in May debuted its E3 payment terminals that encrypt cardholder data when a card is swiped instead of after the data has been transmitted to a merchant's processor.
The regulation could also motivate card brands and their issuers to roll out smart cards that meet the EMV Integrated Circuit Card Specifications, which are considered more secure because they do not store data in magnetic stripes, in the United States, he added.
"By this legislation calling out for improving security by the issuers and therefore the card brands, I think [it] gives them a lot of reason to go to" EMV, Carr said.
Heartland expects to do additional development work so its processing systems reflect new rates if the Fed reworks the interchange rates, he said.
The interchange proposal also prohibits card networks from fining merchants for setting up to a $10 minimum for card payments.