IMGCAP(1)]
This article appears in the Feb. 5, 2009, edition of ISO&Agent Weekly.
Merchant efforts to steer shoppers to use personal identification numbers instead of signatures when paying with debit cards may be poised to move to a new front: the Internet.
Two companies plan to test rival software-based debit-processing systems this year and may fully launch them by mid-summer.
The difficulty with Web-based PIN debit, in which consumers enter PINs and their debit card numbers to complete transactions online, is keeping PINs safe from fraudsters and complying with operational regulations, according to ISOs.
Atlanta-based software vendor Acculynk Inc. and NYCE Payments Network LLC, a unit of Milwaukee-based Metavante Technologies Inc., however, believe their respective systems are secure and provide convenience and safety for debit cardholders.
Should one or both pilots succeed, it may represent good news for merchants tired of paying the steeper fees associated with accepting signature-debit or credit cards.
Analysts and ISOs, however, are hesitant to say these systems are the long sought-after answers to enabling PIN-debit purchases online.
The Pilots
For its pilot launch, Acculynk chose five merchants and multiple electronic funds transfer networks, including Accel/Exchange and NYCE, to test its system, says Nandan Sheth, Acculynk president. The Acculynk system recognizes a debit card after the customer keys in the card number. A pop-up window then asks the customer to enter the PIN using mouse clicks on a floating keypad.
As the customer clicks each number, the keypad scrambles itself, changing the location of each number. This rearrangement fools malicious software, or malware, that might try to track the mouse movements to capture the PIN, Sheth says.
In what may seem like hedging its bets, NYCE also is conducting a pilot to test a second rendition of its SafeDebit system, which the network tried unsuccessfully to roll out nearly a decade ago. This time, instead of using a CD-ROM to store the PIN, SafeDebit is built into the merchants' checkout screen. And instead of a floating keypad, customers click a dropdown box that offers SafeDebit as a payment choice.
When customers choose SafeDebit, the system prompts them to choose their issuer from a second dropdown box. If the customer's bank is a participating institution, the log-in screen for the bank appears in a pop-up window, and the customer logs in. Then the system generates a one-time-use debit card number and automatically fills in the rest of the fields in the merchant's checkout screen.
A Growing Market
Debit is a growing market, says Sheth. "We don't think we can convert all of those transactions over to PIN debit, but even if we come close and capture a fraction, you have a winning product with a critical mass that will only continue to grow."
Debit card payments in 2006 exceeded credit card payments, reported the Federal Reserve. Debit card payments rose 17.5% per year, to 25.3 billion in 2006 compared with 15.6 billion in 2003. Credit card payments rose 4.6% per year, to 21.7 billion in 2006 compared with 19 billion in 2003, according to the Fed.
The Fed also reported that consumers in 2006 used debit cards for 27.1% of noncash payments and credit cards for 23.3%, compared with roughly 19% for debit and 23% for credit in 2003. The agency typically conducts electronic-transaction studies every three years, says an agency spokesperson.
The difference between signature debit and PIN debit is an important distinction to many merchants, their acquiring banks and the payment networks because it has serious financial implications.
For example, a $40 signature-debit transaction made at a supermarket has an interchange rate of 1.05% plus 15 cents, for a total of $40.57, when using a MasterCard Worldwide rate. That same purchase as a PIN debit transaction is $40.255 to the merchant, when using a MasterCard rate of .255 cents per transaction.
These figures do not include processing and acquirer fees that merchants pay as part of the discount rate for their transactions.
Acculynk's goal is to set its Web-based PIN-transaction costs at about 30% below the cost of credit card processing, Sheth says. An Acculynk spokesperson says the transaction fee for the pilot has not been determined yet.
NYCE is not releasing its merchant rates for SafeDebit transactions.
Debate Over Fraud Risk
Despite the potential cost benefit to merchants, risk of fraud is reason enough for an ISO to steer merchants away from an online PIN-debit system, says Michael Wiener, president of Advanced Merchant Group, a Warminster, Pa.-based ISO.
"In Philadelphia, we just had a case where they found card skimmers in the gas pumps of a major convenience-store and gas-station chain," he says. "This is a multibillion-dollar company. You figure they are totally secure, PCI compliant, but they still got scammed. Knowing that, how comfortable would you be giving them your PIN? And knowing they can get scammed, how comfortable would you be giving your PIN over the Internet. It is all an issue of security," says Wiener.
That criticism just does not ring true, counters Accel/Exchange Network's Kelly. "How is it a worse idea than putting your Visa check card out there?" he says. "With the PIN, you have dual-factor identification. That is better than just a single verification. If you believe in the algorithm, and the security of the system, then you will be good to go," says Kelly.
