Who’s Afraid of the Big Bad Chase?

Written by Evan Schuman
May 26th, 2005

When JP Morgan Chase?the nation’s largest issuer of credit cards?announced last week that it was incorporating contactless payment capabilities in all upcoming credit cards, it was a huge legitimizing moment for contactless.

It generated lots of consumer buzz for the feature that Chase calls ?Blink? and it is most likely the first RFID-enabled payment device that became a punchline on Saturday Night Live. (The JP Morgan folk loved that.)

But for all of the attention, it is technologically dull. It’s not a smartcard, so there’s no great CRM potential.

It houses no security technology that goes beyond what many credit cards?including those from Chase?already have, and it will look and feel like today’s typical credit cards, even down to the magstripe on its back.

When you cut through the hype, all you have is a card that can shave a few seconds?maybe a fraction of a minute?off of a transaction.

For a retailer who makes more money the more people he or she can push through cashier lanes, that absolutely is exciting.

Chase could have done this years ago, but it was waiting for some of the more speed-sensitive merchants?convenience stores, quick-service restaurants, drive-throughs of all types, etc.?to start taking credit cards at all.

It was just a few years since most such locations were overwhelmingly cash-dominant.

For the card to be used contactless, the customer must waive the card about two inches in front of the reader. This doesn’t have the distance of an EZPass, and certainly not the range of anti-theft devices.

But the card never has to leave the hand and that’s where much of the time savings come in.

Scott Rau, who is a senior VP for Chase Bank USA, estimated that a typical quickserve order?from when the order is place to when the customer is driving out the driveway?is about two and a half minutes.

With a contactless-enabled card, Rau said it should be about 20 seconds less. That adds up quickly.

But the initial contactless card will still likely live in a wallet inside a pocket, which requires time to pull out.

Mobil addressed that contactless issue a few years ago with its fob-based SpeedPass, designed to hang off of the keychain. Or EZPass, mounted to a window with a much-greater reader range.

In a few years, don’t be surprised to see contactless payment rings, where groceries can be purchased with a Jedi-like wave of the hand.

But there is a more immediate Blink time savings, compared with today’s regular credit cards: While some customers will still hear, “You want fries with that?” they are not going to hear, “Sign here, please” nor “type your PIN here.” (Actually, they usually say “Type your PIN number here,” but I’ve come to the conclusion they are merely trying to drive me insane. I think they only do it for editors.)

This is a classic reality versus perception issue. Consumers perceive wireless to be less secure and they see contactless as just another form of wireless.

Well, with a wireless LAN or a typical laptop at a Starbucks, they’re right.

Oddly enough, those they generally assume are secure.

So back to Chase. They know that consumers are worried about identity theft and various fraud and theft efforts and that they are worried about new devices in general and wireless in particular.

Therefore, with the new device, they have eliminated the security gesture of the cards it is replacing.

No more PIN, the verifier of choice for debit cards, and no more signatures for credit cards.

Why is this perception versus reality? I’m reminded of the fraud and theft fears that dominated the consumer press about 10 years ago, when e-commerce was just starting.

Consumers would ask whether giving credit card numbers to major Web sites was safe.

The e-commerce answer back then?and it’s the same contactless answer today?was “Compared with what?” Are you safe using credit cards for e-commerce? No, not really. Not at all, actually.

But, the question that was asked 10 years ago went, are you materially less safe than you are doing what you typically do?

Which is more risky? Giving your credit card number on an encrypted payment page at or handing your credit card to an anonymous 16-year-old at some gas station you pulled into at 2 a.m.?

That’s the same 16-year-old, by the way, who took your credit card behind a closed door and re-emerged five minutes later.

How much security is your credit card signature truly providing you? How often do cashiers look at your signature and compare it to the one on the back of the card?

Years ago, American Express used to include scans of every receipt?with the cardmember’s signature on it?with every bill issued.

They stopped because nobody bothered to look at it.

Chase’s argument is that the card is safer because it doesn’t leave the consumer’s possession.

That’s a nice, comforting answer until you realize that the thief doesn’t need to have the card for more than the split second the scan needs.

As the Saturday Night Live joke went, Chase is allowing its customers to be ripped off faster and more conveniently than ever before.

The fact is that the strongest protection the cards offer today is much more effective than the highest level of encryption: a policy whereby they’ll waive charges you can convince them were fraudulent.

With that security device, all you have to do is trust Chase. Uh-oh.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.