ISIS Collides With Magstripe’s Dominance

Written by Frank Hayes
April 11th, 2012

ISIS is scaling back expectations for how much its mobile payment system will be used, even before it launches. Last week, ISIS Chief Marketing Officer Ryan Hughes told GigaOM, “We’re not trying to hit a home run, but get a bunt single.” That’s wise, given the very low levels of customer use for Google Wallet and the relatively low usage and security issues that have muddied PayPal’s Home Depot trial. In fact, ISIS’s expectations may still be too high, considering what happened to Chip-and-PIN, contactless in the U.S.

After all, even the hottest things in retail-chain POS today—iPads and iPods outfitted with sleds—still only handle one type of payment device: a magstriped card.

Everyone agrees that magstripes are insecure and unreliable, easily cloned and easily damaged. Contact Chip-and-PIN is much more secure. Contactless is much more convenient. Tapping with a mobile phone would be secure, convenient and let chains deal in mobile coupons and more effective CRM. Visa, MasterCard, Google, ISIS, a whole slew of smaller mobile payments competitors, even the group of retail treasury types who are mulling their own new payments proposal—they’re all on board with the idea that magstripe’s time is done.

And that’s everyone, right? Well, except customers, who like their magstripes fine. And store managers and associates, who don’t want to deal with training hassles and unfamiliar processes and equipment, especially because magstripes are what all the customers already know how to use. And even retail IT departments, which often talk a good game for improved payment technologies but actually roll out in-store mobile checkout systems that only support magstripe.

In practice, magstripe is a veritable god for U.S. retail payment, worshiped almost universally. Retailers have been lukewarm to anything besides the stripe. Consumers have been oblivious to alternatives—even consumers who will use their phones to shop and buy online. Except for a few heretical gadget freaks, the standard drill is to swipe the stripe.

Chip-and-PIN can’t buy a break in the U.S. Contactless has so far been a huge waste of resources. Most major chains now support contactless, and many support contact chip (with or without PIN) at the fixed POS. But it’s all pro forma, because those non-magstripe capabilities go unused. Associates are, in effect, trained not to use them. Magstripe isn’t just a legacy. It’s what associates prefer, what POS hardware is optimized for and what customers assume as the default.

Even at Home Depot, where theoretically the entire chain has been refitted to handle PayPal’s new in-store payment cell-number-plus-PIN system, the alternative for any PayPal payer who finds that insecure is a plastic card with a magstripe.

And outside of major chains, the fastest growing alternative payment system, Square, requires magstripe.

The idea that magstripe is so well-entrenched didn’t seem possible when word of the Google and ISIS mobile wallet efforts first started leaking out.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.