Will that be cash, credit — or finger?

Posted: August 1, 2008 in 2005, Articles
Tags: ,

Will that be cash, credit — or finger?

USA Today/Kathy Chu | December 2 2005

In need of toothpaste and ice, Laura Wadsworth dashed into a supermarket Monday in Mount Pleasant, S.C. She didn’t bring her wallet. Wadsworth paid by touching her index finger to a scanner. Ten seconds later, she was out the door.

A week before, Denise Day, a self-described “gas-station junkie,” grabbed a vanilla cappuccino and gum at a 7-Eleven in Denver. She paid in seconds by waving her Chase “Blink” contactless card in front of a reader, which lit up and beeped to tell her the transaction was done. “It’s definitely saved me a bit of time,” Day says. “I think it’s pretty cool.”

These new technologies, being rolled out at convenience stores, supermarkets and gas stations, could some day make it passé to carry bulky wallets. Without the need to dig for cash and checks at the register, the quick stop-and-go payments promise speedier transactions for consumers — and perhaps fatter profits for retailers.

They’re yet another step in society’s evolution from paper to electronic payments. In 2003, electronic payments such as credit and debit cards overtook cash and checks as the most common way to pay for purchases, the American Bankers Association reported.

No one knows, though, if these technologies will revolutionize the payment system, as magnetic stripes on credit cards did three decades ago. Skeptics wonder if security concerns will scare away most Americans.

After all, if the new payment methods make it easier for consumers to pay, couldn’t they make it easier for crooks, too? What happens if your personal information gets into the wrong hands?

“There are a lot of obstacles because there are standards that have not been resolved” and because of security concerns among consumers, says Gale Daikoku, research director for Gartner’s retail division. In an October report, she noted that the “hype” surrounding the finger-pay and contactless systems “far exceeds the level of customer interest.”

So far, banks have issued 3.5 million debit and credit cards to consumers to wave in front of scanners and pay at retailers such as McDonald’s, 7-Eleven and CVS drugstores. It’s unclear, though, how many people are using the cards.

The appeal is that there’s no need to run them through a machine. And no signing for purchases less than $25. By the end of 2006, banks will issue 25 million contactless debit and credit cards, according to the Nilson Report, which tracks the card industry. That’s one for about every nine adults in the USA.

The pay-by-finger system is already being used in hundreds of U.S. supermarkets, including Albertsons and Piggly Wiggly. It relies on fingerprinting, a biometrics technology that identifies people by physical traits. Your finger is scanned and linked to your payment information. At the register, you touch your finger to the reader, enter your phone number and select bank account or credit card. No cash or checks or credit cards to carry.

Ann Edwards of Coon Rapids, Minn., was one of the first to sign up for the pay-by-finger method at a Cub Foods supermarket last spring. Now, she uses it about once a week, because she thinks it’s “safe, easy and convenient.”

“A lot of it is how you were approached about it,” Edwards says. “They were very positive about it, so I felt like I could get on their bandwagon, too.”

Pay By Touch, a provider of the finger-touch technology, says it’s signed up hundreds of stores in large grocery chains. It doesn’t disclose customer enrollment rates. But at a typical Piggly Wiggly, an average of 30% to 40% of customers enroll, and they tend to shop more often and spend more each time, says Rita Postell of Piggly Wiggly Carolina Co., which has put the technology in all 83 company-owned stores.

A competitor, BioPay, has signed up 2.1 million consumers at 1,600 retail locations for its pay-by-finger technology and paycheck-cashing services combined. Pay-by-finger transactions are twice as fast as a cash payment, three times as fast as a credit cardand four times as fast as a check, BioPay estimates.

Convenience comes at a price, though. If your credit card or Social Security number is stolen, you can replace it. Not so with your fingerprint.

Fingerprint theft

Losing a fingerprint might seem harmless now. But it could be a risk if some day an impostor can digitally replicate that image and access your bank account or fake your ID card. The impostor could even use your print to create a mold of your finger to try to fool finger scanners, says Bryan Ichikawa, a consultant at Unisys, which advises companies on technology.

Wadsworth, 41, isn’t much concerned about security lapses. “How it was explained to me is basically it’s not that you’re having a fingerprint done” when you pay at the cash register, she says. “It’s a bunch of little dots that the computer recognizes, so it’s not like someone could pull it and have your actual fingerprint. That made me very comfortable.”

Pay By Touch takes fingerprints when customers enroll in the program. The image is then converted to about 40 unique points of the finger. Those points are stored in a computer system with “military-level encryption,” says John Morris, president of Pay By Touch. The fingerprint itself is discarded.

When customers touch the scanner, it recognizes the finger’s points. A fraudster couldn’t reverse-engineer those unique points back into a fingerprint, according to Morris, and it would be all but impossible to match the points of the finger to their owner.

BioPay also converts the finger’s image into points that are recognized when consumers pay with their fingers. But unlike Pay By Touch, BioPay keeps the fingerprints themselves — at a database at its Herndon, Va., headquarters — so retailers won’t have to re-enroll customers if the payment technology changes, says Donita Prakash, vice president of marketing at BioPay.

If an impostor joined the service using your payment information, authorities could use the offender’s fingerprint to track him or her down, Prakash notes.

Yet that’s exactly what concerns Pam Dixon, executive director of the World Privacy Forum. She fears that biometrics databases could become “a honey pot” for law-enforcement subpoenas that could violate consumers’ privacy. She also worries that the systems are being rolled out with little public understanding of the security risks, Dixon says.

“Eventually, there’s going to be a database breach,” she says. “These companies are not immune” to the security lapses that have hit companies such as CardSystems (now being acquired by Pay By Touch) and LexisNexis.

As fingerprints are increasingly used to identify consumers, fraudsters will have more opportunities to misuse this information. The Homeland Security Department is weighing whether to make fingerprints or iris scans part of state-issued identification cards for travelers and people collecting federal benefits.

The use of biometrics technology, along with PIN numbers and passwords, makes it hard to steal someone’s identity, security experts say. Still, no system is foolproof. How safe the information is depends on how companies gather and maintain it, says Anil Jain, a Michigan State University computer science professor.

Risk of fraud

Some think the pay-by-finger system won’t catch on as quickly as its rival technology, contactless credit cards. The two systems are fighting each other for acceptance. “It’s going to be bloody, because all of the solutions are competing for the attention and resources of the merchants,” says Gwenn Bezard, research director for Aite Group.

Contactless cards have an advantage, says David Robertson, publisher of the Nilson Report. That’s because banks can usually just mail contactless cards to their existing customers; the finger-pay system requires enrollment.

The cards are advanced, general-use versions of the Speedpass device ExxonMobil introduced in the late 1990s. Speedpass lets customers pay for gas with a tap of a keychain wand. The microchip in the card passes information to the electronic reader through radio-frequency waves.

Employee ID cards and card-sized toll boxes that stick on car windshields use similar technology to open office doors and let drivers whiz through toll booths. Increasingly, this technology is migrating to credit and debit cards as banks and retailers try to nudge consumers away from paying for small purchases with cash, which can be time-consuming, according to Francois Lasnier, a vice president at Axalto, which provides this technology.

“They want this to be your cash replacement,” Lasnier says. Because of the time savings, “I think that a lot of customers who are paying cash will find it more convenient now to use (these) cards.”

Some retailers no longer require signatures for small purchases. Still, a contactless payment is twice as fast as a no-signature credit card purchase and three times as fast as using cash, according to the Smart Card Alliance. That’s why it’s catching on at fast-food restaurants and convenience stores. These stores’ profits depend, in part, on how quickly they get customers — typically with small purchases — through the line.

“Our stores are all about speed, and our customers tell us all the time how busy they are,” says Bob Riesenbach, manager of new initiatives at Wawa, a chainthat’s put the technology in 540 convenience stores in five East Coast states. Doing purchases this way “means we don’t have to spend a few seconds getting change” for the customer.

A contactless-card transaction is usually more expensive for a retailer to process than a cash payment. But retailers that adopt contactless payments hope they’ll bring in more customers, offsetting higher costs. If that turns out to be false, then some could turn their backs on the new technology.

Security remains an overarching concern. If the cards make it easier for consumers to pay for purchases, it could do the same for fraudsters. Visa, MasterCard and American Express say that, as with other credit card payments, consumers aren’t liable for fraudulent transactions.

Encrypted data

And nothing is on the microchip that isn’t on the credit card itself. The data is also encrypted. So it’ll be hard for fraudsters to access it just by being near someone waving the card.

Retailers must get a signature for Visa and MasterCard contactless payments of $25 or more. American Express doesn’t require a signature for any contactless transaction, though some retailers may prefer to get one, says David Bonalle, a company vice president.

The idea of not signing for big-ticket transactions unnerves Jay Klauminzer, an American Express credit card holder in Cleveland.

“I’d want someone to verify that it’s me” for purchases of $100 or more, says Klauminzer, a 26-year-old management consultant. “I’ve dealt with identity theft in the past. Everybody says there’s zero liability,” but victims still must spend time clearing up their credit records.

Spokeswoman Rosa Alfonso says American Express “is constantly monitoring for fraud.”

Besides waving your credit card and paying with your finger, you may eventually be able to pay with your cellphone or BlackBerry. Using radio frequencies to transmit payment information, “We have really opened the door for a range of payment opportunities,” says Niki Manby, a vice president at Visa USA.

In a society driven by convenience, anything that speeds the payment process attracts consumers, says Curtis Arnold of CardRatings.com, a card-information site. But technology providers will need to convince consumers of the safety of their information before the technologies can become a staple in the checkout line.

“The contactless technology has promise, but it has risk,” Dixon says. “The biometric payment technology is efficient but poses fairly pronounced degrees of risk. I don’t think those risks have been adequately addressed for consumers yet.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s