Non-tech retailers, no banks, and mobile payments, what could possibly go wrong?

In the world of technology, particularly consumer-rich mobile technology, we have grown accustomed to the fan-boyism on various platforms. The iOS guys bash on the Android guys, the Android guys bash on the iOS guys, the Windows Phone guys bash on everyone else, and the BlackBerry guys…well, John Chen is leading that charge for the fans for now.

Fan-boys are not restricted to iOS or Android, et al, the carriers and companies that make the technology work have fan bases too, perhaps to a lesser degree. Big Red has network fans, T-Mobile’s rock star CEO, John Legere, has groupies as far as I can tell, and even AT&T manages a loyal, if somewhat less vocal following.

The point about all that fan-boy stuff is that Apple, Google, Microsoft, and BlackBerry, along with their relevant OEM partners, are proficient at technology solutions and making them work. They also have close relationships with the companies that run the internet, provide mobile service, and do so with an amazing record of reliability. Retailers on the other hand, sell the stuff. They don’t “make” anything in the realm of technology that is used by a significant portion of the population at any given moment.

That connected relationship spills over to financial institutions whose relationship with technology is focused on balancing security and convenience. It has not been a perfect performance record, but compared to retailers, the banks, mobile networks, Apple (even with its iCloud debacle), Google, and the rest, all look like Fort Knox.

Case in point, Target and Home Depot suffered a total failure of security in their respective point of sale systems, resulting in the compromise of tens-of-millions of customer records, credit card numbers, and addresses. While the retailers patched holes in their systems, it was up to the credit companies and banks to clean up the mess, I know because USAA proactively contacted me to replace my card which I used at Home Depot, and now I will taking my business elsewhere.

Necessary evil

Credit card transactions are viewed as a necessary evil by a lot of retailers. Accepting cards costs money.  If they could make the choice without taking a hit in business, they wouldn’t accept cards, but they do. The technology sector has been making big advances in simplifying, and by extension, making more secure, transactions at the point of sale. Apple Pay is the latest installment in that effort. It is not the first to come on the stage, SoftCard and Google Wallet pre-date it by months and years, and function well, but Apple’s execution is arguably the most polished iteration of the solution to date.

Here come the clowns

Enter the Merchant Customer Exchange (MCX), of which Target happens to be a member of, and spearheaded by Walmart. MCX has aligned a few dozen retailers to be part of a service called CurrentC, an archaic (by modern standards) mobile payment system. Instead of simply tapping your device at a payment station, and letting NFC do the work, CurrentC will have you start by first opening the app, scan a QR code generated by the point of sale screen with your phone’s camera, then show the image to the cashier, who, in turn, scans the image of the QR code on your phone with their scan-gun, then wait for the confirmation.

In theory, the method itself is very secure. The QR codes are unique for every transaction, and no one sees any bank account information at the point of sale. CurrentC is operating in a limited Beta right now, and should see commercial deployment sometime next year. However, before the average consumer is assaulted with yet another way to pay for something, the program is already stumbling, as CurrentC’s systems have been breached in a number of the program’s participants’ email addresses have been stolen.

The problem with CurrentC isn’t the process by itself, it’s the inconvenience coupled with no foundation to instill trust in the system or the merchant. One of the biggest retailers in the world, Target, completely mismanaged its point of sale network security, resulting in 40 million credit card numbers, and 70 million addresses, being stolen. That story was even better though, because Target’s network security team in India saw the breach preparation in action, and alerted the company’s operations center in Minnesota. Then an amazing thing happened, nothing. That’s right, Target did nothing to stop it.

Is that the type of operation you want involved in your mobile payment solution? At least if there is credit card fraud, if discovered, it is not your money. It’s the bank’s money, so even if the perpetrators manage to grab some money, it doesn’t come out of your wallet. CurrentC is designed to tie directly into your checking or savings account, ostensibly giving the the app more personal information than Apple Pay, Google Wallet, or SoftCard who only require card data, not bank account numbers and social security numbers.

Security is hard, it’s harder if you’re inept

Companies that offer network security services on this scale, such as, Verizon Enterprise Solutions, AT&T Enterprise Business, Level 3 Communications, and others, are good at it because these literally are the networks the internet actually feeds off of. The autonomous system backbones are the top tier, from which all other network traffic touches, of our voice and data communications, including financial transactions.

Verizon Enterprise Solutions conducted a multi-year study and determined that only 31% of self-monitoring companies discover breaches in security. The number is even worse for retailers: 5%. That effectively means that the retail sector as a whole is unable to detect breaches in its networks.

CurrentC may work with an established solution created by Paydiant, but it’s all for naught if the retailers’ merchant networks are not secure, which, apparently, the retailers wouldn’t know one way or the other anyway, but hey, QR codes.

A merchant solution, not a customer solution

In its defense, CurrentC does not exist solely to compete with Apple Pay, Google Wallet, or SoftCard, though it will do just that. Rather, CurrentC is meant to be an end-run around the credit card companies, like Visa and MasterCard, two companies that process nearly every card swipe transaction in the world, in an effort to avoid paying interchange fees. Translation: it’s about money (what isn’t?).

Whenever you or I swipe a credit card at a place of business, there is a fee the merchant pays for offering the convenience of paying via plastic. For small businesses, these fees are usually a percentage of the transaction value, it is a notable overhead cost. These fees can run in excess of 4% in some cases with no cap. For example, you swipe your card on a $100 transaction, and at 3%, $3 is taken off the top, and the merchant nets $97 on whatever item or service it sold. On a $40 transaction, a 3% fee is $1.20.

For larger businesses though, the rates on the fees are much, much smaller due to sheer volume. These fees are usually a combination of a fixed amount with a percentage based on the transaction. On average, the overhead ranges between somewhere under 1% to 2%. A $40 transaction at a large retailer might have a fee of 65 cents on average. You can bet that a large retailer like Walmart or Target is at the absolute bottom range of that average.

The fees get split between a number of parties involved in the transaction, the card issuing bank generally gets the lion’s share, and a few pennies going to whoever the merchant provider is. Out of a 3% fee of $1.20, maybe a little less than a dollar of that might go to the bank, 10 or 15 cents pay out to the merchant provider, while Visa and MasterCard get the leftovers. For Visa and MasterCard, their fee is based on a fraction of a percentage of the transaction.

What is troubling about CurrentC is that Walmart’s CEO said he doesn’t even care if MCX succeeds, he just wants Visa to suffer. How does that ring for a product that strives to create a “thoughtful customer relationship” experience? Yes Walmart, by all means, make it harder for people to give you their money; you will find out fast that it isn’t Visa, MasterCard, Discover, Carte Blanche, or the banks that suffer.

I get it, I really do. I have owned businesses before and understand how important profit margins are, and the big-box stores operate on pretty thin margins. For a business like Walmart, whose massive stores provide not only a lot of wares to sell, but also generate an enormous amount of overhead cost, every penny affects the bottom line. MCX is not about the customer though, it’s about the merchant, and customers are not going to go through a protracted five or six step process when Apple Pay and Google Wallet can do it in two. All things being equal, paying an overhead cost of roughly 1% on millions of transactions each day is about as good as it will ever get for any retailer. Walmart would save more money by implementing ways to save energy consumption on its 100,000 square-foot stores.

Adapt to market conditions before they leave you behind

As pervasive as Visa and MasterCard credit and debit cards are, up to, and including government assistance for low-income individuals (EBT cards), MCX, Walmart, Target, et al, are kidding themselves if they think their solution has a chance without the buy-in of Apple, Google, and the banks. If you think about it, all Apple and Google have have to do is drop CurrentC from their respective app stores and call it a day. The banks are not going to sit idly by while they see their share of the interchange fees disappear either.

Walmart may be the world’s biggest employer, but I’m betting it doesn’t have the stones to take on Google and Apple together, along with the two or three of the biggest banks. I would love to broker a phone call between Tim Cook and Larry Page to discuss that.

The retailers need to negotiate their terms with the credit card companies in good faith, and adapt their business models to operate under the current market conditions.  I don’t mind writing that I’m not choking back any tears at the prospect of Walmart and its other national retail partners trying to game around a one-penny-or-less-per-dollar cost associated with companies that are helping them bring in revenue.

Nothing is accomplished by making it harder for people to pay you. If MCX really wants to do that, it can toss the CurrentC app completely and simply instruct its member retailers to adopt OnePlus’ invitation system.  That will stop commerce in its tracks...and they thought interchange fees were expensive.

references: BusienssWeek, TechCrunch, UniBul Merchant Services