Banks are set to face more competition in the lucrative mobile point of sale technology game as secret trials featuring Twitter founder Jack Dorsey's payments company Square are set to help credit card companies allow more payments through smartphone screens.
The PCI Security Standards Council, which comprises the five largest global credit card companies, is expected to green light the way Square captures PIN numbers through smartphones. The move will frustrate big banks that make significant profit from older proprietary payments terminals with buttons.
The Australian Financial Review understands payment industry executives have been briefed by the standards body that it is close to finalising a new global standard for "PIN on glass", or "Mobile PIN", technology. This allows merchants to turn smartphones or tablets into a payments terminal by downloading software and plugging a small card reader into the headphone jack.
The final global standard, which could be published around the end of September, is likely to approve "PIN on glass", according to payments industry sources.
The world's biggest credit card company, Visa, is also said to be comfortable with the technology following its own 18-month pilot of Square in Australia and Britain. The trial found it met Visa's requirements for scalability, user experience and security.
Global standards
Visa said its "Mobile Chip-and-PIN Pilot Program" in Australia and Britain is ongoing and scheduled to run until the end of 2018, but if the PCI issues global standards before this time the Visa pilot conclusion date will be reviewed.
"At this stage, the technology is performing well within our expectations. We are working closely with the PCI Security Standards Council to share our learnings," said Sam Gianniotis, head of risk for Visa in Australia, New Zealand and the South Pacific.
"As always, our objective is to ensure responsible innovation that benefits consumers and merchants while maintaining the integrity of the payments ecosystem.
"We fundamentally believe that mobile point-of-sale (mPOS) is a payment innovation that adds value to financial institutions, merchants and consumers, all of whom are provided a new, convenient and secure way to transact. Visa will continue to drive new ways to pay and be paid, while always adhering to our security standards, for the benefit of consumers and the ecosystem."
Australian banks have grown accustomed to the fees on the widespread use of their own terminals, which also increasingly serve as a fulcrum in the business's customer relationships.
The banks have invested hundreds of millions of dollars in their own terminals to meet the strict standards previously stipulated by the card schemes, and will fear the ability of more disruptive competitors to offer cheaper solutions before potentially expanding into core areas of banking such as providing business loans.
"If standards are important and necessary then they should be adopted by everyone, otherwise they should be scrapped," said a senior technology executive in one of the big banks.
Competitive threat
Visa invested in Square in 2011; in an early 2016 filing it said it owned 9.99 per cent of the class A shares of the New York Stock Exchange-listed company.
Square is exceeding its sales expectations in Australia, saying last month it had 60,000 merchant customers, more than double its internal targets when it set up locally in 2016. That is just 10,000 below of the number of Commonwealth Bank of Australia Albert terminals, a seven-inch Android tablet built with Wincor Nixdorf.
The Australian Payments Network (formerly the Australian Payments Clearing Association) is monitoring developments closely to determine if the new PCI standards are adopted for eftpos debit cards. Eftpos's standards traditionally adhere to the PCI, but AusPayNet may be grappling with "PIN on glass" given the competitive threat to bank-owned solutions.
The international card schemes like mobile point of sale technology because it will allow more credit card payments to be taken by merchants in emerging markets.
Proponents of the technology say it is more secure than traditional payments terminals, because the PIN is captured by the smartphone's software and hardware, whereas the card number is captured by the card reader, meaning the two critical numbers are stored, in encrypted form, on two separate devices, compared to the EMV encryption on traditional payments terminals where card numbers and PIN are taken by the same device.
