THE EVOLUTION OF CARDS
Perhaps the biggest driver for the ‘magstripe’ technology was the prevalence of credit card fraud in the 1960s, which was hard to prevent with the lag between purchase and account verification. Using a device called a zip-zap machine, a merchant would apply a roller over paper covering the raised numbers on the customer’s card, then physically take the paper to the bank. The bank would read it optically and manually check the number against known fraudulent accounts. That process could take days.
A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card. The magnetic stripe, sometimes called swipe card or magstripe, is read by swiping past a magnetic reading head. Magnetic stripe cards are commonly used in credit cards, identity cards, and transportation tickets.
Magstripe has been in use since the start of plastic cards in the 1960s. Initially the technology was thought to be very reliable, but in a few years fraud cases started to rise again. The data stored in the magnetic strip of such cards can be very easily read using low cost skimmers. Once the card is skimmed, it can be cloned to produce a card with identical data in its magstripe. Only if the PIN of the original card is known, the cloned card can be used just like the original card at ATMs to withdraw cash and POS terminals to make payments.
With the increase in credit card fraud in mag-stripe cards, card issuers started looking for a safer alternative. That is when EMV chip cards started being used. EMVCo is the standards body which defines specifications for production and use of the Chip and PIN card. Card fraud has fallen drastically since the introduction of EMV cards worldwide.
Unlike the magstripe card, the EMV Card has its data stored in an embedded chip. This data is kept in encrypted format rather than in plain text. So, first of all, anyone cannot retrieve data from the chip. Secondly, even if someone is able to get the data, it will be in encrypted form, which requires decryption to be meaningful data.
The first ‘smartcard’ was introduced in Bangladesh in 2007 by just one of the banks. However, the migration was going pretty slow until a couple of years back, when Bangladesh Bank announced a mandate for EMV migration. Since then, several of the banks have started migration to EMV. A few card scam incidents have made banks more conscious about their users’ security, causing them to adopt this more secure mode of payment.
EMV evolution to Contactless
A contactless smart card is a contactless credential whose dimensions are credit-card size. Its embedded integrated circuits can store (and sometimes process) data and communicate with a terminal via NFC. Commonplace uses include transit tickets and passports.
Contactless smart cards were first used for electronic ticketing in 1996 in Hong Kong with the Octopus card for the territory’s mass transit system. Since then, smart cards with contactless interfaces have been increasingly popular for payment and ticketing applications such as mass transit. Contactless fare collection is increasingly being used globally to enhance efficiency in public transit. Transaction time is a very important factor for transit, where just a few seconds per traveler can cause huge queues in subway stations.
Contactless card in payment is something very new to Bangladesh. Only recently, contactless card payment has been introduced in selected public transport within Dhaka.
Card-Not-Present transactions are those where the transaction takes place without the need for the physical card to be in hand. Online transactions are CNP transactions. Anyone can purchase online if he has just the PAN and CVV of a valid payment card. This makes online payments one of the most insecure modes of payment. EMV is yet to define a specification for such payments. However, issuers are adding several security features to protect their users from online fraud.
In Bangladesh, online payments constitute only a small portion of the total payment industry. Even when ordering for a product online, most buyers usually prefer to pay in Cash-On-Delivery mode, as they feel more comfortable to check out the product physically before paying. Banks here have introduced security features like OTP (One Time Password) via SMS, hardware tokens and software tokens to authenticate their cardholders.
EMV long term evolution to HCE
HCE, or Host Card Emulation is the latest technology which is being used in payments. It enables the digitization of payment cards onto a user’s mobile phone. Once his device has a digitized copy of his physical card, he can use it to do all his banking activities from his phone. He can also make payments using his phone’s contactless interface (NFC). Apple Pay, Samsung Pay and Android Pay are examples of the use of HCE. EMVCo’s HCE specifications were followed to build these HCE-based systems.
The major advantage to users, of using HCE is that it reduces the dependency on physical cards and the hassle of carrying multiple cards in the wallet. With adoption of HCE, the user only needs to carry his mobile phone with him, from where he can access and use all his cards for payments. Sensitive card information is less likely to be compromised as data are kept in encrypted form within the device. Also, during transactions, virtual card numbers or tokens are used, which are replenished in regular intervals. Even if the token falls in wrong hands, it will no longer be usable for transactions. HCE is being used in several countries around the globe, where societies are slowly but surely moving towards becoming cashless. In Bangladesh, a large portion of its population took this step in the form of mobile financial services. With more people opening bank accounts and becoming cardholders, the popularity of HCE is bound to increase, especially through the upcoming generation of young technology savvy users.
EMV evolution to QR
With the growth of HCE and NFC payments globally, card acquirers were in need of large investments to replace their existing terminals with NFC-compatible ones. This is when QR code based payments gained popularity and acceptance in many regions of the world.
QR (Quick Response) Code is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached. The QR code became popular outside the automotive industry due to its fast readability and greater storage capacity compared to standard barcodes.
Benefits of QR Code includes
• No special equipment is needed. You just need a camera on your mobile phone to make a QR payment.
• It’s quick and easy to use. The sender does not need to enter the details of the receiver. Just scanning the QR will identify the receiver.
• It’s convenient. You can pay using QR codes from any location with just a few taps on you mobile device.
• Storing your payment details in your mobile phone and carrying it around is much safer than bringing your entire wallet full of cash and credit cards everywhere you go. The chances of theft and fraudulent purchases using your payment details are much less with QR codes.
QR codes are a promising trend for the future of mobile payments, and are an exciting, easy and convenient way to pay using just your mobile phone. With the Bangladesh market being cost-sensitive, banks tend to adopt this method of payment as their first priority for digitizing their system. A few QR code based systems have already been launched, while several others are in the pipeline to be released. QR code based payments may turn out to be a common thing in the future, keeping in mind the high rate of smartphone penetration in this region of the world. ■