Radio-frequency tags have been a hit with drivers for the past decade, using them at Mobil gas stations and at tollbooths, but U.S. businesses have been slower to invest in the infrastructure needed to implement the technology in retail settings. Visa is trying to change that mind-set, and in December launched a pilot program at Atlanta's Philips arena, home of the NBA's Hawks and the NHL's Thrashers, to prove the efficiency of contactless payment when crowds gather at concession stands.
Season ticket holders with Chase-issued Visa credit accounts and Cingular wireless accounts can make contactless payments at concession stands throughout the arena using near-frequency communication-enabled Nokia 3220 cell phones. Pilot testers wave the phone within an inch or two of a radio-frequency reader without the need for a PIN or a signature. In the arena setting, merchants feel they can make more money because their workers can spend more time helping customers and less time handling money.
Visa's contactless payment chip uses 128-bit and Triple Data Encryption Standard, or DES, encryption technology to protect the data used during a transaction, which includes the user's account number and a unique numeric code generated for each transaction.
The push to implement more convenient and more secure forms of payment comes as concerns mount over the security of PIN-based debit transactions that could allow thieves direct access to bank accounts. Visa has acknowledged that a U.S.-based merchant that accepts Visa payments "may have experienced a data security breach resulting in the compromise of Visa card account information." Visa then alerted banks, including Bank of America, Citibank, Washington Mutual, and Wells Fargo, whose customers might be affected by this data breach so that the banks could monitor transactions for fraud and, if necessary, reissue cards.
Visa, the FBI, and law enforcement in cities nationwide continue to search for the thieves, who apparently stole not just the encrypted PIN codes, but also the encryption keys needed to decode them. The PIN theft affecting Visa and a number of banks could inadvertently help the business case for moving to payment technologies that rely on microchips and radio-frequency sensors embedded on cards, key chains, or other devices, says Ron Carter, director of payment solutions for nCipher Corp., a provider of encryption technologies. "The level of fraud in the U.S. hasn't been high enough in the past to justify the change in infrastructure for vendors to support" chip-based payment devices, he says.
Although U.S. businesses have been slow to adopt contactless payment options, international support has blossomed. Japanese card issuer JCB International Co. this week agreed to share a common contactless communications protocol based on MasterCard's PayPass ISO/IEC14443 implementation specification, the same specification Visa agreed to support last March. JCB's adoption means major international card brands are expected to base contactless payment technology on the same communications protocol, ensuring international interoperability among payment systems.
Visa and MasterCard's vision of the future is in line with research and consulting firm TowerGroup's prediction that, by 2015, a large portion of consumer payments globally will move from cash to new mechanisms, including the Internet, mobile phones, and radio frequency-enabled devices. In fact, TowerGroup in a January report predicted that, by 2009, the total market for contactless micro payments--those worth less than $5--in the United States will reach $11.5 billion, with almost $5 billion of that transacted via mobile phones.