Every so often, an idea comes along at just the right time to solve a big problem in the payments business, and makes you wonder, “Wow, how come nobody thought of that before?” With people’s credit and debit card numbers getting stolen left and right these days, we may be seeing just that with new apps that “turn off” your cards when not in use.
The idea behind the new wave of apps is the total opposite of what we’re used to hearing about payments security. After every major data breach, stories warn of hit-and-miss protection at the point of sale, and we’re reminded that banks and retailers need to run a tighter ship in the IT department if our data is ever going to be safe. In fact, American businesses are about to spend several billion dollars replacing every credit card and card reader in the country with new ones that use EMV, the chip-based card system prevalent in Europe.
Only 100 downloads? Surely people don’t know what they’re missing
The problem with that approach is, it means the individual consumer is largely a bystander in the card-security fight, unable to affect it much, but certainly at risk of suffering from the outcome. Beyond exercising some basic common sense about when and where to use your card, you are essentially just along for the ride; pay for anything from groceries to insurance, and there is literally nothing you can do to prevent the company on the receiving end from being hacked, infiltrated, or otherwise compromised, and no way of telling if that’s likely.
But this approach is more like, “Go ahead and steal my credit card number. In fact, it’s probably going to be stolen anyway, if it hasn’t been already. I’ll just make sure that when you do steal it, you won’t be able to use it.” That ability to seize back some amount of control in this fight is quite appealing.
I resolved to try it out for myself shortly after hearing about it, so I looked some apps up on Google Play, settling on Fiserv’s CardValet, which had been launched quietly in a January press release. Surprisingly, only 100 people had downloaded it so far, albeit to mostly positive reviews. The documentation revealed even more ambitious features beyond merely “parking” your card, such as notifications based on location or the type of merchant, and the ability to set dollar limits. So, what was the terrible catch?
Unfortunately, there was a major one: CardValet is not a universal app; it only works with debit cards for now, and only with those from selected banks that have signed up for the service. A Fiserv spokesperson confirmed that the app will eventually be expanded to include credit cards, though at launch, the focus was on debit cards in order to reach the maximum number of potential customers.
Unfortunately, plug-and-play is not the way most of these apps are going to be.
That part is actually a smart move, because in addition to representing a higher proportion of transactions (38% of all payments in the U.S. versus 21% for credit), debit cards also tend to suffer from inferior protection against fraud, opening you to potentially limitless liability if not reported quickly. What’s more, in the meantime, you are not just disputing a charge on a bill – your money is actually gone. So as the more urgent of the two problems for consumers, attacking debit first in a consumer app makes sense.
Now, with the shift to EMV (chip-based “smart” cards) already under way, you might wonder: What’s the use of this kind of app? Aren’t the new cards going to protect me already? The answer is only partly; EMV does a great job of stopping card fraud at the point of sale using cloned cards, but it’s no good at all against online fraud. In fact, in countries where they’ve had time to study the effect of EMV, one very consistent pattern is that shortly after the new technology’s introduction, most card fraud migrates online or overseas.
In other words, the criminals will still steal your card data one way or another, and then instead of cloning a physical card, they’ll use it online, where EMV is not enforced. Parking your card would be one way to close that wide-open backdoor.
But, back to the one major problem: Without some cooperation and standardization, a card-parking app is going to be a tough sell. In my attempt to try CardValet, for example, if my bank hadn’t signed up with the service, I was out of luck. The way that works isn’t Fiserv’s fault – no bank is going to let an app go in and start manipulating account information without some ironclad agreements and protections in place behind the scenes, and frankly, that’s the way it should be.
What it means, though, is that my ideal scenario – being able to turn ALL of my cards on or off from one place, rather than relying on an army of competing apps for each card – seems unlikely in the near future. I’d wager most of us would want the same thing; and since most Americans also have more than one card, that could present a major pain point in the coming years. Perhaps one day, a single app, or a combination of two or three, will build enough momentum to reach the critical mass where they become convenient and near-universal. Until then, however long it takes – 18 months? Years? Decades? – credit-card parking may remain a great technology in waiting.