This week I received an interesting email. It read something like this: “Check your statement!”, and had a link to a New York Times article regarding a skimming attack at a restaurant I just ate at in New York City. The timing of the visit and the article lead me to believe that the skimming attack was a past event and that the perpetrators have long since been arrested and are no longer under the employ of the restaurant, so I wasn’t too worried about my account.
Skimming isn’t a new crime. While in college in the 90’s, I waited tables and had a co-worker who was ultimately arrested for skimming. Back then skimming wasn’t a front page of the New York Times sort of crime. It was a crime of opportunity usually performed by a single person who was either down on their luck or just thought they wouldn’t be caught.
This is not the case today. Skimming is a high tech, well-organized crime where thousands of card numbers are stolen every year. The technology to perform these attacks is readily available on the Internet and there seems to be no shortage of people who are willing to be a part of this criminal activity. Furthermore, skimming is now a front page story. We all see the reports on the news, in the papers and on the internet for even relatively minor events.
That said, I think we can all agree that in today’s transacting environment in the United States, skimming is something that merchants are going to have to deal with. I specify the United States as most of the developed nations in the world have largely eliminated the skimming opportunity through the deployment of pay at the table/consumer (card never leaves the consumer’s possession) and the use of EMV.
Clearly the merchant community in the United States has been reluctant to implement pay at the table as the business case hasn’t traditionally been strong. That said, the environment has materially changed and the time may be now. First, Visa is bringing EMV to the states. This is great news for everybody except for criminals that feed on stolen card data as there is a dynamic component to the transmitted information in EMV transactions which is ultimately validated by the issuer. Unfortunately, Visa has suggested that they may not require a PIN for EMV transactions here in the states. This ultimately decreases a merchant’s confidence that the person holding a card is the person that owns the account and therefore the risk of a chargeback is higher than if the cardholder is required to enter a PIN. Getting in front of this technology as well as enabling debit PIN entry table side provides support to the business case.
Next, Google, ISIS and others are bringing NFC payments to the consumer market. Many have said that 2012 is the year of NFC. I am not sure about that, but I am sure that the number of merchants and consumers who will be able to transact via NFC is going to be substantial next year. Perfect fits for this technology are merchant environments where their patrons visit multiple times a month – read restaurants. While we might be trained to hand our card over to a waiter, it is a much more personal act to hand over your phone to a waiter for him to disappear for several minutes at a time. In short, broad NFC adoption will require pay at the table.
Another challenge in the restaurant space is actually knowing who your clients are. Pay at the table provides a perfect opportunity for consumers to opt in to loyalty programs and to be known to their restaurant of choice. My wife and I have recently signed up to a loyalty program with a national steakhouse via filling out a piece of paper. While their follow up offer to us was successful (we visited the restaurant which is 20 miles from our house again within 30 days), I hate to think about the manual data entry errors and the ultimate cost of acquiring that data. Hence if collecting client data is important, pay at the table is probably the best way to get that data.
I would be remiss not to mention other benefits associated with pay at the table including better customer experience, faster table turn and the ability to provide a consistent and specific message to the person picking up the tab.
All of those items build up to a pretty solid business case, yet there is one more component to consider: significantly reducing the opportunity to skim card data. While this isn’t going to make marketing’s list of most important items like loyalty account acquisition, I think marketing would agree that staying out of the New York Times for all the wrong reasons would be a priority for them.
At the end of the day, forward thinking restaurants need to take a real look at pay at the table as the business case components have materially changed. Personally I hope to pay at my table in the near future as I don’t want to have to deal with the credit card company when my card data is stolen.
Chris Souther
ibrahima sow
Frantz COORNAERT