|Interchange: Retailers Get Organized for Battle
For as long as merchants have been accepting cards, they’ve been complaining about the costs of card acceptance. What’s new these days is that they’re finally starting to fight back with an organized, industrywide campaign aimed at getting consumers, members of Congress, and—perhaps most important—banking regulators on their side.
On the Rise
(Projected weighted average bank card interchange)
Source: Morgan Stanley
The battle is all about interchange, the fees set by Visa U.S.A. and MasterCard International and collected by the card networks’ issuers from acquiring banks. The acquirers and their processors pass the fees on to retailers with a markup. Merchants are in a lather about interchange because, even though electronic transaction processing is supposed to make payments cost less, the fees keep going up, with the latest increases going into effect in April. Morgan Stanley analyst Kenneth Posner figures the weighted average bank card interchange rate is going to 1.86% by 2010, up 11 basis points from 2004 and 28 points in the 12 years since 1998 (chart).
“Interchange and related fees are becoming the largest and most overbearing part of [merchants’] cost structure,” says Mallory Duncan, senior vice president and general counsel of the National Retail Federation, a Washington, D.C. trade group representing general-merchandise retailers.
Now merchants want regulators to step in. Duncan is heading up a newly formed organization, called the Merchants Payments Coalition, that embraces some 13 retail trade associations, including the Food Marketing Institute, the National Restaurant Association, and groups representing everything from gas stations to online merchants, as well as the NRF. Their aim: to educate consumers about the costs they sustain because of what merchants must pay to accept cards and to get government—specifically, the Federal Reserve Board—to do something about interchange.
Says Duncan: “Consumers don’t appreciate how much they’re paying.” He argues interchange costs push up the prices consumers must pay for goods and services. Since bank card network rules ban differentiated pricing, retailers must charge cash payers the same price as credit card users, penalizing all consumers, he says. “The price that’s advertised has to be the credit card price,” he says. “This is something most people haven’t focused on.”
So far, the coalition, which came together only this winter, hasn’t been specific about how it would like government to act. Duncan hints that one avenue would be to force the banks to allow merchants to set prices linked to actual acceptance costs—something he calls “transparency.” Says he: “As long as you have transparency, a world where you can price freely, you can give a discount to those who pay by cash or check,” says Duncan. He says current acceptance regulations at Visa U.S.A. and MasterCard International are “designed to maintain [their] monopoly” over electronic payments.
The coalition may already be making an impact at the Fed, which the group argues has the authority to control interchange. While it is not yet clear the banking regulator has any intention of intervening in the near future—or at all—the Federal Reserve Bank of Kansas City sponsored a conference on interchange in Santa Fe, N.M., in May that drew high-level central bankers from around the world, a development the MPC says is a hopeful sign for its agenda. “When you see the Fed taking an interest, it might change some minds [at Visa and MasterCard],” says Duncan. “There’s a realization on the part of government that this is a legitimate issue.”
The new group is also concerned about discount fees set by American Express Co. and Discover Financial Services Inc., but it says its focus for now is on the bank card associations because “they have the monopoly,” says Duncan, meaning an overwhelming lead in market share for card-based payment. Bank card interchange—with an average 40 basis points added on by acquirers—cost retailers about $21 billion last year, based on Morgan Stanley’s estimates. MPC researchers estimate the cost is $25 billion, with merchants belonging to the coalition’s trade groups paying about one-fourth of that. The coalition says the members of its members account for 40% of all credit and debit card transactions in the U.S.
Morgan Stanley’s Posner argues interchange is being driven up by rewards-laden cards aimed at small businesses and affluent consumers, such as the Visa Signature and MasterCard World cards, which he says carry average interchange rates around 2.2%. This is a point the MPC agrees with. But the networks have introduced reductions in other segments, such as e-commerce, where they are trying to encourage activity. And in some markets overseas where regulators forced down rates, merchants haven’t been eager to share their newfound boon with customers. A report last year, for instance, said Australian merchants failed to pass on savings to customers after the Reserve Bank of Australia forced the card associations in 2003 to cut interchange by half.
In the end, retailers’ best hope for controlling interchange costs may lie, not in government intervention, but in the market. The Fed, say some observers, won’t ride to the rescue. “Merchants can wait forever,” says Gwenn Bezard, research director at The Aite Group. “[The Fed] has no intention of intervening.” Nor is continued litigation likely to be fruitful, even in the wake of the 2003 Wal-Mart settlement, which forced the banks to chop interchange on signature-based debit and pay Wal-Mart Stores Inc. and other plaintiffs $3 billion.
Instead, he says, merchants would be better off concentrating on building payment alternatives that appeal to consumers as much as the bank cards do. Examples: cobranded programs, developing or acquiring a payments network, and stressing lower-cost channels such as PIN debit and the automated clearing house.
This could require significant investments from companies whose primary business is selling goods, not managing payments. But Bezard sees leveraging market-based solutions as a test of how serious retailers really are this time about interchange. “Nobody can deny merchants have an issue,” he says. “But it’s a matter of will, a matter of investment. I’m not sure they’re all that interested.”
Are We Ready for Quantum Cryptography?
By Gideon Samid
The recent headlines about financial-data theft throw the spotlight on a new twist in cryptography that could protect in-transit data with a shield that would frustrate today’s savviest hackers. It all depends on how fast this technology evolves, on how badly banks and networks want it, and on how fast they can deploy it.
Public-key encryption, arguably, is one of the three conceptual building blocks of the entire profession. Invented in 1976, it still underlies most major financial cryptographic protocols. The earlier earth-shaking idea, called ‘One-Time Pad’, or the Vernam cipher, was invented by Gilbert Vernam as early as 1917! And the latest bombshell was introduced in 1984 by Bennett and Brassard: the idea of quantum computing.
First, a reality check: You can’t yet buy a tiny nifty quantum computer from your processor, or even in your neighborhood computer store. But when the embryonic models now being test-driven around the world develop and mature, the world of cryptography will change forever.
Here’s why. All the encryption systems now in common use rely on the slowness of today’s computers. Increased computing speed would crack them all. Since quantum computers are much faster, they would readily decommission RSA, DES, AES, and everything else, with no exceptions.
This would be a hackers’ delight, would it not?
Well, not quite. Because the new quantum idea combined with the old Vernam idea would usher in unbreakable cryptography. Unbreakable in the sense that no matter how powerful the hacker’s computers, and no matter how advanced their knowledge of mathematics, quantum encryption cannot be broken. How can one be so cocksure?
The difference between stealing your financial data and stealing your wallet is that, if stolen, your wallet would be missing, setting off all kinds of alarms the next time you reach for it. But if your data were stolen, it would still be there in the computer that holds it, and there would not be even a dim fingerprint to indicate the theft. It is this attribute that disturbs the sleep of legions of security officers. They never know for sure whether the financial data they store has been stealthily copied by the bad guys.
Quantum computing changes all that. Data expressed in quantum fashion cannot be stolen without leaving a mark of the theft. This is all based on a principle first identified by the German physicist Heisenberg: If you measure something in the subatomic world, you change the reading of your measurement. So you never know what the reading would have been absent the measurement. To steal data is akin to measuring it. Hence, if data were written in a subatomic alphabet, a hacker would corrupt the data with even the slightest attempt to read it. Conversely, if a sender and a receiver confirm to each other that they have the same data, they can be absolutely sure that no hacker has peeked into it.
When quantum data are handled (“touched”), they change stochastically—that is, in ways that can’t be predicted with any certainty. The change is a matter of probability. This uncertainty is not due to human ignorance, it is built in by God or nature (depending on how you prefer to see it). This remarkable observation is the foundation of quantum mechanics, and it has been consistent with all our experiments for about a century now. Such uncertainty means that when the intended reader reads the data he might get a different reading than the hacker!
One of the basic protocols now in development calls for the financial institution or processor and the customer to exchange data in a quantum mode. The data would be used as a one-time key for the old Vernam encryption, which is unbreakable, and this would drive hackers away from math and computing to physical theft and robbery. Having said that, one should always anticipate a clever hacker. Today’s hackers find so many holes in the implementation protocols that they don’t need to crack the ciphersystem to violate your data. What seems on the drawing board to be “safe” may be much less so on the street.
Also, two additional things might yet bail out the hackers. First, it will take some time before quantum connections become standard. Second, and more important, banks have time and again proven their conservative inertia in these matters. It might take a financial catastrophe to unseat the RSA, DES, and AES protocols.