by Natasja Bolton, Senior Acquirer Support QSA
The UK Cards Association’s 2017 report on UK Card Payments, released on 19th June 2017, reported a doubling of debit and credit card purchases in the last 10 years. The volume of card transactions reached 16.4 billion in 2016, an increase of 146% from 2006, even though the total number of payments cards in issue has not changed.
This massive growth, with 77% of retail spending made on debit, credit and charge cards, is yet another indicator of the continued importance of the PCI DSS as the benchmark for the protection of that payment card data.
Some of the growth in the number of purchases is associated with the increasing consumer move towards contactless card and mobile NFC payments for lower value payments. Where previously cash would be the only accepted payment method, for example, public transport and ticket payments.
The report identified a three-fold increase in contactless transaction volumes in 2016. This growth in contactless payments appears to support Sysnet’s assertion, reported in September 2016, that 2017 will be the year when mobile payments truly become a consumer expectation.
The TSYS U.S. Consumer Payment Study 2016 found increasing percentages of U.S. consumers using mobile NFC payments in-store compared to last year. The study also found that 44 percent of consumers are likely, definitely or have already loaded their credit card information to their mobile phone or digital wallet.
As we observed back in September, changing consumer attitudes to paying in cash on both sides of the Atlantic mean micro merchants that don’t accept card payments and business that can’t accept contactless payments, need to take action to make sure they can be paid by all of their customers.
However, it seems that businesses have risen to meet that challenge, with the UK Cards Association also reporting a 63% increase in the number of UK retail outlets now taking card payments, to just over 1 million retailers. The report recognises the increasing availability of mPOS and small business card payment solutions and their adoption by micro merchants and smaller business enabling them to realise the benefits of payment card acceptance.
Identifying a further change in the make-up of UK card acceptance at the point of sale, as the growth of retailer-owned terminals (a 15% increase in 2016) outstripped that of acquirer-owned terminals (1.6%).
This shift is likely to be seen in the U.S. as well, as mPOS vendors focus on small retailers. Mastercard cited industry reports that ‘the cost of point of sale (POS) devices as one of the top reasons why smaller businesses may be hesitant to accept card payments’ but it seems that mPOS solution providers are targeting their solutions at these smaller businesses; Business Insider noted Business Intelligence’s forecast of 27.7 million U.S. mPOS installations by 2021, with the move to EMV and lower cost of mPOS being the drivers.
With many more retailers and outlets accepting payment cards, and using directly sourced rather than acquirer-supplied solutions, it becomes even more important that the card security good practices of the PCI Data Security Standard are disseminated to those businesses and embedded in their day to day operations.
Online growth continues
Online retail payments is the other growth area linked to the doubling of card purchases: 35% of UK issued card total spending in 2016 was online. While the value of online card spending at UK merchants rose to 24% (from 21%) of the total. The report also showed that the increase is not just of traditional ecommerce. In 2016, 53% of online spending was made from tablets and smartphones; further supporting Sysnet’s mobile payments and changing consumer expectations assertion.
The UK Cards Association report predicts continued growth for mobile payments with consumers using their smart devices for both online and in-app purchases. This same trend is found in the U.S., where mcommerce spending is increasing by 45% every year. As consumers grow more comfortable with mobile payments so businesses will seek to exploit this by developing their online payment acceptance methods, expanding into social media and in-app purchasing.
It is therefore essential that messaging about securing online ecommerce and mcommerce payments reaches businesses. So that as businesses defined and develop their online payments offerings, card data security is a fundamental consideration. It is key that businesses realise their responsibility to ensure the protection of not only the consumers’ card data but also their personal data, whether the business develops these capabilities in-house or engages third parties to deliver it for them.
If you are a merchant that requires technical or PCI DSS help, please click here