Capital One is betting the scourge of fraud and growth of mobile payments will lay the groundwork for a network based on the financial institution's authentication system.
The credit card lender on Wednesday said it would make its AirKey security product available to other financial institutions. AirKey, which Capital One developed seven years ago, enables credit and debit cards to be used for enrollment and to verify user identity at the point of sale.
AirKey is designed to address a chronic fear in the payments industry, with fraud on the rise. Push-payment fraud is expected to reach $6.8 billion in early losses by 2027, a compound annual growth rate of 11% between 2022 and 2027, according to ACI Worldwide, which reports most of that fraud is in the United States.
And there are regulatory efforts underway that could make banks more responsible for consumer losses. The growth of digital P2P apps and real-time payments, which shorten windows for transaction vetting, additionally raises concerns over payments-related crime.
"Fraud is a growth business, and the amount of fraud is staggering," said Tom Poole, senior vice president of payments and digital identity for Capital One. "Banks want new ways to authenticate customers that are easy, intuitive and secure."
AirKey appears as an icon on Capital One-issued cards — there are about 75 million in circulation, according to Poole. The feature uses near field communication, the technology that underpins mobile payment apps such as Apple Pay, to communicate with an iOS or Android smartphone. AirKey is embedded in a credit card's secure element, creating a cryptogram that operates authentication.
Consumers tap AirKey-enabled cards on a smartphone to execute payments, enroll in mobile banking and activate new cards. AirKey-enabled cards can also be used to authenticate transactions without contacting customer service, allowing cards to be used outside the United States without interruptions. The cards are monitored for fraud and can be deactivated in the case of a security incident or loss.
Capital One positions AirKey as an additional option alongside more traditional security risk management tools such as SMS passwords for new cards that banks and credit unions issue in the future. Poole said payment cards are a ubiquitous item that most consumers use frequently, making it easy to embed security along with other payment tasks.
"Banks have a vested interest in tracking that card," Poole said. "It's getting tougher for banks to reach customers. And banks are already investing a ton of money to get cards into the hands of consumers."
Beyond concerns over fraud, banks are embracing technology that enables digital payments and faster processing. More than 90% of banks say faster payments are important to improve customer experience, according to research from Arizent, American Banker's publisher. And more than three-quarters of banks are increasing investments in payment technology such as mobile pay.
The banks are pressured to compete with mobile wallets from Apple and Google, and fintech-powered apps from Block and PayPal, which offer easy enrollment that can get these firms in front of consumers faster than banks. "There is a race to identify users," said Richard Crone, a payments consultant. "Apple Pay, Google Pay, all of these wallets are out there to identify users."
Controlling authorization places these firms in position to enroll consumers and gain advantage when forming partnerships, using open banking or cross-selling.
"With the push toward identity verification, financial institutions are under pressure to keep up with tech players like Apple Pay and Google Pay," Crone said.
In this environment, Capital One's AirKey sales model is similar to the old BankAmericard, a Bank of America credit card created in 1958 that evolved into Visa through collaboration on a payment network among competing banks.
"Very few banks run their own authentication system. They rely on third-party processors," Crone said of firms like FIS, Fiserv and Jack Henry that sell bank technology and provide payment processing. "AirKey could become for Capital One what BankAmericard was for Bank of America and Visa, a foundational technology that extends beyond a single institution and potentially evolves into an industry standard."
Capital One will be challenged to gain participation from other financial institutions to build an authentication network, a strategy that, much like the former BankAmericard, requires banks to weigh the benefits of a standardized and shared technology against competitive interests.
"Competing with digital wallets and identity platforms means banks must carefully evaluate whether adopting AirKey helps or hinders their strategic interests, especially as it could empower Capital One as a major player," Crone said.
Capital One is releasing AirKey as it attempts to acquire Discover. The $35 billion deal, which has drawn regulatory scrutiny over potential impacts on competition in the credit card industry, would enable Capital One to run its cards on Discover's payments network, providing an alternative to Visa and Mastercard.
AirKey could be a value-added service to Capital One's expanding card business. Capital One did not comment on the pending Discover acquisition for this article.
"By incorporating biometrics, geo-triggers, and other advanced factors, AirKey could transform ATM and point-of-sale transactions, positioning Capital One to reduce fraud and improve security with their acquisition of Discover and the Pulse ATM network," Crone said.
