The persistence of point-of-sale chip readers
Saturday afternoon at Target. I swear that my extended family is singly responsible for 10% of the company’s lifetime gross earnings.
In line in front of me is a gentleman who looked to be in his late 70s or early 80s. Next to him is whom I presume to be his daughter, looking to be in her 50s. He’s buying staples: Cereal, milk, some canned food.
It’s time to pay, so with trembling, slow hands, he pulls out his debit card. And he stares at the credit card reader.
Now, for those of you who haven’t had to endure the last two years of American credit card chaos, let me introduce our point-of-sale terminals. They all have a slot into which you carefully, with one motion, insert your chip-equipped credit or debit card.
This gentleman, with trembling hands and a slowness that comes with age, inserted the card in not quite one absolutely perfect motion.
As a result, the card reader returned an error.
Well, now he’s confused. I mean, he’s probably 80 years old and knows exactly how much money is in his account.
His daughter pipes up. “Dad, swipe it! Put it in here and swipe it.”
American point-of-sale terminals also have a magnetic stripe reader. There are still a lot of cards out there with magnetic stripes and no chips, though they are dying out now that the liability for fraud falls on the least secure of the bank and the store. Thus, the terminals let you swipe your card, just as we have since the original POS terminals replaced the credit card imprint machine a generation ago.
So, the elderly man with deliberate movements oscillating from a tremor swipes his card.
The machine tells him, “USE THE CARD READER.”
See, it’s that liability question again. If the store takes the magnetic swipe when it could have taken the chip, they are exposed should the transaction be fraudulent.
But the old man is more confused than before. And we’re now up to five minutes of wading through the machine’s weird demands.
He knows it’s the card reader now, so once the machine resets (and that takes time) he is able to insert it deliberately in the exact way the machine likes, and it finally accepts his offering.
It asks for his PIN number.
He enters his PIN number.
Then he pulls out the card.
Uh oh. The machine didn’t like that. You have to leave the card in because, well, I’m not really sure. My guess is it’s because everywhere else in the world your PIN is stored, encrypted, on your card, but America has to be weird, so it calls your bank to ask for your PIN. Or it’s because it just likes cards. Whatever.
Seven minutes now. Daughter and checker are getting flustered. The poor gentleman is suffering from this constant cognitive kick in the privates.
Still, once more into the card slot, my friends. This time, he gets the card in right, slowly punches in his PIN, and waits while the machine tells him to NOT pull his card out.
PULL YOUR CARD OUT NOW NOW NOW NOW NOW, screams the alarm. To POS terminal designers’ credit, they changed the signal based on merchant and consumer feedback. Originally, the sound of removing your card was a loud klaxon that suggested you are a horrible person for deigning to leave that card in one microsecond than necessary, and that you should feel SHAME. Target’s vendor rolled out a patch that reduced the air raid siren to a slightly urgent but more pleasant three note tune.
At long last, our honored elder has completed his purchase of milk and cereal. It’s only taken 10 minutes for all this to happen. Everyone in line behind me long ago abandoned this crisis for one of the other 24 lines.
I’m still here. Not because I’m mad at the gentleman or even laughing at him. I’m mad at the people who let this experience get this bad.
With point-of-sale, you’re trying hard to balance two problems:
1. Consumers want to buy stuff with as little friction as possible.
2. Merchants don’t want to get fucked over by fraud.
Mind you, merchants want low friction sales and people don’t want to be fucked over by fraud, but for a moment let’s focus on just these two use cases.
In the first case, you want to make it as easy as possible for consumers to provide proof of payment.
In the second case, you want to make it as hard as possible for people to commit fraud.
Now, who’s buying the machines? The consumers, or the merchants? Yep, the merchants. So they’re going to focus on a system that will limit their liability in the new world where the least secure part of the product-to-cash chain is liable for fraud.
The end result is a secure system that requires genuflections, magical thinking, and a lot of signage to help consumers buy stuff.
But here’s my ultimate question: Is this really the zero-sum game I just made it out to be?
The heart of good, user-centered design is a solid empathy for the people who use the products we design. That empathy is not either-or; it’s both-and. It understands we cannot be everything to everyone and compromises must happen to deliver a cohesive and grokkable experience. But it also knows that to help one user, you don’t (and shouldn’t) hurt another.
This is already a daunting design challenge given the dense regulation that comes with merchant banking and finance. And yet… we have Square and Stripe handling billions of dollars in transactions for small businesses (e.g. the coffee shop I’m currently sitting in). These systems provide a better experience than the current POS terminals because they are focused on lowering sales friction first. They still suffer from the genuflection of inserting the chip into the reader, but as POS systems they are remarkably low in friction.
The chip reader isn’t the final destination, however. We have contactless cards in Europe; you can even use them in lieu of Oyster cards to ride the Underground. And, of course, there’s Apple Pay. The friction falls without compromising safety and fraud prevention.
In the meantime, though, I wish I could have made the point-of-sale designers — and their leadership — watch that 10 minutes of suffering that poor man went through in front of me. It left me irate that we can’t design for everyone, that we still create systems that foment magical thinking, that instead of treating design as a zero-sum game they could have done the hard, hard work of making a system that empowered consumers AND protected merchants.
This shouldn’t happen. Not in modern design. Not in a world where we’re demanding ethical, empathetic design as the cornerstone of our entire “user experience” movement. That it does suggests that maybe, instead of focusing on arguing over “what is UX” and “should we call it UX” at every turn, we should be asking how we can get better at designing for the actual people who use the things we design.