Why protect other people's data that you didn't ask for?
Do these questions sound familiar:
"Has your luggage been in your possession at all times?”
"Has anyone given you anything or asked you to carry on or check any items for them?"
If you’ve flown recently, they will be only too familiar; obviously you wouldn’t volunteer to take responsibility for someone else’s luggage, yet we expect retailers to take responsibility – at considerable cost to them – for someone else’s data. Just whose data is it (and who should bear the costs)?
ACI has commissioned an independent white paper to capture the mood of retailers on the broader topic of security in payments – where they are currently in their programs, and where they expect to be in the near future. “Why protect the data” is one aspect covered. This 4-part blog series introduces the themes covered in the white paper, which will be released this month.
Back to the question, whose data is it? First, let’s be specific about what the data is. 47% of consumer-present purchases are made using cards*1. The remainder are cash or on-account purchases. Despite its high media profile, mobile is insignificant when one looks purely at the numbers. So in terms of payment-related data, the security focus is card data. The problem is also bigger for in-store than e-commerce, so we’re looking at card data where the consumer is physically.
So the question is who owns the card (and therefore who should be responsible for keeping the card data secure)? If you ask the average consumer whose card it is, he/she may say one of two things:
“It’s my card, I keep it with me and I’m the only person who uses it”
“It’s my bank’s card: they decided what numbers go on it,; it has their logo, and when I close my account, I have to destroy or return the card.”
One could argue that the data belongs to the bank or that it belongs to the cardholder, but everyone would agree that the data does not belong to the retailer! (apart from store cards). Not only that, it’s useless to the retailer for anything other than completing the card-based transaction: it contains no demographic data such as age, gender, home address, or financial status.
The payments industry - in particular the international card schemes - determine the rules that retailers must follow, with seemingly no consideration of the costs - which are spiraling out of control. To put these costs into context, many top tier retailers have spent more than £5 million*2 on their PCI DSS projects. How do retailers feel about being put into this situation? We’ll address that in the aforementioned paper, but if you’re a retailer, or a supplier to retailers, please post your comments!
Why spend the money? Philosophical discussions about fairness aside, what compels a retailer to comply with the rules? Ultimately it’s customer satisfaction; a retailer who makes a business decision to accept cards chooses an acquirer (or more than one) and in doing so agrees to comply with the acquirer’s rules (that are governed by the card schemes). A retailer may choose not to accept cards, but to say that this may result in lost sales (for all by the smallest retailers) is an understatement. So the question becomes not whether to accept card payments, but how to do so at the lowest cost. This is the topic of next week’s blog, and qualitative data on the topic is included in the paper.
A word about the author, and the sponsor of this blog: my name is Michael Kyritsis, I’ve worked in the payments industry for 17 years, and I’m employed by ACI as lead solution consultant. Throughout my career, I’ve been determined to see how EFT software is used by real customers, and am continually discovering that each customer has unique requirements - there’s no one-size-fits all solution. Similarly each customer has unique perspectives to contribute to a collective “industry view”. Distilling this industry view, and seeing how it compares to our solution’s capabilities is both reassuring and challenging. Thanks for reading this far, until next week, Michael.
Related Blog Posts
How to be a Payments Trailblazer – The Seven Habits of Highly Innovative Organizations
The new Culture of Innovation Index from Ovum and ACI identified segments—from banks to intermediaries to merchants to corporates—at the cutting edge (of innovation) across the payments ecosystem. But what is most notable about those segments that have reached ‘trailblazing’ status is the apparent lack of commonality between them. No one segment, nor one region fosters better innovation. In fact, what’s driving these segments/organizations to be best of breed is their own culture of excellence. The only thing they have in common is their attitude.
How Italian Banks and Processors Can Capitalize on Digital Transformation
The European payments landscape is in an era of significant change thanks to PSD2 and other macro factors, but there is more than one way to deliver real-time and open payments to meet PSD2 requirements and its technical standards. Banks and processors must manage this alongside their own set of domestic challenges and opportunities.
SWIFT gpi: Leveraging Cross-Border Payments for the Real-Time World
SWIFT gpi represents the evolution of business done over the SWIFT network, bringing correspondent banking into the digital era.
I’ve covered this topic before, but with gpi now reaching the two-year milestone, it’s a good chance to reassess the progress that has been made – and what is needed to drive further adoption.
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
Dedicated Followers of Fintech: Why Transaction Banking Never Goes Out of Fashion
Taking part in a panel at a recent corporate treasury conference, I was introduced as a ‘consumer payments expert’ – not an obvious qualification for sharing stage-time with serious corporate liquidity and cash management folk, but as the talk track was on mobile wallets and Open Banking, I had some reasonably safe and relevant content on which to fall back.
Sibos Preview: The Five Trends Transforming Real-Time Payments
Real-time is now a reality, with more than 30 schemes live around the world. And real-time is in the spotlight as banks and financial service providers make their way to Sydney for Sibos 2018. What better time to look ahead at the key trends that are going to shape the ongoing development of real-time payments.
API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
Can Corporate Banking be as Easy as Ordering Pizza?
ACI recently hosted Greenwich Associates on a webinar to discuss corporate banking. While not a topic that would usually make attendees salivate, the discussion turned toward ordering pizza (maybe, because it was close to lunchtime) and Greenwich highlighted how corporate banking should be as easy as ordering pizza.
Instant + Open Payments = A Winning Combination
I recently joined a panel discussion at EBAday 2018, alongside representatives from across the payments ecosystem, and the clear consensus was that real-time payments will be the new normal. This was evidenced by some of the interactive polls carried out.
Maintain Vs. Invest: What the Digital Era Ushers in for Banks
Taking place this week in Brussels, the European Credit Research Institute (ECRI) will host a high-level debate on how policymakers can build on the process of digitalisation of banks to raise competitiveness in light of increased competition from fintech start-ups and tech giants.