Why protect other people's data that you didn't ask for?
Do these questions sound familiar:
"Has your luggage been in your possession at all times?”
"Has anyone given you anything or asked you to carry on or check any items for them?"
If you’ve flown recently, they will be only too familiar; obviously you wouldn’t volunteer to take responsibility for someone else’s luggage, yet we expect retailers to take responsibility – at considerable cost to them – for someone else’s data. Just whose data is it (and who should bear the costs)?
ACI has commissioned an independent white paper to capture the mood of retailers on the broader topic of security in payments – where they are currently in their programs, and where they expect to be in the near future. “Why protect the data” is one aspect covered. This 4-part blog series introduces the themes covered in the white paper, which will be released this month.
Back to the question, whose data is it? First, let’s be specific about what the data is. 47% of consumer-present purchases are made using cards*1. The remainder are cash or on-account purchases. Despite its high media profile, mobile is insignificant when one looks purely at the numbers. So in terms of payment-related data, the security focus is card data. The problem is also bigger for in-store than e-commerce, so we’re looking at card data where the consumer is physically.
So the question is who owns the card (and therefore who should be responsible for keeping the card data secure)? If you ask the average consumer whose card it is, he/she may say one of two things:
“It’s my card, I keep it with me and I’m the only person who uses it”
“It’s my bank’s card: they decided what numbers go on it,; it has their logo, and when I close my account, I have to destroy or return the card.”
One could argue that the data belongs to the bank or that it belongs to the cardholder, but everyone would agree that the data does not belong to the retailer! (apart from store cards). Not only that, it’s useless to the retailer for anything other than completing the card-based transaction: it contains no demographic data such as age, gender, home address, or financial status.
The payments industry - in particular the international card schemes - determine the rules that retailers must follow, with seemingly no consideration of the costs - which are spiraling out of control. To put these costs into context, many top tier retailers have spent more than £5 million*2 on their PCI DSS projects. How do retailers feel about being put into this situation? We’ll address that in the aforementioned paper, but if you’re a retailer, or a supplier to retailers, please post your comments!
Why spend the money? Philosophical discussions about fairness aside, what compels a retailer to comply with the rules? Ultimately it’s customer satisfaction; a retailer who makes a business decision to accept cards chooses an acquirer (or more than one) and in doing so agrees to comply with the acquirer’s rules (that are governed by the card schemes). A retailer may choose not to accept cards, but to say that this may result in lost sales (for all by the smallest retailers) is an understatement. So the question becomes not whether to accept card payments, but how to do so at the lowest cost. This is the topic of next week’s blog, and qualitative data on the topic is included in the paper.
A word about the author, and the sponsor of this blog: my name is Michael Kyritsis, I’ve worked in the payments industry for 17 years, and I’m employed by ACI as lead solution consultant. Throughout my career, I’ve been determined to see how EFT software is used by real customers, and am continually discovering that each customer has unique requirements - there’s no one-size-fits all solution. Similarly each customer has unique perspectives to contribute to a collective “industry view”. Distilling this industry view, and seeing how it compares to our solution’s capabilities is both reassuring and challenging. Thanks for reading this far, until next week, Michael.
Related Blog Posts
Success Speaks: Surprising New Ways Students Want to Pay
Colleges and universities are facing the dual tasks of accommodating not only new payment methods, but also a new generation of students, Gen Z, whose expectations differ greatly from even millennials. How can higher education institutions meet these demands?
In our latest Success Speaks webinar, experts from Temple University, FutureCast, ACI and MTFX Group of Companies explored today’s payments landscape for colleges and universities, payment desires of Gen Z, innovations the higher education sector is already implementing and how schools can better assist with international payments.
Women Must Choose to Rise Up Despite Past, Current and Future Circumstances
Money20/20, Europe’s biggest payments and fintech event, was recently held in Amsterdam and featured Rise Up Money20/20, a global program designed to address the gender imbalance in leadership positions within the financial services and fintech industries. A cohort of 30 female professionals was selected to take part in an exclusive curated agenda, complete with a series of bespoke content sessions, one-to-one mentoring and unique networking opportunities.
Beyond Borders: Navigating the Challenges of eCommerce Expansion
eCommerce continues to flourish, with impressive growth figures year after year. In 2018, global online sales reached almost $3 trillion, and are expected to hit $4 trillion by the end of 2020.
Despite eCommerce taking an increasing slice of the retail pie (which could now be as high as 15 percent according to recent figures), it is increasingly challenging, with competition and cost pressures creating significant issues for merchants of all sizes.
How Italian Banks and Processors Can Capitalize on Digital Transformation
The European payments landscape is in an era of significant change thanks to PSD2 and other macro factors, but there is more than one way to deliver real-time and open payments to meet PSD2 requirements and its technical standards. Banks and processors must manage this alongside their own set of domestic challenges and opportunities.
Overcoming Cyber Threats to Payments Security
Recently, Gene Scriven, chief information security officer at ACI, spoke at NACHA Payments 2019 on the ever-changing landscape of cybersecurity. Here are a few highlights from his session, including the impacts of cybersecurity breaches, today’s emerging threats and the new strategies to keep your organization safe.
Removing Gender Bias and Enabling Women to Succeed in Leadership Roles
The recent UK Women in Payments (WIP) Symposium 2019 took place in London, recognizing unique leaders who help uplift women in the payments industry. Among those recognized was ACI’s Melissa McKendry, vice president, Retail Banking Implementation Services, who was honored by WIP as the 2019 Advocate for Women.
Why Banks Must Democratize Machine Learning for Fraud Prevention and Payments Intelligence
Banks are already actively on the path to digital transformation, considering new technologies, new customer experiences and new business models. A critical piece of this digital transformation centers on better understanding the wealth of data within the banks’ systems and mining it for improved customer insight. In the New Payments Ecosystem, data is as valuable to the bank and its customers as the deposits held in their accounts, and it should be protected, and leveraged for the benefit of the customer.
Regulating for Real-Time: The Role of Government in Payments Modernization
Dr. Leo Lipis and Craig Ramsey, Head of Real-Time Payments for ACI Worldwide, continue their discussion on real-time payments and the findings of the new white paper, Get More from Real-Time.
Payments and Fraud: The Paradox Twins
Digital commerce through web and mobile is where merchants predominantly experience shopper growth today. This has become a hugely important domain for their focus. It offers a means for international growth, new market penetration and a way to engage with shopper-hungry Millennials in their culture. Merchants frequently adopt a Digital-First, eCommerce-First or Mobile-First strategy to ensure full corporate buy-in to this strategy.
Open Payments Systems for Merchants: Don't Close Down Your Options
Remember “Open Systems”?
It was a big industry nom du jour in the 80s and 90s. Every IT system had to be open and therefore flexible and future-proof. Nobody can argue with the logic behind this; making systems easy to integrate with other systems, ensuring vendors could cooperate with one another; creating agility to improve time to market and drive down costs.