Security, the New Payments Ecosystem and the Need to Educate the Consumer (Or Ask Them to Unclog Your Sewer!)
When it comes to any payments ecosystem, you must remember that we are talking about MONEY. More importantly, people’s money (like yours and mine). In any conversation in this space, secure is something that is assumed. A consumer simply won’t use a new system if they don’t believe it is secure. Unless of course it’s free Wi-Fi. As we have seen, folks are willing to do almost anything to get free access on their devices, even agreeing to clean toilets! (This was a real thing… one hotspot operator added it to their Terms of Service fine print). When we talk secure, it’s important that we keep this in mind: secure is not just a piece of the Hierarchy of Payment Needs, it’s an integral part of it, which is why it sits directly on top of the foundations. Without this layer, the whole ecosystem collapses.
The Evolution of Payments
As we leave the comfortable and known confines of yesterday’s payments ecosystem, questions around security are normal and expected. You can’t have trust in something without knowing it’s secure, or that there are fail-safes in place if something does go wrong. In the past, we had very defined payment scenarios, where you knew without a doubt where liability lay if something did go wrong – the ‘unhappy flow’ was accounted for. However, as we move to a more open environment where new parties are joining every day, it is only natural to have your head on a swivel. After all, we are only as safe as the weakest link in our workflows.
Regulation and Recreation
A more open environment means that our sandbox needs to have built-in security, and an ability to manage threats both at the ecosystem level and within our solutions. The flexibility in the new environment, and in the applications themselves, makes this possible today – a marked change to the ‘old’ payments ecosystem. Applying the same logic, agreements and regulations that were in place to manage the older ecosystem will be strained to breaking point in the new ecosystem. This is why we are seeing new regulations like PSD2, The UK Open Banking Initiative and General Data Protection Regulation (GDPR) coming into play.
A major challenge is how we layer in secure elements without impacting the ‘need for speed,’ by which I mean real-time! Luckily for us, Moore’s law is at play, which is making it possible to process information in nanoseconds. But there’s also a change in the user experience; an opportunity to gather information ahead of the transaction and view further upstream than has ever been possible previously. This is thanks to the increasingly “open” nature of payments at the core of our discussion. As we open up access, we create a two-way street: we not only broadcast out payment capabilities, but in return we can marry-in APIs from the broader API ecosystem. Whether those are geo-location based services or facial recognition software, we need to innovate in the secure layer without impeding the speed of the transaction. This may actually make transactions ‘lighter’ and able to move quicker, ultimately propelling us towards a more secure ecosystem!
Getting Your Hands Dirty
While it sounds counterintuitive to some, the New Payments Ecosystem has great potential to not only embrace the need for speed, but also to do so more securely than today. It comes down to embracing the change, rolling up your sleeves and playing with new technology, be it distributed ledger, blockchain, or Open APIs. All have the potential to solidify the baseline assumption of security needed to allow the New Payments Ecosystem to strive.
Related Blog Posts
Securely Growing Online Sales in 2018: An Australian Perspective
Back in November 2017, I participated in a panel discussion for NORA (National Online Retail Association), where I looked at fraud trends in Australia over the previous holiday shopping season and made predictions to help retailers prepare. Now looking back, I am sorry to say that my predictions were painfully accurate.
When Is Processing Payments in The Cloud More Secure?
Back when I started my career, “Jessie’s Girl” by Australian rocker Rick Springfield topped the charts, the federal funds rate was 20 percent and most organizations were reliant upon one or more mainframe computers that were hosted in an internal “computer room.”
More than Half: the Story of Cyber-Attacks and Global Organizations in 2017
Three words. It might not seem enough to cause a rethink of your 2018 cyber-security strategy, but it should. Why? Because according to the latest Forrester report, “Top Cybersecurity Threats for Retailers in 2018,” attackers breached more than half of all global enterprises in 2017.
More. Than. Half.
The Seasons Are Changing (And So Are Fraud and Regulations)
If you smell the air, you can sense the seasons changing; a little crispy cold moving in suddenly, the leaves are reddening and the winds of Faster Payments and PSD2 are kicking up. Smooth transition, right? So, yeah, seasons change, and so do regulatory regimes. In the US, we’ve been largely left to our own discretions about how to run our fraud shops, with some regulatory oversight regarding disputes handling. Historically, financial institution processes around authentication and fraud monitoring (including analytics and strategy) could be anything or nothing, depending on an institution’s risk appetite. Like the seasons, this might be in transition.
Learning Lessons from Large Scale Breaches
At this point, there’s no ignoring it: our financial security is compromised daily. And no doubt, many reading this wouldn’t hesitate to recount all the breaches they have been a part of as consumers; merchant breaches in which replacement cards forced you to update your linked accounts, or data compromises where personal information was stolen and identity theft protection was provided, forcing you to consider freezing new credit originations.
What Australia's $639M Cnp Fraud Problem Means for Retailers
In my role at ACI Worldwide, my fellow fraud consultants and I constantly share information from all corners of the globe. One recent bit of intelligence that immediately caught my eye, and I shared with colleagues across the world, was the staggering cost of card-not-present (CNP) fraud here in Australia.
CNP fraud accounts for 78% of all payments-related fraud in Australia. And to say it is a challenge for retailers—and the industry as a whole—is a vast understatement. With the astounding growth in eCommerce sales, this is not a problem in decline; it is rising aggressively and shows no signs of abating.
PSD2 Carries over to the U.S. – Thanks to the Phone in Your Hand
Let me ask you a favor. Could you put down your phone for just a minute? Unless, of course, you’re reading this on your mobile device.
It can be an uphill battle asking someone to put down their phone these days. I have a tween, so I know the struggle! One of the reasons we’re so reticent to do so is the sheer power contained within these devices. At this point, it controls the music, the temperature, the locks and even the lighting in your home, and that’s not even touching on its entertainment value, or its capabilities as a payment device. The device, in its present form, has been around for ten years now, and in 2017, it’s safe to say there’s no going back.
Filtering the Fraudster
In our new Insight Paper, we focus on how merchants can build an effective fraud filter for their sales funnel – one that is not over-restrictive, leads to genuine sales being accepted, and prevents genuine fraud. Get the balance right and merchants stand to improve their checkout conversion rates and boost their bottom line.
Stop Fraud… or Increase Conversion Rates? with a Fine-Tuned Fraud Engine, Merchants Can Do Both
Preventing fraud and driving high conversion rates are universally important objectives for merchants – but many struggle to adequately balance these two demands. They either employ aggressive fraud prevention strategies to minimize fraud losses, or conversely, reduce checks in order to prevent false positives, improve customer experience and ensure sales targets are met. Neither exclusive approach works in the long run; focusing on only one will prove costly on multiple fronts.
Eta Transact: Time to Break Out… and Cross Borders to Reach New Customers
It’s before lunch on day one of ETA Transact17 in Las Vegas; exhibitors are still putting the finishing touches on their stands in the main hall, so it’s the perfect opportunity to sit in on some of the breakout sessions, part of the educational program put on by the Electronic Transactions Association. And ‘breakout session’ seems particularly apt in this case, as panelists from ACI Worldwide, Planet Payment, and arvato launch into a discussion on how merchants and payment providers can ‘break out’ of their domestic markets and take advantage of the huge opportunity in cross-border eCommerce.