21 December 2014

44975

Retired Member

707Posts 2,219,602Views 868Comments

No need to compromise over payment security

07 February 2014  |  2015 views  |  0

The answer is in the palm of your hand. 

The US retail giant, Target, has recently been in the press for all the wrong reasons. It's estimated that 110m of its customers have been left open to identity theft. Target joins Sony, TJX, Shell, Lush and many others compromised by this.

The result has been a war of words over new security standards between the National Retail Federation and US banks and recriminations continue. This is entirely understandable of course, changes need to be made for the better. However, there is a danger that any knee-jerk reactions could go too far and not be properly thought through.

If security becomes too stringent in the fall-out of Target, consumer utility will suffer.

Consumers expect financial transactions to be safe and secure. But they also expect them to be swift and simple. There is no use security being so arduous that it hampers commerce. Consumers certainly won't thank the industry for making their lives more difficult. So, when breaches like these happen, commentators immediately ask how we "balance" security and simplicity.

This is taking the debate somewhere pointless. The idea of "balance" is actually a compromise. When it comes to security versus simplicity, there shouldn't be a compromise at all. Consumers expect and deserve a highly security and a great experience when shopping.

This is easier said that done, however. Let's look at retail examples.

Although mostly obsolete in Europe, many US retailers still accept payment cards via a swipe of the magstripe and a signature. It's simple, it's easy but it's not secure at all. Magstripe information is unsecure and easily compromised and signatures are easy to forge.

The other end of the spectrum is 3-D Secure, used widely in online transactions. While it adds another layer of security to the purchasing process, it also slows the process down. And, it's yet another password for the consumer to remember.

In Europe, EMV (often know as Chip and PIN) is the two –factor authentication standard for payment card security. Two-factor authentication relies on 'something you know' (the PIN) and 'something you have' (the card). However, it has yet to make any impact in the US. It would require substantial investment from banks to issue new EMV cards and retailers would have to purchase new POS devices to accept them.

What's the solution? It's actually something you possibly have in your hand right now: a mobile phone. The smart device can act as 'something you have' and instead of putting your PIN in a POS terminal, it can be keyed into the device. So unlike a card, new multi-factor authentication technology can ensure that access to payment services can only be granted to the person who has the specific device (even a duplicate wouldn't work) and knows the PIN.

This means there is no need for new payment cards or other new devices to be issued to consumers or for retailers to invest in expensive new POS terminals. Mobile enabled commerce has other security benefits. By using a QR code to make purchases and transactions, no personal or financial information needs to be transmitted and the risk of breach is minimised.

The smart device has revolutionised our day-to-day lives. It has the power to revolutionise retail security too. 

TagsSecurityRetail banking

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

Do you KYC well!

23 July 2014  |  1184 views  |  0  |  Recommends 0 TagsSecurityPayments

My thoughts on Digital and Branchless banking

21 July 2014  |  1910 views  |  0  |  Recommends 0 TagsMobile & onlinePayments

War of the Plastic cards with Mobile wallets

21 July 2014  |  1979 views  |  2  |  Recommends 0 TagsMobile & onlinePayments

7-day account switch: customer empowerment or indifference

18 June 2014  |  1933 views  |  1  |  Recommends 0 TagsRisk & regulationRetail banking

On Reinventing Money.

03 June 2014  |  1300 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who is commenting on Retired's posts

Rasvan Stanescu
Andrei Charniauski
Sian Bentley
Tony Wenzel
Jorge Yui
Ketharaman Swaminathan
Mark Pavan
Matt Scott
Geoffrey Barraclough
Thad Peterson
Marinka Ryan
Alexander Peschkoff