16 September 2014

44975

Retired Member

594 | posts 1,851,750 | views 707 | comments

No need to compromise over payment security

07 February 2014  |  1960 views  |  0

The answer is in the palm of your hand. 

The US retail giant, Target, has recently been in the press for all the wrong reasons. It's estimated that 110m of its customers have been left open to identity theft. Target joins Sony, TJX, Shell, Lush and many others compromised by this.

The result has been a war of words over new security standards between the National Retail Federation and US banks and recriminations continue. This is entirely understandable of course, changes need to be made for the better. However, there is a danger that any knee-jerk reactions could go too far and not be properly thought through.

If security becomes too stringent in the fall-out of Target, consumer utility will suffer.

Consumers expect financial transactions to be safe and secure. But they also expect them to be swift and simple. There is no use security being so arduous that it hampers commerce. Consumers certainly won't thank the industry for making their lives more difficult. So, when breaches like these happen, commentators immediately ask how we "balance" security and simplicity.

This is taking the debate somewhere pointless. The idea of "balance" is actually a compromise. When it comes to security versus simplicity, there shouldn't be a compromise at all. Consumers expect and deserve a highly security and a great experience when shopping.

This is easier said that done, however. Let's look at retail examples.

Although mostly obsolete in Europe, many US retailers still accept payment cards via a swipe of the magstripe and a signature. It's simple, it's easy but it's not secure at all. Magstripe information is unsecure and easily compromised and signatures are easy to forge.

The other end of the spectrum is 3-D Secure, used widely in online transactions. While it adds another layer of security to the purchasing process, it also slows the process down. And, it's yet another password for the consumer to remember.

In Europe, EMV (often know as Chip and PIN) is the two –factor authentication standard for payment card security. Two-factor authentication relies on 'something you know' (the PIN) and 'something you have' (the card). However, it has yet to make any impact in the US. It would require substantial investment from banks to issue new EMV cards and retailers would have to purchase new POS devices to accept them.

What's the solution? It's actually something you possibly have in your hand right now: a mobile phone. The smart device can act as 'something you have' and instead of putting your PIN in a POS terminal, it can be keyed into the device. So unlike a card, new multi-factor authentication technology can ensure that access to payment services can only be granted to the person who has the specific device (even a duplicate wouldn't work) and knows the PIN.

This means there is no need for new payment cards or other new devices to be issued to consumers or for retailers to invest in expensive new POS terminals. Mobile enabled commerce has other security benefits. By using a QR code to make purchases and transactions, no personal or financial information needs to be transmitted and the risk of breach is minimised.

The smart device has revolutionised our day-to-day lives. It has the power to revolutionise retail security too. 

TagsSecurityRetail banking

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

7-day account switch: customer empowerment or indifference

18 June 2014  |  1761 views  |  1  |  Recommends 0 TagsRisk & regulationRetail banking

On Reinventing Money.

03 June 2014  |  1196 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Trading System Failures Cannot Be Our Norm

21 May 2014  |  1433 views  |  0  |  Recommends 0 TagsRisk & regulationInnovation

Are challenger banks a force to be reckoned with?

07 May 2014  |  930 views  |  1  |  Recommends 1

UK account switching gathers pace

24 April 2014  |  2276 views  |  0  |  Recommends 0 TagsRetail bankingTransaction bankingGroupElectronic Bank Account Management
name

Retired Member

job title

company name

member since

2014

location

Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who is commenting on Retired's posts

Sian Bentley
Tony Wenzel
Jorge Yui
Ketharaman Swaminathan
Mark Pavan
Vishal Chaturvedi
Matt Scott
Geoffrey Barraclough
Thad Peterson
Marinka Ryan
Alexander Peschkoff
Michel-Ange Camhi