Blog article
See all stories »

Will contactless kill traditional payment methods?

While cash and card payments are still the most widespread methods of payment, studies show that UK shoppers increasingly prefer using mobile payments instead of credit cards. Mobile payments could very well become the new norm, especially now that all the major players – including Apple, Google and Samsung – have developed apps enabling users to make payments at point-of-sale systems and the ceiling limit for contactless payments has increased to £30 in the UK.   

However, the change mobile payments will bring to the industry will be gradual. Similar to the way in which cheques were slowly phased out, plastic cards won’t disappear for many years. One of the reasons is that although the use of online banking and shopping has grown significantly, so too has the number of security threats targeting such services. According to the latest Breach Level Index report, there were 888 data breaches in the first half of 2015, compromising 246 million data records of customers’ personal and financial information worldwide. In fact, Samsung’s LoopPay was hacked just a few weeks ago, and recent research has shown hackers could easily use contactless card readers to remotely "steal" key details from cards.

This shows that while the need to secure payment transactions and data remains critical, and though there is heightened pressure to comply with payment standards, securing financial data is far from simple. Effective security measures are being built into new mobile payment mechanisms but security teams will almost certainly have to contend with increasingly sophisticated attacks, a technological environment that is evolving rapidly and compliance with multiple standards and regulations. Add this to the fact that transactions will continue to rely on a complicated ecosystem with multiple points of vulnerability and it’s clear that securing financial data will be far from simple.

That being said, new cybersecurity regulations in the E.U. and the U.S. may set clear European and national standards for consumers and businesses, both of which will get more involved in data security and privacy issues. While compliance with this new regulation is expected to be costly, it will also give companies the opportunity to begin to understand that security is a differentiator. As a result, businesses will begin to market themselves as providers of secure services, much in the same way that Google, Yahoo and Facebook are already doing. 

In the meantime, at the very least businesses should understand the payment vulnerabilities they face and protect their customers’ data as early in the transaction process as possible by moving to a framework centred on the data itself. This means focusing on specific points of vulnerabilities, and using end-to-end encryption to secure data from the earliest possible moment of its capture, ensuring it remains in an encrypted state consistently until it arrives at the payment gateway.  Companies should also implement multi-factor chip and pin authentication to secure access to secure financial transactions, protecting the identities of users, and ensuring that a user is who he claims to be.

Ultimately, businesses need to understand that data breaches are not just breaches of security.  They are also breaches of trust between companies and their customers.  It’s up to each organisation to bridge that gap by moving away from the traditional strategy of focusing on breach prevention and implementing a ‘secure breach’ approach that focuses on securing the data once intruders penetrate the perimeter defences. 

 

2830

Comments: (1)

Balasubramaniam Gd
Balasubramaniam Gd - DBS - singapore 30 November, 2015, 08:30Be the first to give this comment the thumbs up 0 likes

We are moving from personal to toally impersonal something banking in conservative ages were never ment to be and is what is going to be the device called smartphone.