A chat with Hugues Thiebeauld, UK Security Lab. Manager at UL Security Technologies, on specificity of Certifications for New Payment
“With the success of new technology in the payments space largely dependent on wide-spread adoption by banks, retailers and consumers, developing certifications for these products is vital. Why? Because there is a certain level of risk involved in
adopting new technology and certifications build confidence, reassuring us that there will be no risk to security or challenges with compatibility with existing infrastructure if we jump on-board.
Significantly creating or using products that meet the necessary certification standards can also protect businesses, by removing the liability should something go wrong, such as a security breach or technical malfunction. With everyone from manufacturers
to merchants falling under a variety of compliance regulations, this safe-harbour not only provides peace-of-mind, but can bring major cost savings.
However, one of the major challenges facing the certification of new technologies in the payments space is that it often requires a completely new set of standards and processes. You can’t just take an existing certification, whether it’s for security or
functionality, and make it fit (unless you want a lawsuit).
Biometrics is a good example of a new technology that’s gaining popularity, but lacking unified standards for development, implementation and security. Privacy and security of personal information are major concerns for consumers and banks when it comes
to biometrics, so until developers can provide adequate reassurance that these issues have been dealt with, advancement and adoption of biometrics will undoubtedly wane.
Industry recognised certifications are one of the best ways to solve these problems because the rigorous testing and analysis process helps rectify any issues, standardise the technology and build confidence in the technology. Yet, if we look at applying
existing certifications to biometrics, nothing quite fits the bill, and this is where the certification development process becomes incredibly important.
There are four main parameters to consider when creating a new certification. These are existing infrastructure, security, the context (for example the requirements of the eco-system and stakeholders), and the technology itself.
In my experience, the best approach to fulfil these parameters is to integrate the development of the certification into the development of technology from the beginning. This means all parties involved have the best possible understanding of the technology,
ecosystem and requirements, making the certification development process more accurate and easier to undertake.
Certifying technology such as biometrics won’t be without challenges, but it is something we’ll need to undertake if we’re to see the big technological advancements that have taken place used in daily life.”