Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Profile
Location
London
Member since
2011
Writes about
Security Payments Regulation & Compliance Retail banking

Pat's blog archive

2015 (1) 2014 (15) 2013 (15) 2012 (30) 2011 (17)
Pat Carroll

Pat Carroll

Founder/Executive Chairman at ValidSoft
Message Message me Posts: 79 Comments: 40
Bio Throughout his career, Pat has been at the forefront of industry thinking, representing organisations on industry bodies and leading participation in industry initiatives. At ValidSoft, he leads the R&D function and is responsible for intellectual property and new patents. ValidSoft is regarded by l Career History Prior to founding ValidSoft, Pat was employed as Head of Electronic Trading Technology in Europe for Goldman Sachs International where responsibilities included technical strategy related to Electronic Trading, Client Connectivity and Straight Through Processing. In addition, Pat co headed Europe

Blogs

Information Security

Security by Obscurity is the key!

27 Jan 2015

2014 shocked us all into the reality that no institution or organization, no matter how big or sophisticated, was immune to being “hacked” or “breached”. Towards the end of the year, we were all numbed into submission and the shock factor resulting from the headlines that continued to dominate, was replaced with an uneasy bewilderment. Already thi...

Disruption in Retail Banking

Chip and Signature, a Paradise Lost

28 Oct 2014

By now, most participants in the US payments industry are finally about to realize that the day of the mag stripe is doomed and that EMV, the secure payment card technology rolled out in Europe nearly a decade ago, is finally about to make its debut in the US. Incredulous as it may seem, the financial integrity of the payment card industry continu...

2

Innovation in Financial Services

Payment Card Data Theft At The POS - Time To Knuckle Down

13 Oct 2014

Recently, I wrote a piece highlighting some of the startling data released on the true costs of fraud published in a report by Lexis Nexis. This report examined the costs of fraud across a number of dimensions including channel, payment method, merchant type and location, providing a great view on the true scope of the issues now confronting the p...

1

Innovation in Financial Services

More Channels, More Payment Options, More Fraud

23 Sep 2014

Payment fraud is one of the greatest threats to global commerce today, yet it remains one of the hardest to quantify and or course, prevent. That is why I found the recent webinar hosted by LexisNexis and Javelin Research to be so fascinating, yet chilling. The 2014 LexisNexis True Cost of Fraud webinar entitled “More Channels. More Payment Options...

See all Pat's blogs

Pat is Commenting on

Chip and Signature, a Paradise Lost

  The process you describe makes total sense Melvin, in particular as Chip and PIN is primarily focused on the international traveler (if I am abroad I can't present myself at my branch). It does also highlight additional potential security vulnerabilities concerning PIN resets and spearphishing.

30 Oct 2014 Reply Read article

Chip and Signature, a Paradise Lost

  Many thanks Melvin. You are correct that this is the process in the UK, unless of course the consumer has forgotten their PIN entirely which requires a reminder or a new PIN to be send by post. In the US the process appears to be different as the banks I spoke to don't allow PIN resets at the ATM, instead relying on a process whereby the customer must appear in person at the bank with their card and ID. 

30 Oct 2014 Reply Read article

Payment Card Data Theft At The POS - Time To Knuckle Down

  Hi Melvin, in general today, payment card transactions aren't subject to a proximity check. So when an exception occurs, which happens frequently (in particular when traveling abroad), the transaction is declined and either the customer contacts the issuing bank, or in some cases the issuing bank pre-empts the situation and contacts the customer. Applying a proximity check can "second guess" the issuing bank's risk management engine decision to dramatically lower these false positives. On the assumption that the customer has lost the phone but not contacted the bank, the "second guess" will in all probability fail and the bank will decline the transaction (which will in any event cause the customer to contact the bank). If the customer has already contacted the issuing bank, the "second guess" can be taken off for that customer which would mean that their payment cards operate as they do today.

20 Oct 2014 Reply Read article

Bank of Scotland streamlines app login

  It’s good to see the Bank of Scotland focussing on the mobile customer experience. Clearly they see this as a significant competitive advantage, and promoting it as such, whilst also highlighting the security features of their approach. With mobile, streamlining the login process,  enrolment and activation is key if banking apps and wallets are to achieve the adoption needed. When it comes to financial services, consumers want convenience. Mobile can deliver a strong value proposition but achieving the balance between a low friction customer experience and “behind the scenes” strong security is vital. What is clearly still lacking is consumer confidence in the security of the  mobile  environment,  and every high-profile attack on the payments industry further dents consumer confidence.  So it doesn’t help at all to read headlines such as “Personal banking apps leak info through the phone” coming rapidly on the back of some of the most high profile data breaches in history. Not scare-mongering – sadly fact.   Fraudsters are relentless and evolve their methods constantly, and it’s easy to form an opinion that the war is over and they have won. However some reassurance can be derived from the amount of research and innovation that is being invested in the security sector. The evolution to mobile creates some of the greatest opportunities we have to reengineer process flows and remove traditional opportunities for fraud. Real-time checks carried out in parallel at the point of sale can be used to detect and prevent fraud yet without any apparent linkage of the process flows. Such capability creates very complex layered security models that are very difficult for the fraudster to hijack. And even if one or more layers are compromised, the integrity of the process can be preserved. Alongside the application of such powerful multi-factor, multi-layered invisible technologies is the emergence of innovative low friction “visible” technologies such as Voice Biometrics, with Equal Error Rates low enough to ensure widespread mainstream adoption in both online and mobile banking. Speaking is intuitive and when speaking can be combined with voice recognition and voice biometrics, but in a totally intuitive and “command driven” perspective, in high-fidelity, over the data channel (no call placement required), and where no PINs or passwords or any form of pre-determined security information is necessary, then a paradigm shift has been achieved and mass adoption is inevitable. Such fiction is in fact reality today, and the technologies are already available, and in the process of being deployed by the most advanced technology adopters on the planet. No bank wants to be on the “bleeding edge” of any technology, but in the race for competitive advantage, and the absolute need to counter the fraudsters, no bank can afford to not be on the “leading edge”.        

28 Jan 2014 Reply Read article