Executives at Visa Europe are pondering an overhaul of card security standards as new technologies and consumer preferences for frictionless shopping create demands for a more flexible approach to protecting transactions.
As the US banking industry prepares for a mass-market migration to EMV chip card standards, Peter Bayley, executive director of Visa Europe is looking at the next wave of innovation.
"EMV is great and has served us well," he writes in a blog post
. "Everyone loves it - but the days of the plastic card are coming to an end."
Instead, Bayley is looking ahead to a mobile and online future, in which data profiling and predictive modelling aligned with geo-location services provide a more nuanced approach to securing consumer transactions.
As expectations around security change, Visa has some big questions to answer, he says.
With the card schemes hammering out specifications for the use of digital tokens - rather than account numbers - for online and mobile transactions, Bayley asks: "How important is it to protect a token which can only be used where the customer wishes to do so or exists only for a few hours or minutes?"
On the mobile phone, Host Card Emulation offer the opportunity to completely remodel the security framework and provide a much smoother experience for consumers at the check-out by storing card details in the cloud.
Looking ahead, Bayley wonders whether Visa might not consider removing verification for most transactions.
"Silly you might say, but if we have the data and the models to show that our customer buys his coffee at 08:45 every morning at this merchant for this amount, and his phone GPS says he is there now - do I really need to check all the cryptography, and validate the PIN?," he asks. "How much extra security do we really need?"
Bayley's musings were quickly followed in a post
by Jonathan Vaux, Visa's director of new payment propositions, which delved deeper into the development of 'card on file' technology in the cloud and biometric authentication on the mobile.
Visa needs to adapt quickly, he says: "We need to develop new standards, processes and capabilities that help enable these technologies which will, potentially, help us achieve our ambitions to be the world's most trusted currency and displace cash and cheques. For example, we will need to recognise other forms of authentication, such as thumbprint, in our process flows and evaluate its impact on the commercial framework."