Digital Payments – Security vs Speed


pic

This is the part-2 of my earlier post –  Digital Wallets: Innovation vs Security

Abstract – In Digital payments world million dollar question comes in at every stage what is more important security or speed (Performance & Ease). Financial system security design principles can be organized into logical groups, for example, least privilege is a principle and appears grouped under Structure/Trust. In the case of “Secure System Evolution,” the principle is in its own group. Security of subscriber’s data in terms of KYC information, transactions details and sensitive information like bank, mobile wallet, card details are pivotal and key to any financial system. Under digital payments security; velocity detection might seem like some complicated instrument mechanics would use at a theme park on a broken roller coaster. A digital certificate is an electronic file that uniquely identifies individuals and Web sites on the Internet and enables secure, confidential communications. It associates the name of an entity that participates in a secured transaction (e.g., an email address or a Web site address) with the public key that is used to sign communication with that entity in a cryptographic system.

Introduction – Digital wallet or eMoney wallet is vulnerable to cyber-attacks and hackers who are able to escape with your sensitive financial information stored in your digital wallet. As payment technologies progress, so will the need for secure and safe methods for our day to day payments. Given that the mobile payments are still a very nascent industry without clear standards and significant industry self-regulation it is vitally important that guidelines are produced to assist mobile payment developers and mobile payment providers towards recommended security controls which if implemented would help ensure that consumers, retailers and the financial institutions that underpin the ecosystem by processing and clearing transactions are all safeguarded from cyber threats. This paper has precisely this as its primary objective and as a secondary objective to define minimum measures that should be followed by mobile payment providers.

Cybersecurity1-624x351

Main Story – Bankers have refused, albeit unknowingly, to adjust to the ever-changing environment. Clearly it’s no longer a brick and mortar system that the general economies still require, but critical banking products that cater for the diversity of customer needs; banking on the go solutions to be more specific. It is no longer the four page forms that customers need to complete before they can open an expensive to maintain bank account. A new vibrant shared technology infrastructure will help. Digital wallets store value in digital form and allow an individual to purchase an item online or send funds to friends or family. Depending on the type of digital wallet used, the information stored might include debit, credit, prepaid or loyalty card data as well as personal information of the card holder such as driver’s license, health card, loyalty card(s) and other ID documents. Use of tokens and cryptograms to authorize mobile payment transactions are now common to provide high class security.

pay-online-iconGoing back to detection (Velocity detection) and prevention(Security Certificates)  method i.e. Certificates are issued by a trusted third party, a certificate authority (CA), which verifies the identity of the certificate’s holder. They are tamper-proof and cannot be forged. In reality velocity detection is defined as checking the historical shopping patterns of an individual and matching that record against their current purchases to detect if the number of orders by the cardholder match up or if there appears to be an irregularity. the Secure Element The Secure Element (SE) is a tamper resistant chip with a secure micro-controller which is designed to securely store confidential and cryptographic data. The SE is a critical component in every mobile payment application but the way it is used varies greatly depending on the type of mobile payment application and also the type of mobile payment modes used; we will discuss the implementation details in the section that follows.

Convenience and ease of transaction and is more secure compared to making transactions involving cash withdrawal. The rapid change in technology, in terms of flexibility and ubiquitous use across the globe, necessitates that the country be up-to-date in Technology, both for products & security along with trained & dedicated manpower (People), and security Policies/Procedures/Guidelines like The Encryption Approach, Secure Socket Layer (SSL), Secure Hypertext Transfer Protocol (S-HTTP), Secure Electronic Transaction (SET), Payment Card Industry (PCI) Compliance (If plastic money is processed), Safe logins (2 way authentication) and Digital Signature. Digital payments providers aim to follow security recommendations for systems they use and wishing to provide mobile payment services on.

Few modes of Digital Payment

  • Banking Cards (Credit, Debit, Stored value/prepaid) – Used in conjunction with PoS machines, ATMs, Online.
  • Instant Payments – authenticates the identity of the user like a debit card does using the phone as a tool instead of a separate card – Smart phone & bank account.
  • Digital Wallets – a type of electronic card which is used for transactions made online through a computer or a smart-phone – Utility of e-wallet is same as a credit or debit card-Make paperless money transaction easier.
  • USSD – Unstructured Supplementary Service Data – Mobile banking for feature phones.
  • Banking transaction out of bank at PoS with the help of Banking Correspondent.

Secure Electronic Transaction enables interoperability between applications across diverse platforms and operating systems. Authenticating cardholders and merchants, ensuring confidentiality of information and payment data, define protocols and electronic security service providers, Digital Wallet Software − Secures cardholder’s online purchases via point and click interface. With the public key that is used to sign communication with that entity in a cryptographic system.

carries_no_cash_two_tone_coffee_mug-raf354f7001b24e00906b05d9722565e2_x7j1m_8byvr_324Conclusion – What makes a digital payment innovation fly or die. Given the change of pace over the last five years, banks and now fintech’s may feel they need to decide between complying or competing, as they explore new technologies that meet the challenges of digitalisation and changing consumer behaviour. Open banking services and developer-friendly APIs which are basic or underlying principals of BaaS and BaaP. One of the biggest concerns relating to security in e-commerce applications is the use of correct, reliable and secured payment method i.e use of card, Internet banking, mobile payments or instant payments. Failure to secure the sensitive information can cause major damage to the service provider’s organization in terms of financial fraud, identity theft, legal regulations, loss of consumer confidence, etc. Security controls that can be employed in making a payment handling application more robust and frustrate the breakers at the hardware level before reaching the application level.

====================== About the Author =================================

Read about Author  at : About Me   

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement.  Remark for more details about posts, subjects and relevance please read the disclaimer.

FacebookPage                Twitter                          ContactMe                          LinkedinPage    ==========================================================================

 

8 thoughts on “Digital Payments – Security vs Speed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s