Privacy, Innovations and Security in Digital Payments

You can request for pdf format for the below PPT. Check my contact page.

Abstract- Some of the reasons payments security is becoming more important includes; Card Fraud losses incurred by banks worldwide runs into billions of dollars with some estimates of over US$15billion, E-Commerce growth with Card Not Present (CNP) transactions now exceed $2 trillion and rapidly increasing and average costs of Data Breach is increasing i.e., each time there is a breach, the direct and indirect loss of the affected financial institution is increasing.

What I say –  If innovation is the body, then security is the blood. The two aspects needs to be equally focused. What I have observed –  Privacy, Security who cares? « Think. Innovation. Though we all know the fact of todays’s time very well which the biggest privacy risk is our own smartphone but we will proud, happy and secured  with it.

Introduction – Is it about swapping the technology-by-technology or swapping people who were previously dealing with technology and business to bring innovation with security? TMT – Telecom, Media, and Technology can perform better on device ids by using device hardware and software information as another method of security. A digital certificate associates the name of an entity that participates in a secured transaction (e.g., an email address or a Web site address) with the public key that is used to sign communication with that entity in a cryptographic system.  This has transformed our money to just a concept from tangible item.

Screen Shot 2017-04-26 at 2.04.54 PMMain Story –  The Top 10 trends in payments as listed by CapGemini Consulting in 2016 include: Increased investments in Security & Authentication Measures to avoid Fraud and Data Breaches and Developing economies are witnessing disruptive innovation in Payments and are leapfrogging the developed nations. Potential fraud on binary form of money comes from below sources.

Electronic Mediums

  • CTS (Cheque Truncation System)
  • ECS – Debit and Credit
  • ATMs
  • Internet Banking
  • Mobile Banking

Key Questions of this time are –  1.What is important Security or Innovation. 2.Current Solution VS Security and 3.Hardware Based Security VS Software based security. Few modes of Digital Payment are Plastic Cards, Instant Payments, Mobile App, USSD, NFC, QR Codes, Scan Codes, Internet, Bio Metric and Store Value Cards. Some of the security & authentication measures increasing in utilization include:

  • Chip Authentication Program
  • 3D Secure
  • Tokenisation
  • Biometrics

Therefore – Payments security is gaining more significance.

Screen Shot 2017-04-26 at 2.05.22 PMWhile moving to electronic there is strong need to create robust electronic payments platform, which are not vulnerable to frauds. Given the change of pace over the last five years, banks and now fintech’s may feel the need to decide between complying or competing, as they explore new technologies that meet the challenges of digitalization and changing consumer behavior. Security controls that can be employed in making a payment handling application more robust and frustrate the breakers at the hardware level before reaching the application level

  • Cards – CNP (Card Not Present) fraud is emerging as a top security challenge due to Increased adoption of online and mobile channels is providing more opportunity for perpetrators of fraud
  • Migration of card payments from magnetic tape to EMV Chip and PIN
  • Demand for leveraging advanced technological solutions by merchants to fight fraud is increasing
  • Demand for real-time analytics to identify transaction routing and detect fraud is increasing.

Security aspect loosing out because of cost factor as wafer-thin profit margins, rapid new innovators and entrants in market focus more issues pertaining to

  • Quality of service (QoS)
  • Quality of experience (QoE)

Equal significant to security (QoSec) & privacy is almost missing.

The focus has shifted to ensuring optimal new solutions and experience for subscribers and everything else is being parked at backyard.

Screen Shot 2017-04-26 at 2.06.25 PM

Against escalating security threats on mobile payments, empowerment of merchants, acquirers, and service providers with new commerce opportunities and experiences in store and protection should be the highest priority or should be highest priority for any mobile/fintech/banking payment solution system. Software systems can and do adoption jobs dynamically. As mobile payment systems heads toward primetime, we could be witnessing the beginning of a profound shift in payment culture.

Current Solutions vs Security

What should be a regulation is a strong hardware-based security layer along with software, which will decrease opportunity for hacking. Payment service providers should not be only concerned about people stealing money, background check is also required; Sanctions history, File – X details and Background details

Screen Shot 2017-04-26 at 2.06.33 PMWhat is Important – Security OR Innovation

  • Security should be a culture Across the Organization not an add-on requirement.
  • A strong security culture is both a mindset and mode of operation. One that’s integrated into day-to-day thinking and decision-making can make for a near-impenetrable operation. Conversely, a security culture that’s absent will facilitate uncertainty and, ultimately, lead to security incidents that likely can’t afford to take on.
  • It all starts at the top. Executive management that’s interested in fostering a positive security culture — and does so without fail — is mandatory if the risks of a breach are to be minimized.
  • Innovation starts in secured environment and not the other way round.

Security Centric Focus

Failure to secure the sensitive information can cause major damage to the service provider’s organization in terms of

  • Financial frauds, Identity theft, legal regulations, loss of consumer confidence, etc.

Security controls that can be employed in making a payment handling application more robust and frustrate the breakers at the hardware level before reaching the application level.

Screen Shot 2017-04-26 at 2.06.51 PM

Combating Fraud & Breach In Payments (Cards)

To avoid data fraud and breach, payments firms and merchants are adopting multiple solutions including:

1.Pursuing PCI-DSS compliance

2.Implementation chip and pin authentication EMV ( especially in the card present environment)

3.Implementation of solutions such as 3D Secure for Card Not Present (CNP) transactions (e.g. Verified by Visa and Mastercard Secure Code programs)

4.Implementation End-to-end encryption

5.Implementation of tokenization processes to enhance data security during transmission of sensitive data (e.g. both Visa and Mastercard have launched tokenization offerings)

6.Use of Geolocation tracking technology

7.Increased use of mobile secure location by payments service providers and merchants

8.Use and testing of various biometric technologies to enhance authentication measures (e.g. Mastercard and Alibaba are testing facial recognition technology to authorize transactions)

9.Use of realtime analytics including intelligence from social networks and third party vendor that help understand the customer behavior.

Role of EMV in Fraud Prevention in Payments Industry – EMV is a fraud prevention technology

  • If someone steals a credit card number, one cannot then use that number to manufacture a fraudulent EMV card.
  • EMV technology ensures that the card being presented is not a fraudulent card.
  • EMV’s fraud prevention capability only works in card-present scenarios (where the buyer uses an EMV-capable POS device),
  • Stolen credit card numbers can still be used in e-commerce (CNP) transactions.

EMV is therefore not a security technology

Food for Thought

  • Data Tokenization – Key to Payment Security
  • Tokenization is an integral payment technology for every merchant, along with EMV and PCI-validated point-to-point encryption (P2PE).
  • Tokenization enables merchants and enterprises to safely “store” cardholder data at rest for use in future transactions. Tokenization, like P2PE, effectively renders the data useless to hackers.
  • P2PE protects data in transit by encrypting cardholder data upon point of entry in the retail device. Encrypting card data upon entry prevents the data from being available in the enterprise or merchant’s system as “clear-text” where it could be exposed in the event of a data breach.
  • EMV, also called “Chip and PIN,” authenticates the credit or debit card at the point of sale by reading a chip embedded on the card and validating the cardholder with a PIN or their signature. EMV makes it extremely difficult (though not impossible) to “white-label” or duplicate a physical credit card that could then be used by thieves to purchase items at the POS.
  • Artificial Intelligence
  • Machine Learning
  • Detect password typing behavior.

Sign-tConclusion – In today’s world money has been reduced to binary data hence access to information/data is as good as access to cash. The advent of e-money is touted for having provided convenience being able to access money anywhere any time. It has also opened many access points compared to the gold and silver that would only require physical security. Unauthorised access to e-money can be by anyone and anywhere at anytime. Therefore, information security is everyone’s responsibility. For an instance bitcoin is the best example of binary form of money or money as a data – MaaD. Which means more reason for infor-security and encrypting data at every entry/exit to prevents the data from being available in the enterprise or merchant’s system as “clear-text” where it could be exposed in the event of a data breach.

====================== About the Author =================================

Read about Author  at : About Me   

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement.  Remark for more details about posts, subjects and relevance please read the disclaimer.

FacebookPage                Twitter                          ContactMe                          LinkedinPage    ==========================================================================

Facebook Comments

6 replies »

  1. I think hardware and SSL complexity is the way to go. Innovation is clearly leaving security behind. Hang onto your cyber-wallets!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.