Privacy, Innovations and Security in Digital Payments – Some of the reasons payments security is becoming more important includes; card fraud losses incurred by banks worldwide runs into billions of dollars with estimates of over US$15billion. E-Commerce growth with Card Not Present (CNP) transactions now exceed $2 trillion and rapidly increasing and average costs of Data Breach is increasing. Each time there is a breach, the direct and indirect loss of the affected financial institution is increasing. You can request for pdf format for the below PPT. Check my contact page.
If Innovation is the Body, then Security is the Blood.
What I say – If innovation is the body, then security is the blood. The two aspects need to be equally focused. What I have observed – Privacy, Security who cares? « Think. Innovation. Though we all know the fact of today’s’ time very well which the biggest privacy risk is our own smartphone we will proud, happy and secured with it.
Is it about swapping the technology-by-technology or swapping people who were previously dealing with technology and business to bring innovation with security? TMT – Telecom, Media, and Technology can perform better on a device is by using device hardware and software information as another method of security.
A digital certificate associates the name of an entity that participates in a secured transaction (e.g., an email address or a Web site address) with the public key that is used to sign communication with that entity in a cryptographic system. This has transformed our money to just a concept from a tangible item.
Top-10 Trends in Payments
The Top 10 trends in payments as listed by Capgemini Consulting in 2016 include: Increased investments in Security & Authentication Measures to avoid Fraud and Data Breaches and Developing economies are witnessing disruptive innovation in Payments and are leapfrogging the developed nations. Potential fraud on binary form of money comes from below sources.
- CTS (Cheque Truncation System)
- ECS – Debit and Credit
- Internet Banking
- Mobile Banking
Key Questions of this time are – 1. What is important Security or Innovation? 2. Current Solution VS Security and 3.Hardware Based Security VS Software-based security. Few modes of Digital Payment are Plastic Cards, Instant Payments, Mobile App, USSD, NFC, QR Codes, Scan Codes, Internet, Bio Metric and Store Value Cards. Some of the security & authentication measures increasing in utilisation include:
- Chip Authentication Program
- 3D Secure
Therefore – Payments security is gaining more significance.
While moving to electronic there is a strong need to create robust electronic payments platform, which is not vulnerable to frauds. Given the change of pace over the last five years, banks and now FinTech’s may feel the need to decide between complying or competing, as they explore new technologies that meet the challenges of digitalisation and changing consumer behaviour. Security controls that can be employed in making a payment handling application more robust and frustrate the breakers at the hardware level before reaching the application level
- Cards – CNP (Card Not Present) fraud is emerging as a top security challenge due to Increased adoption of online and mobile channels is providing more opportunity for perpetrators of fraud
- Migration of card payments from magnetic tape to EMV Chip and PIN
- Demand for leveraging advanced technological solutions by merchants to fight fraud is increasing
- Demand for real-time analytics to identify transaction routing and detect fraud is increasing.
Security aspect losing out because of a cost factor as wafer-thin profit margins, rapid new innovators and entrants in market focus more issues pertaining to
- Quality of service (QoS)
- Quality of experience (QoE)
Equal significant to security (QoSec) & privacy is almost missing. The focus has shifted to ensuring optimal new solutions and experience for subscribers and everything else is being parked at the backyard.
Against escalating security threats on mobile payments, empowerment of merchants, acquirers, and service providers with new commerce opportunities and experiences in store and protection should be the highest priority or should be the highest priority for any payment solution system. Software systems can and do adoption jobs dynamically. As mobile payment systems head toward primetime, we could be witnessing the beginning of a profound shift in payment culture.
Current Solutions vs Security
What should be regulation is a strong hardware-based security layer along with software, which will decrease the opportunity for hacking. Payment service providers should not be only concerned about people stealing money, a background check is also required; Sanctions history, File – X details and Background details
What is Important – Security OR Innovation
- Security should be a culture Across the Organization, not an add-on requirement.
- Strong security culture is both a mindset and mode of operation. One that’s integrated into day-to-day thinking and decision-making can make for a near-impenetrable operation. Conversely, a security culture that’s absent will facilitate uncertainty and, ultimately, lead to security incidents that likely can’t afford to take on.
- It all starts at the top. Executive management that’s interested in fostering a positive security culture — and does so without fail — is mandatory if the risks of a breach are to be minimised.
- Innovation starts in a secure environment and not the other way round.
Security Centric Focus
Failure to secure sensitive information can cause major damage to the service provider’s organisation in terms of
- Financial frauds, Identity theft, legal regulations, loss of consumer confidence, etc.
Security controls that can be employed in making a payment handling application more robust and frustrate the breakers at the hardware level before reaching the application level.
Combating Fraud & Breach In Payments (Cards)
To avoid data fraud and breach, payments firms and merchants are adopting multiple solutions including:
- Pursuing PCI-DSS compliance
- Implementation chip and pin authentication EMV ( especially in the card present environment)
- Implementation of solutions such as 3D Secure for Card Not Present (CNP) transactions (e.g. Verified by Visa and Mastercard Secure Code programs)
- Implementation End-to-end encryption
- Implementation of tokenisation processes to enhance data security during transmission of sensitive data (e.g. both Visa and Master card have launched tokenisation offerings)
- Use of Geolocation tracking technology
- Increased use of mobile secure location by payments service providers and merchants
- Use and testing of various biometric technologies to enhance authentication measures (e.g. Master card and Alibaba are testing facial recognition technology to authorise transactions)
- Use of real-time analytics including intelligence from social networks and third-party vendor that help understand the customer behaviour.
Role of EMV in the Payments Industry
- EMV is a fraud prevention technology
- If someone steals a credit card number, one cannot then use that number to manufacture a fraudulent EMV card.
- EMV technology ensures that the card being presented is not a fraudulent card.
- EMV’s fraud prevention capability only works in card-present scenarios (where the buyer uses an EMV-capable POS device),
- Stolen credit card numbers can still be used in e-commerce (CNP) transactions.
EMV is therefore not a security technology but a necessity
Food for Thought
- Data Tokenisation – Key to Payment Security
- Tokenisation is an integral payment technology for every merchant, along with EMV and PCI-validated point-to-point encryption (P2PE).
- Tokenisation enables merchants and enterprises to safely “store” cardholder data at rest for use in future transactions. Tokenisation, like P2PE, effectively renders the data useless to hackers.
- P2PE protects data in transit by encrypting cardholder data upon a point of entry in the retail device. Encrypting card data upon entry prevents the data from being available in the enterprise or merchant’s system as “clear-text” where it could be exposed in the event of a data breach.
- EMV also called “Chip and PIN,” authenticates the credit or debit card at the point of sale by reading a chip embedded on the card and validating the cardholder with a PIN or their signature. EMV makes it extremely difficult (though not impossible) to “white-label” or duplicate a physical credit card that could then be used by thieves to purchase items at the POS.
- Artificial Intelligence – Patterns
- Machine Learning – To detect password typing behaviour.
Most of SECaaS integrate their services service seekers existing infrastructure or deploy hybrid environments for use of a mix of cloud and on-premise resources.
Books + Other readings Referred
- Open Internet, research papers & Conferences.
- Hands on personal research work @AILabPage
Do you have any questions about CyberSecurity Intelligence where AI is an integral part of it? Leave a comment or ask your question in the comments section below. Will try my best to answer it.
Conclusion – In today’s world money has been reduced to binary data hence access to information/data is as good as access to cash. The advent of e-money is touted for having provided convenience being able to access money anywhere at any time. It has also opened many access points compared to the gold and silver that would only require physical security. Unauthorised access to e-money can be by anyone and anywhere at any time. Therefore, information security is everyone’s responsibility. For instance, bitcoin is the best example of a binary form of money or money as data. Which means more reason for info-security and encrypting data at every entry/exit to prevents the data from being available in the enterprise or merchant’s system as “clear-text” where it could be exposed in the event of a data breach.
====================== About the Author =================================
Read about Author at: About Me
Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.