A successful move to a global cashless society requires a comprehensive information security strategy
With electronic payments rapidly becoming the new way to transact, the idea of a cashless society is becoming a bigger reality, leading to demands for stronger authentication - without slowing transactions - says David Poole.
David Poole, business development director, myPINpad
With mobile payments being more than 27 percent of all transactions1 and mCommerce representing 34 percent of all eCommerce transactions globally in 20152, it is safe to say that more and more people have embraced electronic payment methods and are using them for everyday transactions. This is particularly evident in Western European and Nordic countries, where legal limits for cash payments have been introduced3.
The move has been fueled by technological developments such as contactless payments and frictionless payment processes, which saves people the trouble of stopping by an ATM to get cash.
Nearly one million commuters in London use their contactless cards every day to pay for their journeys saving money and, especially, time. Equally, it can be seen in the developing world where a lack of traditional banking facilities has seen many turn to the mobile to manage money. Safaricom, in Kenya, for instance, has developed a SMS based mobile payments service, which is being used by 58 percent of the population.4
The move away from cash is welcomed by many retailers and those responsible for processing it, too. Cash costs money to transact with, to secure, and to replace as notes wear out. Prior to accepting contactless payments, London's public transport provider spent over £30 million a year processing cash.5 A cashless society with electronic payments will also benefit the global economy and marketplace by making cross-border transactions easier, quicker and cheaper.
Governments all over the world are supporting the prevalent use of digital payments, since the grey economy loves cash. A cashless society could help combat crime and tax avoidance by creating greater transparency, making it much harder to trade illegally and in an untraced way. In the same way, it will allow governments to have a greater control over monetary policies.
However, in the midst of excitement over new and innovative payment methods, insufficient investment has been given to how secure they actually are. While the introduction of PIN over a decade ago reduced card-present fraud,6 it has resulted in increased instances of card-not-present (CNP) fraud, which have amounted to £331.5 million in losses in 2014 in the UK alone7.
Failure to stop fraud is not down to a lack of secure solutions, but a lack of wide adoption of a consistent standard. Currently there are many security solutions available in the market which, if implemented correctly and consistently, can prevent many of these instances of fraud.
Every day we see newer authentication solutions, which claim to be more secure than the previous and to incorporate more innovative technology. These can range from emojis as passwords, to using a heartbeat to verify identity. However, there are inconsistencies in applications, and some ideas, which may seem innovative at first, when considered at a practical level, are not something which people will be using for their day to day lives.
With the implementation of the Second Payments Service Directive (PSD2) nearing, Payment Service Providers (PSPs) will be required to provide “strong consumer authentication”, defined as multi-factor authentication (with two or more independent factors)8. This will test all types of authentication solutions, leaving consumers to decide which they prefer and what works best, in terms of security. Most successful solutions will be those which strike the perfect balance between resilient security and usability convenience.
We must agree that threats evolve and solutions must be willing to appropriately evolve the security or even the form of digital cash equivalents. This means understanding the impact and economics of a shortened product life and having the foresight to see the up side beyond next years' KPI weighted bonus. As payment credentials and cash equivalents become truly digital, the speed at which change can be propagated across an ecosystem will improve, and could even meet the rate at which new attacks and compromises are developed.
The average person will want the highest level of security possible to protect their possessions, but, in practicality, they are only willing to trouble themselves to a certain degree. They want fast frictionless payments; they don't want to go through numerous authentication levels, to remember long and complex passwords or to carry around tokens.
The payments and FinTech industry is fighting hard against fraud. New authentication and security measures and regulations are being implemented to help take electronics payments to its full potential.
It is imperative to use the resources available to bring increased levels of security to electronic payments if this industry is to reach its full potential and replace cash. Yet, only the solutions that understand consumers habits and embrace their preferences, while providing the highest security standards will be able to make cashless societies a reality.
Contributed by David Poole, business development director, myPINpad