User expectation on mobile payments and privacy needs to be realistic, until a solution emerges.
Speaking at the Centre for Secure Information Technologies (CSIT) conference in Belfast, Colin Whittaker, vice president of payment system risk at Visa Europe, criticised proposed changes to the European Data Protection Directive as he said that 'the industry is not ready to be forgotten', and he complimented the Information Commissioner's Office (ICO) on their response.
He said: “The point is that to make something secure, you need one technology to close it down and make it secure, and the other problem is that users want to do more with their technology and they are missing the point. We need to balance both sides of the ecosystem.
“We keep data to manage trends and we need it to meet our obligations for law enforcement and can use encryption and tokenisation to do it in an efficient manner. The proposed directive changes say what the expectations are on privacy and anonymity and and we are clear on when we need that data and we need direction on data.”
Whittaker also talked about the challenge of modern payments for Visa Europe, especially as mobile devices become more prevalent. He said that most threats at the moment are to do with secure web design, vulnerabilities and multiple platforms with the expansion of mobile and tablet devices.
He said: “We want to accept payments via mobile as users have the expectation to do so and we need to facilitate that and accept that there are vulnerable applications. What we want to do is avoid using PIN numbers and cards on a mobile device, it is not sensible. There was a suggestion that a user could take a photo of their card and submit it, I said that is not a good idea!
“We have got to find a strong way to connect the mobile, secure the data and send it and trying to avoid a solution that does anything stupid. We are trying to promote a way with mobile that avoids additional accessories around and the risk that they provide.”
Whittaker said that the biggest challenge is user expectation, and there needs to be a way to educate politicians 'as society debates this and we want to do everything we can with the technology we are given'.