A Secure Experience
How mobile payment service providers are making a more secure experience through the use of biometrics in an evermore connected society.
According to research released by Retail Banking Research, the volume of contactless payments in Europe is forecast to rise almost nine‐fold to 12.2 billion in 2020 compared with 2014, and account for 13 percent of all card payments. Mobile payments using NFC‐enabled smart devices are projected to hit £1.2 billion per week in the UK alone by 2020, according to Visa Europe.
To keep up with the dramatic rise in mobile banking and payments banks have implemented rigorous security, ensuring that the underlying systems are reliably authenticated, not only with the users but with the services being accessed. Users need assurance that their bank can reliably authenticate them securely and conveniently. In the future this can become more secure through the use of biometrics.
Technologies such as Host Card Emulation (HCE) and tokenization can deliver secure authentication and increase convenience at the same time. Tokenization is what makes payments via an NFC‐equipped device possible as it decreases the value ofconfidential data stored on mobile devices and transferred over networks during payment. Think of a token as something with low value representing something with high value, much like a casino chip represents cash.
The credentials of a token are limited to a specific device, merchant or type of goods or services. It strengthens security as the token’s use is relatively limited beyond its re‐defined purpose.
The combination of tokenization and encryption techniques to secure keys and data in mobile‐app code helps secure HCE‐based wallets in devices. It has also been endorsed as secure by payment companies, finally enabling independent mobile payment apps.
Lauri Pesonen, head of Global Solutions at G&D, says that when implementing mobile payments, security and convenience should not be contradicting requirements. It is absolutely feasible to implement solutions that perform well on both.
“Use of system‐wide security design, state‐of‐the‐art security technologies available on mobile devices, secure cloud services and payment industry security practices all cater for secure solution for mobile payments without hampering the end user experience,” he says.
He adds that security is mostly invisible to the end‐user. “The end‐user confidence is established already at the very beginning, as the end‐user enrols for the mobile payment service with his/her existing online banking credentials.
“The user may select to protect payments by a PIN or finger print, but other than that the end‐users don’t really need to bother about how the underlying security is implemented. And if the phone is lost, a call to the bank will block the payment functionality,” adds Pesonen.
Prior to tokenization, adding payment cards to a mobile wallet meant the bank had to carry out a review and approval procedure, which could take days to complete. Understandably, mobile payment service providers require a method to finish enrolment quickly and decrease registration abandonment.
With tokenization, customers can sign up in seconds and be ready to pay, increasing mobile payments convenience, security and adoption.
Pesonen says that consumers expect their mobile experiences to be immediate (real‐time), intuitive and fit for purpose.
“For mobile payments this means hassle‐free, real‐time enablement, fast and easy‐to‐use payments and security. G&D Convego CloudPay delivers on these expectations,” he says.
“Provisioning of a payment card to the mobile devices is conducted in ten seconds and payments at merchants are fast with genuine tap and pay experience. Security is built on multiple layers and confirmed by external evaluation laboratories as well as by payment scheme certifications.”
Big Data breaches and how they are avoided
Another part of the equation is how customer data is protected from hackers. This vast amount of data on servers is a potential treasure trove to criminals. The latest figures from the Ponemon Institute and IBM show an increase in the cost of a data breach on average of $3.79 million per company.
This data needs to be kept secure and compliant with regulatory requirements. Managing this big data’s security and availability is a challenge. Banks, processors, retailers and all parties that are part of the payment ecosystem need to secure storage, transit and use of customer data. Big data technology can allow firms to see in almost real‐time all events across the payment infrastructure. It also provides context to understand these events so intelligence can be shared and threats alerted to other parties. Fraud can be prevented using a technique supported by big data called continuous or behavioural authentication. Monitoring of transactions should nowadays take into account the various channels used to pay to be effective.