By V Krishna Kishore
Any new technology is great, but it’s only as great as the security framework its built on. There’s no question that the rise of latest payment methods and technologies have brought convenience for everyone, but it has also raised concerns on security and the risk of usage — from the card holder to the merchants and the businesses that offer these services.
Merchants today have multiple payment acceptance channels for their disposal such as online payments, in store card payments, wallets and NFC. It comes as no surprise that the growth of smartphones have led it to become a focal point in today’s payments. In 2014, for the first time, the number of connected mobile devices surpassed on Earth with explosive growth from zero to 7.2 billion mobile devices in just three decades.
It can be extremely difficult for mobile security to keep pace with such new innovations and use cases that are constantly emerging for these devices. According to a report from LexisNexis Risk Solutions Inc. m-commerce merchants saw a 70 percent spike in the revenue lost to fraud in 2014. Additionally, the report stated that more than one-fifth (21 percent) of all fraudulent transactions are attributed to the mobile channel.
On-Device Security
Smartphone apps are becoming popular among consumers and merchants to pay and to accept payments. The security of such on device apps should also be at par when it comes to protecting card data and cryptographic keys and functions. Most smartphones can be encrypted which makes them even more secure and inaccessible by other users. Additionally, the app must be robust, free from any outside modifications and hacks. Some service providers make it a point that the app does not work on rooted devices.
The Card Switch
In an effort to improve security and reduce frauds, banks and credit card issuers have switched from magnetic strip-based cards to microchip-based cards. The Chip-and-PIN cards (EMV – Euro, MasterCard and Visa) have computer chips embedded in them making them less vulnerable to fraud for in-person transactions. Because EMV uses better data security, this standard is being adopted by more and more countries to fight cybercrime and their citizens.
The EMV cards have already been in use in Latin America, Europe, Canada, Asia Pacific, Africa and Middle East. Surprisingly, the United States has lagged behind many countries including India in adopting this fraud-reducing technology with only 7.5% of cards been EMV so far. A swift adoption expects more than half a billion of these EMV cards to be in use by the end of 2015.
Merchant Verification
Payment solution providers must take that extra care to make sure the merchants that are using their solutions are thoroughly checked and verified. Their onboarding process should include a brief compliance process to ensure that both the business and principal are good fits. During the pre-sales merchants must be required to fulfill the checklist given by the solution providers and complete KYC (Know Your Customer) documentation and risk verification has to be undertaken. Once the merchants are on boarded their transactions should also be monitored to understand the transaction flow and nature of merchant business. By validating the first 10 transactions and high value transactions with the end-customer by making calls is a good practice. Moreover, regular merchant monitoring can help identify unusual and abnormal transactions based on the assigned threshold limits for the account.
Solution providers should also provide a comprehensive, fraud management system to identify, prevent, and protect against fraudulent transactions before it happens in Card-Present (CP) and Card-Not-Present (CNP) transactions.
Merchant Responsibilities
Merchants also have an important role in curtailing frauds by taking necessary measures in limiting their exposure to account data compromises and protecting their customer’s information. Merchants should not store any cardholder data that is not needed to run their business. In case of high valued transactions always cross check the card holder data with the user. They must ensure all printed copies are physically secured for at least a year to handle charge back issues.
As the payment landscape changes (introduction of biometrics for payments), it has become even more important for payment companies to mitigate fraud and improve security. As the saying goes – prevention is better than cure, but it’s also a good thing to be alert and follow safe practices for your payments. As days go by, new and improved security measures are being developed to fight frauds, improve security and things should only get better.
(Krishna Kishore has more than a decade of experience in the payment industry. He is currently the Chief Operating Officer and is responsible for the business operations of Paynear, a mobile point of sale solution provider. Prior to joining Paynear, Kishore served as a President – risk management at EBS; analyzing new fraud trends, activities, checking for fraudulent transactions and helping minimize fraud. He is an IT engineer with expertise in handling risk and support, facilitating gateway integration and transaction support.)