13 October 2015
New technology is great, but it’s only as great as the security framework its’ built on. There’s no question that the rise of latest payment methods and technologies have brought convenience for everyone, but it has also raised concerns on security and the risk of usage – from the card holder to the merchants and the businesses that offer these services.
Merchants today have multiple payment acceptance channels for their disposal such as online payments, in store card payments, wallets and NFC. It comes as no surprise that the growth of smartphones have led it to become a focal point in today’s payments. In 2014, the number of connected mobile devices surpassed on Earth for the first time with explosive growth from zero to 7.2 billion mobile devices in just three decades.
It can be extremely difficult for mobile security to keep pace with such new innovations and use cases that are constantly emerging for these devices. According to a report from LexisNexis Risk Solutions Inc. m-commerce merchants saw a 70 percent spike in the revenue lost to fraud in 2014. Additionally, the report stated that more than one-fifth (21 percent) of all fraudulent transactions are attributed to the mobile channel.
Smartphone apps are becoming popular among consumers and merchants to pay and to accept payments. The security of such on device apps should also be at par when it comes to protecting card data, cryptographic keys and functions. Most smartphones can be encrypted which makes them even more secure and inaccessible by other users. Additionally, the app must be robust, free from any outside modifications and hacks. Some service providers make it a point that the app doesn’t work on rooted devices.
The Card Switch
In an effort to improve security and reduce frauds, banks and credit card issuers have switched from magnetic strip-based cards to microchip-based cards. The Chip-and-PIN cards (EMV – Euro, MasterCard and Visa) have computer chips embedded in them making them less vulnerable to fraud for in-person transactions. Because EMV uses better data security, this standard is being adopted by more and more countries to fight cybercrime and their citizens.
The EMV cards have already been in use in Latin America, Europe, Canada, Asia Pacific, Africa and Middle East. Surprisingly, the United States has lagged behind many countries including India in adopting this fraud-reducing technology with only 7.5% of cards been EMV so far. A swift adoption expects more than half a billion of these EMV cards to be in use by the end of 2015.
Payment solution providers must take that extra care to make sure the merchants that are using their solutions are thoroughly checked and verified. Their onboarding process should include a brief compliance process to ensure that both the business and principal are good fits. During the pre-sales merchants must be required to fulfill the checklist given by the solution providers and complete KYC (Know Your Customer) documentation and risk verification has to be undertaken.
Once the merchants are on boarded, their transactions should also be monitored to understand the transaction flow and nature of merchant business. By validating the high value transactions whenever required with the end-customer is a good practice. Moreover, regular merchant monitoring can help identify unusual and abnormal transactions based on the assigned threshold limits for the account.
Solution providers should also provide a comprehensive, fraud management system to identify, prevent, and protect against fraudulent transactions before it happens in Card-Present (CP) and Card-Not-Present (CNP) transactions.
Merchants also have an important role in curtailing frauds by taking necessary measures in limiting their exposure to account data compromises and protecting their customer’s information. Merchants should not store any cardholder data that is not needed to run their business. In case of high valued transactions, always cross check the cardholder data with the user. Moreover, they must ensure all printed copies are physically secured for at least a year to handle charge back issues. In case of mPOS, digital records can be maintained and viewed by the merchants for years.
As the payment landscape changes (introduction of biometrics for payments in the near future), it has become even more important for payment companies to mitigate fraud and improve security. As the saying goes – prevention is better than cure, it’s also a good practice to be alert and follow safe measures for your payments. As days go by, new & improved security measures for mobile payments will be introduced to fight frauds, safeguard customers and merchants alike – V Krishna Kishore, Chief Operating Officer (Paynear Solutions)