Thales Blog

Innovation And Security In Digital Payments - As Consumers Swap Their Cards For Digital Payments, Have Security Measures Followed Suit?

June 2, 2016

How do you pay for your goods? I’d be willing to bet it’s changed a lot over the years. With online transactions, mobile apps and contactless payments as options today, more than ever consumers are choosing alternatives to the traditional notes and coins.

Mobile payments

However, as we increasingly use and rely on digital payments to satisfy our shopping fix, a recent catalogue of global data breaches highlights the prevalent security challenges across the payments industry.

Card payment breaches impacting the hospitality industry

The data breaches that have hit major companies such as Talk Talk and Trump Hotels highlight how even the largest establishments can suffer from a data breach, putting consumer confidence at risk. The hospitality industry has been particularly vulnerable to this type of attack with reports citing it as the sector with the highest number of point of sale (POS) breaches. This can be largely attributed to the fact that in most locations the hotel receptionist swipes your payment card (even if it has an EMV chip) on a simple mag-stripe reader attached to the POS System itself, making the data vulnerable to capture by fraudsters as it flows often unprotected through the merchant servers.

Times are changing, however. Now there is a widespread migration to EMV in the US that is helping to drive updates of payment acceptance systems with certified terminals that support the use of Payment Card Industry point-to-point encryption (PCI P2PE) for protection of sensitive data right at the point of capture. This change, combined with the use of tokenisation, safeguards data, both at rest and in motion, as it travels from end-to-end throughout the payment network.

However, with Gartner predicting that global mobile transaction will continue to increase by 35% until 2017, how can the payments community ensure that the rapid increase in digital payments doesn’t result in the same security risks that we’ve seen with card payments in the past?

Digital commerce growing rapidly

According to the Payments Council, the UK now prefers digital payments to cash. As cash continues to decline in popularity, there needs to be a focus on improving the overall commerce process, not just the period when the consumer is involved in the payment portion. Retailers, both in-store and online, are now valuing the importance of the new goals towards a ‘frictionless experience’ where the consumer needs to enter as little authentication data manually as possible.

Under pressure to deliver the best possible user experience, ensuring consumers face as little security barriers as possible places more pressure on payment service providers and banks to provide comprehensive security measures behind the scenes.

A significant difference to consider with mobile payments in particular is that the trust relies in a mixture of a secure registration process, a secure delivery of credentials to the user’s phone and ensuring that the regular replenishment of keys in the phone is always protected. This is different to protecting a plastic credit or debit card, where the information that needs to be secured is static – the same keys remain on the card for its whole lifetime.

Recognising the differences in securing digital payments compared to legacy payment methods is essential for innovative new payment methods to prosper without the security hiccups. Banks will now face the challenge of ensuring that their security measures address multiple mobile payment solutions to guarantee that they cover all types of payments their customers demand. Taking the time to address the fact each solution has different security threats and create an appropriate risk management strategy is the ideal starting point to prevent any security concerns in the future.