Thales Blog

Card Is King, But Security Holds The Crown

August 3, 2017

Ian Hermon Ian Hermon | Product Marketing Manager More About This Author >

Before you leave your house, you no doubt make sure you’ve got everything you need – keys, mobile and wallet. For years, the concept hasn’t changed, but what’s inside your wallet has.

Last month, the British Retail Consortium (BRC) revealed debit card purchases have overtaken cash for the first time, with more than half of retail transactions being made on card. Thanks to more and more retailers investing in payment technologies (especially contactless terminals), and working to facilitate choice for shoppers, cards are reigning supreme.

Now operating on a ‘tap-to-pay’ basis, we as consumers have become accustomed to the convenience of card payments, and why not? They’re simpler (no more searching for an ATM), quicker (gone are the days of waiting for the correct change), and overall just more fitting with our on-demand lifestyles.

However, while card usage is on the rise, and innovative methods of payments become the new norm, risks are on the horizon. As today’s consumers are busy prioritising convenience, it’s up to the major payment brands, often as part of their PCI and EMVCo activities, to focus on making the payments process more secure, both for in-store and online transactions.

Tokens = 1, hackers = 0

With retailers collecting data from every customer interaction across multiple touchpoints, the industry has become a prime target for cyber criminals. Keen to get their hands on the wealth of information retailers hold, cyber-attacks from criminals have become more widespread and sophisticated. In fact, our recent Data Threat Report revealed that two in five retailers around the world have been the victim of a data breach in the last year.

It is encouraging to see more widespread use of tokenisation by the industry where acquirers provide retailers with a token for storage for each transaction rather than the PAN itself. This helps reduce the scope of PCI DSS compliance for retailers (and saves them money) and also means that any such data stolen is worthless to attackers, thus reducing the impact of any data breach.

Be customer conscious

A significant rise in the number of data breaches means consumers have become fearful (and rightly so) that their personal and financial data may well fall into the wrong hands. According to one of our recent surveys, a quarter of UK consumers said they’d no longer shop with a retailer if it had been hacked and had customer card information stolen.

So, it’s critical that retailers address these concerns. Combining a seamless user experience with a secure backdrop will drive users to embrace technology and improve the payment process. While we know this won’t happen overnight, the latest figures from the British Retail Consortium show a positive shift towards investment in payment technology, something that will no doubt continue to grow in popularity.

No matter how robust a system is, no one security method is unbreakable, but that shouldn’t stop the payment brands communicating the latest security solutions being offered to the retail industry, to ensure valuable customer data is secure. Recently Visa announced support for the next generation of 3D-Secure technology, which will be paramount in reducing fraud for online and mobile in-app transactions where significant transaction growth is expected. All major card brands are due to adopt this new security standard as part of their collaboration efforts within the EMVCo organisation.

In the meantime, recognising the importance of encryption techniques such as tokenisation and data masking in digital payments can help build and maintain customer trust, all the while leaving the positive customer experience intact.

Interested in taking a deeper dive into retail data security? Our 2017 Retail Data Threat Report is just for you.