Thales Blog

Securing The Future Of Payments – What Does 2018 Have In Store?

December 20, 2017

Thanks to heightened consumer confidence, a rise in proximity payments adoption and ongoing developments in biometrics, the payments industry continued to undergo digital transformation throughout 2017.

We’re now seeing big data play an increasing role in how retail sales and payments are being tailored to individual consumer’s preferences, and providers are adopting and integrating smarter, more efficient ways of completing the path-to-purchase. And mobile is at the centre of the improved consumer experience.

However, with just days left of this year, it’s time to turn our attention from reflection to preparation, looking at what 2018 has in store for the payments industry.

Consumer convenience will be front and centre

It shouldn’t come as a surprise that the majority, if not all, of the changes that occur across the payments landscape next year will be driven by consumers. While this is in no way a new or ground-breaking revelation, a customer-centric business model will certainly be a key differentiator.

As part of this, we’ll likely see a decline in consumers having to take an active role in authenticating transactions with more secure, and behind the scenes, technological methods taking its place. We have seen card brands such as American Express, Discover, and Mastercard announce the elimination of signatures in some territories and the use of proximity payments replacing Chip and PIN in an effort to remove friction and add simplicity to payments. With huge strides being made in the development of contactless technology, and with consumers now favouring a ‘tap-to-pay’ approach, the death of PIN could also become a reality much sooner than we think.

Three-Domain Secure (3DS) 2.0 is the next generation technology, one-up fraud prevention method, addressing online and mobile in-app transactions where significant growth is expected, since it places emphasis on risk scoring transactions rather than on consumer authentication for every transaction. Not only will this new security approach minimise friction, resulting in a more seamless transaction and experience, it will soon be adopted by pretty much all major card brands as part of their collaboration efforts within the EMVCo organisation.

That being said, it’s not just consumers set to benefit from this agile approach, with retailers also on-track to reap the rewards. As payments become more of a back-end piece of technology, not only will the customer experience be simplified, but fraud will become easier to spot thanks to more tailored background analytics – a real win/win.

Sources of innovation on a global scale

Tech-savvy millennials that value both convenience and time are helping shape the future of transactions, although consumers outside of this demographic tend to lack trust in mobile payment technologies.

To combat this, global payment providers have been putting a lot of effort into tokenisation of payment credentials, encouraging the uselessness of data, should it happen to fall into the wrong hands. One of the important benefits of this is the ability for issuers to implement channel separation as a fraud reduction measure.

While this has worked well for some, other, smaller countries and emerging markets have faced challenges as they lack the sufficient and sophisticated processes needed to execute to the same extent as larger markets. However, catering to the needs of smaller or emerging markets also has its benefits. In 2018, we’ll see these smaller markets able to innovate further, without being held back by infrastructure and processes that come with being a big industry player.

The emphasis on securing platforms

As vicious and extremely damaging cyber-attacks continue to hit organisations across every industry, it’s never been more important for payment providers to prioritise security. In fact, our recent Data Threat Report found that 42 per cent of financial firms had encountered a data breach, with the rate of breaches rising by 5 per cent in a year.

Since the days of the TJX and Heartland Payment System breaches, almost a decade ago, the industry has been challenged to protect payment card data and yet we see that breaches of this data continues to occur. PCI has not only developed requirements such as PCI-DSS to address securing data in processing environments but also developed requirements such as PCI-P2PE to address securing transaction data in retailer environments, which also helps reduce PCI-DSS scope in audits.

Tokenization, which as mentioned helps eliminate valuable card account numbers in payment credentials, has also proven to be an effective technology in replacing card account numbers in processing environments enabling organization to reduce risk by storing real card account numbers in well protected enclaves instead of throughout an organization.

It would be a significant achievement if 2018 brings about a reduction in data breaches as a result of increased emphasis on protecting payment card account numbers as well as personal consumer information in general.