Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Essential Retail Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Comment: No reason why new payment tech can't be secure

A feature of recent years has been the development of new payment solutions designed to exploit emerging technologies and in particular mobile technologies. We have seen solutions enter the market for both accepting and making payments, yet adoption has been slow to pick up and it seems that we are struggling to identify the right solution for mass adoption. Why should this be?

In consumer surveys the most often quoted reason for non-adoption is the issue of security. Do we really trust new solutions that don't come with the same level of protection we get from existing payment instruments, such as bank cards? The simple answer is that the nervousness that exists around these technology developments usually comes from the industry's failure to explain what it is that makes one solution secure and another less so, we end up trusting none.

A good example is mobile contactless payments, enabled by the inclusion of NFC technology in mobile phones. This was to be the new revolution in payments and naturally we would all want to use phones to pay. Banks and phone companies jostled to position themselves to make the play. Sadly we are still waiting to see mass deployment as the industries come to grips with suspicions about the safety of phones as a platform for commerce.

Are phones secure? Well it depends on how you use them; just as the home PC can be protected from malicious attacks so too can the mobile phone. Payment applications can reside in a trusted environment within the phone and be ring-fenced from other applications. Just as with contact card transactions the industry can deploy its EMV-based secure cryptographic process to bind transaction to a single event in time. Most recent developments also allow for the card numbers to be protected through new tokenisation processes. For transaction processing there is little personal or sensitive information passing between the phone and reader so concerns about eavesdropping or pickpocketing are often overstated.

Looking over the horizon we can see other opportunities to increase the security of transaction processing through the exploitation of services that are enabled by use of mobiles. Services such as geolocation, coupled with the banks' own behavioural analysis, could be used to develop more robust authorisation platforms. If I know you have bought an airline ticket to New York and I see transactions coming from that location and I can see that your phone is there too, I should be pretty confident that it is you making the transaction. There is of course a cost for this: consumers would have to surrender a certain amount of privacy, most likely through opting in to such a service and it may well upset some of those concerned about data privacy in the European Union. Sadly this is one of the abiding costs of making things more secure. Often, more secure means less convenient, or in this case less private.

Thinking about how we behave now in the digital world, would this be a big issue? Given that a sizable number are prepared to tell the world where they are and what they are doing, to the point of tweeting pictures of what they are eating, is privacy really going to be an overriding concern? We need to see what consumers want, and I hope that we test the appetite before such services are consigned to the bin through being perceived as being too invasive.

It seems that the use of mobiles devices offers us all the opportunity to bring together  offline (face –to-face) and online payment processes, giving consumers and retailers greater choice  of how to engage customers and accept payments. Here again there are some exciting opportunities. Solutions such as Apple Pay use the same secure EMV-based cryptographic processes to underpin both NFC and online payments. Consumers and retailers can choose to select one or the other depending on how the customer is being served and be sure that they are equally secure.

There are other solutions being proposed that challenge the existing classification of payments as being 'card present' or 'not present' and it seems that schemes and issuers will soon have to rethink how these are handled within the payments system and allow retailers the freedom to engage with their customers as they choose rather than following the strict rules of today.

The technologies that are being offered to enhance payments in the digital age provide the opportunity to enhance the consumers' experience. The speed and convenience of using personal devices with all of your payment options loaded must be viewed as a major step forward. Yes there are security issues to be resolved, but these are not insurmountable and with good design we should be able to maintain the same high levels of integrity offered by existing solutions. 

David Baker is head of the payment innovations unit for The UK Cards Association. He writes a regular column for Essential Retail on the evolving payments landscape and its impact on the retail industry.

Click below for more information:

The UK Cards Association