WASHINGTONThe payments industry has a significant security challenge on its hands as too many consumers become "chronic oversharers" of their personal and payment card data, says Ellen Richey, chief enterprise risk officer for Visa Inc.
Nearly 10% of consumers say they have shared their Social Security number on a social media platform, Richey says. Many consumers also show off their "cool new debit card" by posting a photo of it with account numbers clearly visible to Facebook and other sites, Richey says.
"We found an entry on Twitter in which the person asked about the CVV number on the back of her card, and she posted the number," Richey adds.
Consumers obviously need more education regarding payment card security, but the payments industry must accept that this is the "new normal" and boost its defenses, Richey said during her keynote address Oct. 2 at Visa's Global Security Summit in Washington, D.C.
The challenges presented by social media are exaggerated by mobile payment systems that remove issuers' visibility into the cardholder's shopping habits, Richey says.
The industry must adapt as it enters "a crossroad in which plastic is turning into mobile," she says. There are seven billion mobile phones worldwide, she says.
"We can harness the capabilities of new technology to train issuers to possibly turn a payment app on and off in a handset and use their own identification in fraud tools," Richey says.
Other companies provided examples of how they have kept up with emerging fraud trends.
At Banco Bradesco Cartoes SA, "any department at our bank can propose security improvements. It creates the mindset that we are going to be creative with security technology and be fast in developing it," says Alexandre de Freitas Monteiro, the bank's director of operations. All directors and managers at the bank want to be part of a committee to strengthen security, Montiero adds.
Having sound security baked in when building new technology is extremely important because consumers are very fast adopters, says Dawn-Marie Hutchinson, senior manager of IT security for Urban Outfitters Inc.
"When we send out a new app, our customers are all over it," Hutchison said. "If security is not strong at that first level, it can be like a forest fire if there is a problem."
And at Ingenico's mobile point of sale unit, Roam, "we have to watch for the way young people in our own family react to the technology or security measures," says Benoit Boudier, Roam's senior vice president of international sales. "They are digital natives and savvy about mobile advancements."
For its part, Visa is part of a collaborative effort with MasterCard and American Express to replace account numbers with "tokens" for online and mobile payments. In addition, Visa is upgrading its authorization technology to provide more information to issuing banks about potential fraudulent transactions, as well as strengthen fraud detection at gas station pumps, Richey says.
Technology needs to stay ahead of the fraudsters by identifying potential problems and shutting them down, Richey says.
Such an effort requires the cooperation of consumers and merchants, she adds. "To have powerful security, we need the [Payment Card Industry data security standards] to become business as usual," Richey says.
Even though the introduction of EMV chip-based cards in the U.S. carries a level of controversy with it, the smart cards represent a proven and effective way to strengthen security, Richey says.
Ultimately, the payments industry has to embrace responsible innovation and renew its commitment to principles and standards "that got us here to in payments to begin with," Richey says.