It can be an uphill battle asking someone to put down their phone these days. One of the reasons we’re so reluctant to do without them is the sheer power contained within these devices.
In 2017’s Internet of Things world, smartphones can lock systems, control music, even adjust the lighting in your home, and that’s not even touching on its multimedia entertainment value. The smartphone, in its present form, has been around for 10 years now. Safe to say, there’s no going back.
So we’ve gained a device of amazing potential. All that’s left now is to leave for Lotus Land and enjoy our perfect utopia, right?
Not so fast! Take a peek behind the scenes and we start to see some disputes trickle in; wrinkles in our perfect plan where fraud has found a foothold and exploited the gap. All it takes is a little time and inconsistency in implementation. As usual, the point that fraud integrates itself into this new payment stream catches many by surprise. It seems that there is no initial "gold standard" best practice in the U.S. for the setup of third-party applications within devices, a product of the unique enrollment process and limited formal requirements, given their novelty.
If our device experiences an error or a breach from any number of potential failure points within the software, such as entering payment credentials, confirming contact information or authenticating a payment, the potential impact could be disastrous.
Apps for purchasing coffee could become vessels for money laundering, ride-hailing services might take fraudulent “test” cards for a spin, while other malicious apps would allow bad guys to swipe goods from virtual shelves and stuff them into the pocket (where their physical wallet used to be). In no time at all, our payments paradise becomes the Wild West, all because some P-to-P money-moving services gave little or no regard to their potential for abuse by malicious third parties. Until now, the U.S. market has collectively shrugged off the topic.
Enter the revised Payment Service Directive (PSD2), or as I like to call it, the new road map. This European standard contains requirements that form a standard baseline for data security and a set of policies to ensure that all players in the space keep it clean and secure. Its mandate includes enhanced authentication for more accurate fraud detection during device-based transactions.
Such is the magnitude of this change that winners and losers among payment service stakeholders will emerge, while European banks are far from immune to the shake-up. Make no mistake though, PSD2 will unify Europe’s payments market, while making significant efforts to secure it as well. Residual benefits include greater efficiency, better-informed consumers and a more loyal and confident customer base that is willing to adopt these technologies.
So, while many countries continue to abide by susceptible username and password combinations, this PSD2 “Eurail” train will continue full steam ahead, promising a plethora of effective and balanced controls for the next generation’s payments landscape. As future parties in the EU open this Pandora’s box, they will receive the benefit of mandated, integrated security that is respectful of both the device and application. The upside here is less shrugging and more scaling.
U.S. financial institutions should look at PSD2 as an opportunity to refine their own data protection methods, security protocols and risk governance frameworks (by embracing open APIs, for example). If not, they risk being left behind by alternative services overseas that can leverage their PSD2-compliance and modernized protection standards as both a competitive advantage and a building block for further product offerings.
Our faith in digital payments is keeping us on track for further innovation, while our device, as innovative as it ever was, continues to fascinate us with a cascade of new and convenient features. All we need now is for the U.S. to follow suit on introducing new rules to better protect consumers. These benefits will continue to ensure that we keep our devices close at hand, so good luck putting yours down anytime soon.