We Can Do Space Travel, But Can't Solve the Payments Security Problem?

Register now

Despite increased investment and development in the consumer payments space around mag stripe, EMV and contactless payments solutions, there is still a huge concern when it comes to data theft.

In fact, in 2014, the personal information of 47% of Americans was compromised. This inconvenient truth proves that there’s still no fool-proof payment method on the market and thus consumers struggle with the fear of being “unsafe” when they are conducting something as simple as making a purchase.

In the U.S. specifically, the recent migration to EMV means that the industry is moving towards a stronger protocol, which is definitely a move in the right direction, albeit somewhat late when compared to other territories that switched from magnetic stripe to EMV years ago.

Furthermore, in the wake of numerous large-scale data breaches and the increasing rate of counterfeit card fraud, U.S. card issuers have only begun to move to this new technology given the increased need to protect consumers and reduce the cost of fraud.

So while there are some solutions starting to be implemented, there still remains a need for a “complete” solution on the market due to the gaps that certain resolutions just don’t fill. Take EMV as the perfect example. EMV creates a unique signature for each transaction; whereas, with a typical magnetic stripe card, the process involves static data and it’s therefore easier to counterfeit. By incorporating an additional step into the process, the goal of EMV is to prevent hackers from skimming credit card data and then using it for fraudulent purchases.

While making a step in the right direction, the manipulation of devices into which the new EMV based cards are inserted has already been the target of attacks in territories that have long switched to EMV – making it questionable as to whether EMV continues to provide sufficient control in its basic form.  This raises a valid concern as to whether an enhanced version of EMV is already required that utilizes dynamic payment codes as opposed to merely static PINs.   

Moreover, the adoption of EMV is proving to be a very slow process. More than 60% of American cardholders still do not have chip-enabled cards in their wallets, according to Strawhecker Group. Smaller businesses and “mom and pop” shops that aren’t able to afford the upgraded technology will continue to use mag stripe readers for years to come in the U.S., further slowing down the adoption of EMV and allowing the historical and known threats to the magnetic stripe on all cards to remain.

Additionally, the further adoption of newer (and more complex) technology must be driven by the consumers that opt to use it and not dictated by the card issuers’ assumptions as to what consumers are and are not prepared to do.

So, if we can explore new planets, build hoverboards and expand scientific exploration better than ever before, isn’t it about time we made payments secure?

As it will probably take two to three years to fully convert to EMV, the U.S. market is in desperate need of a solution that bridges the gap between mag stripe and EMV in a way that’s secure and easier for consumers. With cards continuing to be the preferred method of payment for consumer, there are few solutions that could even be considered a possibility for a takeover. For example, Martin Ferenczi, president of Oberthur Technologies believes that “contactless transactions are more consumer-friendly because you just have to tap.”  While that may be true, convenience usually comes at the expense of security just as security comes at the expense of convenience.

From the retail environment to banking and directly to the hands of the consumer, a secure payment solution is more important than ever before. And while finding the magic mix between convenience and security shouldn’t be rocket science, the age of innovation is here and now, so this is the best time to start.

Simon Hewitt is CEO of ScramCard.

For reprint and licensing requests for this article, click here.
Retailers Data security Analytics