Check out all the on-demand sessions from the Intelligent Security Summit here.
This article was written by David Poole, Global Head of Mobile Solutions, MYPINPAD.
There’s an old saying that goes “there’s only two things you can be sure of in life: death and taxes.” I think there’s a third thing you can be sure of — change. Globally, there have been massive shifts over the past decade, all driven by technology and the resulting evolution in human needs and demands. People are more tech savvy, more aware of what’s possible and driven to experience the world in more meaningful ways. And pretty much every industry on earth has changed as a result of this shift in consumer behavior. Now, we’re experiencing the largest catalyst for change certainly in my generation — COVID-19. Here we find ourselves a year and a bit on and still in the midst of significant change.
A brief history of payments
Only seventy years ago we paid with cash for just about everything. Then we started using checks and by the late-1970s, credit cards were in full swing. While the way we pay has evolved over the years, the payment experience has remained largely the same. That is, we line up in front of a counter, wait for our turn, and pay via a form of hardware (like a payment terminal) that is fixed to the counter. However, in the last couple of years payments has been identified as a critical piece of the customer experience, particularly given the bottleneck it causes at the point of sale. Where technology has enabled B2C companies to completely rethink the customer experience in many aspects, payments has been something of a thorn in the side of end-to-end experience innovation. There’s a good reason for this; payments have to be secure, the bespoke hardware used to process payments is as secure as it gets, and this isn’t easy to replicate with software.
The payments industry knew it needed to move with the times. And mobile technology was the obvious place to turn to given its versatility, universal nature, affordability, and ability to revolutionize the customer experience. But we all know that mobile devices are nothing close to the security of a payment terminal, so this was the largest problem to solve for when software-based payment technologies started to be developed.
Security must be the hero of payments technology development
Being part of software-based payment technology innovation, I can attest to the world of possibilities to innovate within the customer experience that it can open up. But I’m also a stickler for security because you cannot have a successful software product for payments without it. You’ll also know that while the Payments Card Industry (PCI) Security Standards Council (SSC), the regulatory body for payments is working to produce the next set of security standards for software-based payments, these are still about six months away, which means there are solutions coming to market that potentially will not pass muster when the hammer falls. And that’s a big concern for a couple of reasons:
- Businesses will invest in these solutions and may have to invest in another solution shortly after if the first chosen solution does not achieve a PCI certification.
- There will be solutions in market that are vulnerable to attack. We are already living in a world with inflated levels of fraud due to COVID and the number of inexperienced consumers shopping online. As an industry we need to be actively looking to produce solutions that are as secure (if not more secure) than existing payments hardware solutions. This is not easy and takes a long time to get right.
So, where does this leave us? Actually, still in a really exciting space because there are companies out there like MYPINPAD that are developing software-based payment solutions built on a foundation of security. The advice I would give to businesses looking at software-based payments solutions is to do your due diligence thoroughly. Achieving PCI certification is a lengthy and costly process that involves every aspect of the vendor’s business. Any solutions that have come to market quickly may be fine to pilot or complete a PoC but very likely will not be robust enough to meet the stringent security requirements — and very soon, every solution deployed to market will need to be certified.
Changing the face of payments for good
For businesses in the UK and European Economic Area (EEA), Strong Customer Authentication (SCA) is an important consideration. As a requirement under the second Payment Services Directive (PSD2) it has impacted user experience and changed L3 certification processes for face-to-face transactions in the same way as it has impacted user flows for card not present transactions. It requires banks to perform additional checks when consumers make payments to confirm their identity and needs to be a combination of two forms of identification at checkout. These include:
- Knowledge: something they know, for example a PIN or password
- Possession: something they have, for example a mobile phone or other device evidenced by a one-time password
- Inherence: something they are, for example a fingerprint
Note that SCA is already in place for face-to-face transactions. Now, getting back to the topic of this post — “changing payments for good,” here’s the exciting part; software-based payments will absolutely reshape the brick-and-mortar customer experience, but the most significant shift will be for online payments. Not only is online where fraud is exploding and consumers and merchants are the most vulnerable, it’s also where the payment process differs greatly from the physical world experience.
Imagine this: a consumer shopping online selects an item and goes to their shopping cart. The consumer is offered two choices to pay: the traditional method of typing in the card details, or simply tapping their own payment card against their own mobile device and securely entering their PIN on the device screen. If the consumer chooses to tap and enter their PIN, this is a card present transaction, which means there is significantly less opportunity for fraud and the merchant could therefore pay lower interchange fees reflecting the improved security. Plus, it’s the same experience the consumer is familiar with when they pay instore. Everyone is more protected, the industry can process such a transaction easily too, so everyone wins. This level of security and customer experience has never been possible online before, but with software-based payments technology, it is just around the corner.
So here we are. Second quarter of 2021 down and while the world is still undergoing massive change and learnings, we’re on a forward trajectory with payments innovation that will have a significant and lasting impact. My final word on the topic is this – all innovation and technological developments should improve our lives. For payments, it’s not the just technology that we need to focus on, it’s making it secure. Because security is the linchpin of this industry and it is the one thing that will make or break any solutions that come to market. So, develop securely. Choose solutions wisely and we will all enjoy a better world.
David Poole is the Global Head of Mobile Solutions for MYPINPAD. David has over 30 years’ experience at the forefront of new technology and payment processes in the UK and USA.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.