, , , , ,

SECURITY & FRAUD Consumers Want Biometrics – How Will Payments Respond?

With the holiday shopping season behind us, most shoppers can probably say with confidence that the worst part of the whole experience was trying to remember passwords for the eCommerce sites they shopped.

It’s not just the holiday season, either.

recent study by Visa showed that, unsurprisingly, consumers are ready to say goodbye and good riddance to passwords, both because of the friction they create when trying to remember them – and the inevitable stutter step that the “forgot password” prompt creates – and because in the aftermath of the Equifax breach, the public has never been more conscious of how far passwords fall short in preventing fraud and keeping their data secure.

“Everyone knows they have to move away from knowledge-based authentication,” said Mark Nelsen, Visa’s SVP of risk products and business intelligence. “It’s not sustainable.”

However, despite consumer and issuer enthusiasm for more secure authentication technology, industry movement around what consumers say they want instead – biometric authentication – has been slower to get off the ground than everyone would like. A lack of understanding of how to integrate and use this new technology within their financial institutions – and then what it will take in terms of cost and manpower to implement it – may be to blame, Nelsen said.

In a recent interview with Karen Webster, Nelsen explained where he’s starting to see momentum building – and how he views Visa’s role in helping issuers accelerate the journey to deploying a technology that all players across the payments ecosystem, especially consumers, are ready to embrace.

Getting Comfortable With Biometrics

Nelsen acknowledged that issuers and merchants have no higher priority than keeping consumer account credentials safe and in securing the transactions in which they are used. But knowing where to start, in the face of so many options for securing customer account data, can be complicated. So too, Nelsen said, is knowing how to align point fraud solutions at an issuer who now sees the value of taking a holistic – and enterprise-grade – approach to delivering a great consumer experience across all touchpoints with the bank: the retail bank, online and mobile channels, and payments.

As attractive as the prospect of having a single, enterprise-scale authentication platform can seem to an issuer, Nelsen said that it also becomes a little bit like boiling the ocean: “It’s a good long-term vision, but hard to get off the ground in practice.”

It was one of the big drivers, Nelsen said, behind the development of Visa ID Intelligence. Nelsen said that ID Intelligence is an ecosystem of authentication solutions to which issuers connect via a single API. Not only does ID Intelligence make a portfolio of vetted solution providers available to issuers, Nelsen said, it streamlines the integration of those solutions within the issuer’s environment. Solution providers assume the burden of integrating with Visa’s ID Intelligence API, enabling issuers to do a single integration. That, Nelsen said, makes the notion of a holistic and enterprise-grade authentication solution across all issuer touchpoints a little less daunting.

And more suitable to getting pilots off the ground, so that issuers can start to experiment with how to use biometrics in a way that adds value for their customers and their institutions.

Greasing The Gears

According to Nelsen, one of the areas in which he’s seen issuers express growing interest in getting biometric authentication pilots off the ground is account origination.

When you look at the stats, it’s not hard to see why.

Over the last four years, Nelsen said there’s been an enormous increase in credit applications – a healthy portion of which are from fraudsters who’ve stolen legitimate credentials and have attempted to use them to open new accounts. Banks now recognize that the best way to combat new account fraud is to put knowledge-based authentication in their rearview mirror, in favor of using tools like identity documents and device data to help determine whether an identity is legitimate, stolen or synthetic.

Value Proposition

Three years ago, said Nelsen, the payments world wasn’t ready for biometric authentication. Now, consumers are used to – and comfortable with – such biometric authentication as Touch ID, and even Selfie Pay – and  are impatiently waiting for the payments ecosystem to provide an authentication solution that makes passwords a relic of payments authentication history.

It’s a nudge that Nelsen said has become a call to action for issuers to do more to protect consumer data.

“Authentication and protecting consumer data is at the level it needs to be across the entire bank,” said Nelsen.

Like most things in payments, change on this scale can’t and won’t happen overnight, but the wheels of progress are starting to turn. Nelson said that’s why Visa felt it was so important to make it easy for issuers and merchants to quickly connect their systems to proven authentication technologies using Visa ID Intelligence. It’s one way, he said, to give them a running head start on keeping customer data secure, while simplifying the process of giving consumers the authentication methods they want.


Source: (Pymnts, 2018)

, , , , , , ,

Payments Testing One, Two, Three

Modern consumers have high expectations for technology. If something doesn’t work perfectly, they’re quick to grow frustrated and abandon it as junk.

“Our generation is a little bit spoiled,” said Bart van Hoek, head of Innovations with UL Transaction Security — and he said that is all the more true with payments tech.

Imagine going out for breakfast only to find that the point-of-sale (POS) terminal isn’t working. Without it, how will you pay for your meal? Maybe you happen to be carrying cash that day, but even if you’re able to hand over a crisp $20 bill to cover the cost, the experience has certainly created friction.

Online, there’s no cash to fall back on. If the payment doesn’t work the first time, said van Hoek, that sale is as good as lost. Nobody wants to see a box that says the website is experiencing technical difficulties; please try again later. The customer likely won’t even remember to try again later, and if he does, he may not return to the same site. Most shoppers just give up on the faulty site and head to a competitor to complete the purchase instead.

Perfection, however, is not easy to achieve in any singular product. In payments, there are hundreds of players involved in making every single transaction work smoothly, from acquirers and banks to regulators setting standards that must be met to, of course, the payments processor.

The point-of-sale terminal at Walgreens or Kroger must work with a credit card from Chase, a mobile payment, a foreign debit card and more. How can the company that produces the terminal ever be sure it can do all that?

Trial and error, said van Hoek. But not with real consumers or real transactions. That is where payments testing comes in. In a recent interview, van Hoek told PYMNTS how this quality assurance process works for payment technology companies, how that’s changed over the years and why this stage of product development is so important.


An Investment in Reputation

User experience is more than a buzzword, van Hoek said. Every tap on a mobile device, every imaginable payment method — all of it is about creating the most seamless and smooth user experience possible, devoid of any bugs or errors.

Testing lets the developer see how the product will perform for every customer in every situation and shows whether the software is logical and intuitive or needs to be smoothed over.

When developers invest in payments testing, they aren’t just ensuring that their product does what it’s supposed to do, said van Hoek. They’re investing in their reputation. Building a good reputation is hard. Destroying it is easy — all it takes is one bad product. Earning back consumers’ trust is more difficult the second time around.

With the speed of innovation today, it may feel like a race to get products to market, but the last thing any developer wants is to go to market only to watch the product fall apart in the real world. Between the expense of fixing it and the business lost due to damaged reputation, “Those are costs you don’t want to bear,” said van Hoek.



To achieve the highest level of product quality, the product must be subjected to a high level of testing, and that requires a lot of repetitive actions and test cases. The number of repetitive actions will only increase as new payment methods and infrastructure are introduced and must also be tested.

That’s why payments testing is often seen as a chore. But, said van Hoek, it doesn’t have to be. Today, there are tools on the market to help manage some of those repetitive tasks, freeing up human testers from pressing buttons all day to make better use of their time.

Van Hoek said that manual testing can be extremely labor-intensive and time-consuming in some cases. But that doesn’t necessarily mean artificial intelligence (AI) has to be a part of the answer, he said. It simply means that any pieces of the process that can be automated should be.

Which pieces? That’s a decision that only the company can make. Van Hoek said that, due to the complexity of some test cases, automation is not always cost-efficient, either. Individual organizations must decide what is the best combination of manual and automated testing to optimize their processes.

At UL Transaction Security, customers can submit their hardware to undergo a barrage of different uses and scenarios in UL’s test labs, and van Hoek said the company is always looking to automate even more of the process as new technologies become available. The key client problem that UL helps to address is reducing time to market by eliminating the complexity that companies are facing with new technologies and regulations flooding the market.


Divide and Conquer

In the old days, said van Hoek, testing used to be done on final products at the end of the development cycle. But today, payments testers, like UL, subject the product to smaller tests along the way. By breaking the project into manageable chunks, UL is able to be more thorough in its testing and can identify problems before the rest of the product gets built around them.

Van Hoek said that can save a lot of time and money throughout the development process, as it enables development teams to address issues as they go along rather than having to tear down and rebuild a final product that doesn’t work right.

The thinking around testing must change, he argued. It’s more about quality assurance, though testing is just one piece of a larger quality assurance process that includes identifying, anticipating, managing and resolving issues across the product, while testing focuses specifically on finding and eliminating bugs.

As development processes have become more agile, van Hoek said that testing processes throughout the lifecycle must also increase their agility.


Growth Ahead

Again, the number of payment methods out there — and the infrastructure that goes with each one — is only going to increase. There are many players trying to disrupt the industry, but people aren’t abandoning cash and credit cards to pay with their smartphones; it’s not “either/or” but “both/and.”

Cryptocurrencies are another growing method in the payments industry, and the price of bitcoin (currently around $11,000) reveals just how popular it is among its fans. Eventually, at least some consumers are going to want to spend that digital currency in real-world brick-and-mortar stores.

Money is money, and merchants want to be ready to accept whatever form of it customers want to hand them. Doing that will require new technology and new components, or new use cases for old components, van Hoek explained — all of which will need to be tested and validated before rolling out to merchants and the public — for their own good and for the good of the brand.

Source: (Pymnts, 2017)

, , ,

Google Predicts AI Will Be An Issue For Regulators

“It’s going to be a big issue,” Geoffrey Hinton said at a Reuters Newsmaker event in Toronto on Monday (Dec. 4).

Hinton should know: He led a group of scientists at the University of Toronto who developed some of the key algorithms that neural networks (programs that mimic the way humans learn to perform complex tasks) use to crunch massive quantities of data and train themselves to identify patterns to mimic the way the human brain would perform tasks, such as driving a car, analyzing potential financial trades or using medical images to diagnose diseases.

Those advances enabled Google to add voice recognition to Android mobile devices, and researchers also used it to cut error rates in optical recognition compared with earlier technology, said the Google executive.

And since neural networks teach themselves to perform complex operations, it is impossible for their developers to tell government regulators exactly how those systems work.

“All you need is lots and lots of data and lots of information about what the right answer is, and you’ll be able to train a big neural net to do what you want,” he said.

Hinton believes that deep learning is close to revolutionizing the way certain diseases are treated, including making more accurate diagnoses. In fact, he expects mobile apps to be created that use neural networks to examine images of skin lesions, advising users when to see a doctor for a possible biopsy.

“We’d like to make medicine better,” Hinton said.


Source: (Pymnts, 2017)

, , , , , , , , ,

Avoid being hit by the Government’s credit card surcharge ban with Cheaper Pay!

As of January 2018, businesses will be stripped of their ability to add any surcharges to their card transactions.

Airlines, fast-food chains and small businesses will be those who suffer most from the ban, but there are ways in which these companies can make up for this potential loss of capital.

Cheaper Pay’s industry-leading payment solutions come in at a staggering 40% cheaper price than the likes of WorldPay, Barclays and Lloyds – offering terrific value for money, as well as bearing the costs that may be lost in profit once these government changes come in to fruition next year.

Having provided UK businesses with the crème de la crème of payment technology for over a decade, Cheaper Pay are well placed to install the ideal payment system that is perfect for your business’s needs.

For a FREE no-obligation quote, get in touch with one of our specialist advisers today on 03301 242 537.

, , , , ,

Tech note, everyone – wearable technology is on the move!

We have often associated wearable technology with the fitness industry. Companies such as FitBit have produced spectacular results in this field, harnessing the ability to track and manage anything from distance run to calories burned over a certain period of time.
However, wearable tech is now leaving the wellbeing scene behind and advancing on to a period of world domination.
Advanced wearable biometrics can be used as a form of authentication for a number of things.
NEC corporation has recently adopted the software to identify people placed on ear readings – something previously unprecedented in the industry.
“The system enables biometric authentication via the otoacoustic emission, a sound made by the inner ear when the cochlea is stimulated, arising from the vibration of hair cells,” reports mobileidworld.
“According to a statement from NEC, its earbud device’s “otoacoustic authentication technology… recognizes the characteristics of a user’s ear”, suggesting that the emission is used to map the shape of the inner ear, which is presumably unique to the individual.”
The advancement of contactless, wearable technology is a clear indication of the continued progress of our industry.
The technical possibilities are endless – and NEC confirms this with future plans to commercialise the technology soon.
NEC plans to offer “services that combine individual authentication, indoor positioning, acoustic AR (augmented reality), vital sensing and other technologies”, according to NEC Business Development Division General Manager Tomonori Kumagai.
The contactless revolution has only just begun – don’t get left behind.

, ,

PCI DSS: Secure Your Security

In 2014, there were 62,264 reported cases of credit card fraud. When customers come to your business to purchase items, they are trusting you with their security information and it is your responsibility to ensure that the appropriate security measures are in place so their financial information is safe.

PCI DSS is the Payment Card Industry Data Security Standard. What this means, is that your customers are protected from any fraud that may happen as a result of their transaction. If you refuse to use PCI DSS, you’ll be fined and may even be forced to remove payments by card at your business – leading to less profit.

There are 12 high level requirements, and they fall into the six categories:

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
3. Protect stored data (use encryption)
4. Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy
12. Maintain a policy that addresses Information Security

By paying for PCI DSS you’re actively helping to ensure that not only your customers are protected, but your business is too. You’ll also avoid fines and addition fees that can tally up without PCI DSS.