Payment priorities: Security vs. convenience

Ian Hermon, Product Marketing Manager, Thales e-Security

Last month, the British Retail Consortium (BRC) revealed debit card purchases had overtaken cash for the first time, with more than half of retail transactions now being made on our favourite pieces of plastic. Thanks to more and more retailers investing in modern, innovative payment technologies, and as a consequence of our fast-paced consumer lifestyle, we’ve swiftly seen the payment card overtake cash as our favourite wallet filler.

However, increased card usage leads to increased customer data, and with this comes higher levels of vulnerability to a new realm of security risks.

Recognise the threat

When it comes to making purchases, we all know that as consumers we prioritise convenience over anything else. We want to be able to find the item we want instantly, choose our delivery options even quicker, and finalise our payment in a matter of seconds. This means it’s up to the major payment brands, often as part of their PCI and EMVCo activities, to focus on making the payment process secure, both for online and physical transactions.

Our recent Data Threat Report revealed that two in five retailers around the world have been the victim of a data breach in the last year and with card usage on the rise, gone are the days where this won’t impact a customer. Instead, any attack on the data storage systems of a retailer is a direct threat to the sensitive payment information of customers.

Keen to get their hands on this data, hackers and cybercriminals have become more widespread and sophisticated, meaning the data security policies of all retailers should also follow suit.

Protect your payments

Recognising the importance of encryption such as tokenisation and data masking in digital payments can help build and maintain customer trust, all the while leaving the customer experience on a positive note.

Recently, Visa announced support for the next generation of 3D-Secure technology, which will be paramount in reducing fraud for online and mobile in-app transactions where significant transaction growth is expected. All major card brands are due to adopt this new security standard as part of their collaboration efforts within the EMVCo organisation.

It’s encouraging to see more widespread use of tokenisation by the industry, where acquirers provide retailers with a token for storage for each transaction rather than the Payment Account Number (PAN) itself.

This helps reduce the scope of PCI DSS compliance for merchants (and saves them money) and also means that any such data stolen is worthless to attackers, thus reducing the impact of any data breach. These tokens are not only useless to hackers, but are easily deleted, if and when required, without impacting a user’s credit or debit card.

Collaborate and innovate

No matter how robust a system is, no one security method is unbreakable, but that shouldn’t stop brands communicating the lengths that they have gone to in ensuring valuable customer data is secure.

In a world where cash is losing its preference, retailers are striving to meet consumer demand for faster, easier and more convenient methods of paying in-store. However, convenience doesn’t always correlate with security. Payment service providers and banks are increasingly under pressure to provide underlying security measures, whilst at the same time ensuring consumers face as few barriers to the purchasing experience as possible

Combining a seamless user experience with a secure backdrop will encourage users to embrace technology and for businesses to improve the payments process. While we know this won’t happen overnight, the latest figures from the British Retail Consortium show a positive shift towards investment in payment technology, something that will no doubt continue to grow in popularity.


Related reading