Why credit card fraud should be a wake-up call for retailers: Interview with Lisa Shipley, Executive Vice President, Transaction Network Services

Transaction Network Services’ latest report highlights the security concerns that the payments industry is facing with the shift to card payments over cash.

PaymentEye spoke exclusively with Lisa Shipley, Executive Vice President and Managing Director of TNS’ Payment Network Solutions business, to discuss the latest findings and her role overseeing TNS’ global team across the Americas, Europe and Asia Pacific regions.

Can you give me an overview of your role at TNS?

I am the EVP & Managing Director of our payments division for TNS. TNS physically connects  over 1,500 payment players/platforms across the globe to each other.

TNS acts as a layer between a merchant or acquirer in that we can supply not only the connection but also vital security measures that can reduce the scope of PCI DSS compliance for merchants and acquirers.

How do you think the industry should react to fraud, despite the lower statistics?

As long as there is value in the data then criminals will always be active. I believe a challenge for the industry in general is to keep ahead of the criminals and I believe that as credit cards evolve, consumers need to think about the different methodologies that are going to be available to cardholders.

Take Amazon’s Alexa. You can use your voice to make orders and buy merchandise, so this introduces a new way to capture that information and consequently creates a new wave of credit card fraud.

As payment and security experts, we’re focused on staying one step ahead of the technology that’s rapidly evolving and the criminals targeting these new methodologies.

In 2015, the US showed the highest percentage of fraud. The figure has significantly decreased, however the US is still the country with the highest cases of fraud. Why do you think that is?

If you see statistics falling that’s always a good thing, as companies such as TNS are taking ownership of protecting data, and I think that consumers and merchants particularly are realizing that this is not their area of expertise. They understand the need to outsource these services to companies that can keep them secure.

In terms of the UK retail sector, there’s interesting statistics in the report that show respondents hold UK retailers responsible for their data. What’s your opinion, and how do you think the retailer should respond?

I hope it’s a wake-up call for UK retailers. I think that from a US perspective and a company that manages security on a global basis, there’s an unspoken perception that in Europe credit card transactions in general are more secure because EMV is more prevalent.

When you think about EMV, it’s great but it doesn’t deter the ability to copy cards. It certainly isn’t protecting the cardholder data either. Retailers need to go a step further outside of EMV and introduce encryption and tokenization systems.

What kind of advice would you give to UK retailers to bolster the protection of data?

Security, particularly at the POS, is complicated because for retailers it’s hard to pick one security system. If you’re familiar with VeriFone terminals you may go with a VeriFone solution, if you have Ingenico you may go with Ingenico, but these have inherent complexities that the retailers have to do as it’s not just the hardware and software. It’s investing in security systems to be able to support encryption and tokenization. The ability to support multiple different types of terminals is complex and very difficult.

I think where TNS comes in is that we’re very vendor neutral, we don’t care what kind of terminal you have, which token or encryption service that you’re interested in, as you can point all those transactions to one global service and be able to manage these transactions through one central managed service.

Why do you think 18-24-year olds were the least affected when it comes to fraud on foreign card use?

I believe that the younger generation are somewhat more technically advanced than many of us.  I think they understand payments differently. Think about what’s important to 18-24-year olds, it’s that the transaction is faster, there’s some instant form of gratification, and frankly in some cases they would forego security concerns to receive the convenience of a transaction in a different form. The attitude is just completely different.

Are you surprised to see that less than 50% of US adults believe that in-store payments are more secure than online?

Absolutely. I think with age comes wisdom. Most of us have been personally impacted by fraud. If you are a US citizen the odds of you shopping at Target is pretty great. Many of us have felt the direct hit of being a victim of credit card fraud, and that’s ingrained in you forever. You know that those risks are real. For the younger generation that haven’t felt any kind of breach, they haven’t directly been affected in their pocketbook or had their identity stolen. They don’t see the threat through the same eyes as those of us that have experienced this or read about it or seen the big retailers that are out there that have been breached, so we react to that differently.

Finally, how would you say encryption is a solution to protecting data, and how is that currently being used in the market?

I’m happy to say that I see more retailers getting on board. I think that EMV gives us false hope that we’ve addressed security in its entirety and that’s just not the case. Until you layer encryption and tokenization you really haven’t addressed the biggest risk that’s out there and that is getting at cardholder data in flight or at rest.

From a TNS perspective, we have more and more major retailers turning to us, particularly those that cross-border in payments and those dealing with multiple POS devices, systems, solutions and encryption services. It’s complex, but I’m happy to see that that the industry is combatting fraud with more major retailers coming to the forefront and deploying more secure fraud strategies.

Download your complimentary copy of the Transaction Network Services consumer security perceptions payment report here.

Related reading