Secure Remote Payment Council Finishes Year One
New Trade Group Leverages Inclusive Membership to Drive Security Innovation in Mobile and E-Commerce Payments
By CardNotPresent.com Staff
In August 2009—just a few months after Visa announced that its total U.S. debit volume had surpassed credit for the first time—a small group of payments professionals began discussing the problems inherent in accepting debit payments for card-not-present purchases made via the Internet and mobile device. Would security concerns derail the apparent match made in heaven between the most popular payment method and the fastest growing retail environment in the United States? The small group, which would become the Secure Remote Payments Council (SRPc), aimed to make sure that didn’t happen.
First, however, the group would have to be inclusive in a way that other associations dealing with e-commerce and m-commerce payments hadn’t, according to payments consultant Paul Turgeon, one of the SRPc’s founding members.
“I would say the primary thing that wasn’t taking place, is there were no broad cross-industry forums to facilitate working together to solve the problems,” Turgeon says. “Also, the entities that had developed the infrastructure for payments had no incentive and, therefore, haven’t done much to evolve the infrastructure to accommodate more security.”
That lack of security has manifested itself in a consumer base that still relies mainly on credit to make online purchases. Debit continues to be dogged by the consumer perception that their transactions aren’t safe. They reason that if a transaction isn’t safe, it’s better not to expose a personal account that could be wiped out by theft. And, in a diverse payments infrastructure, it’s difficult to make a business case for implementing innovative, but perhaps costly, security enhancements.
But, according to SRPc President Paul Tomasofsky, it doesn’t have to be that way. The desires of consumers and merchants are actually aligned.
“Folks have, over the last few years, shown a propensity to want to use debit cards a lot more in the physical world,” Tomasofsky notes. “And, merchants would like to accept more debit because under some circumstances debit might be less expensive for them to process than credit.”
And with the Durbin Amendment that resulted in Federal Reserve’s proposed rule to limit debit interchange to $.12 per transaction pending, accepting debit could become even more attractive to merchants, even online and via mobile. So the Council’s mandate is clear: intensify the dialogue among all the players in the CNP payments ecosystem and solve the problems together that will languish if they continue to work separately.
In the SRPc’s first year of existence, getting everyone around the same table has not been easy, though Turgeon says he suspects Durbin will make that easier. In spite of the difficulty, the Council has spent the time steadily swelling its ranks.
“We’ve grown our membership up from the original three or four members to 20 and have other conversations with a whole lot more,” Tomasofsky says.
In addition to growing a membership it hopes will include representatives from every corner of the payments industry—from merchants, financial institutions, merchant processors and issuer processors to the major payment brands and payment authentication providers, among others—the SRPc has two major working groups: the Knowledge Accumulation Group and what they call the Roadmap Group.
The Knowledge Accumulation Group is an effort to examine trends in the industry and ensure people are talking about them and everyone understands the conversation, Tomasofsky explains.
“We want to make sure we all understand what the main issues are, either from knowledge that’s publicly available or knowledge we can get through original research,” he says. “We want to build the go-to place in the industry when it comes to authoritative information.”
As for the roadmap group—officially the roadmap for enhanced security of remote payment solutions group—Tomasofsky calls that the Council’s “nuts and bolts” group.
“It’s getting all the stakeholders together to identify, inventory and evaluate the range of elements that would be needed to create a better security environment for Internet and mobile payments,” he explains. “These are the things we should be working on as an industry so we can build consumer confidence and merchant acceptance; not just technical issues, but operational and business requirements as well.”
Tomasofsky, who calls the organization’s first year “very successful,” says the Roadmap Group is just finishing its first phase of work on authentication and will release a white paper that outlines its position.
Entering year two, the SRPc’s priorities are to continue to grow—with an emphasis on getting more merchants and issuers involved—and to increase its educational output with more white papers, several webinars and some original research in the works for 2011.
Turgeon hopes the new association has made an impact and thinks the current environment makes it likely that the SRPc is in a position to create the changes that will ease e- and m-commerce going forward.
“It’s always difficult to tell if you’ve made inroads,” he says. “But, in a country where debit is the preferred payment instrument and where mobile and e-commerce are the fastest growing retail environments (and you have consumers who are very wary of using debit in this environment), it seems reasonable that those forces will continue to drive people to look at different ways to affect these payments and to different agencies that can help them make the changes necessary to do that.”
- ACCEL/Exchange Network
- CardinalCommerce Corporation
- Chase Paymentech
- Heartland Payment Systems
- MagTek, Inc.
- Merchant Advisory Group
- Payments & Processing Consultants
- SHAZAM Network
- Wal-Mart Stores, Inc.
- First Data Debit Services
- NYCE Corporation