August 19, 2016
Smartphone + Cloud Storage = Payment Security
By Greg Gresh, CEO of ZNAP North America
With millions of consumers exposed to the threat of identity theft by recent data breaches at Target and Neiman Marcus, the debate about how to solve payment security problems in the U.S. continues. The outcry from concerned citizens has even prompted the government to consider regulatory action : lawmakers at a Senate Judiciary Committee hearing on the breaches recommended establishing a federal standard requiring business to notify customers more promptly in the event of a breach. As far as preventing these incidents in the first place, Target said it will upgrade the point-of-sale terminals at all of its U.S. stores by the end of 2014. The updated terminals will be compatible with EMV card technology, a more secure payment card system that is widespread in Europe. But making the switch is expensive for retailers—Target estimates its price tag around $50 million—and, more importantly, may not solve the problem.
In many cases, hackers gain access to consumer data via point-of-sale (POS) systems, which manage the terminals where information is transmitted from customer to retailer via credit or debit card. These systems are often where hackers and thieves strike. For example, PayPal president David Marcus (who uses an EMV chip card) recently speculated that he was a victim of “skimming” during a visit to the UK after which thieves used his credit card information to make fraudulent charges. Skimmers typically steal information at the point of sale using a card reader or keypad overlay that transmits data to hackers, and as David Marcus illustrates, are not thwarted by EMV security.
A Better Solution
A better solution gaining traction in the U.S. and abroad involves combining two existing technologies: the smartphone and the cloud. The smartphone replaces the payment card as the physical object a shopper must possess to make a purchase. Instead of surrendering her card details and PIN to the retailer’s payment terminal, the shopper only keys the PIN into an app on her own mobile device, which triggers a secure transaction in the cloud. At no point in the process is the customer’s information transmitted to the retailer—it stays in the cloud, which supports better security and is much more difficult for hackers to penetrate than a POS payment terminal system. Triggering the payment can be as simple as scanning a QR code or tapping an NFC tag with a smartphone.
The mobile payments space is yet uncharted for many retailers, but adoption of this technology is growing. Twenty-five percent of merchants plan to accept mobile payments in 2014, according to a new report from LexisNexis, compared to less than ten percent who accepted mobile payments in 2013.
Adopting mobile transactions would significantly enhance payment security without compromising the simplicity to which consumers have grown accustomed through years of credit card use. Since a mobile-based system requires no investment in new POS hardware, the financial hurdle for merchants and banks is reduced substantially—and moreover, the money saved by retailers thanks to the decrease in fraud more than offsets transaction costs such as interchange fees. On the retail side, adopting mobile transaction technology could also open the door for a host of other value-added mobile commerce capabilities including business intelligence, loyalty program integration, real-time couponing, geo-location, one-to-one marketing offers, and the ability to drive sales through any channel via consumer-friendly QR codes.
Cybercrime and data theft will inevitably continue as technology becomes more ingrained in commerce. It is imperative for retailers and merchants to stay abreast of developments in security by maintaining an open dialogue with providers, attending conferences and speaking to specialists in the field. Most importantly, businesses must embrace innovation to protect their customers – and themselves – from sophisticated threats to their valuable data.
Greg Gresh, is the CEO of ZNAP North America. The ZNAP platform is provided by Hong Kong-based MPayMe. ZNAP is a multi-factor, secure and comprehensive payment solution, bundled with software and applications to manage payments across various physical, online, and billing channels. Gresh has more than a decade of C-level experience leading startups in the prepaid, mobile commerce and emerging payments industries.