By Paul Fabara
As we begin a new decade, it seems fitting to reflect on changes our world has seen over the past 10 years. From how we consume media and the ubiquity of the smartphone, to the proliferating volume of data, offering opportunities for more personalized and seamless consumer experiences.
In Canada, the modernization of payments has already begun with the launch of Lynx, enhancements to retail batch payments and the development of a delivery plan for Real-Time Rail. But every change brings risks. And for payments they are the scale and frequency of cyber threats and breaches.
We have seen significant advances in risk scoring for fraud prevention, encryption and industry specifications for securing new ways to pay to help protect the billions of transactions made by consumers. As we look to the next decade, the continued expansion of digital payments around the world will continue to present challenges and opportunities.
Here are five predictions to keep in mind as we enter the next decade.
1. Data breaches will force adoption of smarter and more dynamic security.
Headline-grabbing data breaches seem to be never ending. The best defence is to assume your organization is a target and take proactive steps to defend against falling victim or enabling the use of stolen data in your systems.
I believe we will see significant growth in adoption of payment tokens and the updated EMV® 3-D Secure specification globally. Payment tokens help make transactions safer by eliminating the transfer of actual payment data for eCommerce and mobile payments and can deliver a seamless yet secure digital payment experience. The updated 3-D Secure specification enables real-time exchange of 10 times more contextual data between merchants and financial institutions (FIs) to improve decision-making so both parties can better manage fraud in digital channels while optimizing sales.
2. More merchants and FIs will use digital identities.
Traditional approaches to online payment like manually entering static passwords and payment credentials for every purchase offer incremental security for digital channels. Fortunately, digital identities make payments faster, easier and more secure when using computers, mobile devices, apps, wearables and future Internet of Things (IoT) devices.
As fraud threats persist, digital identities can end the use of passwords, so consumers can shift to more secure methods of authentication such as face, fingerprint or voice recognition. European consumers will begin to experience Strong Customer Authentication (SCA), the European Union requirements for multiple layers of consumer verification for digital transactions. As many thousands of FIs and merchants meet these requirements in Europe, global companies may look to extend the most innovative authentication solutions to other markets.
Consumers globally are demanding greater speed so merchants and FIs will have to respond with faster and safer ways to pay. This is one reason why Visa is exploring payment innovations ranging from biometric payment authentication and wearables to new mobile applications like digitally issued cards at the Tokyo 2020 Olympics and Paralympics Games.
3. Real-Time Payments (RTP) will require a new approach to fraud prevention.
Consumer expectations of speed and convenience have extended to business to business (B2B) payments and disrupted wire transfers and check payments with instant payments. However, speed and convenience cannot come at the expense of security. As payment volumes grow among RTP networks and peer-to-peer (P2P) applications, the seen (account takeover and phishing) and unforeseen vulnerabilities in the systems will have to be addressed as quickly, if not quicker than, the payments themselves. RTP providers and FIs will need to think differently and will likely collaborate with trusted partners in payment security to address the challenge.
4. AI will be used in the battle between good and evil.
Akin to the democratization of computing power through personal computers, the growing use of artificial intelligence (AI) will continue to fuel new products and services in payments and have a significant impact on society.
But AI will also introduce tremendous challenges due to its potential use by threat actors. History shows that good intentions can be manipulated by nefarious individuals and groups. For example, the Internet splintered to become the surface web, dark web and deep web and social media is being used beyond its original intent to simply connect friends and family. The challenge of AI next year and beyond will require a collective effort across industries to limit the darker side of the technology to ensure it is used to deliver opportunities and improvements to society.
5. Users will continue to be the weakest links.
Humans are often the weakest link and technology has been trying to solve for it for a long time — from spell check in word processors and email applications- — to automatic braking in some of today’s cars. Advancements in payment security will continue to help drive down fraud as EMV® chip did for counterfeit fraud, but technology can only do so much as it still needs to be implemented by people and people make mistakes.
More importantly, social engineering continues to evolve as it preys on the unsuspecting or those with their guard down. All it takes is one person to fall prey to put an entire organization or network at risk. Social engineering will continue because it works. We need to empower users with education and tools since they are often the first line of defence.
People, businesses, and institutions thrive when barriers to progress are low, and trust is high. Preserving that trust requires driving innovation and choice and redoubling our commitment to security. There has never been a better time to help lead and drive change in payment security which can be a catalyst for growth. By drawing on the lessons from past years, we can both address future challenges and capitalize on the opportunities stemming from our increasingly digitized society.
Paul Fabara is chief risk officer, Visa.