Last updated: 06 May 2016
If you’ve been following our blog, you’ll know the financial services industry is witnessing rapid innovation, especially in the field of contactless payments. While this is good news for banks, who can seize on new commercial opportunities, and customers, who can enjoy speedy transactions with the tap of a card or smartphone, technological developments have unfortunately presented new opportunities for cyber-attackers.
Faced with these threats, it might be tempting for banks and fintechs to build complex and time-consuming authentication methods. Sadly, it can be all too easy to forget the importance of convenience and simplicity. Key stakeholders need to realize that if the solution doesn’t work for their customers, then it’s not going to work for them.
The challenge for the industry, then, is to build trust without jeopardizing the seamless experience of completing a transaction. One way of tackling the problem is by shifting from static to dynamic information. You’ve probably heard about the importance of changing your password regularly, making it more difficult for someone to hack into your account. Exactly the same principle applies to payment security.
Take CNP fraud as an example. It’s responsible for 70% of card fraud on EMV markets and is predicted to cause $6.4 billion of losses on the US market by 2018 if action isn’t taken. Why are CNP fraudsters successful? You guessed it – static information. By acquiring card details through devious techniques like skimming and phishing, cyber-attackers can make purchases on an unknowing cardholder’s behalf. Wouldn’t it be great if there was some way to ensure that this static information changed every so often?
That’s where Dynamic Code Verification (DCV) comes in. Every twenty minutes, the three-digit security code on the back of a card changes, making CNP fraud far more difficult. Best of all, the customer payment experience is barely affected. When making a purchase, all the user has to do is check the back of the card and type this ephemeral number in.
Of course, DCV isn’t the only way to prevent cybercrime, but the principles underlying it should be applied universally. Any successful security solution should aim to properly evaluate the security threats and implement security mechanisms appropriate for the risk. Where possible, data should be encrypted and stored on multiple servers. In addition, as we discussed in our post on the Money 2020 conference, banks actively consult with digital security experts in building robust and convenient security solutions. “Collaboration, collaboration, collaboration” should be the message underpinning the digital financial ecosystem.
Developing strong but user-friendly solutions is something we’re passionate about. That’s why Gemalto’s Senior VP UKI and Global Accounts Banking, Howard Berg, recently discussed the importance of marrying security and convenience in an interview screened on The Business Debate. You can watch it below.
What do you think about keeping the customer satisfied when developing security solutions? Let us know by tweeting to us @Gemalto, or by posting a comment below.