Biometrics vs. Passwords: A Fight No-One Can Win

Thanks to Apple Pay, then Samsung Pay, biometrics companies have seen a tremendous surge in consumer interest, to the point where they are now falling over themselves trying to be seen as the authentication standard that replaces the password.

No doubt the alleged Starbucks breach, which was reported to be the result of weak password authentication, will have these same companies in a feeding-frenzy of finger-pointing and I-told-you-sos. This is more than a little inappropriate, as biometrics not only has some of the same weaknesses, it adds layers of complexity and risk far above those to which passwords are exposed: at least you can change a password.

If you take 1800s transportation as an analogy, the answer was not to breed faster and stronger horses. You repurposed what you had (including the horses), coordinated a huge array of other industries and innovations, and worked TOGETHER to build something exponentially better.

Read more

You Don’t Make Your Customers Queue In-Store, So Why Make Them Queue Online?

Shopping cart abandonment is the bane of digital commerce. Every day, digital merchants are seeing money slip through their fingers because customers simply aren’t completing their purchase process.

Of course, this isn’t limited to digital commerce. If everyone who entered a bricks and mortar shop bought something, shopkeepers might consider retiring early and the rest of us would have wardrobes the size of barns. People go into shops to browse, to see what’s new, to kill time or just out of curiosity. Online shopping is in many ways very similar.

The main issue is people who have committed to buying something changing their minds. In our white paper (Digital Payments – Bridging the Gap Between Convenience and Security) we showed that nearly one in five (18%) of those who had abandoned a purchase had done so because they felt the security and authentication processes were excessive. This is an area where the online merchant can make significant improvements.

Read more

Digital Payments – Bridging the Gap Between Security and Convenience.

Last week, we published our first white paper; Digital Payments – Bridging the Gap Between Security and Convenience.

One aim of the white paper is to encourage a debate within the industry about what individual stakeholders in the payments world really want, and to examine if these needs are compatible with all other parties. We believe that the gaps in the payments landscape exist because solutions often focus too much on the needs of one group, or even individual vendor, whilst ignoring the needs of others. In payments, competition seems to be the antithesis of collaboration.

Broadly speaking, there are three main stakeholders in payments; consumers, retailers, and financial institutions (banks, issuers, card schemes etc.). Attempting to support these stakeholders are the payment innovators. The extent to which they not only meet the needs of all of the stakeholders, but how they do so without being too disruptive, is critical.

Read more

How do you like your….security?

Today’s alleged breach at Starbucks is a result of on-going challenges faced by the payments industry; balancing real security with consumer demand for convenience. The technology to avoid such breaches already exists, making breaches such as this increasingly difficult to comprehend, or accept.

The alleged hacking of Starbucks customer accounts is reported to be related to weak passwords; one of the most pervasive entry points for fraudsters over the last 20 years. This unavoidably translates back to the continued use of out-dated user authentication mechanisms on the part of the merchant. Invariably, this lack of security is in an effort to make things as simple and convenient as possible for their customers.

Read more

New Payment Technology: A Race to the Bottom?

In a recent article on PYMNTS.com; 68 PERCENT OF PAYMENTS PROS SAY NEW TECH INCREASES RISK, it states that “68 percent of [payment-systems professionals] say pressure to migrate to new payment systems puts customer data at greater risk instead of making it safer, according to a new survey by Experian and the Ponemon Institute.” This relates to EMV and mobile payments, but it is unclear exact to which technologies they refer.

What it does not say is whether the insecurity is due to the pressure of the migration itself (which is implied), or to the inherent insecurity of the underlying technologies. These are two radically different concepts, from which the reader can draw wildly different conclusions.

As in any business, the pressures of maintaining a competitive advantage lead to some very poor business decisions, and without a robust governance function unsecure systems can easily find their way into production untested. However, if the article is suggesting that it’s the new payment systems themselves that are the issue, we would strongly challenge that argument.

Read more

Digital payments – Bridging the gap between convenience and security

Digital payments – Bridging the gap between convenience and security – London 6th May 2015

Bridging the gap between convenience and security for digital payments has long been a subject of discussion within the payments industry. Findings from an investigation undertaken by MYPINPAD into the gaps in the payment industry have identified a number of issues:
• Security concerns cause 35% of all abandoned carts in online commerce. Putting that in monetary terms, the cost to retailers is estimated to be $1.4 trillion in 2015
• Consumers want something that they can trust. If payment methods don’t appear trustworthy, they won’t be widely adopted
• Retailers want something that is both future-proofed and easy to slot into existing payment systems
• Banks want security and compliance and something that can work with their systems.

Philip King, MYPINPAD’s Executive Chairman explains what the findings mean:
“Our research indicates that both banks and retailers are ready for change and are cognisant of consumers’ demand for more intuitive and secure alternatives to current digital payment authentication solutions. However, they are unable and unwilling to start from scratch to address the issue. New alternatives must fit or integrate seamlessly into existing protocols and infrastructure without compromising security.

Read more