In a recent article on PYMNTS.com; 68 PERCENT OF PAYMENTS PROS SAY NEW TECH INCREASES RISK, it states that “68 percent of [payment-systems professionals] say pressure to migrate to new payment systems puts customer data at greater risk instead of making it safer, according to a new survey by Experian and the Ponemon Institute.” This relates to EMV and mobile payments, but it is unclear exact to which technologies they refer.
What it does not say is whether the insecurity is due to the pressure of the migration itself (which is implied), or to the inherent insecurity of the underlying technologies. These are two radically different concepts, from which the reader can draw wildly different conclusions.
As in any business, the pressures of maintaining a competitive advantage lead to some very poor business decisions, and without a robust governance function unsecure systems can easily find their way into production untested. However, if the article is suggesting that it’s the new payment systems themselves that are the issue, we would strongly challenge that argument.
There exists today payment technologies whose security is far in advance of those possible for the legacy non-cash and non-chip based payment infrastructures. Mobile devices alone are capable of multiple multi-factor authentication mechanisms though every day use. Integration of this technology is held up by many factors, but security of the data should not be one of them. EMV is also far more secure than mag stripe (for example), and the combination of chip and PIN is even more secure.
It is difficult to understand how you could introduce EMV unsecurely given its self-contained nature, but mobile payments is something altogether different and is easily addressed by the implementation of proper product and implementation due diligence. This may well be what is of the most concern to those surveyed.
With regards to technology in general, and retail especially, neither the payment method itself nor security are core functions. Being paid for the goods is. It’s not surprising that that; “Only 51 percent of the Experian/Ponemon respondents agreed that “the security of electronic payments is a top priority issue” for their organizations.” In fact, we suspect the only reason it’s that HIGH is because Experian/Ponemon were talking to payment-system professionals and not the CEOs.
EMV roll-out in the US was never going to be completed by this October, and even 2020 is doubtful. The reasons for this are myriad; from the expense (which is significant), to investment only in technologies that are future-proofed, to analysis-paralysis related to loyalty and value-add services, to a trend toward competitive edge based on customer service alone all play a part in a decision that can quite literally make or break an organisation.
A payment, in its simplest terms, is a transfer of value from one place to another. Getting those payments transferred is a multi-trillion €/£/$ industry which has yet to provide the kind of leadership merchants are looking for. In the end the only thing that matters is that the consumer is able to securely authenticate themselves and make the transfers they want, when, where, and however they want, and it’s clear that current technology falls short.
EMV is a security patch while the payments ecosystem transitions to mobile, and delays in implementation of either of these technologies is a direct result of retail’s inability to double their investment in payment acceptance channels, as well as their inability to know which of the technology horses is going to win the race.