A quick Google search on the global payments landscape will serve up a myriad of articles ranging from how Covid has accelerated the adoption of contactless and the rise of digital technologies, but also how financial crime is on the rise.
Visa’s recent ‘Back to business study’ notes that the number one area of tech investment in 2021 will be in payment security and fraud management software, with 47 percent of small businesses believing this is a critical area of investment to meet consumer needs. Indeed, as fraudsters ramp up their activities and the cost of acquiring stolen IDs on the dark web decreases due to the sheer volume that are now available for purchase, we will see an even greater surge in fraud. Particularly as sectors such as travel reopen and start processing large volumes of transactions.
Innovation and security – a balancing act
There’s no question that the world is experiencing a digital revolution. The power has shifted to the consumer, who (for some time now) is dictating how they want their experiences with brands to be. Customer experience is table stakes, and these stakes have never been higher. According to the 2020 Salesforce State of the connected consumer report, 84 percent of consumers say the experience a company provides is as important as its goods and services, and 54 percent say companies need to transform how they engage with them.
If we look at how this applies to the payment aspect of the customer experience, this is an area that has not changed a lot, until recently. For example, in a physical retail store there are technologies that can improve almost every aspect of the shopping experience, yet customers often still need to line up at the front of the store to pay using hardware that is literally fixed to a counter.
There’s a good reason why payments hardware has stood the test of time. It’s secure. It meets the robust standards required for secure payment transaction processing. But it’s also cumbersome. It creates a bottleneck that counters the rest of the experience the retailer has worked so hard to improve. And this is why there has been a raft of companies like MYPINPAD emerge over the past decade offering solutions to shift payments onto mobile devices like smartphones and tablets.
The concept of turning mobile devices into payment terminals is brilliant. And it solves a lot of problems for consumer-facing businesses. It opens up all sorts of innovation and improvement opportunities for the end-to-end customer experience and eliminates the (often high) cost to purchase and maintain payments hardware. But generally speaking, mobile phones are not secure. They have secure elements within them, but the fragmented nature of phone manufactures makes securing them to perform things like payments, difficult. I’ll delve more into this topic in the next instalment in this series.
The role of PCI (and why it matters)
This is an important point because there are solutions in market under scheme waiver that may not have been built with a robust enough foundation of security. In a world with levels of fraud we’ve never seen before, any payments solutions should be able to withstand the rigor of PCI standards, irrespective of whether they have to have them right now, or not. And any business looking for a software-based payment solution to help create innovative and seamless end-to-end customer experiences should have the security of the solutions they are considering at the top of their list.
The Payment Card Industry Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide. It plays a critical role in ensuring the solutions deployed to market aren’t developed by anyone with a laptop and coding skills, and that they meet the robust and stringent standards required to deliver payments securely.
Achieving PCI certification is much more than just having your solution adhering to its standards. It involves every aspect of the company, from policies and procedures to having the right skillsets, down to how you employ, manage and (if necessary), dismiss people. PCI is something that is instilled through the fabric of the entire company – which means you need to have a certain degree of business maturity and capital and is why it is so difficult to achieve.
For many years, you could not deploy any payment solution without it being PCI certified. This was when payment solutions were hardware based and had remained relatively unchanged for some time. It gets interesting when the playing field shifts into another dimension, such as the case with software-based payment solutions, and there is no existing PCI standard.
And as is often the case with technology innovation, it leaps ahead of standards and regulations and we find ourselves in unchartered waters. But also, the market’s response to such innovations means there is pressure to have these new solutions deployed and adding value. So, with software-based payments, scheme waivers being issued has meant there are solutions in market that probably don’t pass muster when it comes to PCI standards. How do I know this? Because MYPINPAD is the only company in the world to have its SPoC and CPoC solutions certified by PCI, and I know what a lengthy and involved undertaking it is.
Combining the familiar and the new
And this brings me to the technology. Innovating in the payment solutions space is not easy – there are many aspects that impact successful adoption. Consumer education and trust is a biggie. Consumers of today want and embrace new technology if it makes their lives better, but when it comes to things like making a payment, they need to feel secure.
Some parts of the world have been using debit cards and PIN since the mid-1980s. PIN is a universally trusted and familiar part of the payment process. Being “something you know”, PIN cannot be stolen or hacked, which makes it the ideal way to verify a payment transaction. The introduction of PIN in card present environments significantly lowered losses due to fraudulent use of credit and debit cards and it brings lots of other benefits.
Software-based payments technology has developed to utilize PIN as the gold standard in authentication. In doing so, the best of both worlds can be achieved – payments solutions that can be shifted to mobile devices and offer up unparalleled opportunities to improve the customer experience, which are anchored by a process that is universally familiar and trusted. But, not all software-based payments solutions are equal and my advice to any organization looking at deploying this type of technology is to really understand exactly what it is (and isn’t) before you sign on the dotted line.
Justin Pike, Founder, MYPINPAD