How secure is retail payment?
Cyber Security Money is a highly sensitive issue for most consumers, and therefore any announcement about payment fraud is to be considered seriously.
In this short paper the Smart Payment Association (SPA) intends to separate the myths from the reality going a little bit beyond the obvious yet true statement that “zero-risk” does not exist in the real world… but risks are to be kept as close to zero as technically feasible.
The truth is that all the statistics published by official institutions (European Central Bank, UK Card Association, Cartes Bancaires), prove without exception, that when card & chip technology is rolled-out fraud falls to virtually zero-level for card payments in shops and unattended environments (parkings, vending machines etc.). This result is not an hazard, but the consequence of a long-term collaborative effort between payment stakeholders.
Factors explaining this success include:
- The research community efforts regularly alerting of the potential threats for new payment technologies
- The continuous improvement of the standardized payment protocols to prevent fraud
- The regular enhancement of the security certification practices for payment instruments
- The effort of regulators to establish security requirements
- Investment by the payment vendor industry to offer to the market cutting-edge highly-secure payment products
The challenge is therefore how to export the successful experience of the plastic card against fraud to other payment channels (internet, mobile networks, wearables) with a dramatic growth in terms of volume of transactions due to the massive adoption of e-commerce.
While still featuring the core qualities of universal acceptance, good user experience and perceived level of security by the user. Therefore, the Smart Payment Association privileges the adoption of hardware-based payment instruments to secure payments through the internet or for contactless mobile payments. This will enable to achieve a level of security for a transaction that is both very high and similar independent from the intrinsic vulnerabilities of open communication networks.
Money is a highly sensitive issue for most consumers, and therefore any announcement about payment fraud is to be considered seriously. This is why the card payments industry invests massively in analyzing and preventing potential new fraud trends, promoting the adoption of best practices in terms of risk management, standardizing security technology adapted to different personal consumer devices and collaborating with payment service providers and financial regulators to ensure increased reactivity to evolving patterns of fraud.