What are the problems inherent in the smart payment industry? Certain notable cyber breaches over the past year have highlighted the problem of fraud, but in actual fact the risks are very low.
Increased opportunities, increased risk
Increasing ways of making payments may be useful for consumers, but it carries inherent risks, among them the increased risk of fraud, an arena the payments industry is intent on tackling. According to Fraud The Facts, a report put out by Financial Fraud Action UK, “Fraud losses on UK cards totalled £450.4 million in 2013, a 16 per cent increase from £388.3 million in 2012. This is the second year of increase; however levels are still down 26 per cent since fraud was at its peak in 2008. At the same time, total spending on all debit and credit cards reached £520 billion in 2013, a rise of 6.7 per cent on 2012, with 10.7 billion transactions made in the year. Overall, card fraud losses as a proportion of the amount we spend on our cards has increased only slightly during 2013 – from 7.1p in 2012 to 7.4p for every £100 spent (in 2008 it was 12.4p for every £100). The number of transactions rose by over half a billion between 2012 and 2013.”
Lorenzo Gaston is the technical director of the Smart Payment Association. “Hackers have identified certain data bases that they have been able to attack and disclose confidential information that could be potentially used for fraud purposes,” he says. But the smart card industry is proposing a solution: having an independent execution environment which guards confidentiality of payment credentials by use of two components in mobile devices: Secure Elements and Trusted Execution Environments.”
The industry is looking to create an isolated environment with strict access control. “Mobile is an open platform but mobile devices were not designed to store and execute sensitive transactions,” says Gaston. “But this must be tackled if users are to benefit from the security of smart card technology when using a mobile device to pay.”
However, he points out that consumers should not be alarmed as the problem is already comprehensively dealt with. “Fraud is actually almost at zero,” he says. “The fundamental challenge is how to use its advantages and the next step is how to expect a good experience in security in the internet and mobile wall.” The European Central Bank is now publishing recommendations aimed at establishing maximum levels of security regarding payment devices and the channels used.