Visa's chief risk officer anticipates some healthy changes ahead.

Ellen Richey, Vice Chairman and Chief Risk Officer, Visa

February 7, 2019

4 Min Read

Change that leads to improvement is usually good, in my opinion, and in my role at Visa, I anticipate some healthy changes ahead for the payment industry. Of course, no one can perfectly predict what is to come, but here is my take on four notable payment security trends for 2019.

Trend 1: Continued growth in E-Commerce and M-Commerce will drive the need for secure digital payments.
The volume of digital payments will likely continue to increase, driven, in part, by the growing comfort and habit among consumers with making purchases on their smartphones, tablets, computers, and IoT devices. Industry analysts predict that there could be more than 20 billion IoT devices by 2020. While chip technology has significantly reduced fraud in stores, we need a similar security defense for the digital channel. Tokens can be that solution.

Tokens replace the transmission of actual payment card numbers, so if a point-of-sale (POS) system, mobile device, mobile application, or network connection is compromised, payment card numbers are safe since they are not exposed. Tokens also include a dynamic value that changes with each transaction, similar to chip technology for in-person transactions.

With tokenization, merchants no longer have to store sensitive data, like primary account numbers, greatly reducing risk for people who store their card information on mobile devices, in mobile apps, or online with e-commerce merchants. Instead, merchants will be able to mask their customers' primary account number with a token, which is protected by restrictions that render it useless to fraudsters if it were ever to be compromised.

Trend 2: Password insecurity and consumer frustration will lead to increased adoption of biometrics.
Cardholder verification methods have evolved, including the optional removal of signatures in 2018. Many people would probably also agree that remembering passwords and PINs as a way to verify identity can be difficult and insecure. The use of biometrics for authentication for in-person and online shopping causes less friction for consumers and offers stronger identity verification for issuers and merchants.

A survey commissioned by Visa showed that 86% of consumers are interested in using biometrics to verify identity or to make payment, and more than 65% are already familiar with biometrics.

Last year, issuers piloted on-card biometrics programs in which a fingerprint scanner was built directly into a payment card because consumers still prefer the plastic card form factor to other available options. I expect more pilot programs to emerge in the year ahead.

Trend 3: Sharing of cyber threat intelligence will Continue to chip away at attempted fraud.
Cybercriminals are increasingly organized and well-funded, backed by criminal organizations with deep pockets. The black market for cybercrime has also evolved to enable individuals of all skillsets to participate as long as they have the desire. This democratization means more attempts at exploiting known vulnerabilities will take place, so organizations have to be vigilant.

Although collaboration already exists among partners in the payment industry and law enforcement, I believe you will see more collaboration in the coming year because it yields results. Most notably, three senior members of the Fin7 cybercrime group – one of the largest known cybercrime organizations, responsible for stealing roughly $1 billion over the years from some well-recognized retail and hospitality companies – were arrested last year because of a public-private partnership between payment networks (including Visa), financial institutions, merchants, and law enforcement.

Trend 4: Advanced technology in risk-based decision-making will help reduce CNP payment fraud.
According to the latest figures from eMarketer, e-commerce was on track to represent only 11.9% of total global retail sales in 2018, with brick and mortar still the dominant retail channel. This means there is still much room for growth for e-commerce sales. However, we know cybercriminals follow the money, so what can we do to protect card-not-present (CNP) transactions?

This year the payment industry will be introducing advanced, risk-based decision-making for e-commerce to reduce CNP fraud using updated standards from EMV 3D-Secure. This will enable financial institutions to better assess whether a transaction is legitimate or fraudulent by examining 10 times more risk factors than before, including browser type, device type, and location of a transaction, among other factors to help decide whether step-up authentication is required. In addition, companies that facilitate digital payments will likely layer 3D-Secure with other advanced analytics technologies like artificial intelligence, to help analyze for fraud.

In 1965, Gordon Moore of Intel predicted that the increase in computing power and the decrease in relative cost would occur at an exponential pace. The pace of digital innovation over the years has been fast, but so has the evolution of payment security and risk management. I'm optimistic about the future.

Related Content:

 

About the Author(s)

Ellen Richey

Vice Chairman and Chief Risk Officer, Visa

Ellen Richey joined Visa in 2007 and serves as vice chairman and chief risk officer. She leads risk management, including enterprise risk, settlement risk, and risks to the integrity of the payments ecosystem. She coordinates the company's strategic policy initiatives, leads the operational resilience function, and is a member of Visa's Executive Committee. Before assuming her current role, Richey concurrently served as chief legal officer and chief enterprise risk officer.

Richey received The Most Influential Women Award from the San Francisco Business Times and the Distinguished Payments Professional Award from Women in Payments. Richey received a B.A. from Harvard University and a J.D. from Stanford University, and served as a clerk for Associate Justice Powell of the U.S. Supreme Court.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights