Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/7/2019
02:30 PM
Ellen Richey
Ellen Richey
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

4 Payment Security Trends for 2019

Visa's chief risk officer anticipates some positive changes ahead.

Change that leads to improvement is usually good, in my opinion, and in my role at Visa, I anticipate some healthy changes ahead for the payment industry. Of course, no one can perfectly predict what is to come, but here is my take on four notable payment security trends for 2019.

Trend 1: Continued growth in E-Commerce and M-Commerce will drive the need for secure digital payments.
The volume of digital payments will likely continue to increase, driven, in part, by the growing comfort and habit among consumers with making purchases on their smartphones, tablets, computers, and IoT devices. Industry analysts predict that there could be more than 20 billion IoT devices by 2020. While chip technology has significantly reduced fraud in stores, we need a similar security defense for the digital channel. Tokens can be that solution.

Tokens replace the transmission of actual payment card numbers, so if a point-of-sale (POS) system, mobile device, mobile application, or network connection is compromised, payment card numbers are safe since they are not exposed. Tokens also include a dynamic value that changes with each transaction, similar to chip technology for in-person transactions.

With tokenization, merchants no longer have to store sensitive data, like primary account numbers, greatly reducing risk for people who store their card information on mobile devices, in mobile apps, or online with e-commerce merchants. Instead, merchants will be able to mask their customers' primary account number with a token, which is protected by restrictions that render it useless to fraudsters if it were ever to be compromised.

Trend 2: Password insecurity and consumer frustration will lead to increased adoption of biometrics.
Cardholder verification methods have evolved, including the optional removal of signatures in 2018. Many people would probably also agree that remembering passwords and PINs as a way to verify identity can be difficult and insecure. The use of biometrics for authentication for in-person and online shopping causes less friction for consumers and offers stronger identity verification for issuers and merchants.

A survey commissioned by Visa showed that 86% of consumers are interested in using biometrics to verify identity or to make payment, and more than 65% are already familiar with biometrics.

Last year, issuers piloted on-card biometrics programs in which a fingerprint scanner was built directly into a payment card because consumers still prefer the plastic card form factor to other available options. I expect more pilot programs to emerge in the year ahead.

Trend 3: Sharing of cyber threat intelligence will Continue to chip away at attempted fraud.
Cybercriminals are increasingly organized and well-funded, backed by criminal organizations with deep pockets. The black market for cybercrime has also evolved to enable individuals of all skillsets to participate as long as they have the desire. This democratization means more attempts at exploiting known vulnerabilities will take place, so organizations have to be vigilant.

Although collaboration already exists among partners in the payment industry and law enforcement, I believe you will see more collaboration in the coming year because it yields results. Most notably, three senior members of the Fin7 cybercrime group – one of the largest known cybercrime organizations, responsible for stealing roughly $1 billion over the years from some well-recognized retail and hospitality companies – were arrested last year because of a public-private partnership between payment networks (including Visa), financial institutions, merchants, and law enforcement.

Trend 4: Advanced technology in risk-based decision-making will help reduce CNP payment fraud.
According to the latest figures from eMarketer, e-commerce was on track to represent only 11.9% of total global retail sales in 2018, with brick and mortar still the dominant retail channel. This means there is still much room for growth for e-commerce sales. However, we know cybercriminals follow the money, so what can we do to protect card-not-present (CNP) transactions?

This year the payment industry will be introducing advanced, risk-based decision-making for e-commerce to reduce CNP fraud using updated standards from EMV 3D-Secure. This will enable financial institutions to better assess whether a transaction is legitimate or fraudulent by examining 10 times more risk factors than before, including browser type, device type, and location of a transaction, among other factors to help decide whether step-up authentication is required. In addition, companies that facilitate digital payments will likely layer 3D-Secure with other advanced analytics technologies like artificial intelligence, to help analyze for fraud.

In 1965, Gordon Moore of Intel predicted that the increase in computing power and the decrease in relative cost would occur at an exponential pace. The pace of digital innovation over the years has been fast, but so has the evolution of payment security and risk management. I'm optimistic about the future.

Related Content:

 

Ellen Richey joined Visa in 2007 and serves as vice chairman and chief risk officer. She leads risk management, including enterprise risk, settlement risk, and risks to the integrity of the payments ecosystem. She coordinates the company's strategic policy initiatives, leads ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17666
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.