How can consumers stay secure as payment systems evolve? [Q&A]
Data breaches continue to make the news on a regular basis and payment details are high on the hacker’s shopping list when it comes to protecting information. We reported yesterday on Intel introducing a new secure solution for protecting payments and card providers are engaged in a continuing arms race to stay secure. The latest part of this is the introduction of more secure EMV (EuroPay, MasterCard and Visa) compliant payment terminals around the world. Banks are issuing the new chip cards as current cards expire or need replacement. Retailers are installing new chip-enabled terminals.
As the holiday shopping season approaches keeping your details safe as you hit the shops is at the top of many people's thoughts. We spoke to Carolyn Balfany, SVP, Product Delivery and EMV of payment card specialists MasterCard to find out about what consumers can do to help protect themselves as they shop.
BN: Have EMV technologies like chip and pin made a difference to the way criminals target payment card information?
CB: New chip cards have embedded computer chips which provide more layers of security. Chip cards generate a unique code with every purchase, which makes each purchase unique and prevents the creation of counterfeit cards.
BN: What does the upcoming EMV liability shift mean for consumers?
CB: The liability shift means a higher level of security for consumers. Liability for fraud will lie with the bank or retailer with the least secure technology. This is an incentive for banks to issue the new cards and retailers to update their terminals to accept the safest form of payments.
BN: Why has EMV taken so long to roll out in the US given that it's been the norm in Europe for some years?
CB: There are a few reasons. Historically the US has low levels of fraud due to sophisticated processes and technologies which identify potential issues, in many cases, before they happen. Therefore the move to chip cards was not as urgent in the US.
In addition the process for banks and retailers moving to chip cards takes time. It's as if the US decided to drive on the left-hand side of the road -- all cars, road signs, exit ramps and toll bridges would need to be modified. The US adoption of chip cards actually started back in 2012.
BN: How safe are contactless card payments and do they require additional safeguards?
CB: Contactless card payments are extremely safe due to the unique codes mentioned above. Your contactless card or device never leaves your hand, reducing the risk of it being lost or stolen. Safeguards are even in place to only charge once, even if you accidentally tap twice.
BN: What effect will non-card technologies like the new Apple Pay and other NFC systems have? Are these more or less secure than using a card?
CB: Digital payment platforms such as Apple Pay, Google Wallet and MasterPass will make mobile payments as easy and secure as using cards. Think of applying the security of chip cards in the online and mobile worlds.
BN: How worried should people be that if they're using a mobile phone for payments they risk losing their whole identity of they lose their device?
CB: When cardholders use their MasterCard cards they are protected by zero liability -- consumers are never held responsible for fraud. All MasterCard credit, debit, prepaid and small business cards issued in the US. MasterCard's zero liability policy in the US protects consumers and small businesses against card being fraudulently used in stores, online or at ATMs, including all signature and PIN tractions.
In addition there's identity theft resolution assistance. The program provides help in canceling missing cards and alerting credit reporting agencies, as well as targeting searches to detect if stolen personal and confidential data appears online.
As discussed above, chip or EMV cards provide an additional level of security. MasterCard cardholders can also download the InControl app. InControl allows cardholders, parents or employers to establish parameters for when, where and how their cards are used and even block transactions that they deem inappropriate. Additionally, it enables cardholders to receive real-time alerts about card activity via email or text message.
MasterCard has also worked with Apple Pay on security to protect our cards when they are used in connection with the iPhone 6. Apple Pay assigns a unique Device Account Number with a transaction-specific dynamic security code for every purchase. These codes or numbers are never stored on Apple servers and never shared with merchants. If iPhones are lost or stolen, features such as Find My iPhone can quickly put devices in Lost Mode. iPhones can also be wiped completely clean. Either way, both card numbers and identities are not accessible. For Android users, Google Wallet requires users to set up PINs that must be entered before making payments. Android phones also support a separate lock screen. Together, these two security features make it difficult for someone other than you to pay with your phone.
Image Credit: Sedlacek / Shutterstock