Ana De La Fuente and Peter Cooper discuss how the future of payment cards can evolve in a new and shifting landscape for issuers where:
- Security is more and more at the forefront of the delivery of different payment solutions
- Yet fraud continues to grow
- Payment tokenisation offers new ways to engage customers and enhance security
- Issuers can drive enhanced relationships with their customers while minimizing risk for themselves
The cost of fraudulent card transactions is staggering, running into billions of dollars annually. The majority of these costs must be paid by banks or card issuers. And that’s the fiscal costs i.e., reimbursing customers or merchants for fraudulently purchased goods or services and reissuing new customer cards. Then there are the hidden costs – how your customers act and what they tell their networks – goodwill or badwill – which can be just as expensive and will often be determined by a bank’s response to card fraud. Act quickly, replacing cards and funds with little fuss and customer loyalty may improve, act slowly and word will spread. Minimizing card fraud would save billions, be better for the environment – as less plastic would be needed for replacement cards – and improve the customer experience. The only losers would be the fraudsters.
Skimming, still a major problem
The most common method of card fraud is card-not-present fraud, and to commit this, criminals require the numbers embossed and printed on a card or its digital footprint. The quickest way to get this information is through card skimming, a practice that consumers are becoming wiser to. However, even though many people no longer allow their cards out of their sights, skimming is still far too common. Unfortunately, people still have no way of knowing if the card reader they swipe their cards on is secure, and with one swipe, all card information is digitally transferred.
Are we making it too easy for criminals to steal card data?
Virtually every card that is produced comes with names, dates and account numbers embossed on them – at considerable cost to card issuers – and the CVC numbers printed on them. This is the very information criminals need to make fraudulent card payments. When a consumer pulls their card out of their wallet in public, they are at risk of having their details stolen. If a bank or card issuer hasn’t implemented or enforced two-factor authentication through its own or a third-party app, these details can be used for fraudulent online card payments.
Time for the obvious next step. Time to minimize card fraud
The progression of payment cards – from the early days of signature-based approvals to magnetic strips – has been security-driven. In some countries, such as Spain, banks have now begun to make it harder for people to see and therefore steal card details at payment. Names, dates and account numbers are now on the backs of cards. This is a great step, however, it does not impact card skimming, as the information remains digitally available at payment.
We believe it’s now time to take the next step to minimize the theft of card details during physical payments. And this can be done by using existing technology, which is already employed in the banking sector, namely tokenization.
Secure contactless technology
Today, tokenization is used to secure payments at the backend of many banks’ IT systems. Tokenization is also used for secure contactless payments in mobile phones via Apple Pay or Samsung Pay, and wearables via Garmin Pay and Fidesmo Pay, among others. Now, Fidesmo is bringing this technology to physical payment cards using secure NFC chips. This highly secure technology replaces card numbers with unique digital tokens.
For banks, it means they can issue standard or highly branded “blank” cards to their users, i.e., with no personal details or numbers on them – similar to many hotel door key cards. The NFC chips, also known as secure elements or hardware wallets, are connected to a digital token that can be used for contactless in-store payments. Skimming a card will no longer transfer digital card details, but rather a digital token that cannot be used to make payments without the physical card.
For online payments, card numbers, expiry dates and CVC numbers are securely protected in your customers bank app which can only be accessed from their device. If a card is stolen or lost, the digital token is voided and a new one is generated which is easily connected to a new blank card. The card details, however, remain the same, secured safely in the app.
What are the benefits for banks?
- With no card details to steal, card fraud is minimized
- Skimming is no longer an effective method for fraudsters
- With less card fraud, reimbursement and reissuing costs are greatly reduced
- Consumers will no longer suffer the inconvenience of waiting for weeks for new cards
- Reducing the number of replacement cards reduces plastic consumption
How can banks get onboard?
As a token requester, Fidesmo is globally integrated with the Visa, Mastercard and Bancontact payment schemes and the NFC chips used are all globally certified for payments. Any bank that wishes to launch tokenization-based cards can set up a project with our payment systems to enable Fidesmo as a Token Requestor. The process can be implemented in a matter of weeks if a bank has an existing integration with the schemes’ tokenization platforms. Additionally, as the Fidesmo system is payment-rail agnostic, we can develop integrations for individual schemes to meet your needs.
This article was written by:
Ana De La Fuente Aguilar – Fidesmo Product Owner of Payment
Ana joined Fidesmo from Samsung Electronics, where she was Technical Product Manager. She believes that combining security and savings with customer-centricity is a catalyst for change in the payments industry.
Peter Cooper – Fidesmo Chief Security Officer
Peter has over 20 years of network and security experience from global enterprises, fintechs and a lot in between. He thrives at the crossroads of security and business development seeing opportunities where others see barriers.
