The security of electronic payment systems

With electronic payment systems becoming more popular with today’s consumers, their prime concern is the security of their payments. This is a critical element of the payment process that can ensure the confidence of the customer and can help to promote customer loyalty.

EMV results in lower losses and better trust

The older, magnetic strip cards were a constant source of fraudulent activity on many customer accounts around the world. However, with the advent of the EuroPay MasterCard Visa (EMV) chip, card payments have become more secure, and have resulted in a huge reduction in credit card fraud. The last few years have seen historic low points in the losses related to point-of-sale (POS) transaction fraud. This has increased the consumer trust in the payment systems in use around the world.

Magnetic strip cards are still a major fraud risk

The fraudsters are not giving up, though. While the chip cards limited their ability to commit credit card fraud, there were other avenues of opportunity that were open to them, including fraudulent card applications and the lower security of online payment methods. Banks also saw an increase in fraudulent credit card use abroad. While Canada already has widespread use of EMV-enabled cards, the United States, and some other countries, are only just catching up with the improvements in technology. Around 25 percent of all terminals in the U.S. are EMV-enabled, making it easy for fraudsters to target consumers and retailers. They simply need to clone the magnetic strip from a Canadian card and use it across the border in the U.S. where there are less EMV-enabled terminals. So, while Canadians are thinking their cards are more secure, the reality is that, until American retailers catch up with the upgraded terminals, no card is really secure. In these cases, consumers must be vigilant while handing their cards over to retail staff. The security provided by EMV-enabled cards and terminals includes the ability to handle the card yourself in the terminal, and not let it into the hands of a third party.

Protect yourself from fraudulent transactions

There are also many other ways consumers can protect their interests and avoid being caught by fraudsters. Hiding the PIN from view, never giving card details in writing, and ensuring websites, where payments are made, are secure (by checking the “lock” icon in the URL bar) are the main ways to ensure the security of your card details. One should always report the loss of a card – whether through theft or by accident – immediately to the card issuer.

Merchant requirements for security

All merchants are required to take certain measures to ensure the safety and security of consumer card data, and comply with the requirements of the Payment Card Industry Data Security Standard (PCI DSS). Their payment solutions should meet the requirements of the PCI DSS and be certified by the Payment Application DSS. Retailers are liable under the PCI DSS for consumer losses, especially if they are not ensuring the card numbers and details are not secure on the systems, and not coming into contact with the IT networks and employees. System monitoring is also a requirement of the PCI DSS, and all suspicious activity must be reported to help prevent fraud. And any POS payment solution should have built-in point-to-point encryption (P2PE) to ensure the security of the card data in transfer with the processing bank systems. P2PE encodes the data on the card when sending the details to the processing bank, which then decrypts the data through their own system, and sends back a simple code that does not have the customer’s card data in it. This makes the transfer secure as only the specific bank’s system can decrypt the information being sent. And with the return data being just a basic code, for use in refunds and records, the data is fully secure.

Online payments are a major risk factor

Online payment solutions are another aspect of card security where fraudsters are slowly being beaten down. However, while secure websites are doing a good job in restricting and reducing the amount of card fraud online, there are still many areas of the internet transaction that require a massive increase in security, and stricter controls. A large percentage of fraud is still done using phishing websites, where the consumer thinks they are getting an email from a retailer and need to re-process a transaction. When clicking the link to make the payment again, they end up on a site that is designed to capture card data. Fraudsters use marketing email lists to bulk-send the same email to hundreds of thousands of consumers, so even if only one-in-ten click the link and enter their details, there is a huge profit for the fraudsters.

Online security, for the meantime, lies mostly in the hands of the consumer themselves, and better vigilance and more education is needed in order to reduce the amount of fraud done by social media engineering and phishing.

Related articles published in From our Experts :

Source :