Safety in numbers

In the world of payments plastic is king. But while card payments offer a fast and convenient way to purchase goods, determined fraudsters are always on the look out for gaps to exploit in the security infrastructure. Bjørn Søland, Senior Business Advisor at Oslo-based Business Banking Solutions (BBS), explains what is being done to protect and reassure the public.

FST. Consumers want to make quick and reliable card-based payments. How do you strive to strike that balance between convenience and tight security measures?
BS. Today all Nordic countries are well placed as leaders in card usage. Besides the fact that Nordic consumers can use their cards almost anywhere, efficiency is essential. Using the Norwegian debit card payment scheme as an example, the consumers are used to entering their PIN for every card payment. Full payment transaction (including PIN entry, coverage and PIN controls) takes only four to eight seconds. The steady increase in card usage in a country that already has the worlds highest card usage clearly shows us that PIN entry and tight security is no barrier for consumers. Actually, it adds trust by putting the user in control as ‘It’s only me that can use my card’.

FST. Security is probably the biggest concern of people unwilling to shop online. What measures can be taken to reassure the sceptical and protect the payments of those who choose this channel?
BS. The numbers of sceptics are decreasing. BBS is experiencing a huge growth in our Internet payment solutions. We think that one important reason for this increase is that the consumers are well informed about the actual risks from a number of sources, including consumer rights organisations, newspapers etc. Besides from presenting balanced information to the consumers we also increase the actual security. Examples are security mechanisms like Visa 3DSecure or Norwegian BankID where consumers add a digital signature to the Internet payment transaction. A solution for signing payment transactions with mobile phones is also production-ready and will be commercially available in 2008.

FST. What are some of challenges you face when it comes to payment security today?
BS. The weak point is the consumer’s computer. The increased number of large scale and professional attacks is a challenge and will continue to be so in the years to come. Another concern is that many organisations still lack the resources and skills to protect the payment card data. However, the good news is that more organisations seek to payment services companies like BBS that has the necessary systems and certifications in place to handle their payment processing.

FST. Tell me a bit about your payment solutions and how the products and solutions have evolved over the past five years?
BS. BBS has been in the payment industry since 1972 and offers a number of payment solutions ranging from traditional paper based to physical and virtual terminals. In the last years the number of transactions has steadily increased together with the number of terminals. Improvements and maintenance is routinely performed at the central parts of the infrastructure. In the decentralised parts, we have changed most of the terminals to combination terminals that handle both the traditional magnetic stripe and the more secure EMV chip cards. A number of banks have already issued chip cards. Interestingly, some banks have combined the EMV application and a one-time password solution on the same chip. This multi application approach seems to strengthen the perceived value of card and consumers’ feedback has been extremely positive.

FST. Are there any technologies on the horizon that you are looking to develop? Are going to get involved in mobile and contactless payments – the likes of which are being touted as having huge potential?
BS. Contactless payments are definitely something we look into. However, in markets where it already exists high performance and user-friendly point of sale (POS) solutions the actual benefits is somewhat lower than in markets that start from a lower technology level. Thus, we expect to see the fastest deployment of contactless solutions in emerging markets and in the US.

The mobile phone seems to have a potential both as a security device for Internet banking and also as a payment terminal. Handset vendors, mobile operators and the financial industry all looks into this area, but still from different business perspectives. Today, many players put an equation mark between mobile payments and contactless payments. If that is the case it will have taken at least three to six years for mobile payments to reach any significant volumes, due to lack of standardisation and few users with compatible handsets. Thus, the solutions we will see in short term is based on well proven and available technology used in new ways.

About Bjorn Soland
Bjorn Soland is a Senior Business Advisor at Banking and Business Solutions (BBS) in Norway. He has worked with eSecurity, authentication and signing services since 1997 within the Telecom and Financial sectors. Based at BBS headquarters in Oslo, Soland is involved with the development of BBS’ International eSecurity business.