Payments Testing - March 19, 2024
The payments industry has invested a significant amount of time and resources enabling EMV over the past several years. The effort has paid dividends. Visa announced last year that chip-enabled merchants nationwide reported a 43% reduction in counterfeit card fraud annually. There has also been significant progress at ATMs, as MasterCard's liability shift passed last October and Visa's comes into play this month. Of course, thieves – at least those skilled at their trade – are not easily daunted by technological shifts. As one door closes, another opens. To date, as an industry, we have not been able to eliminate the sources of low-hanging fruit. To do this, those of us in the payments business will need to accelerate implementation of some of the technologies available that can lessen the value and amount of this fruit’s attractiveness.
The Delicate Balance
Cardholder education is one key to fraud prevention. Even though those of us in the industry that are typically well versed in the many types of card fraud, cardholders sometimes aren't even aware there is a problem at all, let alone armed with knowledge about how to best prevent and respond to attacks. This lack of knowledge results in a number of bad practices that, if eradicated, would help keep money out of the pockets of criminals. There are some common misconceptions that could be addressed by providing consumers with basic information that could achieve this result in relatively short order.
For example, those of us who work in the payments business understand that debit card fraud can have an impact on the cardholder that is much more severe than credit card fraud in terms of cash and time. Yes, there are ways to make debit card use more secure through educating consumers but it is a delicate balancing act lest one inadvertently create an aversion to debit cards altogether.
The most common password today remains, wait for it, the word “password” with some “stronger” versions such as password1234 or Password1234 counted in the mix. I have seen more than one person in our industry roll their eyes while sharing this factoid. This tendency to mock those who follow such a vulnerable path misses the real point about passwords – they are a lousy form of security, only slightly better than signatures and just a little worse than PINs.
We also are missing the point about who holds at least some of the responsibility for this condition. It is not altogether just a matter of laziness on the part of cardholders, but also a lack of investment in our industry with other measures that are far easier, and far more effective, to use in combating fraud. In this way, the tech giants have been the ones to set an example we in the payments industry should have been setting for them and our customers. It has been the Apples, Googles and others of their tribe that pioneered biometrics beyond just the somewhat spooky and tired examples from early innovators and science fiction; i.e., “just rest your eye here while we use a painfully bright light to scan your retina.”
Most recently, Amazon’s Alexa, Google’s Home and Apple’s Siri have opened up a new frontier that scientists in that disciple have demonstrated to have an amazingly high level of accuracy even in their current forms that are still relatively low cost and basic as concerns what is available to the public. Interestingly, though, even these companies – all three – use passwords (and in some cases with two-factor identification) to authenticate their users. This underlines the issue at hand – that the legacy infrastructures of even the tech giants, while even more so that of financial institutions and FinServ organizations – remain impediments to a user experience that partners with consumers to make security more frictionless and less permeable.
Work Together as an Industry
No matter what type of financial services provider an organization is – whether it's a credit union, bank or other type of provider – fraud is a common enemy to all. This is why every player in the industry should work together to provide consumers with tools to minimize their exposure to fraud. However, it is not enough that these tools give the appearance of being secure; they must be secure and – here’s the key – easy to use. EMV is working and it is vital that the industry complete the implementation of it (finally) here in the United States across all physical points of purchase where a physical card is in use.
However, using chip cards to improve security and to combat card counterfeiting in particular is not a recent practice on the planet earth. It has been around for decades. It is time now as we catch up on these basic security practices that we also find a way – especially, though not exclusively, in the U.S. – to expedite the introduction of available technology as it emerges that will simplify and strengthen the security cardholders have a right to expect from us. This step will not only avoid sowing fear that would decrease card use but also will achieve the opposite, giving people the confidence to increase their use of electronic payments methods around the world.
