finance & strategy
M-Payments’ New Tools: The Technology + Services Reshaping Payments Security
technology even further, integrat- ing it into Visa Checkout, its streamlined e-commerce checkout service, to protect cardholder details in routine online transac- tions as well as mobile. “New technology advances from Visa are helping merchants o er their customers a more secure mobile purchasing experience, regardless of where they are and what device they are using,” notes Sam Shrauger, senior vice president, Digital Solutions, Visa. “Customers can feel con dent that each trans- action is recognized and autho- rized through the Visa Token Service, which allows us
to process payments without exposing consumers’ valuable account details.”
Tokenization goes even further than just protecting cardholder account data, adds Jose Diaz, director of technical and strategic business development for Thales e-Security. By enabling organi- zations to de ne parameters
for where and when a particular token can be used—such as only with a certain device, only at the POS or only online—tokenization provides more precise levers to circumvent fraud, he explains. “It’s still very early days in the development of tokenization
and all the ways it can protect cardholder data, but we see huge potential for using tokenization, with biometrics and other tools, to enhance payments security at many more levels even than we’re using it today,” he says.
MoST CoMMoN M-PAyMeNTS FRAuD TyPeS
While much of the discussion of evolving payments security centers on EMV, tokenization, biometrics and multifactor authentication, none of these can stop fraud that manages to worm in at the most fundamental level: the onboarding level. Though opportunities to pull off this type of fraud are rarer, experts say that when fraudsters manage to get hold of stolen credit card information and put it on a device, the damage can be far-reaching, because the fake credentials seem legitimate and may easily pass through other security barriers.
Therefore, banks need to be sure they’re building rock-solid security checks into m-payments at the foundation, through the m-payments on- boarding process, says Ray Wizbowski, vice president of  nancial channels
at Minneapolis-based Entrust Datacard, which pro- vides identity and secure transaction technologies to banks and other organizations. Apple Pay suffered a lapse during the  rst few days of its rollout, when
some banks learned they had failed to establish a secure way to validate the legitimacy of users
setting up new accounts. They quickly recti ed the problem, but this is an area where banks must remain on constant alert for internal and external cracks in the onboarding security process.
“Strong identity controls around who has access to online creden- tials, plus strong authentication
factors, including biometrics, are basics for banks onboarding customers
for mobile payments,” Wizbowski says. “If we focus on how to make the identi cation ecosystem secure at the start, by ensuring strong identi cation requirements for adding payment credentials to the device, we can help mitigate fraud all the way through the system, including for online and card- not-present transactions,” he says.
48