Nothing can be done without security

Payment systems are becoming increasingly digitalized with systems such as contactless cards, mobile phone payments and virtual currencies more popular than ever. However, their proliferation begs several key questions: What are the challenges in the battle against payment fraud? Are these new payment formats the panacea that the sector has been waiting for? Is the industry able to find mechanisms to ensure the security of these different systems? We speak to Michel Léger, Executive Vice President of Innovation for payment solutions provider Ingenico Group, to find out more.

What limitations does the digitization of our payment means entails when it comes to securing them against fraud and identity theft?

We are already familiar with several security constraints linked to the development of new payment methods, such as those carried out via smartphones. These constraints are part of a process that began to evolve the day when payments via the Internet started. At the time, we were faced with the problem of a transition from a closed payment environment – payments between a bank card and a retailer’s secure terminal, for example – to the Internet’s open payment environment. We have this same issue with payments via smartphones, which are always connected to 3G, 4G or Wi-Fi networks.

Have new mobile payment methods completely changed the stakes?

For mobile payments, we simply have to differentiate between the different types of payment: a transaction on an e-business website is like any other Internet transaction. In the case of a smartphone being used as a payment method in the retail sector, however, we are once again dealing with a form of closed payment, thus requiring the same level of security as a bank card payment. With the majority of mobile payment methods today, the data within a smartphone is safeguarded in what we call secure elements, which is the equivalent of what we can find with bank cards.

How far away are we from being able to trust these digital payment methods enough to adopt them on a massive scale?

The fight against fraud is a permanent battle, and one which pits the creativity of dishonest individuals against the expertise of the different digital sector stakeholders who aim to protect consumers through concerted action. In order to adopt these systems on a massive scale, we need to be able to trust them, and although this trust is being developed, there is still a long way to go because fraud is constantly evolving. The fight in favour of security and against fraud needs to be fought on an international level today. However developed a country like France may be in this sector, the fight is not effective if other countries are not on board too. We are confronted, for example, by the phenomenon of cross-border fraud. For instance, a bank card pirated in France will be useless on French soil, but not necessarily useless in another country where the security systems are not as robust. Nevertheless, technology cannot resolve all the problems alone. Public awareness amongst consumers regarding good practices surrounding these new types of payment is also needed, and we all have a role to play in developing such awareness.

What about virtual currencies? Are they any more secure?

Not really. Indeed, virtual currencies have a clear value proposition due to their specific use in the digital world. However, they are neither more nor less secure, as we have seen with Bitcoin theft, for example. That said, the situation has greatly improved. The underlying blockchain technology of virtual currencies seems to present a certain robustness, even though we should remain somewhat prudent. The real issue will concern both the best practices to put in place when using these new currencies, and how we adapt technology to their different types of usage.

What kind of innovation are we seeing in the sector today?

Sometimes we are obliged to introduce extra security measures which detract a little from the user’s experience, like adding new barriers so that our security is enhanced. The result was that the non-fraudulent consumer was faced with an increasingly complicated payment journey. Today, the challenge for me is to improve both of these elements in tandem, without one negatively impacting the other. In concrete terms, we focus a lot on issues linked to the use of data, artificial intelligence and machine learning. These types of technology offer mainly virtuous possibilities, enabling us, through studying consumer behaviour, to distinguish a legitimate user from a fraudulent one. If we can be reasonably confident of a person’s identity, there is no reason to add more layers of security that force them to prove their legitimacy when carrying out a transaction. A lot can also be done regarding security software. My main point of focus, however, is the value proposition that runs in parallel to the deployment of new payment methods. It may shock you to learn that security is not a real issue for me, given that it is at the very heart of the sector’s activities and that nothing can be done without security. 

 

This interview first appeared on Les Cles de Demain website.

Michel Léger / EVP Innovation at Ingenico Group

Michel has over 25 years of international experience in electronic payments.

Michel Léger (1960) was appointed EVP Innovation in January 2015. He joined the Group in 2010 to take over management of the company’s EMEA segment and became EVP Marketing & Global Sales in 2013. He began his career with Schlumberger in 1985 where he was in charge of sales and marketing for the North American market. In 2003 he was named General Manager of the Payment Terminal Division for Axalto (ex Schlumberger) and held a similar position at Gemalto until 2009. He also helped develop Gemalto’s e-payment market on a global scale.