Increasing security in a world of digital payments
The rise of digital payments
In the UK, there is an increasing trend towards cashless. Coins and notes are now being replaced by contactless payment methods – it’s nearly four years since London buses did away with cash altogether. You can now even donate to a busker on the street with just the touch of a card, with a new initiative, the first of its kind in the world, which aims to help street performers earn more by expanding the payment choices for passers-by. Barclaycard has led the way in the space by trialling easier ways of giving with our own contactless charity donation box.
In 2017, 42% of all card payments were contactless, and by 2026, more than half of all debit payments will be contactless. But as the way we pay changes, so do the methods that criminals employ to target us, with contactless fraud overtaking cheque fraud for the first time ever, totalling £5.6 million in the first half of 2017.
Contactless card fraud
When contactless cards were relatively new, many people wondered how safe they really were. Back in 2015, consumer watchdog Which? showed that sensitive information could be ‘lifted’ from contactless-enabled cards using card-reading devices purchased online. This meant it was theoretically possible that you could walk through a crowd and, without ever losing sight of your wallet, fall victim to criminal activity.
Barclays updated its card payment profiles a few years ago to counter ‘contactless skimming’ by removing personally identifiable information (PII) from the chip, and the next iteration of the chip profile will bring support for more advanced controls following updated EU regulations, more on this shortly.
Because of increased security on cards, the UK Cards Association states that there are no verified reports of a payment being taken from a contactless card by a fraudster using an unauthorised reader in the street or on public transport in the UK.
Furthermore, the spending limit of £30 per transaction makes larger fraudulent activity much more difficult. The popularity and convenience of contactless technology could lead to that limit being increased to £50 in the near future though. This has led to concern over increased fraud by the Bank of England’s chief cashier. However, new EU regulations are making sure banks protect their customers.
Promotion and protection of open banking
This year, some parts of the Revised Payment Services Directive (PSD2) came into effect. This European Commission directive aims to offer stronger protection to consumers as well as fostering a more collaborative approach to financial products through the increased promotion of open banking.
As part of these new rules, all transactions over a certain value will be subject to stronger authentication checks from September next year. Banks are responding by making technological advances to adapt to these changes. One way they’re doing this is by adopting machine learning methods to enhance fraud detection capabilities and classify transactions that fall above the spending threshold.
Due to an expected increase of competition in the financial market as a result of PSD2, it’s also predicted that banks will be encouraged to take advantage of strategic new opportunities and collaborate with fintech providers to further innovate their offering. This will likely lead to a financial marketplace where fraud is harder to commit than ever.
The move to mobile
For some of us, even opening our wallet or purse, taking out our cards, tapping them on readers and putting them away is still too much work. That’s where our smartphones come in. These devices can also be used with near-field communication technology, eliminating the need for a physical bank card.
Recent Barclaycard research found that there has been a 365% increase in the number of payments using a mobile device in the past 12 months. Almost a third of consumers are now taking advantage of this payment method, with exponential growth predicted over the next 12 months. However, with 183 phones stolen every single day in Britain, it’s easy to see why people may be wary.
Smartphone payment technology not only uses similar security measures to contactless cards, but also offers new ways to keep your money safe. For example, SafetyNet APIs are built into Google Play Services to check a device passes its Compatibility Test Suite before Android Pay can operate. If it finds your operating system has been modified, or the phone has malware running, it blocks it. This ensures that sensitive data cannot be read by outside threats. Further protection is available through features such as Android’s Find my Device and Apple’s Find my iPhone. If your smartphone is stolen or compromised, the remote tracking used by these apps offers extra protection.
Mobile technology can work even harder, with push-based authentication offering increased banking security. If a criminal attempts what’s known as a “card-not-present transaction”, perhaps by attempting to buy a new games console or 4K TV with your money, you don’t have to wait for it to appear on your bank statement to know about it. Instead, you get an immediate notification to your smartphone via a targeted and encrypted channel, asking you to either accept or reject the transaction. This way, you can potentially stop fraudulent activity before it even happens. This type of authentication also eliminates the need for one-time passwords, which can be intercepted by criminals.
Barclays is in the process of implementing a rich set of new customer facing ‘authorisation controls’ that allow users to set up and manage payment categories in which their card can be used.
The future is human
The world of payment technology isn’t limited to contactless, with our eyes, fingers and voices unlocking new security potential. The rise of biometrics could signal the end of passwords, PINs and authentication codes altogether. The Barclays Biometric Reader for Corporate Banking customers uses an infrared scanner to read finger vein patterns, for example. Barclays was also the first organisation in the world to use advanced voice biometric technology to deliver an award-winning service to International Banking clients, allowing them to verify their identities with unique voice prints in just a short conversation.
It’s not just our bodies that can be used to authenticate who we are; the way we do things can be used to confirm our identities as well. The highly sophisticated nature of behavioural biometrics is strengthening security further, with Gartner predicting that 80% of all smartphone devices will have AI capabilities by 2022. This will allow your device to analyse your language, physical interactions and emotions to create a unique profile of what makes you, you. Your smartphone therefore has the potential to instantly recognise when an unauthorised user has hold of your device and instantly deny them access to payment apps and personal information.
In the future, we could increasingly be using our bodies and behaviours to process payments, making it harder than ever for criminals to get their hands on our cash.