January | February 2015 | paymentscardsandmobile.com in this issueCard Notes UK’s Bacs payments network hits new heightsCard Fraud Inside Card Fraud Reportm-payments Polish banks to launch cloud-based mobile payments with Visa

An update on payments and card use in Europe

Payments in Europe

ID security

payments cards and mobile | January | February 2015 www.paymentscm.com26

Unsurprisingly, and in the wake of high profile data breaches over the last year at Home Depot and Target in the US, consum-er demand for new methods to protect their security are also growing. The same survey also highlighted that 79% of consumers want to know what retail stores are doing to protect a consumers’ identity (see chart).

Data breaches at US retailers are one part of Barack Obama’s executive order in October last year to speed up the adoption of EMV. The drive for new methods of iden-tity protection however are not confined to

Identity verification relies on technology – usernames, passwords and PINs – that is aging, having been in use for about 50 years. An Experian report in 2012 found that the average internet user has up to 40 online accounts. A separate study also revealed that consumers tend to rely on no more than five different passwords across all their accounts.

At the same time incidences of fraud in the online world are increasingly common. A survey of shoppers in the US in November 2014 showed that nearly 60% of consumers at retail stores had been notified of a retail data breach in the last two years.

Solving the challenge of providing a robust, convenient technology that can protect consumer digital iden-

tity is fast becoming the Holy Grail for the payment technology industry. A relatively recent phenomenon, the concept of digi-tal identity officially refers to the range of online profiles, cardholder details, loyalty schemes and social media accounts that make up a consumer’s identity online and that is increasingly encroaching on the physical world as methods of identity veri-fication converge.

From whichever angle you look, the need for an urgent solution is obvious.

Providing consumers with a secure alternative to an ever-increasing number of passwords and profiles without compromising convenience is the latest frontier in driving consumer acceptance of new forms of payment. Success in this field has the potential to outstrip the opportunity for payment innovation that has dominated the industry’s last decade. PCM takes a look at the growing market in digital authentication technologies.

by Simon Hardie

The race to protect digital identity: the next frontier in payment innovation

ID security

www.paymentscm.com payments cards and mobile | January | February 2015 27

kets where lower levels of education and financial literacy make it harder for banks to keep their customers safe. For us security is strongest when it simply disappears,” says Kim Humborstad, chief executive of Zwipe.

Another firm that made headlines at the end of 2014 is Duo Security when it raised $12 million in September, investors included Google’s venture capital arm. The company, launched in 2010, specialises in providing two factor authentication technology for mobile and desktop operating systems.

Duo Security CEO Dug Song says the market for stronger authentication has seen a step change over the last five years in par-ticular as automated fraud has proliferated, “we saw the first automated banking trojan in 2005 but really since 2010 there has been a dramatic shift in the way that attackers online have been working, in particular with regard to automation.”

Attracting investor interest

Duo and Zwipe are just two of a number of digital security firms that have been successful in attracting investor interest over the last year (see table). The chal-lenge ahead for these smaller early-stage digital security firms however is the need to build recognition, and scale, in an indus-try dominated by giant banking brands, and where making custom-ers feel secure relies on banks own initiatives to inform the customers of the measures they are taking to protect them. Banks themselves are also often reluctant to reveal that they are part-nering with external suppliers, particularly in the area of data secu-rity technology, making that challenge harder still.

Start-ups Duo and Zwipe have already made some progress.

the US though where the continued use of the magnetic stripe for point of sale trans-actions has left retailers and consumers at risk of fraud.

In Europe, where chip and PIN cards are ubiquitous, fraudulent activity has jumped the channel from point of sale to online. With the growing connection between online profiles, identity verification and online commerce, risk of fraud is likely to increase without the introduction of a new, convenient form of authentication.

The technology itself does not neces-sarily have to be completely new to be successful, as the launch of Apple Pay in October last year has shown. Apple Pay has breathed new life into tokenisation and host card emulation – technologies that have been around for a decade or more. What matters is ease of use, combined with a method of authentication that has been specifically adapted to the digital world by moving away from static passwords or PINs and over-reliance on the sanctity of the card number.

With financial technology firms awash with investment funds over the last few years, companies that specialise in digital security are gaining increasing attention. In part this is because consumers are now much more comfortable with m-commerce, and technologies such as Apple Pay that enable quick authentication with a phone or other payment device at the point of sale are gradually entering the mainstream.

An example of this new wave in authen-tication is Zwipe, a Norwegian start-up that raised nearly $4 million at the end of 2013 to fund development of a contactless payment card with an on-card fingerprint scanner. The company has drawn attention from a wide range of financial institutions around the world, especially from emerging markets, where lower levels of numeracy or literacy require innovative solutions to traditional methods of identity verification.

“PINs and passwords get in the way of payment transactions. With a card that is activated using your thumbprint, the con-sumer doesn’t even have to think about the payment, they can just get on and buy. This is especially attractive in emerging mar-

Duo in its ability to persuade some of its customers in the US to co-brand its tech-nology, something that it hopes one day to convince a top 4 US bank to do, and Zwipe with the launch of its Zwipe MasterCard where the payment scheme acted as equal partner at the launch and in the communi-cations activity afterwards.

With the rise of smartphones and the continued rapid migration of consumers online, the rewards from a solution that can ensure customer safety, with a process that is as friction-free as possible is huge. Average online cart abandonment rates across Europe and the US were 68% in 2014 , while a consumer survey showed that more than one in five customers abandoned their purchase because the process took too long to complete .

The jury is out on whether consumers will ever be persuaded to give up all their current PINs, passwords and other forms of authentication for a single digital identity. Although there is perhaps an opportunity for platforms such as Apple or Google to help consumers manage their online identi-ties better. One thing is certain though – as digital commerce grows and digital identity encroaches into the physical world, the race has only just begun. ■

Identity Concerns and Retailer Expectations

Source: Experian holiday shopping survey.

(Shown: % Agree)

I would like to hear from retail stores about what they are doing

to protect my personal/credit card information before the

holiday shopping season starts

I am concerned about the risk of identity theft / fraud during the

holiday shopping season

Retail stores will place higher emphasis on protecting their

customers personal / credit card information during the holiday

shopping season

05

2009

2010

2011

2012

2013

2014

MOBILE SPECIALISTS

Payments and NFC

M&A

Specialists in supporting international and domestic expansion

VENDOR

Selection and shortlist for RFP

MARKET

Evaluation for product or company launch

INFORMATION

On a particular market or a pan-European comparison of particular segment.

We collect, collate and provide information for the payments industry. We produce comprehensive, targeted research and tailored consulting for your needs, within a reasonable budget. All delivered on time.

We’ve already assisted major companies including RS2, Creditcall, Airplus, Sybase 365, Clear2pay, Sysnet, MasterCard and numerous banks.

We can supply short bulletins or research reports for a worldwide audience – everything from efficiency and performance to the impact of non-traditional payment providers.

Targeted Research is available on banking, card payments, financial services and mobile financial services market. We can customise all research to cater to your specific needs.

We have the experience – we’ve been doing it for over 17 years – and we can make it easy for you.

To discuss how we can help you, email: wendy@paymentscm.com or visit our website: www.paymentscardsandmobile.com/research

Payments Industry IntelligenceFinding the right information in the right place at the right time can be difficult, time consuming and expensive – that’s where we come in.

paymentscardsandmobile.com