Reflections from the 2013 Visa Global Security Summit

by Michael Misasi 0

Yesterday, October 2, I traveled toWashington, D.C. – no, not to witness the effects of a governmentshutdown firsthand, but to attend the 2013 Visa Global SecuritySummit. The theme of this year’s Summit was “responsibleinnovation.” Some of the questions the speakers addressed were: Howcan payments industry stakeholders innovate without exposingthemselves or their customers to unnecessary risks? How cancorporate and government partnerships strengthen security acrossthe industry? What are some of the unique challenges facingdevelopers in “emerging” economies? Discussing these questions inthe context of cybersecurity, many of the panelists and speakerstouched on the idea of trust, which is closely related to theofficial theme for the conference.

The notion of trust in payments is interesting. The numerousstakeholders in the industry create many relationships that dependon trust to varying degree. Institutions that outsource any oftheir operations have some trust in their vendors, the security oftheir technology, and the company’s ongoing commitment to upgradingits defenses. However, trust is particularly concentrated at themerchant and consumer level, two groups that are generally notexperts in either payments or security.

Merchants are expected to comply with extremely rigorous industryregulations and face potentially serious penalties and reputationalrisk for noncompliance. Yet payments is not a core competency forretailing, and many retailers are not payments experts.Consequently, merchants often trust their technology providers tosecure their payment systems. The need for trust only grows aspayments technology increases in sophistication.

Consumers also must trust that their cards aren’t being skimmedevery time they hand one to a waiter, that their credentials aren’tbeing stolen when they transact online, and that it is safe to leta cab driver swipe their card through a mobile card reader. Theseexamples are reminders of how much consumers trust when they make apurchase with a card.

Consumers, and the degree of trust they have in a provider or atechnology, have a lot of influence over which emerging paymentproducts and services will succeed. Regardless of the addedconvenience or decreased cost, no consumer will use a paymentapplication if she or he doesn’t believe it is safe. Regardingmobile wallets, Mercator’s CustomerMonitor Survey Series suggeststhat a significant group of U.S. consumers is still not confidentin the security of mobile devices for payments. And this in part(even if a small part) explains the minimal adoption of mobilepayments.

Educating (or reminding) consumers about basic facts like a bank’s$0 liability policy or taking the time to explain why a bankbelieves it is safe to participate in a third-party mobile walletor card reader could provide consumers the assurance they need toadopt the technologies that will move the industry forward. PastMercator Advisory Group research referenced in the Viewpoint EMV Cards:Instructions Required suggests there may be gaps in theway issuers are communicating the differences and/or benefits ofEMV to consumers, a technology that everyone is expected to embraceeventually. Chip-card issuance might be an opportunity for issuersand acquirers to have a conversation with their customers aboutpayments security broadly, which could set the stage for a smoothadoption of EMV and any other new technologies that comesalong.

Follow Michael Misasi on Twitter @mikemisasi.