How much security is needed for international payments? (Panel Part I)
I had the honor to share my views at a panel dedicated to International Payments at the Electronic Transaction Association @electranassoc Conference #ETATRANSACT at Las Vegas today.
The moderator and the other panelists were as follows:
I will publish the questions and my answers here in a series of posts.
Do merchants need to amplify and reinforce security measures when dealing with an international market?
When it comes to payments, security is ‘a priori’, regardless of where you conduct it. Whether face-to-face or remote. Be it local, national or international.
I say security is a priority, not only because I see it as a threat, but because I see it as an opportunity to enhance commerce. History of payments has shown us that each time security on a payment device is enhanced, it has increased the trust in the system and resulting in increased usage of that method to exchange goods and services. For example, people believe in banknotes because years of counterfeit-proof technology has gone in to building them.
Same has been true for cards. We take cards for granted but think of it; card embossing, magnetic stripe, hologram, CVV, chip and pin are all technologies built over the decades to make cards more and more trustworthy to pay. Today, I know I can travel around the world with my cards and shop, eat, board and entertain myself without having to worry about carrying cash. Secure payment methods definitely have contributed to economic growth, thus has provided many opportunities for businesses.
Today we see digitization of payments are providing more opportunities in the e-commerce and m-commerce sectors. Goods and services are becoming accessible to consumers from everywhere. Just like it has happened in the previous payment methods, there will be bad actors who will be taking advantage of new payment technologies. So, going back to the original question: “Should merchants need to amplify and reinforce security measures when dealing with an international market?” Certainly. The principal hasn’t changed, only the technology has improved. There is a huge global market out there with billions of potential customers and the potential is increasing each day as global internet coverage widens. Any business providing goods and services for the global market must reinforce their security so it can provide the trustworthy, inviting, frictionless transacting capability to its customers.
Security is a business enhancing concept, it is an opportunity.
Do specific countries require additional and/or more expansive security oversight?
Do some countries need more oversight? Yes. Payments modernization doesn’t move at the same speed in each market. For example, my country Turkey is very advanced in card payments. We have 60 million credit cards. The country has completed its migration to chip & pin 12 years ago with all of its cards, POS terminals and ATMs. Not one device was left behind, everything was upgraded to EMV. As a result, we have seen counterfeit as well as lost & stolen fraud go down dramatically more than a decade ago. Unfortunately, what we have seen afterwards is that whenever Turkish cardholders travelled to non-chip countries, their cards were copied, counterfeited and used in POS terminals and internet sites of non-chip & pin markets. Fighting fraud coming from such markets has become a challenge for Turkish banks. For example, Turkish banks have started re-issuing cards every time a customer have returned from the US as a precaution. Thankfully,now the US market is moving to EMV which will eventually eliminate this problem after so many years.
Similar to the measures preventing operation of bad actors in the physical world, measures should be taken to stop cyber threats against international payments. Some countries, through their well governed payment ecosystems, maybe faster than others, protecting the customers of their e-commerce markets but some may lag behind. It is up to the main players in the payment ecosystem; banks, merchants and Payment Service Providers to govern the rules of their markets and oversee the best interest of their customers. So, yes, the card issuers should monitor and identify the origin of fraud and take preventative action.
Links for the following parts:
