CSI Resources

You are here:
online payment with a credit card

The Past, Present and Future of Payments Security

  • by Matt Herren, CSI Product Manager of Payment Analytics
  • Jul 05, 2018

The payments security landscape has seen tremendous change in recent years. And as a whole, the financial industry has been hesitant to adopt these changes. However, an increase in consumers’ online consumption—coupled with an unnerving uptick in payment fraud—has caused financial institutions to embrace the evolution of payment security.

This progression began years ago with the introduction of credit cards as a means for purchasing goods and services without direct cash in hand, and has since transformed into a world dominated by e-commerce

From EMV Chips to Online Shopping

The introduction of EMV chip card technology revolutionized payments security both in the U.S. and abroad, and adoption of EMV chips is on the rise. According to Market Research Hub, the global EMV point-of-sale terminal market is expanding at a compound annual growth rate of 9.9 percent through 2021.

Despite this widespread implementation of EMV, e-commerce—or transactions conducted over the Internet—has emerged as a favorite for today’s consumers, who are rapidly switching to online shopping. As a result, mobile wallets and payment apps are now commonplace. According to eMarketer, e-commerce is growing immensely, and in 2017 alone, mobile commerce (m-commerce) via smartphones and devices represented more than one-third of all retail e-commerce sales in the United States.

This shift in consumer behaviors—from in-store credit and debit card payments to the mobile shopping boom—compels payment technology companies to stay ahead of the curve while maintaining proper security.

The Identify Theft Resource Center (ITRC) counted 791 reported data breaches in the U.S. during the first six months of 2017 alone. The threat of breaches is top-of-mind, not only for cardholders, but also for card issuers who want to protect their customers’ sensitive data. So, payment providers adopted tokenization to answer that threat.

Tokenization and CoF e-commerce

Tokenization involves taking a customer’s primary account number (PAN) and replacing it with a series of tokens. These tokens then pass through the Internet or various wireless networks without exposing the actual bank account details.

And tokenization opens the doorway to yet another advancement in payments security: credential-on-file (CoF) e-commerce. CoF e-commerce occurs when a merchant stores a customer’s card information online for future or recurring purchases. Storing credentials is a huge convenience for customers because it eliminates the need to re-enter their card information at every online purchase. CoF-ecommerce provides a security convenience too, because the merchant can employ tokenization to replace the customer’s static card data. These tokens—used only by that particular merchant—create a “walled garden” of information that means nothing to anyone else, and the tokens are of such little value to attempted fraudsters that the merchant is less a target for intrusion.

The Bottom Line

Payments security is in a constant state of evolution. And while EMV chips are still widely used by consumers, more and more are using digital channels to make purchases. Incorporating tokenization into CoF e-commerce provides secure, convenient payment options to these customers.

So, the ease of integration and promise of higher security makes tokenization the obvious choice for a secure e-commerce world, especially as the threat of payment fraud continues to increase.

In his role, Matt Herren has employed advanced analytics and data analysis to not only react to fraud, but also to prevent it. As the product manager for Payment Analytics, Matt has expanded CSI’s ability to address fraud through early identification of merchant breaches and fraudulent testing techniques. His work helps to increase bank profitability through fraud mitigation and card portfolio analysis, allowing customers to realize industry-leading results and maximize program performance.