The Next BIG Thing is...

The consumer or retail payments industry is thoroughly dynamic and for industry pundits is very exciting. Yet as we all know, it is full of media noise from journalists, consumer groups, regulators, schemes and suppliers.

Yet while we trawl through this noise looking for the next big thing to happen in payments, the consumer continues on blissfully unaware trusting in that their next purchase will go through without a hitch - funds permitting!

It is when there is a failure in the system - fraudulent activity resulting from a point of compromise; or network points failing at the transaction moment, that we see another small thread unravelling from this trust model.

So while consumers continue to use the products we deploy, we question what next? - Especially if you look at developments over the last 8 years alone. Chip & PIN, Mobile banking platforms, massive take up of online banking, introduction or the proliferation of open loop prepaid card programs, payment system reforms, bill payment services and so on...

Post Chip & PIN, the industry has focussed on contactless, Near Field Communications (NFC), peer to peer payments (particularly mobile) and in Australia the next wave for domestic debit (EFTPOS) and Bpay (MAMBO) to meet the innovation drum beat of the Reserve Bank.

In addition to these activities, a focus on cross sector convergence is unavoidable; as is the level of unrest at the growing number of compromises of cardholder data.

Despite this position, the industry is in danger of myopically focussed on the transaction method at the moment - contactless, NFC, increase the speed of interaction. Yet payments, is a Customer relationship product and product built on trust.

At MBNA, the key message to all was "Think of Yourself as a Customer". It was placed above each and every door in the organisation. So if I am blissfully unaware as a consumer what the next big thing is, what should we the industry be looking at?

Security & Authentication

An extremely innovative thought leader in the industry recently pointed out to me a 1964 newspaper advertisement for Sheaffer pens. It shows the image of the card being 'beamed' from a ring to be written down and then to sign with the pen. Is this about convenience and security, or simply a belief that the pen will never be obsolete at the point of sale?

The point being, that with new approaches to payment transaction methods, the security and authentication layers can not be ignored.

An increasing number of new starters will continue to appear in the market (most with extremely short life spans, others developed for longevity) and some large global brands will continue to evolve into payment services providers. Yet the underlying integrity of the traditional and core payments system and funds sources remains with the banking sector, regulators and the payment schemes.

So Google, Sony, Apple, Amazon etc will all have their roles to play - but it should not be at the expense of network integrity and betrayal of the consumer trust in the payments ecosystem.

Indeed some of these players could in themselves launch a new global payment brand tomorrow, and while transaction moment security may be wanting in some cases - they walk away with the dis-intermediated transactional data which is a powerful Customer relationship management by-product of payments.

Mobile and secure

The high focus on mobility and services from app stores is potentially a train wreck waiting to happen. Not all apps are security accredited and even if they are, it is not a consistent or accredited process in many cases. The focus on NFC functionality requires the app store to consider enhanced functionality underpinning application life cycle and security token life cycle management. Clearly an area for solutions companies like Bell ID to succeed in.

Yet do the app store providers understand this requirement and philosophy?Banking and Government sectors are well aware from their forays into multiple application smart card programs over the years and bodies like Global Platform. Is this now a new service call for Credential aggregation? If so, which brands and organisations are best positioned to uphold this trust model?

Losing sight

Payment system security and customer/merchant authentication is critical - no one can deny this. Yet, after 11 years, 3D-Secure for SecureCode and Verified by Visa remains an elusive solution in many online environments, particularly Australian online retail sites.

New retail and payments platforms go live each week, with some questionable propositions behind them, yet they are able to attract a base of transactors willing to participate - especially where convenience is strong.For example the Heathrow Express application for iPhone/iPad etc.

So while contactless/NFC may provide convenience, is a fraction of a second of card handling at the point of sale what the cardholder is looking for - understanding that the transaction is still going online for authorisation and the food is still cooking and the shopping is still being placed into bags?

Keeping in front of counterfeit, lost/stolen, account take over fraud remains unresolved. A partial Chip & PIN environment with mag stripe does not close the gap. Inconsistent terminal PINpad designs which expose Customer PINs in many retail environments to in-store cameras is another opening. The UK push for PIN shields was well received by all.

Phishing remains significant, yet the level of consumer education and even card issuer education remains wanting. Should issuers really be sending email marketing promotions that require you to click through to a website to register for cashback on your credit card - and worse request the cardholder to enter the card number into this webpage that has a dubiously selected URL name?

If we lose focus on the basics of payment system security, how can we logically ensure that each 'next big thing' in payments will stand up to the test of time? Importantly how do they stand up to the criminally minded segment who seek to either compromise data to make a point or use that data to conduct fraud?

Think of Yourself as a Customer

Ultimately, the consumer continues to transact blissfully. An increasing number of us are hit with ATM skimming fraud, online fraud and bear the pain of waiting for our bank to refund the lost monies and the frustration of re-establishing payments and direct debits for new accounts and cards.

The Customer, seeks their payment system to work first time, and every time. If it fails them, they do not want to be impacted by the fall out of that failure.

Who has truly developed the next big thing that will answer to that call?