Given the convenience of electronic payments, it’s not likely cash will make a resurgence any time soon. The paper-based method may keep consumers safe in terms of a data breach, but it’s not beneficial at all for participating in global retail. E-commerce sellers don’t have to worry about digital methods drying up, but there is something to be said for acknowledging the public concern regarding payment information. Many shoppers worry their data gets compromised every time they swipe their debit card.
In response, several technology leaders designed new forms of security – for instance, the one-time-use token created to authorize purchases made with mobile wallets. E-commerce retailers should keep an eye on these emerging methods and see how the public perception shifts regarding payment protections.
Passwords were originally designed as an easy-to-remember method to keep consumer data safe. E-commerce retailers use passwords in conjunction with usernames to manage shopper accounts. However, an increasing number of websites require more complex credentials in an effort to prevent unauthorized access. Online stores ask for a mix of capitalized and lowercase letters and at least one number and special character. Different websites have different requirements, and it’s easy for users to forget which password goes to what specific account. To avoid frustration, consumers often use the same or similar passwords across all their web profiles. This practice is discouraged by security experts, however. A person’s entire online identity is jeopardized if a hacker gains access to the password for one of their accounts.
Still, if memorizing a string of characters was all that stood between a person and an identity thief, payment security wouldn’t be the problem it is today. In a conversation with The Cipher Brief, Brett McDowell, executive director of the Fast IDentity Online Alliance, explained how passwords themselves are ultimately weak and a poor method of protecting consumer identity. The FIDO Alliance is an organization dedicating to global payment authentication standards that do not rely on passwords.
McDowell explained many consumers accidentally give up their login data through phishing attacks. This is when an unauthorized third party masquerading as a trusted source requests a person’s username and password information. The victim, none the wiser, simply hands over their login credentials. In other cases of theft, hackers install malware on a user’s computer to record keystrokes or simply guess until they hit the jackpot. However, most stolen passwords are acquired through data breaches. According to McDowell, these widely reported acts compromised more than one billion passwords over time.
Selfies to authorize payments
The question arises: What are companies doing to find a better method of payment authorization? Many adopted fingerprint recognition technology such as Apple’s Touch ID. MasterCard, according to The Independent, took the idea a step further and introduced selfies as authentication. The company began testing its facial recognition software in the U.S. and the Netherlands. These two countries, along with the U.K., Belgium, Canada, France, Italy, Germany, Spain, Sweden, Denmark, Finland and Norway will be among the first to receive the new technology.
According to The Independent, 92 percent of those who first experienced the software said it was better than using passwords. Eighty-three percent of the security experts who tested it said the same. The website also noted MasterCard wasn’t the first financial service to find a new form of authentication. Banks HSBC, Barclays, NatWest and the Royal Bank of Scotland use voice authorization. The latter two also use fingerprint recognition software.
What e-commerce retailers can do in the meantime
Until other forms of security gain widespread popularity among consumers, online stores must continue to use keep shoppers safe with passwords. However, businesses can protect consumers and themselves by ensuring their payment processing company is PCI compliant.
Brought to you by PacNet Services, your one-stop global payment processing solution.