or wait 15 seconds
or wait 15 seconds
At left, Scott Harkey of Levvel, TS Anil of Visa, Jessica Turner of Mastercard, Jaromir Divilek of American Express and Ricardo Leite of Discover Financial Services discuss standards.
As mobile payments expand, credit card issuers find themselves challenged to develop technical protocols that ensure a seamless shopping experience for consumers. A panel of credit card issuers at the recent Money20/20 conference in Las Vegas offered a behind-the-scenes look at the challenges faced in keeping up with the rising use of apps and digital wallets.
The discussion focused on challenges in three areas: 1) a standard called 3DS to authenticate card-not-present transactions that will reduce fraud and false declines, 2) secure remote commerce and 3) tokenization, the process by which the primary account number is replaced with a surrogate value called a token.
Working through EMVCo, a partnership of credit card issuers, card issuers developed a standard called 3DS to authenticate card-not-present transactions to reduce fraud and false declines. By 2015, the industry recognized the need to create a new specification known as 3DS 2.0 that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions, according to the evmco.com website.
The panelists agreed that the new standard, along with secure remote commerce and tokenization, will contribute to a friction-free consumer experience. They acknowledged, however, that new standards require testing and fine tuning.
SRC continues to raise questions among merchants, noted Ricardo Leite, vice president and head of global products, innovation and strategic merchants partnerships at Discover Financial Services. Jaromir Divilek, executive vice president and head of American Express network and global network businesses, agreed, saying that friction continues to be a problem for online payments for many merchants.
"SRC goes beyond what's out there today," said Jessica Turner, executive vice president of digital payments and labs at Mastercard, adding that the standard is intended to allow payment networks to scale. Turner also went as far as to call 3DS 2.0 a game changer that delivers rich data from the merchant to the credit card issuer.
Merchants are increasingly adopting tokenization, added TS Anil, global head of payments and platforms at Visa, referencing the process by which the primary account number is replaced with a surrogate value called a token.
According to the PCI Security Standards Council, a token relies on the infeasibility of determining the original primary account number knowing only the surrogate value. Tokens used within merchant systems and applications do not necessarily require the same level of security associated with the use of a primary account number, according to the council's website. Tokens offer an alternative to reduce the amount of cardholder data in the environment, which can lessen the merchant's effort to implement PCI DSS requirements, the website notes.
Turner agreed that tokenization serves a purpose since tokens can prevent disruption of service. She said it is important that tokens be able to carry dynamic data, such as consumer data for merchants to access, known as "card on file" tokens.
The panelists also said that the different standards are capable of working together for merchants and consumers.
Integrating 3DS with SRC and tokenization can deliver the user experience today's consumers are seeking, Turner said. "I see them playing together," she said.
Divilek agreed, saying the different protocols are not an "either/or" proposition. SRC has its own authentication module that the merchant can choose to deactivate and use 3DS in its place, he said.
"One size won't fit all," Leite agreed, adding that it is important for the card issuers to explain to merchants the value the protocols bring.
Card issuers need to figure out the best approach for educating stakeholders about standards, the panelists agreed.
Consumers, for their part, don't need to know how the protocols work, Divilek said, but they need to know that their information is secure, a point on which the other panelists concurred. Anil added that younger consumers in particular are interested in knowing who is going to see their personal information.
There is no lack of acronyms in today's payments ecosystem, as moderator Scott Harkey, payments lead at Levvel, pointed out there are other standards to consider, such as the Fast Identity Online Alliance, known as FIDO, the goal of which is to provide secure user authentication experiences across many websites and services. He emphasized that merchants need to vocalize their concerns about these different but emerging standards.
"The ecosystem will get there," said Anil.
Elliot Maras is the editor of KioskMarketplace.com and VendingTimes.com.