J638-SkyParlour-myPINpad-Whitepaper-v4

Transcription

J638-SkyParlour-myPINpad-Whitepaper-v4
myPINpad
Digital payments – Bridging the gap
between convenience and security
Created by
Introduction
The payment industry has many challenges.
There currently exist significant gaps between:
The consumer’s desire for an easy to use payment
environment and for that to also be a secure one;
The merchant’s desire to improve the customer
journey, but an inability to do so within existing
payment infrastructures
innovation in new technologies for authentication
and the challenges to adopt them; and
This white paper will look at these gaps and examine
the effect they are having on digital commerce. It
will also examine the consumer, merchant and bank
perspective to analyse what they believe needs to be
done to bridge these gaps.
Finally, it will take a case study and propose a solution
to the above challenges that allows for innovation to
be accepted into the existing payments ecosystem in
an evolutionary, not revolutionary, way.
The need for simplicity and often the complexity
to deliver secure digital payments.
Created by
2
Limitations in the Current
Purchasing Ecosystem
Innovation without practical application is just an idea.
E-commerce has revolutionised our ability to shop, and
we can do so virtually without boundaries and with
seemingly limitless choices. Fashion, entertainment,
groceries, travel, you name it, the choice and ability
to compare is almost limitless. The world is truly a
global marketplace and e-commerce is booming, with
an average year on year rise of 20.3% since 2012.1
Customers are shopping like never before.
The challenge for the online merchant is that, in the
digital environment, there are a greater number of
shoppers just browsing and not actually buying their
products.
If you are in a supermarket and you have a trolley full
of groceries, it’s highly unlikely that you’ll walk away
from the trolley without completing your purchases.
But in the world of e-commerce, this is very common.
A 2014 study of abandonment rates found that an
average of 68.07%2 of online shopping carts are
abandoned. While this cannot be directly equated
to the factors addressed in this white paper, the
figure is nonetheless significant.
In almost seven out of ten cases, online consumers
do not complete the purchasing process.
Assuming that the consumer began their shopping
experience with a clear intent to purchase because
items were placed in the checkout basket, it is
important for the merchant to understand what is
going wrong if the consumer fails to complete the
buying process. A 2012 survey by Satistica3 showed
that 56% of consumers had abandoned a cart due to
hidden costs.
The survey showed that 18% of consumers
abandoned their cart because they felt the security
was excessive. However, 17% abandoned their cart
because they had concerns about insufficient security.
Inconvenient security is something all customers
are too familiar with. Forgotten passwords, copying
down long numbers on the front of cards, 3-D Secure
(3DS) forms which require additional passwords and
so on. All of these present barriers to completing
the purchase and almost one in five purchases
are abandoned because of them.1 If you were at a
check-out in a bricks and mortar store and had to
provide several passwords, your date of birth and
your mother’s maiden name, the chances are that
you would consider these to be somewhat excessive.
Yet, because of the lack of face-to-face interaction,
in the e-commerce environment this is the standard
purchasing process. In other words historically there
was greater trust for face to face transactions than
within the anonymity of the e-commerce environment.
Security concerns cause 35% of all
abandoned carts. Putting that in
monetary terms, the cost to retailers is
estimated to be $1.4 trillion in 2015.4
Clearly that figure is a powerful driving force for
merchants and acquirers to consider how to get the
balance right between rigorous and unobtrusive
security.
Complicated websites meant that 25% of shoppers gave
up before completion and unsuitable delivery options
had the same result for 16% of shoppers. But hidden
within these factors are important security concerns,
some of which may appear to be contradictory.
Emarketer (February 2014)
Baymard Institute (December 2014)
3
Statista (2012)
4
UK Business Insider (March 2015)
1
2
Created by
3
Building trust by bridging the gaps with
user-centric authentication systems
Very often the consumer does not know what to ask
for in terms of security but they DO know the following
are the most important:
T
rust – The consumer wants an authentication
method that they can trust. Something that they
can rely upon and are familiar with.
Security and privacy – The consumer wants
something that is secure, and therefore protects
their assets and their privacy.
Usability and experience – It has to be easy
to use. It can’t be clunky and it can’t be time
consuming, but it STILL needs to be secure.
Value-Add – Consumers are increasingly
conscious that they have choices, and retailers
are struggling to meet the demand. Innovations
in authentication enable the seamless integration
of value-add services (such as coupons and
loyalty discounts). Not only does this add value to
the customer experience, it builds loyalty to the
merchant.
From a retail perspective, the Internet has sharpened
the need for competitive-edge and purchasing cycles
that used to last years now only last weeks, or at best,
months. The drive to provide greater customer service
cannot however be at the expense of security, or
profit:
Protection of investment - Existing
infrastructure and business processes cannot be
thrown away in favour of non-traditional payment
channels until the old infrastructure has reached
end-of-life. Innovation must enable improvements
over existing infrastructure in the first instance.
Customer loyalty - Many of today’s consumers
are less attached to product brand than they
are the overall purchasing experience. Amazon,
for example, is expert in making the consumer’s
journey almost frictionless and very personal.
Shoppers are loyal to the Amazon experience and
buy products promoted through their website and
not necessarily those brands which are not.
Created by
Future-Proofing - Investment in payment
infrastructure represents a significant portion of
profits that are traditionally in single-digit margins.
Any expense must be fit for purpose and have the
capability to adapt as the ecosystem changes.
Value-Add Services - Consumers don’t always
choose one site over another based on price alone
(paying a higher price for an airfare to get frequent
flyer miles for example). From instant coupons, to
loyalty points, to offering personalisation, it’s the
value-add services that control the competitive
edge.
Of course, the payments industry has its own
requirements too:
T
echnology – The technology has to be compliant
with existing regulations, and it has to be worth
the investment. NFC technology, for example, was
hailed back in 2003 as being the next revolution in
payments, but for many reasons it has yet to fulfil
its potential in many markets.
Processes - Banks have existing payment and
acquiring processes in place. New technology has
to slot neatly into these, with minimal disruption, or
banks will not be interested.
Security – Banks have their own concerns
about security. No bank will adopt new payment
technologies unless they are proven to be secure
enough to meet their risk appetite.
Schemes – Card Schemes have their own rules
and regulations and have invested heavily in
their own security methods such as 3DS. New
technology has to work in partnership with these,
not work against them. Enable and support, not
replace.
Global Acquiring Network – Payments is a global
business. Is the new technology capable of being
accepted globally? If not, banks won’t be interested.
4
What about Biometrics?
Biometric based security is increasingly part of our
lives. iPhone 5 and 6 users will be used to unlocking
their phone with their thumbprint, as will users of the
Samsung Galaxy S5. Equally, travellers to the US will
have experience of giving fingerprints as they clear
immigration. Biometrics are increasingly part of our
everyday experience.
As consumers get more and more used to biometrics,
it is expected that this technology will continue to
develop as will it’s greater acceptance.
Biometric technology has the potential to improve
security and improve customer experience. After
all, a fingerprint is not something that has to be
remembered. However, it is by no means the silver bullet.
It is still a single factor authentication system so isn’t
acceptable for all transactions. In bricks and mortar
shops, for example, NFC transactions are limited to
small amounts of money so, for larger transactions,
secondary authentication, in the form of the PIN, is
required. Regardless of the method deployed it is very
likely that single factor authentication including the
use of biometrics will remain insufficient. So, for both
face-to-face and remote transactions, there will still
be a critical role for the PIN. Furthermore, there will
remain major challenges for industry on how evolving
biometric technology solutions fit within existing
infrastructure and legal frameworks and how to
manage the associated costs.
Payment security and
user experience gap
could cost merchants
$1.4 trillion in 2015
The rewards of bridging the gap
For consumers, the most obvious gap is between
payment security and ease of use. This gap could cost
retailers $1.4trillion in 2015.
For the retail industry, the gap between is implementing
payment technology that gives consumers the shopping
and payments experience they want, while still being
affordable and compatible with existing systems.
The answer is to ‘bridge’ the gap in an evolutionary way,
rather than with a revolutionary one. To give consumers
a seamless payment experience using a trusted and
familiar system while providing merchants and the
payments industry with a system that will work with both
existing and new technologies, including all innovations in
authentication and identity management.
Created by
5
What should this system look like?
The need for security and the need for ease of use are
both understood, as is the knowledge that consumers
want something they know and trust. So, for many
years the industry has used the Personal Identification
Number, or PIN.
Giving the consumers the ability to use their existing
PIN numbers on devices such as mobiles (that they
take everywhere with them), tablets and laptops is
a logical next step for branded card payments. It’s
a tried, tested and relatively painless authentication
method, and consumers have little issue with using
PINs to make payments in-store and to withdraw cash
from ATMs.
Not only consumers, but the entire payments
ecosystem wants security across all shopping
channels. All authentication solutions need to address
the requirements of all players and recognise that
in using mobile devices, these have traditionally
been considered unsecure. There is now however a
growing understanding that as platforms for multifactorial authentication, mobile devices would be
very convenient for authenticating e-commerce
transactions and if that could include the use of the
cardholder PIN this would offer significant advantages.
For an authentication service to embrace the
needs of all the stakeholders it must place them
in a transformational self-hosted platform, or
Software as a Service (SaaS) and recreate the secure
components found within the built-for-purpose PIN
Entry Devices (PEDs). In this way the same level of
security that has been in use for more than 25 years
for ATM transactions would be available on all mobile
platforms, with authentication delivered through
existing payments protocols and infrastructure.
Key to entering the Cardholder’s PIN securely into
the user’s device is the ability to completely bypass
the various system buffers and memory including
the screen and keyboard buffers while at the same
time combining other forms of authentication in the
background. This provides true multi-factor assurance
with that same minimal level of effort as when entering
the PIN alone.
Created by
To achieve this, a unique real-time tokenisation and
encryption system that renders the PIN unreadable
and unrecoverable is required. This is similar to the
principle of a physical prism, but instead of refracting
light, it totally randomises the PIN input through
a multi-layer refraction process that presents an
alternative keypad to the user every time. The device
and ALL buffers/memory are then totally convinced
a different number to the real Cardholder PIN was
correctly entered by the user.
No customer information should ever be stored
and their personal details are therefore secure.
And because the authorisation channel is entirely
separated from the payment channel no cardholder
data can be exposed. Use of tokenisation technology
further reduces the risk to cardholder data.
The system should act as a ‘bridge’ between existing
and new authentication methods. No matter
what method a merchant uses, even biometric,
authentication mechanisms should be accessed
through the Cardholder PIN to minimise adoption and
integration costs.
1.
For consumers, they complete transactions using
a simple authentication method they know and
trust – by continuing to use their PIN, there are no
multiple passwords to remember, no more maiden
names and birthdays to enter. Just a simple, every
day, number.
2.
For banks, they have increased ability to securely
authenticate customers and cut down on fraud
and increase trust in e-commerce.
3.
For merchants, the have a simple and secure way
to take payments. And simple and secure payment
methods mean fewer abandoned sales.
Today, such a solution is available from myPINpad.
6
Conclusion
It might seem a cliché to say that clunky authentication
methods are holding back e-commerce, but, like many
clichés, it is true.
The facts speak for themselves in terms of the cost to
merchants of abandoned purchases.
Equally, as technology continues to outstrip ability to
adopt it, any payment method has to enable existing
infrastructure investment to keep pace with new
authentication protocols and systems.
At myPINpad our team has managed to independently
validate the combination of the simple with the robust
and to demonstrate that PIN entry on mobile devices
can indeed be at least as good as current industry
best practices and expectations regarding compliance.
A simple system to authenticate a consumer making a
payment and a robust authentication and encryption
system to stop fraud and boost consumer, bank and
merchant confidence is indeed now available. As
mobile based shopping grows and authentication in
an e-commerce environment becomes ever more
important there is a strong argument to adopt new
solutions that bridge the gap between convenience
and security. myPINpad provides that solution.
Contact details
www.mypinpad.com
[email protected]
Kimberley Waldron
T: +44(0)844 2939 764
Follow us @mypinpad
Created by
7
The myPINpad Leadership Team
Philip King, Executive Chairman & CEO
Philip is a senior executive in a diverse range of
businesses for over 35 years. He has substantive
payments industry experience and has held technology
and business leadership and consulting roles in some
of the world’s leading financial services institutions in
the UK, Europe and South Africa. He has built several
internationally successful businesses.
In 2008 Philip co-founded Asia Principal Capital, an
investment banking and strategic advisory company, with
offices in Sydney and Singapore. He has significant M&A,
capital raising and strategy development experience.
Philip has extensive private and public company director
experience. As CEO of myPINpad Philip is building a
world-class team and is driving the execution of the
strategy and plan. He has been a private equity investor
for more than 20 years so his commitment to myPINpad
represents the confidence he has in the solution.
Areas of expertise for media: myPINpad solution,
Mobile Payments, Finance Industry, Electronic Payments,
Payments Industry, Investment Banking, Capital Raising.
Justin Pike, Chief Technology Officer
Justin has been an innovator in the IT and m-commerce
industry for over 15 years.
Initially developing one of the world’s first automated
top-up platforms for prepay mobile phone vouchers,
has also advised and completed projects with
various Telco’s around the world. Following a move
to Melbourne, Australia in the early 90’s, Justin cofounded eNett International, now considered to be one
of the world leaders and most innovative companies in
the travel payments sector and processing billions of
dollars in transactions.
Justin founded myPINpad in 2012 after developing the
core intellectual property and is currently helping steer
the company, globally deploying and integrating with
many of the world’s largest internet sites and financial
processors. Justin is responsible for new product
design/market opportunities utilising the Core IP at
myPINpad. Justin has a Computer Science BSc Hons
from the University of Glamorgan.
Created by
Areas of expertise for the media: myPINpad technology,
Mobile Commerce, Payments, Authentication, Technology
Innovation, Product Development.
David Poole, Business Development Director
David’s career has spanned over 20 years at the
forefront of new technology and payment processes.
In previous roles he spearheaded the integration of
electronic payments with custom POS solutions in
hospitality and retail both in UK and USA.
Prior to joining the myPINpad team in 2013 David
held a MD position at Miura, a technology company
founded to reshape electronic payments. He oversaw
the commercial success of the company during the 3
years he held this position. When he was introduced to
the myPINpad solution and team he demonstrated his
belief in the business by joining and is now responsible
for the global business development.
Areas of expertise for media: myPINpad Solution, Mobile
Payments, POS, Electronic Payments, Technology
Innovation, Payment Card Processes, Authentication.
Allan Syms, Commercial Director
Allan is an experienced international technology and
life sciences senior executive, with extensive PLC board
level and Public Sector Service experience. He has an
in-depth background in licensing, corporate financing,
IPO’s, M&A and managing strategic change with blue
chip companies worldwide. Allan has been a driving
force in the launch and commercial promotion of the
myPINpad solution.
Allan is a PhD and undertook postdoctoral studies at
Baylor College of Medicine and Oxford University.
Areas of expertise for media: myPINpad Solution,
Marketing, Investment, IP Management, Licensing
and Technology Transfer.
8
The myPINpad Leadership Team Cont.
David Froud, Head of Global Compliance & Risk
David Muxworthy, Finance Director
David is an experienced data security and regulatory
compliance practitioner with proven ability to deliver
collaborative data security and payment innovation
solutions to high-end corporate clients.
David is a Chartered Accountant with over 20 years of
domestic and International commercial experience.
David is a co-Founder of myPINpad Limited and has
successfully built and managed the sale of a high
technology business to a global leader in its sector.
David has held senior positions in technology and
payments businesses for over 15 years and is a
renowned figure within the industry for his depth
of knowledge.
Areas of expertise: myPINpad solution, Finance, Corporate
Governance, HR.
David is so confident in the myPINpad solution he left
the PCI DSS industry to join the team in November
2014. David is responsible for the security and
regulatory compliance of the MPP technology globally.
David is highly certified in the payments and security
sectors and is a frequent speaker at industry events.
Areas of expertise for media: myPINpad solution, Mobile /
Electronic Payments, Regulatory Compliance, Data Security,
Anti-Fraud, Identity Management & Authentication
Jon Pinkerton, Head of Innovation
Jon is a technology and product innovator both inside
and outside of the payments industry. He is able to
combine customer insight, technical know-how and
articulate this into actionable product strategies that
are aligned with an organisations overall business
vision.
Jon is active across the payments industry throughout
Australasia, North America and the United Kingdom
with networks into Banks, Financial Service providers
and start-ups, he has unique insight into the disruption
occurring in payments.
As Jon has a long history of supporting, integrating
and developing payments software and solutions
and leading Payment technologists. Jon’s experience
makes him a perfect fit for the myPINpad team and the
solution’s Head of Innovation.
Areas of expertise for media: myPINpad solution, Payments,
Data Security, Fraud, Innovation, Electronic Payments.
Created by
9