J638-SkyParlour-myPINpad-Whitepaper-v4
Transcription
J638-SkyParlour-myPINpad-Whitepaper-v4
myPINpad Digital payments – Bridging the gap between convenience and security Created by Introduction The payment industry has many challenges. There currently exist significant gaps between: The consumer’s desire for an easy to use payment environment and for that to also be a secure one; The merchant’s desire to improve the customer journey, but an inability to do so within existing payment infrastructures innovation in new technologies for authentication and the challenges to adopt them; and This white paper will look at these gaps and examine the effect they are having on digital commerce. It will also examine the consumer, merchant and bank perspective to analyse what they believe needs to be done to bridge these gaps. Finally, it will take a case study and propose a solution to the above challenges that allows for innovation to be accepted into the existing payments ecosystem in an evolutionary, not revolutionary, way. The need for simplicity and often the complexity to deliver secure digital payments. Created by 2 Limitations in the Current Purchasing Ecosystem Innovation without practical application is just an idea. E-commerce has revolutionised our ability to shop, and we can do so virtually without boundaries and with seemingly limitless choices. Fashion, entertainment, groceries, travel, you name it, the choice and ability to compare is almost limitless. The world is truly a global marketplace and e-commerce is booming, with an average year on year rise of 20.3% since 2012.1 Customers are shopping like never before. The challenge for the online merchant is that, in the digital environment, there are a greater number of shoppers just browsing and not actually buying their products. If you are in a supermarket and you have a trolley full of groceries, it’s highly unlikely that you’ll walk away from the trolley without completing your purchases. But in the world of e-commerce, this is very common. A 2014 study of abandonment rates found that an average of 68.07%2 of online shopping carts are abandoned. While this cannot be directly equated to the factors addressed in this white paper, the figure is nonetheless significant. In almost seven out of ten cases, online consumers do not complete the purchasing process. Assuming that the consumer began their shopping experience with a clear intent to purchase because items were placed in the checkout basket, it is important for the merchant to understand what is going wrong if the consumer fails to complete the buying process. A 2012 survey by Satistica3 showed that 56% of consumers had abandoned a cart due to hidden costs. The survey showed that 18% of consumers abandoned their cart because they felt the security was excessive. However, 17% abandoned their cart because they had concerns about insufficient security. Inconvenient security is something all customers are too familiar with. Forgotten passwords, copying down long numbers on the front of cards, 3-D Secure (3DS) forms which require additional passwords and so on. All of these present barriers to completing the purchase and almost one in five purchases are abandoned because of them.1 If you were at a check-out in a bricks and mortar store and had to provide several passwords, your date of birth and your mother’s maiden name, the chances are that you would consider these to be somewhat excessive. Yet, because of the lack of face-to-face interaction, in the e-commerce environment this is the standard purchasing process. In other words historically there was greater trust for face to face transactions than within the anonymity of the e-commerce environment. Security concerns cause 35% of all abandoned carts. Putting that in monetary terms, the cost to retailers is estimated to be $1.4 trillion in 2015.4 Clearly that figure is a powerful driving force for merchants and acquirers to consider how to get the balance right between rigorous and unobtrusive security. Complicated websites meant that 25% of shoppers gave up before completion and unsuitable delivery options had the same result for 16% of shoppers. But hidden within these factors are important security concerns, some of which may appear to be contradictory. Emarketer (February 2014) Baymard Institute (December 2014) 3 Statista (2012) 4 UK Business Insider (March 2015) 1 2 Created by 3 Building trust by bridging the gaps with user-centric authentication systems Very often the consumer does not know what to ask for in terms of security but they DO know the following are the most important: T rust – The consumer wants an authentication method that they can trust. Something that they can rely upon and are familiar with. Security and privacy – The consumer wants something that is secure, and therefore protects their assets and their privacy. Usability and experience – It has to be easy to use. It can’t be clunky and it can’t be time consuming, but it STILL needs to be secure. Value-Add – Consumers are increasingly conscious that they have choices, and retailers are struggling to meet the demand. Innovations in authentication enable the seamless integration of value-add services (such as coupons and loyalty discounts). Not only does this add value to the customer experience, it builds loyalty to the merchant. From a retail perspective, the Internet has sharpened the need for competitive-edge and purchasing cycles that used to last years now only last weeks, or at best, months. The drive to provide greater customer service cannot however be at the expense of security, or profit: Protection of investment - Existing infrastructure and business processes cannot be thrown away in favour of non-traditional payment channels until the old infrastructure has reached end-of-life. Innovation must enable improvements over existing infrastructure in the first instance. Customer loyalty - Many of today’s consumers are less attached to product brand than they are the overall purchasing experience. Amazon, for example, is expert in making the consumer’s journey almost frictionless and very personal. Shoppers are loyal to the Amazon experience and buy products promoted through their website and not necessarily those brands which are not. Created by Future-Proofing - Investment in payment infrastructure represents a significant portion of profits that are traditionally in single-digit margins. Any expense must be fit for purpose and have the capability to adapt as the ecosystem changes. Value-Add Services - Consumers don’t always choose one site over another based on price alone (paying a higher price for an airfare to get frequent flyer miles for example). From instant coupons, to loyalty points, to offering personalisation, it’s the value-add services that control the competitive edge. Of course, the payments industry has its own requirements too: T echnology – The technology has to be compliant with existing regulations, and it has to be worth the investment. NFC technology, for example, was hailed back in 2003 as being the next revolution in payments, but for many reasons it has yet to fulfil its potential in many markets. Processes - Banks have existing payment and acquiring processes in place. New technology has to slot neatly into these, with minimal disruption, or banks will not be interested. Security – Banks have their own concerns about security. No bank will adopt new payment technologies unless they are proven to be secure enough to meet their risk appetite. Schemes – Card Schemes have their own rules and regulations and have invested heavily in their own security methods such as 3DS. New technology has to work in partnership with these, not work against them. Enable and support, not replace. Global Acquiring Network – Payments is a global business. Is the new technology capable of being accepted globally? If not, banks won’t be interested. 4 What about Biometrics? Biometric based security is increasingly part of our lives. iPhone 5 and 6 users will be used to unlocking their phone with their thumbprint, as will users of the Samsung Galaxy S5. Equally, travellers to the US will have experience of giving fingerprints as they clear immigration. Biometrics are increasingly part of our everyday experience. As consumers get more and more used to biometrics, it is expected that this technology will continue to develop as will it’s greater acceptance. Biometric technology has the potential to improve security and improve customer experience. After all, a fingerprint is not something that has to be remembered. However, it is by no means the silver bullet. It is still a single factor authentication system so isn’t acceptable for all transactions. In bricks and mortar shops, for example, NFC transactions are limited to small amounts of money so, for larger transactions, secondary authentication, in the form of the PIN, is required. Regardless of the method deployed it is very likely that single factor authentication including the use of biometrics will remain insufficient. So, for both face-to-face and remote transactions, there will still be a critical role for the PIN. Furthermore, there will remain major challenges for industry on how evolving biometric technology solutions fit within existing infrastructure and legal frameworks and how to manage the associated costs. Payment security and user experience gap could cost merchants $1.4 trillion in 2015 The rewards of bridging the gap For consumers, the most obvious gap is between payment security and ease of use. This gap could cost retailers $1.4trillion in 2015. For the retail industry, the gap between is implementing payment technology that gives consumers the shopping and payments experience they want, while still being affordable and compatible with existing systems. The answer is to ‘bridge’ the gap in an evolutionary way, rather than with a revolutionary one. To give consumers a seamless payment experience using a trusted and familiar system while providing merchants and the payments industry with a system that will work with both existing and new technologies, including all innovations in authentication and identity management. Created by 5 What should this system look like? The need for security and the need for ease of use are both understood, as is the knowledge that consumers want something they know and trust. So, for many years the industry has used the Personal Identification Number, or PIN. Giving the consumers the ability to use their existing PIN numbers on devices such as mobiles (that they take everywhere with them), tablets and laptops is a logical next step for branded card payments. It’s a tried, tested and relatively painless authentication method, and consumers have little issue with using PINs to make payments in-store and to withdraw cash from ATMs. Not only consumers, but the entire payments ecosystem wants security across all shopping channels. All authentication solutions need to address the requirements of all players and recognise that in using mobile devices, these have traditionally been considered unsecure. There is now however a growing understanding that as platforms for multifactorial authentication, mobile devices would be very convenient for authenticating e-commerce transactions and if that could include the use of the cardholder PIN this would offer significant advantages. For an authentication service to embrace the needs of all the stakeholders it must place them in a transformational self-hosted platform, or Software as a Service (SaaS) and recreate the secure components found within the built-for-purpose PIN Entry Devices (PEDs). In this way the same level of security that has been in use for more than 25 years for ATM transactions would be available on all mobile platforms, with authentication delivered through existing payments protocols and infrastructure. Key to entering the Cardholder’s PIN securely into the user’s device is the ability to completely bypass the various system buffers and memory including the screen and keyboard buffers while at the same time combining other forms of authentication in the background. This provides true multi-factor assurance with that same minimal level of effort as when entering the PIN alone. Created by To achieve this, a unique real-time tokenisation and encryption system that renders the PIN unreadable and unrecoverable is required. This is similar to the principle of a physical prism, but instead of refracting light, it totally randomises the PIN input through a multi-layer refraction process that presents an alternative keypad to the user every time. The device and ALL buffers/memory are then totally convinced a different number to the real Cardholder PIN was correctly entered by the user. No customer information should ever be stored and their personal details are therefore secure. And because the authorisation channel is entirely separated from the payment channel no cardholder data can be exposed. Use of tokenisation technology further reduces the risk to cardholder data. The system should act as a ‘bridge’ between existing and new authentication methods. No matter what method a merchant uses, even biometric, authentication mechanisms should be accessed through the Cardholder PIN to minimise adoption and integration costs. 1. For consumers, they complete transactions using a simple authentication method they know and trust – by continuing to use their PIN, there are no multiple passwords to remember, no more maiden names and birthdays to enter. Just a simple, every day, number. 2. For banks, they have increased ability to securely authenticate customers and cut down on fraud and increase trust in e-commerce. 3. For merchants, the have a simple and secure way to take payments. And simple and secure payment methods mean fewer abandoned sales. Today, such a solution is available from myPINpad. 6 Conclusion It might seem a cliché to say that clunky authentication methods are holding back e-commerce, but, like many clichés, it is true. The facts speak for themselves in terms of the cost to merchants of abandoned purchases. Equally, as technology continues to outstrip ability to adopt it, any payment method has to enable existing infrastructure investment to keep pace with new authentication protocols and systems. At myPINpad our team has managed to independently validate the combination of the simple with the robust and to demonstrate that PIN entry on mobile devices can indeed be at least as good as current industry best practices and expectations regarding compliance. A simple system to authenticate a consumer making a payment and a robust authentication and encryption system to stop fraud and boost consumer, bank and merchant confidence is indeed now available. As mobile based shopping grows and authentication in an e-commerce environment becomes ever more important there is a strong argument to adopt new solutions that bridge the gap between convenience and security. myPINpad provides that solution. Contact details www.mypinpad.com [email protected] Kimberley Waldron T: +44(0)844 2939 764 Follow us @mypinpad Created by 7 The myPINpad Leadership Team Philip King, Executive Chairman & CEO Philip is a senior executive in a diverse range of businesses for over 35 years. He has substantive payments industry experience and has held technology and business leadership and consulting roles in some of the world’s leading financial services institutions in the UK, Europe and South Africa. He has built several internationally successful businesses. In 2008 Philip co-founded Asia Principal Capital, an investment banking and strategic advisory company, with offices in Sydney and Singapore. He has significant M&A, capital raising and strategy development experience. Philip has extensive private and public company director experience. As CEO of myPINpad Philip is building a world-class team and is driving the execution of the strategy and plan. He has been a private equity investor for more than 20 years so his commitment to myPINpad represents the confidence he has in the solution. Areas of expertise for media: myPINpad solution, Mobile Payments, Finance Industry, Electronic Payments, Payments Industry, Investment Banking, Capital Raising. Justin Pike, Chief Technology Officer Justin has been an innovator in the IT and m-commerce industry for over 15 years. Initially developing one of the world’s first automated top-up platforms for prepay mobile phone vouchers, has also advised and completed projects with various Telco’s around the world. Following a move to Melbourne, Australia in the early 90’s, Justin cofounded eNett International, now considered to be one of the world leaders and most innovative companies in the travel payments sector and processing billions of dollars in transactions. Justin founded myPINpad in 2012 after developing the core intellectual property and is currently helping steer the company, globally deploying and integrating with many of the world’s largest internet sites and financial processors. Justin is responsible for new product design/market opportunities utilising the Core IP at myPINpad. Justin has a Computer Science BSc Hons from the University of Glamorgan. Created by Areas of expertise for the media: myPINpad technology, Mobile Commerce, Payments, Authentication, Technology Innovation, Product Development. David Poole, Business Development Director David’s career has spanned over 20 years at the forefront of new technology and payment processes. In previous roles he spearheaded the integration of electronic payments with custom POS solutions in hospitality and retail both in UK and USA. Prior to joining the myPINpad team in 2013 David held a MD position at Miura, a technology company founded to reshape electronic payments. He oversaw the commercial success of the company during the 3 years he held this position. When he was introduced to the myPINpad solution and team he demonstrated his belief in the business by joining and is now responsible for the global business development. Areas of expertise for media: myPINpad Solution, Mobile Payments, POS, Electronic Payments, Technology Innovation, Payment Card Processes, Authentication. Allan Syms, Commercial Director Allan is an experienced international technology and life sciences senior executive, with extensive PLC board level and Public Sector Service experience. He has an in-depth background in licensing, corporate financing, IPO’s, M&A and managing strategic change with blue chip companies worldwide. Allan has been a driving force in the launch and commercial promotion of the myPINpad solution. Allan is a PhD and undertook postdoctoral studies at Baylor College of Medicine and Oxford University. Areas of expertise for media: myPINpad Solution, Marketing, Investment, IP Management, Licensing and Technology Transfer. 8 The myPINpad Leadership Team Cont. David Froud, Head of Global Compliance & Risk David Muxworthy, Finance Director David is an experienced data security and regulatory compliance practitioner with proven ability to deliver collaborative data security and payment innovation solutions to high-end corporate clients. David is a Chartered Accountant with over 20 years of domestic and International commercial experience. David is a co-Founder of myPINpad Limited and has successfully built and managed the sale of a high technology business to a global leader in its sector. David has held senior positions in technology and payments businesses for over 15 years and is a renowned figure within the industry for his depth of knowledge. Areas of expertise: myPINpad solution, Finance, Corporate Governance, HR. David is so confident in the myPINpad solution he left the PCI DSS industry to join the team in November 2014. David is responsible for the security and regulatory compliance of the MPP technology globally. David is highly certified in the payments and security sectors and is a frequent speaker at industry events. Areas of expertise for media: myPINpad solution, Mobile / Electronic Payments, Regulatory Compliance, Data Security, Anti-Fraud, Identity Management & Authentication Jon Pinkerton, Head of Innovation Jon is a technology and product innovator both inside and outside of the payments industry. He is able to combine customer insight, technical know-how and articulate this into actionable product strategies that are aligned with an organisations overall business vision. Jon is active across the payments industry throughout Australasia, North America and the United Kingdom with networks into Banks, Financial Service providers and start-ups, he has unique insight into the disruption occurring in payments. As Jon has a long history of supporting, integrating and developing payments software and solutions and leading Payment technologists. Jon’s experience makes him a perfect fit for the myPINpad team and the solution’s Head of Innovation. Areas of expertise for media: myPINpad solution, Payments, Data Security, Fraud, Innovation, Electronic Payments. Created by 9