Visa: Payment card industry needs to work smarter, not harder, to increase security

Richey noted that when Visa put together its first security summit some five years ago, the challenges the payment card industry and interested stakeholders faced was starkly different, as many of them were grappling with the first major, widespread data breaches of cardholder data.

“Issuers were challenged with the idea of how to prevent fraud in a new era of mass data compromise”, Richey said, adding that many merchants were, at the time, often unknowingly storing vast quantities of sensitive cardholder data.

A rather confident Richey said she was happy to address the crowd and proclaim, just six years later, that the industry has made great strides to improve security, regardless of the recent spate of data breaches that continue to make headlines.

“I firmly believe that the payments industry has done more to protect the consumer – and data – in our era, than any other industry”, she boldly declared. Richey pointed to the fact that card data is more secure today, with 99% of merchants around the globe no longer storing sensitive data on their systems and 75% of them having confirmed ongoing PCI compliance, a number that reaches 95% among the largest Level 1 and Level 2 merchants in the US.

Richey provided as evidence that increased use of cards to conduct commercial transactions is Exhibit A in consumers’ confidence regarding the use of credit/debit cards. Cutting through the accolades, however, she added that several trends require the attention of the payments industry going forward.

“[Consumers] still cite security as their top concern when using their cards, Richey lamented. “And most of them actually think the criminals are ahead of us”. The Visa executive then cited data showing that 61% of consumers believe cybercriminals are “one step ahead” of the card industry when it comes to data security and fraud.

“Obviously winning consumer trust is no easy feat”, she added, noting that earning and keeping that trust is the chief objective of those gathered at the summit.

Continuing along the same lines, Richey said that keeping up with cybercriminals has led to an exhaustive use of resources. The solution, she proposed, “is to get smarter. We don’t need to do more, but we need to get smarter in how we protect card data. We need to use all the intelligence we have at our disposal. I think that the opportunities to get smarter and fight fraud are all around us.”

Smarter data protection through tokenization and encryption, for example, were cited by Richey as methods to “shrink the card data environment” and reduce possible exposure.

Richey concluded by offering up three points to prevent fraud before it occurs. First is the proliferation of “smarter” payment devices, which includes the use of EVM (chip-and-pin) cards, which have experienced resistance in the US.

Additionally, those involved in payment transactions need to make their networks smarter “to help stop fraud either before, or at the moment it occurs”. The final suggestion Richey put forward was increased adoption of cardholder authentication methods, including two-factor authentication.

She acknowledged there are several barriers to adoption of these suggestions, including costs and infrastructure.

“We need to figure out how to overcome those barriers so we can work smarter together to get ahead of the criminals”, Richey concluded. “If we do this, security will go up and fraud will go down. It’s just that simple.”

What’s Hot on Infosecurity Magazine?