Financial technology (fintech) and payment security were hot topics at RSI Security’s recent PCI Expert Summit. Regulators are speeding up fintech plans in the pandemic era, as contactless and digital payments are exploding.
Mohan Shamachar, RSI Security’s Senior Security and Privacy Advisor, conducted the virtual session that covered how fintech is evolving, the modern payment security landscape, and how compliance fits in.
For consumers to safely process transactions, payment data security for fintech companies is pivotal in today’s world. From mobile wallets and contactless payments to cryptocurrencies, here’s what Mohan had to say about tomorrow’s fintech payment security landscape at the PCI Expert Summit.
Mobile Wallets and Contactless Payments
Mobile commerce and contactless payments are on the rise for fintech companies. In his session, Mohan highlighted the fact that mobile wallets and payments will become increasingly prevalent in 2021, making PCI compliance for payment processors even that much more critical.
Some mobile payment technologies that will continue to grow are near-field communication (NFC), mobile app barcodes, and in-app payment functionality. These typically use token-based or biometric authentication for payments. As these mobile wallets and contactless payment methods grow, PCI compliance becomes more important than ever.
Impact of COVID-19 on Payment Behavior
The COVID-19 pandemic has inextricably altered the way people pay for goods and services. Mohan pointed out that payment behavior is becoming not just driven by the need for speed and convenience, but also by safety and sanitation. Consumers are now more likely to prefer contactless payments to avoid physically touching screens and devices.
However, Mohan emphasized that there is no clear evidence that COVID-19 is transmitted by handling cash or credit cards. It’s simply a psychological barrier for many in the general public. Another trend that should continue is in the area of ordering online and picking up curbside. This lets people avoid paying in person altogether, making them feel safer.
Assess your PCI compliance
Data Security and Fraud Elimination
Mohan said that fintechs should be using any number of key methods, strategies, and technologies to ensure data security and eliminate fraud. First, he suggests using payment tokenization credentials where the token is calculated with the exact transaction amount. If the token is intercepted, it can’t be used for new purchases.
Biometric authentication is another method fintechs should be using, especially payment, banking, and investment apps. With biometric authentication, purchases can’t be made on a stolen device. Finally, Mohan recommends that Payment authorization details for contactless transactions be localized to your NFC field for tighter payment data security.
Tokenization vs. Encryption
Mohan advises fintechs to also be cognizant of the differences between tokenization and encryption. A token is a randomly generated value that can be securely stored on mobile devices and used to make purchases. Tokens are unique identifiers that help reduce the potential for card payment fraud.
Encryption involves the security of the card and terminal where a card is scanned. When data is transmitted, the card information going between the terminal and a back-end system is then scrambled and encrypted to prevent hackers from high-jacking card numbers. Mohan stresses the importance of using both encryption and tokenization for all fintech companies.
In his PCI Expert Summit talk, Mohan stressed the fact that fintech will continue to bring even more innovation in the near future, but not without risks. Users will continue to adopt mobile wallets, in-app purchases, and fintech-linked wearables. COVID-19 is driving a dramatic change in consumer payment behavior, and it’s up to fintechs to keep pace.
Meanwhile, threat actors will continue to attack the large payment processors and general card payment ecosystem. Merchants and service providers must follow cybersecurity best practices, comply with the data security standards, and work with trusted third-parties to shore up any gaps. The future is bright for fintech, as long as they keep payment security top of mind.