Biometrics centrepiece of new Visa security roadmap
The financial services giant has launched its 2020 and beyond roadmap first in Australia, focusing initially on biometrics for payment authorisation, '3-D Secure' fraud detection, and pushing the use of tokenisation.
Visa has lifted the lid on its new security roadmap, focusing initially on biometrics, with Joe Cunningham, Head of Risk for Asia Pacific at Visa, touting the technology as having an important place in the future of payments.
Although the technology is not brand new, Cunningham said it is now at a point where Visa and its ecosystem of banks, merchants, fintech firms, service providers, law enforcement, and cardholders feel comfortable supporting it, as he said certain forms of biometrics have reached a stable and secure level.
"We always expected biometrics to get to a point where they would play an important role in payments, in fact we expected biometrics to play an important role in our lives as we go about our day-to-day business whether it's accessing buildings, our car, or an online service," he said.
"So there's no surprise that payments has been front and centre when it comes to biometric adoption.
"Everyone thinks of biometrics when they think about payments in the future."
According to Visa, another element the use of biometrics offers is a solution to what he labelled as "fairly substantial" pain-points in the Australian market.
"Research shows that here in Australia we have a memory issue when it comes to PINs and passwords; this goes to just human nature and people's desire to use the same ones," Cunningham explained.
"Only one in four Australians use unique passwords for different services; and 23 percent of Australians use the same PIN for all their debit and credit card accounts."
However, he said 67 percent of Australians believe that biometrics makes password authentication easier and that customers feel comfortable with their financial institutions storing and protecting their biometric information.
"The average Australian will [soon] have 200 different online accounts -- that will require them to remember different PINs and passwords,"
The Visa Future of Security Roadmap aims to set the direction for Australian payments security from 2017 through to at least 2020, and follows on from Visa's seven point security plan that it launched a number of years ago, with then-emerging chip technology being its centrepiece.
The roadmap will be tweaked and launched in multiple countries, but the global financial services giant launched it in Australia first, given the speed at which Australians have taken to new payment methods over the last decade.
"I come here a few times a year and every time I do it's like a visit to the future compared to some of the markets in which I operate," Cunningham explained.
"We have substantial penetration of electronic payments in Australia -- a serious shrinking in the use of cash -- and there are actually very few places left in Australia where non-chip terminals are still in existence."
PayWave adoption is also high, with 92 percent of face-to-face payments made using PayWave. As a result, a 2018 roadmap item is 100 percent EMV -- Europay, Mastercard, Visa -- chip acceptance.
In addition to biometrics being the immediate focus of Visa, its 2017 priorities also include educating the ecosystem on 3-D Secure version 2.0, and to speed up the use of tokenisation.
3-D Secure version 2.0 is described by Visa as a tool for merchants that allows for the "seamless" authentication of consumers when shopping online, and also includes enhanced fraud detection for all parties involved in an e-commerce transaction.
"Our ecommerce business has grown 35 percent in the last two years, and where payment volume grows, so too does fraud," Cunningham explained.
While global fraud rates are at an "all-time low", fraud is continuing to shift online.
According to Visa, card-not-present (CNP) fraud, where transactions are conducted over the phone or online, now represents 78 percent of total card fraud in Australia.
As account details are stored in more places, such as with online merchants, Visa is calling on financial institutions and merchants to devalue or "tokenise" this data.
Tokenisation is a process whereby payments information is replaced with unique tokens that are useless if stolen.
"The vision over the long term for security is to completely eliminate all sensitive data from the ecosystem," Cunningham said.
"We don't want these 16-digit numbers with their expiry dates sitting in databases anywhere, we want them eliminated and replaced with worthless pieces of information.
"Where we can't eliminate that data, we need to be ruthless in how we protect it."
In recent years, tokenisation has underpinned an increasing number of mobile wallets, including the likes of Apple Pay and Android Pay.
"Almost every client bank in Australia uses or takes advantage of the Visa token service," Cunningham added.
"We love tokenisation from a risk and security point of view because it does exactly what we asked at the beginning, which is to eliminate sensitive data."
However, the future of tokenisation is e-commerce and by 2020, Visa wants every merchant that stores card information to use tokenisation as a way of eliminating honeypots of sensitive data, striving for 100 percent tokenisation of all account holder data held outside of financial institutions.