The future of e-commerce security hinges on two things: better utilizing customer devices and limiting the direct interaction between a merchant and their customer’s payment information.
The arguments, which were made by security and payment industry experts at this week’s Visa 2011 Global Security Summit in Washington, D.C., comes at a time when data breach and payment fraud news appear to be reaching a fever pitch in industries such as online retail and gaming.
For Toronto-based SecureKey Technologies Inc., the key to improving the online customer experience and increasing security is to better utilize today’s next-generation payment cards with mobile devices and laptops. The company said its flagship product, which resembles a USB key, will allow customers to tap their chip-enabled credit cards against the SecureKey stick to authenticate themselves online at the point of purchase.
Greg Wolfond, chairman and CEO of SecureKey, said the SecureKey stick lets merchants and payment networks take advantage of the dynamic data that can be generated from these chip-enabled cards.
“When you get to the checkout site, a pop-up will remind you that you can tap your card for the transaction,” he said. “This creates a secure channel from the terminal to Visa.”
At that point, the technology can generate a one-time dynamic security code, which the company said will replace the need to submit the static CVV number found on the back of today’s credit cards. The cardholder’s personal information is never stored on the cardholder’s computer or on the SecureKey stick.
“It works like a token system,” Wolfond added.
The SecureKey technology, which the company said is currently being piloted in Canada, can also be translated to other mobile devices as more smart phones begin to ship with near field communication chips.
“We’re going to see this coming to every PC and tablet too,” Wolfond said. “NFC is going to take over.”
In addition to utilizing dynamic data with mobile devices, cutting down the interaction merchants have with their customer’s payment information will also be crucial to the future of e-commerce security.
David Glaser, vice-president at Visa-owned global payment gateway CyberSource Corp., said the best approach to payment data security for organizations is not to figure out how to lock down the data, but to actually remove the data all together.
He said organizations should turn to hosted payment and token acceptance services that allow businesses to move their customers away from their merchant Web site and directly to the payment system site.
“When all these solutions are combined, a hacker would have nothing to gain once they get into a merchant’s system,” Glaser said.