The Changing Landscape of the Payments Industry

2018 – An exciting year for the payment and fraud industry: GDPR and PSD2 went into effect, Adyen went IPO, numerous mergers and acquisitions in the payment industry (iZettle, Weebly, iPayment & Hyperwallet) and the fraud industry (iovation, Simility, Smyte & ThreatMetrix).

Mergers and acquisitions like these are a great news for small innovative companies looking for synergistic liquidity and will attract more innovators to the space. These M&As will truly change the landscape of the payment and fraud ecosystem, forcing the organizations to leave their respective swim lanes and and head for blue water. The new market expectation is immediacy, convenience, and flexibility, and these acquisitions will meet these new expectations.

With the changing landscape, consumers are demanding a frictionless user experience. Users do not want to be stepped up if it’s not necessary – they want, need, and expect immediacy. The quest for this kind of experience comes with a need for more robust fraud prevention, security and behavioral tools operating transparently.

Consumers are continuing their migration towards online and connected shopping. Some seem addicted to online shopping and sharing their purchases on social media. Any friction created in the process leads to lost sales for the merchants, and the potential loss of the lifetime value of that consumer as they turn to one of your competitors.

There are two predominant types of payment used offline and online.

  1. Card-based payment
  2. Real-time payment

To protect card-based payment, EMV chip technology (offline) and 3D Secure (online) were introduced some time back but the results remain hit-or-miss due to slow and bumpy adoption and the friction they can potentially create.

Payment tokenization is another way of protection which is proving to be more effective. Tokenization is the process of protecting sensitive data like customer’s primary account number (PAN) by converting it into an algorithmically created token which cannot be mathematically reversed unless you have the key, which was used to create it in the first place.

In 2017, EMVCo created Secure Remote Commerce (SRC) framework to provide secure and interoperable payment card acceptance systems. SRC can help consumers maintain the same or more convenience and provide merchants tokenized security. This new framework will provide chip level security in the online world.

The Federal Reserve initiative to allow faster payments will lead to adoption of Real-Time Payments shortly. This could lead to an entirely new way of transacting, moving away from card-based transactions. However, the credentials associated with DDAs (Demand Deposit Accounts) are vulnerable as fraudsters can have easy access to them. The frequency of these attacks is low, but the impact could be very high as Real-Time Payments gain traction. Tokenization seems to be a good option, to significantly reduce the risk associated with DDA credentials as well.

In fact, tokenization is the way to go, not just for the payment industry but also for other industries like the health industry.

The payment industry is no longer about liability – it is about compliance, data security, innovation and connection. This motivates merchants to look for innovative ways to create a seamless and personalized experiences for consumers. In fact, consumers do not want to experience payment, they want payment to be invisible. This will require merchants to have access to more user data than ever and this data is the new currency which needs to be available, but protected.

Payment innovations will continue to grow at an accelerating rate in the industry, and regulatory compliance will need to evolve alongside and keep up with this rapid pace of change. Emerging fintech companies will be a key driving factor, as they develop new technologies for financial services, and EMV will continue to evolve and improve in order to secure in-person card transactions.

The post The Changing Landscape of the Payments Industry appeared first on ThreatMetrix.

Source: Identity
{$excerpt:n} Protection Status