Publications
Partners
Last week, Mastercard held its annual Connecting Tomorrow conference, where future payment technology was showcased.
I had the privilege of attending the conference and witnessing some of the cutting-edge payment technologies that are aimed at removing “friction” points when it comes to making payments.
Technologies include wearables such as a watch or even a ring used for contactless payments, as well as turning your car into a payment channel for fuel purchases, negating the need for a card or cash.
Technology also enables informal traders to buy goods through a smartphone from a large wholesaler, or to link small farmers to large buyers of agricultural goods through a seamless payment system.
One of my favourite concepts demonstrated was the Travelpass.
When ready, this platform will allow you to book and pay for your entire trip on one app – from airline tickets and taxis to hotels and even restaurants – by integrating with third parties. You could even use your phone to check into a hotel, bypassing reception, by just tapping the hotel room’s contactless key and the payment can be deducted from your linked card.
While the technology is impressive, what level of security are we giving up for this convenience?
According to a recent survey in South Africa conducted by Mastercard, about 87% of people now accept that data breaches and hacks are the new normal and will most likely happen to everyone at some point.
According to Simon Hunt, head of cybersecurity innovation at Mastercard, any new technology is about balancing risk and reward.
“The question the consumer needs to ask is: ‘Is the experience worth the risk?’ There is always some risk when it comes to making payments easier; the key is to limit the risk,” he says.
Compare this with our decision to get into a car every day – based on local statistics, 45 people a day die in car accidents and 410 are injured, yet the convenience of road transport outweighs the risks we take.
“Our job at Mastercard is to develop compelling experiences and to reduce risk sufficiently to make them worth it,” says Hunt.
But do we know how much risk we are taking with digital payments? A lot comes down to our own behaviour and our lack of understanding about how to improve our security.
A BANKING APP IS SAFER THAN ONLINE BANKING
For example, did you know that using your banking app is much safer than banking online via your laptop or PC?
Hunt explains that your phone’s biometric security is strong – using your fingerprint to log in is the most secure way to access your bank account, especially on newer smartphones.
Laptops and PCs are far easier to hack than your phone and cybercriminals can capture things like keystrokes when you type in passwords on your laptop, however, if you are using your phone’s biometric security, there is no way to capture that fingerprint.
This explains why there are fewer security steps when making payments from your banking app than online banking, which usually requires one-time passwords.
HOW SAFE IS IT TO STORE YOUR CREDIT CARD DETAILS ON A BROWSER?
Whenever my Google Chrome browser asks me if I want to store my credit card details, I always refuse because I feel like I’d be compromising my data if I agreed.
However, Hunt says, it is a lot safer than giving someone your credit card details over the phone or in
an email.
The browser will only store your credit card number, not your CVV number (the three-digit code on the back of your card) or your card’s expiry date.
This is about balancing convenience and security. People find it hard to remember their full credit card number, but can remember a short CVV code and expiry date.
The convenience of this is that you don’t have to remember a long number, and the risk is limited because you must still input the main security features.
HOW SAFE IS ONLINE SHOPPING?
An online shopping site should require authentication, such as a one-time PIN that’s sent to your email address or cellphone, yet the main risk comes in when the site’s own security is compromised.
No matter what security procedures banks have in place, if the website owners are not updating their own systems, they will make consumer data vulnerable.
During the Mastercard conference, CEO of Foregenix Andrew Henwood took us through a hack of a retailer website that had not updated to a newer version of its merchant payment programme.
While he had created the retailer’s website for the demonstration, there are many actual retailer sites that are using the same compromised software.
It took him about three seconds to hack the website and insert a code that collected information when the online buyer entered their card details.
He exploited a weakness that had been identified three years earlier and corrected in updates of the programme.
However, the retailer had not run the updates, leaving the site vulnerable.
It was a good lesson in the importance of always running security updates on your computer and smartphone, but it also made me more inclined to stick to larger retailers that have proper security protocols in place.
YOU ARE THE BIGGEST RISK TO YOUR SECURITY
Of the more than one trillion dollars lost to cybercrime, most is stolen by phishers – cybercriminals who obtain the data directly from a consumer, usually via scam emails where consumers are tricked into providing their security information.
Not updating your software on your devices also makes you vulnerable to data hacking.
According to Mark Elliott, division president of Mastercard in southern Africa, the South African survey found that, for many consumers, taking the time to secure their information online is seen as an inconvenience.
In fact, of the South Africans who find it inconvenient, many say it is a bigger hassle than sitting in traffic (42%), dieting (34%), performing household chores (33%) or doing taxes (31%).
To overcome human vulnerability, technology is constantly being developed to detect unusual behaviour.
Apart from teams of people analysing data and tracking information on the dark web, innovation in technology is evolving beyond just using fingerprints to identify us – it’s learning our physical behaviour, such as the speed at which we type or the angle at which we hold our phone, to verify our identity.
And, according to Elliott, if our information is hacked, cardholders have zero liability protection, so they won’t be held responsible for unauthorised transactions.
Fisher-French was a guest of Mastercard
