Snapshot of the Payment Industry in 2018


July 25, 2018

Issue 29: Snapshot of Payment Industry in 2018

By Parul Sharma, Director of Professional Services at ThreatMetrix

2018 has been an exciting year for the payments and fraud industry. GDPR went into effect, Adyen had an IPO, and numerous mergers and acquisitions occurred in the payment industry (iZettle, Weebly, iPayment, Hyperwallet) as well as the fraud industry (iovation, Simility, Smyte, ThreatMetrix).

Mergers and acquisitions like these attract more innovators to the space and offer encouragement for small innovative companies looking for synergistic liquidity. These mergers and acquisitions will change the landscape of the payment and fraud ecosystem, forcing the organizations to leave their respective swim lanes and and head for blue water. Consumer expectation in the new market is immediacy, convenience and flexibility, and these acquisitions will meet these expectations.

With the changing landscape, consumers are demanding a frictionless user experience. They don't want to be slowed down in the purchasing process. They want and expect instant results. The quest for this kind of experience comes with a need for more robust fraud prevention, security, and behavioral tools operating transparently. Consumers are continuing their migration towards online and connected shopping, some even sharing their purchases on social media. Any friction created in the process can lead to lost sales (and maybe customers) for merchants.

There are two prevalent types of payment used offline and online:

  1. Card-based payments
  2. Real-time payments
To protect card-based payments, EMV (offline) and 3D Secure (online) were introduced on the market a while ago but are proving to be less effective than anticipated, due to slow adoption and the friction created.

Another form of fraud prevention proving more effective is payment tokenization. This process protects sensitive data like a customer's primary account number (PAN) by converting it into an algorithmically created token which cannot be mathematically reversed unless one has the key, only of which was used to create it originally. In 2017, EMVCo created the Secure Remote commerce (SRC) framework to provide a secure and interoperable payment card acceptance system. SRC gives consumers a convenient experience and provides merchants tokenized security. This new framework will provide chip level security in the online world.

The Federal Reserve initiative, creating faster payments, will soon lead to adoption of real-time payments. The credentials associated with DDA (Demand Deposit Account) are vulnerable as fraudsters can easily access them. The frequency of these types of attacks is low, but the potential impact and threat is very high. Tokenization seems to be a good option to significantly reduce the risk associated with DDA credentials.

Tokenization is proving to be the best prevention tool not just for payments but also for other industries like the medical industry where sensitive information is being shared and can have detrimental consequences if stolen.

To conclude, the payment industry is no longer about liability, it is about compliance, data security, innovation, and connection which motivates merchants to look for new ways to create seamless and personalized experiences for consumers. In fact, consumers don't even want to experience payment processing, they want it to be invisible. This means merchants will have access to more user data than ever and this data is the new currency which needs to be available but protected. Technology and data protection will continue to grow at an accelerating rate in the payment industry. FinTech -- companies using technology to make financial services efficient -- will be one of the driving factors to make this happen, helping EMV evolve and improve.