Five trends in payments next year

The inaugural Fintech Festival here in November called attention to the immense rate of change taking place in the financial services sector due to innovations in financial technology or fintech.

The most obvious example of fintech in action is mobile payments.

According to research by Frost and Sullivan, South-east Asia is poised to become one of the world's fastest-growing regions for e-commerce revenues, exceeding US$25 billion ($35.7 billion) by 2020.

Driven by unprecedented mobility, connectivity and computing power, today's consumers expect payments to be fast and hassle-free.

As consumers continue to experiment with new ways to pay - mobile, online, using connected devices - demand for digital payment technologies will continue unabated in the coming year.

Here are trends that will dominate the coming months:

ENCRYPTION TECHNOLOGY IS CENTRAL

When it comes to card payments, several entities are required to process a transaction from start to end: consumers and their payment cards, merchants and their point-of-sale payment systems, the card brands (for example Visa, MasterCard, or American Express), the issuing banks, and a payment gateway such as Nets (Network for Electronic Transfers Singapore).

With high volumes of transactions processed daily, these amounts of electronic data and digital currency flowing through the payment ecosystem act as a honeypot for criminals.

As cyber criminals continue to target the ecosystem, more and more merchants are investing in point-to-point encryption (P2PE) to maintain the integrity of payment transactions and secure the card data.

Encrypting cardholder data at the earliest point of acceptance right through the processing network makes the data less valuable to attackers, even if compromised in a breach.

PCI-listed P2PE Solutions are validated as meeting the Payment Card Industry Security Standard for P2PE to guarantee the strongest encryption protection and to simplify efforts to comply with the PCI Data Security Standard by reducing where and how these requirements apply.


INCREASED USE OF "TOKENISATION" TO DEVALUE PAYMENT DATA

A thief, by obtaining the primary account number and sensitive authentication data, can impersonate a cardholder, use the card, and potentially steal the cardholder's identity.

Tokenisation is the process of swapping highly-sensitive personal payment data for a "token", which comprises a number of random digits that cannot be restored to their original value.

As consumers find new ways to make cashless payments with or without a card on hand, adoption of tokenisation will increase exponentially.

Services like Apple Pay and Samsung Pay and others that enable merchants to tokenise card data on file for recurrent payments ensures that the use of tokenisation will continue to grow throughout the region.


IOT WILL FUEL CRIME

Gartner said, by 2020, more than 20 billion devices will be connected to the Internet. The lack of security and easy accessibility of these Internet of Things (IoT) devices will make them new tools of cyber criminals.

Any Internet-connected device, from printers to refrigerators to connected cars, can be ordered to be part of a network of "bots" that can be activated to attack other systems.

The recent cyberattacks that crippled StarHub's broadband service were the result of infected Internet-connected devices in the homes of subscribers -those form part of a new trend of cyberattacks engineered by criminals to access and monetise personal data.

MORE PAYMENT OPTIONS AS MOBILE COMMERCE GROWS

Mobile phones and connected devices allow consumers to shop even while standing inside a physical store.

The new connected consumer will prefer merchants which leverage cloud-based apps to enable payments when one is inside the store and use them increasingly to pay things that they want to buy before they even step inside.


ACTIVE EXPERIMENTATION WITH BLOCKCHAIN TECH

Blockchain is a peer-to-peer distributed ledger technology for a new generation of transactional applications.

It uses cryptography to allow each participant on the network to manipulate the ledger in a secure way without the need for a central authority.

The technology has the potential to be used across a broad range of applications, from verifying interbank payments, to reconciling trade finance invoices, to deterring money laundering.

Organisations such as the Monetary Authority of Singapore are already experimenting with blockchain technology for interbank payments.

Business and technology innovation and security must go hand in hand. At the PCI Security Standards Council, we will continue to work with the industry here in Asia-Pacific and globally to evolve our standards to protect payment transactions. As cybercriminals continue to target the payments system, global collaboration is vital to ensuring data security.

Great strides are being made together to secure the future of payments with the release of PCI Data Security Standard version 3.2 to address emerging threats; new resources to simplify security for small businesses; and increased industry and public-private partnerships here in Asia Pacific and around the world.

The writer is international 
director of PCI Security Standards Council.