The Electronic Transactions Association (ETA) influences, monitors, and shapes the payments industry through its leadership in education, advocacy, and the exchange of information. The organization’s member companies include many of the top payment processors in the US, including PayPal, Verifone, Visa, and Samsung Pay. Recently, CardRates.com sat down with ETA’s CEO, Jason Oxman, who told us a little more about the organization and trends he’s seeing within the payments space.
“The ETA — the Electronic Transactions Association — is the trade association of the payments technology industry. We’re a nonprofit organization and have been around for close to 30 years in Washington DC.
ETA has more than 500 member companies from across the payments, financial services, and technology world. We are focused on growing our members’ business through advocacy, industry, and education.”
What are some new and emerging technologies in the payments space?
“Looking ahead in 2018, I think the biggest change in the payments industry is going to be the rapid deployment of contactless technology, through cards, mobile devices, and wearables.
We’ve seen mobile payments increase in popularity over the last couple of years, driven specifically by retail applications like the Starbucks card — which is so popular that close to one-third of all Starbucks transactions are now funded using their mobile app.
What’s great about Starbucks is its mobile technology works very well. The problem is, of course, you can only use it at Starbucks. As consumers become increasingly accustomed to using their phones to pay, they’re going to look for networks that allow them to reach all of their favorite retailers and not just one.
Services like Apple Pay, Samsung Pay, and Google Pay will increasingly allow consumers to pay using their mobile devices and also gain some of the benefits, including security and other features, that other plastic options don’t allow.”
As payment technology evolves, so do the techniques used by cybercriminals to hack into credit card data. What new kinds of cyberattacks have you seen?
“The important thing for us to focus on in the payments industry is getting card numbers out of the environment. The big retailer breaches we have seen in last few years — Target, Home Depot, and others — have all been about stealing card numbers. There have literally been tens of millions of card numbers exposed.
What we’re doing very quickly in our industry is migrating to technologies that take card numbers out of the system. Mobile payments are a great example of that. Mobile payments use tokenization technologies, so your actual card number is never transmitted. If a criminal is able to access mobile payment information, there is nothing useful they can use.
We’re also seeing an increase in the use of biometrics, ranging from fingerprint to face scanning in the case of Apple’s newest iPhone X. Those are much more secure than previous technologies like signatures which are being phased out as security tools.
As criminals continue to seek access to our financial information, the tools we’re deploying to prevent them from doing so are much more effective, much more secure, and much more widely used. I think that’s an important trend this year.”
How can companies defend themselves against these types of attacks? And is there anything customers can do to further protect themselves?
“On the company side, we are seeing them deploy more secure technologies.
EMV chip cards are much more secure than the traditional magnetic stripe card because EMV uses dynamic security codes that are not repeated and therefore cards cannot be counterfeited if they’re chip cards.
That’s an important upgrade, but it requires all merchants to upgrade their equipment to new card readers that accept chips. More than half of the retailers in the US have already done that upgrade, which of course means that close to half still haven’t. Upgrading to EMV is a very important way that merchants can protect themselves.
A second, but equally important way is to upgrade to contactless mobile payments technology so that consumers can pay using those tokenized mobile payments that are even more secure than a chip card, but use the same transmission technology as a chip card. The same equipment that accepts chip cards can also accept mobile payments.
On the consumer side, I would say the same thing — make sure you shop at places that accept chip cards. If you see a merchant that doesn’t have a chip reader, ask them when they’re going to upgrade.
I’d also suggest consumers use mobile payments whenever they can because the combination of the tokenization technology and biometrics makes it the most secure way to pay.
There are some old-fashioned things that are still very important to do, too. Look at your credit card statement every month. If you see any fraudulent charges on there, make sure to report them to your bank so the charge can be taken off and the fraud can be reported.
Make sure to protect your credentials. If you have a PIN associated with your card, never write it on the back of your card. If you lose your card, report it lost so it can be turned off.”
A recent ETA white paper illustrates that mobile payment transactions can be more secure than plastic card transactions — how so?
“Mobile payments are more secure than plastic card payments for several reasons.
In a mobile transaction, what is transmitted from your phone to the retail point of sale is a token, or a mathematical representation of your credentials and a scrambled security code that is only used once and never repeated. That transmission is more secure than the transmission of your actual account number, which is what happens with a plastic card. With mobile payments, your actual account number is never transmitted.
The second way that mobile payments are more secure is in the authorization of the transaction through authenticating who you are. In the plastic card world, you use a signature or sometimes a PIN number. In the mobile payments world, it’s biometrics — a fingerprint or a face scan — that’s more secure than the plastic card authentication of who you are as a cardholder.
The third way it’s more secure is in the case of fraud, the token in your phone can be instantly replaced without having to replace your account number. Since your account number isn’t used in that token, your bank can replace the token with another token instantaneously, allowing you to continue to use your account if your information has been compromised.”
Are there any recommendations or best practices you can share with new businesses regarding the payments technology necessary to succeed in today’s ecosystem?
“The number one piece of advice that we give retailers is to meet your customers where they want to be when it comes to payment choices. Consumers really want to use their phones. There are more than 350 million mobile devices in consumers’ pockets — that’s more than there are people in the US.
Making sure you accept mobile payments in an era where more and more consumers are looking for the opportunity to use their phones to pay is incredibly important.
Incorporating other abilities beyond payments is also important. When you go to the deli, you used to have to carry around that cardboard punch card to get it punched 10 times and get your 11th sandwich for free. You can do that right in the mobile payments transaction now. Loyalty programs can be integrated with payments to make it easier for everyone. Exploring those kinds of things is very important.
A second thing that is very important is security. Make sure that you’re not using an outdated, insecure ecosystem as part of your point of sale. If you’re an in-store merchant you should upgrade to chip readers and the latest security.
Merchants should always be PCI compliant and use encryption to protect their software with the latest upgrades. That is very important to your customers. They want to make sure the retailer is protecting their information when they shop with you.”