For centuries, the notion of security has been synonymous with obstacles, erected to keep out the enemy and protect valuables. More recently, with the rise of the information age, security has led to fortresses of the digital kind — firewalls, encryption, PINs and passwords.
As Visa’s Asia Pacific Head of Risk, I think daily about the changing nature of security. As more parts of our lives move online, from banking, paying bills and shopping, to storing and sometimes sharing valuable personal information, how do we maintain defenses worthy of the treasures they protect?
From a global commerce perspective, I see the future of security as ever-smarter and tighter layers, protecting our most sensitive information. Locked doors, traps, and illusions all working together to keep the thieves out and, in the rare case that they get in, ensuring what’s inside is worthless to them.
Recent research from Visa revealed Australians – like most people globally – have a memory issue when it comes to passwords and PINs. Only one in four Australian use a unique password for each password-protected account, and one in three of us use a unique PIN for every debit and credit account . Add to this the fact that these static
passwords and PINs are becoming easier to guess, and it becomes clear that online security cannot be based entirely on this first layer of protection.
So what comes next? Data may be our biggest risk but – used appropriately – it can also be our greatest asset. Over the next few years, two technologies that will fundamentally change the security landscape are 3D Secure 2.0 and tokenisation. Think of these, in combination, as a fraudster’s worst nightmare.
3D Secure 2.0 harnesses data to enable online merchants, banks, and payment networks like Visa to make immediate intelligent decisions about transactions. For a consumer, this means that if you’re using your mobile phone to shop at your favourite online store and getting items delivered to your standard address, the transaction should go ahead unquestioned.
However, if your card is used on a different mobile device, at a high-risk merchant you have never visited, 3-D Secure 2.0 will ask the shopper to enter a unique passcode sent to you via SMS, or for your fingerprint to be verified on your mobile, before it allows the transaction to proceed. This technology is about identifying fraud in ecommerce before it occurs, without negatively affecting the experience of genuine consumers.
Tokenisation works to devalue data. This technology has seen significant adoption over the past two years and ensuring its ubiquity is becoming increasingly critical as more Australian businesses begin to store payments credentials on their systems. To protect these businesses and their customers, it is vital that we make this sensitive information unattractive to would-be thieves. Tokenisation works by replacing sensitive card data with unique ‘tokens’ that are useless by themselves, removing the incentives for fraudsters to attack and disrupt Australian online businesses.
Technology has fundamentally changed the way we do commerce and it will inevitably continue to evolve. Every time a new commerce and payment experience enters the market, we must ensure that fraudsters testing its limits are met with the full force of security expertise and capabilities our industry possesses.
Visa recently launched the Future of Security Roadmap — a four-year action plan to enhance industry-wide security across the payments ecosystem. The roadmap calls for renewed focus and continuing collaboration.
Security is not the job of one organisation, and security is a job that is never complete. Protecting Australian businesses and consumers is a responsibility and requires investment that must be prioritised at all times.