The Smart Card Alliance has been educating payments, government, and security professionals since 2008 on the fundamentals of smart card technology and how smart cards are put work across a range of use cases.
Blockchain. Is it the most revolutionary technology in value exchange ever or just the latest fintech buzzword enjoying its peak on the hype cycle? Or both? These young techniques are undergoing swift evolution, going from bitcoin and money transfer into new use cases such as identity management.
Sending money in real-time is a capability that is growing around the world. “All bank” systems in the UK and Mexico are thriving. Mobile money services like M-Pesa are changing economies and individual lives in developing countries. But in the US, “things are complicated.” We have a crowded landscape in the US without, as in many global markets, a clear mandate from a regulator.
Since the first promise to pay was made, knowing who you’re dealing with has been a requirement. Authenticating the identity of a trading partner – a customer, an accountholder, a business or even a computer – is a burden that falls on the one extending trust because the giver takes on the transaction risk. In online and mobile transactions, the job of authentication has fallen on the password’s sagging shoulders in combination with other credentials such as a payment card or drivers license.
The 3D Secure protocols, one for each network, that connect ecommerce merchants to the cardholder’s issuer, has had a rough go. But after ten years, smarter application of the tool and, in particular, risk-based usage makes it more attractive to both issuers and merchants.
The Internet’s designers quickly realized that no one’s very good at remembering IP address numbers. Unless you type the same number over and over again (and I did when I ran an ISP) a human readable version is a lot easier. That’s what the domain name system or DNS is all about, connecting human readable names to specific IP addresses.
Every payment pro in the US is also a shopper and we all know that the largest retailers are poised to support EMV. Nearly all have EMV capable hardware. A few have turned it on. Most are waiting for the October liability shift so the temporary pain and awkwardness of clerk and consumer confusion is spread across everyone.
Host card emulation (HCE) was invented back in 2012. It was supposed to do for NFC on Android what Apple Pay has done for NFC in the iOS ecosystem. But it’s taken longer, a lot longer, for a robust Android-based NFC capability to get deployed.
The domain of point of sale (POS) has three legs to its security stool: EMV, point to point encryption, and card number tokenization. Card not present (CNP) merchants and issuers have the more challenging task of assembling fraud mitigation tools on their own.
Decisions about point of sale transactions are largely made using card data alone but in e-commerce the merchant has to use a rich mix of data sources to manage fraud. The merchant is, after all, liable for both the transaction as well as the goods or services lost due to fraud.
