OPINION-LEG-REG

Securing the Future of the Payments Industry

ETA groups log many achievements this summer

By Amy Zirkle

While the dog days of summer often mean a slowing down of the pace of business activities, that certainly has not been the case for the payments industry. With fall upon us, there are a number of important issues being addressed by several relevant external industry groups—as well as within ETA’s member-led committees, councils, and working groups—that continue to ensure the growth of a robustly secure and vibrant payments ecosystem.

Security Remains Key

The payments industry continues its work to promote the growth and advancement of new technologies to support payment and product delivery, while maximizing security. Work addressing payments security is currently underway in several arenas, and ETA is front and center as an active participant and contributor.

Federal Reserve Secure Payments Task Force. The Federal Reserve System’s Secure Payments Task Force includes a diverse array of stakeholders tasked with advancing the work outlined in “Strategies for Improving the U.S. Payment System,” published in January 2015 (read it here: bit.ly/FedImprovePayments). The mission of this task force is to advise the Fed in its leader/catalyst and operator roles on payment security matters, and identify and promote actions that can be taken by payment system participants collectively or by the Federal Reserve System.

The objectives of the Secure Payments Task Force include the following: to provide advice on payment security matters; to coordinate with the Faster Payments Task Force to identify solutions for any new or modified payments infrastructure so that it is both fast and secure; and to determine focus areas and priorities for future action to advance payment system safety, security, and resiliency.

ETA has been actively involved with the task force from its inception and participates on several of the task force’s working groups, including Information Sharing for Mitigation of Payment Risk, Payment ID Management, and Data Protection (newly established). In addition, the Risk, Fraud, & Security Council has established a separate working group that provides support and input into the Fed’s efforts.

PCI Security Standards Council. In May of 2015, the PCI Security Standards Council announced the establishment of a Small Merchant Task Force aimed at developing guidance and resources that simplify data security and PCI Data Security Standard (PCI DSS) compliance for some of the most vulnerable businesses preyed upon by cybercriminals—notably, small merchants. These businesses typically do not have the technical knowledge or resources to understand how to apply PCI Standards to protect payment data against today’s threats.

The work of the Small Merchant Task Force centered on providing practical ways for smaller merchants to improve payments security, as well as reduce their risks and make PCI DSS compliance quicker and less complicated. Perhaps more importantly, the task force developed guidance materials instructing small merchants on how to protect the payment environment, including working with security assessors, vendors, and service providers, and how to ensure that security goes well beyond PCI compliance.

At ETA’s upcoming Strategic Leadership Forum (SLF), attendees will have the opportunity to hear from other participants on the task force, including the co-chair from the National Restaurant Association, as they provide insight into the importance of small- and medium-sized merchants improving their payments security.

Retail Technology Committee. Established a year and a half ago, ETA’s Retail Technology Committee comprises ETA member companies focused on enhancing and maximizing the use of technology to drive and support the retail experience for merchants and consumers. The committee has been working on a comprehensive document that will serve as a guide to merchants on how to modernize their payment systems and safely, securely, and effectively implement EMV.

In addition, the committee continues to work on PCI-related matters, including addressing potential challenges surrounding management of third parties for terminal installation and integration. The Qualified Integrator and Reseller (QIR) program was established by the PCI council and covers those integrators and resellers who sell, install, or service equipment at the merchant’s point of sale. In light of the recent announcement by Visa that acquirers must ensure that their Level 4 merchants use QIR certified entities, a number of important issues related to resolution of the development and implementation of this program have emerged. These issues include gaining an understanding of how the QIR program is implemented, clarifying the time frames and implementation process, as well as ensuring the relevance for the broader payments ecosystem, including independent software vendors and value-added resellers.

Risk, Fraud, & Security Council. ETA’s Risk, Fraud, & Security Council continues its work on several significant business issues related to risk avoidance, compliance, and security matters. Touching upon matters pertaining to the EMV migration and the accompanying concerns regarding the liability shift, the council also deals with the important issue of the changing landscape surrounding chargebacks. It is developing guidance and industry information for ETA members regarding best practices for EMV and how to address and manage the growing instances of chargeback activity.

In addition, the council is providing a closer examination of security as it relates to technological issues tied to maintaining network security. While the group is focusing on a number of PCI matters, there is also discussion around the ever-expanding use of cloud technologies as a means to maximize storage and what the broader implications are for security related to use of cloud. Additional matters include growing instances of malware and what can be done to address that, along with a deeper examination of third-party risk management.

Innovation Continues To Ignite Payments

The vibrant and exciting innovation underway in payments continues at a rapid pace. While security is a critical factor, it cannot be stressed enough that the growth of payments is tied to the tremendous potential new technologies offer. ETA sees the strategic opportunities that new technologies will facilitate for development in payments. There are a number of external organizations that recognize this and are working to expand and leverage application of technology to payment products and services.

W3C. The World Wide Web Consortium established a Web Payments Interest Group focused on how to maximize and expedite e-commerce to benefit all users and stakeholders, particularly buyers and sellers in payment transactions. Included in those discussions is a focus on the growing use of application programming interfaces (API), which have really become an essential element enabling customization and innovation to support payment transactions. Here too, APIs are quickly become a key component for companies to effectively integrate payments as part of their product offerings.

Mobile Payments Council. Perhaps the most notable example of where innovation in payments is best exemplified is in the mobile payments space. ETA’s Mobile Payments Council has been focused intensely on all that innovation has enabled for payments from a number of vantage points, including the use of APIs to expand growth of frictionless payments as a means to deepen the reach of commerce. The council continues to assess and consider how the mobile wallet space is changing almost daily and what that means for the entire payments ecosystem.

The mobility or portability of payments truly presents an opportunity to unleash innovation, and the council recognizes that potential and, in the next few months, will be focusing on several topics, including development of a roadmap for biometric authentication, deployment of augmented reality and virtual reality technologies to accompany payment applications, and maximizing the use of connected commerce (Internet of Things).

Technology Council. The work of ETA’s Technology Council seeks to identify and examine the broad arena for payments and technology. With a focus this year on the ever-expanding use of data analytics to support product and service delivery, the council undertook a closer examination of “Small Data” as a key driver and will be presenting much of that work as part of a panel discussion at SLF.

The council also is shifting focus to the Internet of Things and the potential opportunities afforded to the payments ecosystem, not only from the perspective of how payments will be provisioned but also what security considerations must be addressed. And of course, as blockchain continues to attract attention and interest in the media, the council has been exploring what it means for payments beyond the development of bitcoin. TT

Amy Zirkle is director of industry affairs for ETA. Reach her at [email protected].

Categories
EVENTSLEG+REGMOBILE+TECHOPINIONSTRENDS
Tagged
CYBERSECURITYFINTECH

WEEKLY NEWSLETTER

Check out ETA’s weekly recap on innovations and policies shaping payments. Written by industry experts, get insights on payments like nowhere else. View weekly newsletter archives here.

Tags

Back to Top