View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
October 26, 2016updated 28 Oct 2016 2:29pm

Online Payments: The good, the bad, and the ugly

The face of the payments industry is changing rapidly thanks to the advances made in Bitcoin and digital wallets.

By James Nunns

Payments are no longer the reserve of banks, Visa, or MasterCard, the future of banking lies in the digital wallet and online payments.

That is evident in the frequent moves made by the leading players to integrate with alternative offerings like Google, Samsung, and Microsoft.

These tech companies have created Android Pay, Apple Pay, Samsung Pay, and the Microsoft Wallet, all of which allow users to pay for goods and services through their own digital wallet that is held on their device.

Moving payments to the device not only threatens the existence of cash, it was recently found that 43% of Britons carry less hard cash in their pockets than they did two years ago, according to a MasterCard study.

Of course it should be noted that a cashless society would favour MasterCard, so it is unsurprising that a study would find results that favour its business, but it does highlight the picture of an increasingly tech and card based society.

Realistically it has never been easier to pay for anything you want on the go, although anyone can tell you that things like contactless are far from ubiquitous either in London or outside of it.

The change in consumer preference has led to a mad rush from tech firms to become the best option for customers to easily pay from.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Even Facebook, a social media platform, has joined the gold rush. The company recently revealed that its US Messenger users will be able to make payments to bots within the app through their PayPal accounts.

While this is all well and good for the consumer in terms of it being easy to pay for things, it does raise some serious security concerns.

Last week consumer body Which? Rated 11 UK banks based on the security of their online banking, only five were found to have two-factor authentication login; Lloyds Banking Group (Lloyds, Halifax, Bank of Scotland, Santander and TSB.

Which? rated the security of online banks.

Which? rated the security of online banks.

Brian Spector, CEO at MIRACL, said: “Banks are under enormous pressure to be as user-friendly as possible, which has unfortunately resulted in security being downgraded in a number of cases. Given the current state of security in the payments industry, it’s inevitable that the number of cases of financial fraud has risen so dramatically in the past year. Hackers have become more sophisticated and are managing to bypass traditional methods of security with alarming ease.

“A range of tactics which once seemed secure – such as identity verification via text message – are becoming easier for hackers to exploit. Simple two-factor authentication doesn’t protect against browser rootkit attacks, and hackers can easily hijack phone numbers or intercept text messages, making authentication via SMS increasingly redundant. The truth is, real digital security requires the complete elimination of centralised security systems, such as username and password databases.”

The concern is that if banks can’t get security right then can all the tech companies jumping onto the bandwagon do any differently?

Possibly, banks are burdened with legacy systems and have found it hard to adjust to modern technologies, while many of the challengers were born in a technology driven world and have found it easier, generally speaking, to offer all the higher levels of functionality and security that consumers expect.

Change is needed and fortunately it is coming. In January 2018 the Payment Services Directive will come into effect. This is designed to make payments safer by requiring each payment provider to have strong authentication processes in place, and put in place common standards as to how customers identities are authenticated.

The changing landscape of payments isn’t reserved to the consumer side. Banks are increasingly running trials on Bitcoin and blockchain technologies to serve various different purposes, some are even looking at Bitcoin as a means to pay off cyber criminals.

Dr Simon Moores, chairman of the e-Crime Congress told The Guardian: “Financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack.”

It is now a widely held belief that it is not a matter of if you will get attacked but when, which is why so much work is being put in to trying to make payments, and banks more secure. Which makes it that much more shocking to see so many failing on even basic two-factor authentication.

Topshop launched a range of contactless payment accessories with Barclays.

Topshop launched a range of contactless payment accessories with Barclays.

A lot of work is being put in to security for payments, just look at the recent collaboration agreement between Intel and Visa.

The two companies aim to bring “world-class payment and data security technologies to the growing world of connected devices.”

Basically the two want to make the Internet of Things more secure and improve online and device authentication.

The point is that the security of payments isn’t just a problem for banks – it is a problem for all payment providers and technology companies as well.

As the IoT grows and more devices became connected they will also inevitably become payment enabled. Barclays has already teamed up with Topshop for a range of contactless accessories.

While it may be hugely convenient for consumers to pay for goods with their bracelets, necklaces, shoes, or whatever the future may bring, it also significantly increases the amount of things that need to be protected. The Dyn DDoS highlighted the significant risk posed to the IoT market.

The question should be asked as to whether or not the industry is moving ahead too fast for its own good. Banks lacking two-factor authentication appears to be the norm and standards for payments security don’t come in for another two years. Sure consumers can pay with everything they like but the chances of everything being highly secure seem pretty slim.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.