Speaking of Security – The RSA Blog and Podcast

By Rob Sadowski – Director, Marketing, Payment Solutions

In our last post, we made some pretty safe predictions about how the payment security landscape will evolve this year. Now let’s make a few more daring predictions about what might happen in the coming months:

6. EMV shows signs of life in the US

VISA has been leading the charge with merchants, offering to waive PCI validation requirements for merchants who support EMV acceptance and recently clarifying that offline PIN is not a mandatory implementation requirement. Nevertheless, the mandate for acquirers to support the technology by April 2013 probably means that forward-thinking merchants who have forward-thinking acquirers will be able to process EMV card transactions in the US this year. However, it’s we think it’s still unlikely that large numbers of EMV cards will be issued to US customers.

7. NFC-based mobile payments are a letdown in the US

Security is often cited as an inhibitor to the adoption of mobile payments. While we can and will discuss some potential mobile payment security questions in upcoming blogs, there are many more fundamental problems inhibiting adoption. Very few handsets sold by US carriers are NFC-enabled. There are contentious competitive dynamics surrounding mobile wallets, a key enabling feature. A value proposition to the consumer other than coolness is unclear. We don’t doubt that these issues will be resolved, but not this year. Maybe 2013.

8. Privacy and Trust become important consumer issues

Transaction data is increasingly being seen as something valuable which can be monetized by parties which have access to it. Card associations, acquirers, gateways, POS providers, mobile wallet providers, and others all have ideas of how to use the information they gather. Oftentimes, the value proposition includes the consumer, like providing targeted offers based on past purchases and assumptions about future behavior. But consumers are often uneasy when they understand how this data is used. Expect more consumer protest and issues for providers who do not have a strategy for building trust when using this type of data.

9. There is a high-profile exploit of an emerging payment scheme

While NFC-based payments may not take off as quickly as predicted, many alternatives are looking to fill the gap. Systems based on barcodes, mobile phone-based acceptance, alternative wallets, and many other novel ideas are all gaining various degrees traction. One thing we know about fraud is that fraudsters will go to where the money is and will work hard to find weaknesses to exploit to get a piece of it. Unfortunately,  security is often a secondary concern when it comes to disruptive innovation. More on this idea in a future post.

10. The PCI SSC declines in relevance

As much as merchants may dislike the PCI compliance requirement, it is difficult to argue with the common-sense guidance in the PCI DSS. But the council seems unable to keep up with the pace of technology change in the industry. 2011 statements on tokenization, mobile applications, and hardware-based encryption, to name a few topics, were all perceived as lacking in one respect or another. Merchants are going to deploy these technologies and others with significant security implications broadly in 2012, regardless of the council’s schedule to provide further direction.

It should be an interesting year. As always, we welcome your comments – provide your own predictions or weigh in our ours.

Rob Sadowski leads RSA’s go-to-market efforts with partners in the payments industry.

Be Sociable, Share!

•