Category : featured

BlogImageAppleIs Apple Pay Losing its Shine?

Is Apple Pay Losing its Shine?

featuredAug 15, 2017

Despite the early hype around Apple Pay and mobile wallets, it’s increasingly clear that adoption of these technologies has been tepid and peek levels of usage may be behind us.

An analysis by Goldman Sachs shows Apple Pay adoption in the US is ‘underwhelming by nearly every objective standard’.

Business Insider: Apple Pay Adoption Underwhelms

PYMNTS.com published an insightful analysis earlier this year around the trends in Apple Pay adoption and estimates that after 2.5 years Apple Pay accounts for only 1/10th of a percent of retail spend.

PYMNTS: Apple Pay Adoption Down

Another study of debit card usage reported by the Financial Times similarly found that debit transactions with all mobile wallets account for only 1/4th of a percent of transactions.

Financial Times: 2017 Debit Issuer Study

It’s starting to look like only a core group of die-hard fans are really using these mobile wallets.  My guess is these are the same people still wearing Apple watches but I may be wrong.

Security of Apple Pay still a concern for customers

A recent article from the Wall Street Journal pinned the decline on security fears and merchants not doing enough to train their staff.

WSJ: Apple Pay – Wary Shoppers and Confused Clerks

I’ll go on record and say I’m actually impressed with the security features of Apple Pay and most concerns from users are misplaced.

With that said, the underlying transaction security relies on the same standards as EMV chip cards and the onboarding process for Apple Pay creates an avenue for counterfeiting that EMV cards were specifically designed to prevent.

The extra layer of fingerprint security helps with lost/stolen fraud but consumers are also learning that the fingerprint sensors on their phones are not as secure as they thought.

A recent NY Times article highlights the work of researches who were able to fool fingerprint sensors with a set of fingerprints with “common” traits.

NY Times: Fingerprint Sensor not as Safe as you Think

Yikes!  I’m going to start using my toes!

Too many clicks!

Unlocking your phone adds extra steps for the customer and because Apple Pay is not accepted everywhere you still have to carry your plastic cards wherever you go.

As cool as it sounds to use your phone to pay at a store, the reality is that it’s not much easier than just pulling a card out of your wallet and putting it in the reader.

Adding cards to the wallet can also be a lengthy process depending on your bank’s fraud requirements and has to be repeated every time you upgrade your device.

It seems that most people are now comfortable enough with chip cards that they don’t need another option for payment.

What’s next?

Personally, I’m happy with my chip cards and once banks start rolling out Chip Shield, online payments can be as secure as in-store payments.

Of course, if someone invents Telepathy Pay that orders me a pizza whenever I’m hungry I will adopt it in a New York slice minute.

Read More
BlogImageEyeHow Secure are Biometric Payments?

How Secure are Biometric Payments?

Chip Shield, featuredMar 12, 2017

There’s been a lot of buzz around the payments industry lately with news about MasterCard testing “selfie pay” and banks like Wells Fargo experimenting with eyeball scanning software.

Surveys show that people like these approaches because they are more convenient that using passwords but it does raise questions around how secure they really are.

        MasterCard Makes Selfie Pay a Reality

        Wells Fargo to Verify Customers through Eye Prints

Can biometrics apps be fooled?

I’ve seen the movie Avatar and I can tell you that computer generated images can be pretty darn realistic.  It’s not that difficult to start with a still image from a Facebook post and animate it enough to fool a biometrics app.

It might be more difficult to get an image of someone’s eyes, but is it really that hard?  How many close up selfies get posted every year?

There have also been several large data breaches that contained fingerprint information, so even that data might not be safe.

 Severe Weaknesses in Android Handsets could Leak Fingerprints

OPM now Says more than Five Million Fingerprints Compromised

Once your data is stolen you are out of luck since there is no way to change your personal data.

Even if your data is not stolen, recent research has shown that fingerprint sensors can be compromised with “master prints” containing common fingerprint features.

Fingerprint Sensor not as Secure as you Think

Biometric enrollment fraud

The dirty little secret of biometrics is that enrollment is the weakest link and in some cases makes fraud easier to commit than non-biometric systems.

Imagine that your bank is rolling out voice identification to verify your identity, but for it to work, they need several samples of your voice recorded in their system.

If a thief is the first one to call up and record their voiceprint, then they can bypass the new security measure that is meant to be safer.

Time will tell if biometrics emerge as a reliable form of security or if they will be as easily defeated as the username/passwords they are meant to replace.

 

 

 

Read More
creditcardfraudfeaturedIs $35 Billion in Card Fraud the “Cost of Doing Business”?

Is $35 Billion in Card Fraud the “Cost of Doing Business”?

Credit Card News, featuredApr 30, 2016

creditcardblog
Over the past year, I’ve been speaking with executives at banks and card networks about credit card fraud, and there’s one phrase I hear over and over again.

“Fraud is just the cost of doing business”.

In the banking industry, it seems like this is the “go to” response when someone asks about fraud, and it really got me thinking about how desensitized we’ve all become to the costs of fraud.

A few months back, The Nilson Report released their latest annual survey of the direct losses due to credit card fraud globally.

http://www.businesswire.com/news/home/20150804007054/en/Global-Card-Fraud-Losses-Reach-16.31-Billion#.VcJZlvlVhBc

As if the headline that card fraud losses had reached $16.3 billion was not scary enough, the report goes on to predict that by 2020, losses will grow above $35 billion annually, with $183 billion being lost in between.

The U.S. accounts for about 50% of the losses each year, even though we represent only 20% of transactions (Yeah, we’re number one).

I suppose at some level, if you look at the huge amounts of revenue US banks bring in from credit cards (more than $500 billion), then look at the $8 billion or so lost to card fraud, it can look like just a drop in the bucket.

In the real world, $8 billion is a staggering amount of money to be lost every year. This is a train wreck, a house fire, a travesty… you get the idea.  The worst part is that it’s not even close to the actual amount being lost.

What is the Real Cost of Fraud?

One problem with any study of losses due to fraud is that they often understate indirect costs related to the problem, such as the cost of prevention, and the cost of cleanup after the fact.

An interesting yearly study from LexisNexis tries to pinpoint this multiplier effect for merchants, and recently found that for every dollar in direct fraud losses, the true cost is closer to $3.08.

http://www.lexisnexis.com/risk/insights/true-cost-fraud.aspx

Another recent study by Javelin Research which looks at the total cost of card fraud in the U.S. places the current domestic losses at around $16 billion and growing quickly to $24 billion by 2018.

https://www.javelinstrategy.com/news/1586/92/Point-of-Sale-Card-Fraud-Predicted-to-Decrease-as-Card-Not-Present-and-New-Account-Fraud-Increases/d,pressRoomDetail

So, if the actual losses in the U.S. are 2-3 times higher than the reported losses, does this mean that what currently looks like an $8 billion tax on our commerce system is on its way to grow into a $35 billion catastrophe?

This doesn’t even count the fraud that’s not reported, re-classified, or otherwise swept under the rug to avoid admitting security problems.  And don’t forget about the cost incurred by consumers spending endless hours dealing with fraud on their own accounts.

I’m bringing in the thesaurus now to come up with more words to describe this calamity of cataclysmic proportions.

Who Pays for Fraud?

While I was at a banking conference last month, I sat in on a session where I heard an executive say to the audience, “People outside the industry just aren’t informed. They don’t have to pay for fraud. The banks cover all the costs.”

That comment got me thinking about who really pays for fraud.

Of course, the answer is that we all pay for it, and banks and merchants do a good job of hiding the cost in the form of higher fees, or higher prices.

When someone at a bank says that fraud is just the cost of doing business, it means that they have passed that cost onto someone else, namely their customers, and haven’t lost much business.

To bring the problem home a little more, if you take the $35 billion in real cost for fraud, and divide it by the 100 million or so households in the US, we’ll all soon be paying $350/year to cover up this problem.

Yikes!  If I have to pay $30 each month for something, I should at least get a free tee shirt or something.  Maybe we’ll all get bumper stickers that say “My credit card fees help support organized crime!”

Read More

Chip Shield © 2016 All Rights Reserved