Category : featured

BlogImageAppleIs Apple Pay Losing its Shine?

Is Apple Pay Losing its Shine?

Recent surveys show Apple Pay adoption in the US may be declining and concerns about security still plague the service.

PYMNTS.com recently published an insightful analysis around the trends in ApplePay adoption, and it’s starting to look like only a core group of die-hard fans are using the service.

My guess is these are the same people still wearing Apple watches but I may be wrong. 

http://www.pymnts.com/news/payment-methods/2017/apple-pay-adoption-down-and-so-is-the-hype-mobile-pay-usage/

 

Security of Apple Pay still a concern for customers

A recent article from the Wall Street Journal pinned the decline on security fears and merchants not doing enough to train their staff.

https://www.wsj.com/articles/apple-pay-promised-to-make-plastic-obsolete-then-came-wary-shoppers-confused-clerks-1491384606

I’ll go on record and say I’m very impressed with the security features of Apple Pay and most concerns from users are misplaced.

With that said, it doesn’t help that people are learning that even the fingerprint sensors on their phones are not as secure as they thought.

A recent NY Times article highlights the work of researches who were able to fool fingerprint sensors with a set of fingerprints with “common” traits.

https://www.nytimes.com/2017/04/10/technology/fingerprint-security-smartphones-apple-google-samsung.html?smid=li-share&_r=1

Yikes!  I’m going to start using my toes!

 

Too many clicks!

As cool as it sounds to use your phone to pay at a store, the reality is that it’s not much easier than just pulling a card out of your wallet and putting it in the reader.

Even if it were significantly easier, the other reality is that you still have to carry your plastic cards wherever you go.

Someday there might be 100% acceptance of Apple Pay and we can leave the plastic at home, but until that happens, we will carry both and figure out which one to use at every store.

 

What’s next?

MasterCard recently announced a kind of “retro” idea to ditch the mobile wallets and put fingerprint sensors right on the card.

https://www.engadget.com/2017/04/20/mastercard-biometric-fingerprint-card/

It’s an interesting idea that answers some security concerns in the store, but doesn’t do much for mobile or desktop e-commerce payments (unless you have a Chip Shield card reader!).

I think we’ll end up with lots of ways to pay for things and there will never be a single approach that everyone adopts.

I’m still waiting for Telepathy Pay that orders me pizza whenever I think about being hungry.

Read More
BlogImageEyeHow Secure are Biometric Payments?

How Secure are Biometric Payments?

There’s been a lot of buzz around the payments industry lately with news about MasterCard testing “selfie pay” and banks like Wells Fargo experimenting with eyeball scanning software.

Surveys show that people like these approaches because they are more convenient that using passwords but it does raise questions around how secure they really are.

        MasterCard Makes Selfie Pay a Reality

        Wells Fargo to Verify Customers through Eye Prints

Can biometrics apps be fooled?

I’ve seen the movie Avatar and I can tell you that computer generated images can be pretty darn realistic.  It’s not that difficult to start with a still image from a Facebook post and animate it enough to fool a biometrics app.

It might be more difficult to get an image of someone’s eyes, but is it really that hard?  How many close up selfies get posted every year?

There have also been several large data breaches that contained fingerprint information, so even that data might not be safe.

 Severe Weaknesses in Android Handsets could Leak Fingerprints

OPM now Says more than Five Million Fingerprints Compromised

Once your data is stolen you are out of luck since there is no way to change your personal data.

Even if your data is not stolen, recent research has shown that fingerprint sensors can be compromised with “master prints” containing common fingerprint features.

Fingerprint Sensor not as Secure as you Think

Biometric enrollment fraud

The dirty little secret of biometrics is that enrollment is the weakest link and in some cases makes fraud easier to commit than non-biometric systems.

Imagine that your bank is rolling out voice identification to verify your identity, but for it to work, they need several samples of your voice recorded in their system.

If a thief is the first one to call up and record their voiceprint, then they can bypass the new security measure that is meant to be safer.

Time will tell if biometrics emerge as a reliable form of security or if they will be as easily defeated as the username/passwords they are meant to replace.

 

 

 

Read More
creditcardfraudfeaturedIs $35 Billion in Card Fraud the “Cost of Doing Business”?

Is $35 Billion in Card Fraud the “Cost of Doing Business”?

creditcardblog
Over the past year, I’ve been speaking with executives at banks and card networks about credit card fraud, and there’s one phrase I hear over and over again.

“Fraud is just the cost of doing business”.

In the banking industry, it seems like this is the “go to” response when someone asks about fraud, and it really got me thinking about how desensitized we’ve all become to the costs of fraud.

A few months back, The Nilson Report released their latest annual survey of the direct losses due to credit card fraud globally.

http://www.businesswire.com/news/home/20150804007054/en/Global-Card-Fraud-Losses-Reach-16.31-Billion#.VcJZlvlVhBc

As if the headline that card fraud losses had reached $16.3 billion was not scary enough, the report goes on to predict that by 2020, losses will grow above $35 billion annually, with $183 billion being lost in between.

The U.S. accounts for about 50% of the losses each year, even though we represent only 20% of transactions (Yeah, we’re number one).

I suppose at some level, if you look at the huge amounts of revenue US banks bring in from credit cards (more than $500 billion), then look at the $8 billion or so lost to card fraud, it can look like just a drop in the bucket.

In the real world, $8 billion is a staggering amount of money to be lost every year. This is a train wreck, a house fire, a travesty… you get the idea.  The worst part is that it’s not even close to the actual amount being lost.

What is the Real Cost of Fraud?

One problem with any study of losses due to fraud is that they often understate indirect costs related to the problem, such as the cost of prevention, and the cost of cleanup after the fact.

An interesting yearly study from LexisNexis tries to pinpoint this multiplier effect for merchants, and recently found that for every dollar in direct fraud losses, the true cost is closer to $3.08.

http://www.lexisnexis.com/risk/insights/true-cost-fraud.aspx

Another recent study by Javelin Research which looks at the total cost of card fraud in the U.S. places the current domestic losses at around $16 billion and growing quickly to $24 billion by 2018.

https://www.javelinstrategy.com/news/1586/92/Point-of-Sale-Card-Fraud-Predicted-to-Decrease-as-Card-Not-Present-and-New-Account-Fraud-Increases/d,pressRoomDetail

So, if the actual losses in the U.S. are 2-3 times higher than the reported losses, does this mean that what currently looks like an $8 billion tax on our commerce system is on its way to grow into a $35 billion catastrophe?

This doesn’t even count the fraud that’s not reported, re-classified, or otherwise swept under the rug to avoid admitting security problems.  And don’t forget about the cost incurred by consumers spending endless hours dealing with fraud on their own accounts.

I’m bringing in the thesaurus now to come up with more words to describe this calamity of cataclysmic proportions.

Who Pays for Fraud?

While I was at a banking conference last month, I sat in on a session where I heard an executive say to the audience, “People outside the industry just aren’t informed. They don’t have to pay for fraud. The banks cover all the costs.”

That comment got me thinking about who really pays for fraud.

Of course, the answer is that we all pay for it, and banks and merchants do a good job of hiding the cost in the form of higher fees, or higher prices.

When someone at a bank says that fraud is just the cost of doing business, it means that they have passed that cost onto someone else, namely their customers, and haven’t lost much business.

To bring the problem home a little more, if you take the $35 billion in real cost for fraud, and divide it by the 100 million or so households in the US, we’ll all soon be paying $350/year to cover up this problem.

Yikes!  If I have to pay $30 each month for something, I should at least get a free tee shirt or something.  Maybe we’ll all get bumper stickers that say “My credit card fees help support organized crime!”

Read More