Security issues in retail credit card processing

Protecting customers’ credit card information has always been a topic of concern for retailers. Yet we live in an era where hackers can access consumers’ personally identifiable payment information (PII) at a macro level that was never before imaginable. To get an idea of how many consumers are affected by security issues in credit card processing, one can just take a look at the Dunkin’ Donuts loyalty programme breach, at Facebook’s millions of compromised users, or at British Airways’ 185,000 customers whose data was stolen by hackers. Data breaches can turn loyalty programmes into liabilities and destroy shoppers’ faith that retailers can protect their data, resulting in customers being hesitant to share their personal information with retailers and even reluctant to shop with new retailers that they don’t know.

In an era where much of the world’s data is available at the touch of our fingertips, the retail industry is still struggling to ensure the safety of customers’ credit card information. Only 18% of customers feel ‘very confident’ trusting online retail sites with their personal information, which explains why the use of third-party payment arbiters such as Apple Pay and PayPal is on the rise for retail transactions.

Let us take a look at some of the biggest security issues in retail credit card processing, as well as two innovative solutions that will be widely adopted in the coming years.

Retailers shoulder expense of EMV

Retailers are being held increasingly liable for credit card fraud that takes place in their stores. Signature-based credit card security measures are often privy to fraud and are thus falling by the wayside in favour of the significantly more secure chip and pin (EMV) verification method.

Retailers have been expected to shoulder the expense of updating from traditional swipe-and-signature and the slightly more modern (yet still ineffective) chip-and-signature credit card processing to EMV verification – an expense which the National Retail Federation estimates costs retailers an average of USD 2,000 per chip reader and more than USD 30 billion across the US alone. This expense is more than many retailers can bear, which is slowing the pace of worldwide EMV adoption.

EMV adoption also doesn’t prevent online fraud, since customers usually aren’t required to enter their credit card PIN numbers for online transactions. So, while EMV is a dependable fraud deterrent for retailers who operate brick-and-mortar stores, additional security methods are required to protect consumers’ online payment information.

Third-party data breaches

Third-party data breaches dominated headlines in 2018, with hackers targeting retailers’ – such as Dunkin’ Donuts – loyalty programmes to steal customer credit card information, to then sell it to identity thieves on the dark web. In fact, fraud is one of the top payment-related challenges faced by modern retailers – especially those with ecommerce operations, since EMV isn’t a deterrent to online data breaches.

Consumers are understandably concerned about who has access to their data and how that data is being used, so this increase in third-party data breaches could also lead to consumers’ reluctance to participate in loyalty programmes, as well as a reluctance to share both personal and payment data with retailers.

Since hackers are always evolving their methods of attack to defeat the security methods that retailers invest in to protect their customers’ personal data, retailers need to make security a priority and to update their security systems whenever new technologies emerge – in addition to reviewing their operation regularly to identify where there may be potential for a breach.

Hope for the future

Credit card companies are releasing some exciting technologies geared towards helping retailers protect customer data in 2019. The first is Apple Card’s dynamic credit card pin (powered by Mastercard) which uses a rotating CVV code to make it harder for thieves to steal customers’ credit card data. Apple Card is made out of titanium, it doesn’t use a credit card number, and it is built to be used in conjunction with iPhones.

Apple Card is expected to protect customer data from less nefarious data-mining initiatives since the company itself won’t store data on where customers shopped or how much they paid for certain items. While Apple Card was only recently debuted, this type of dynamic credit card technology may be the future of secure retail payments.

Mastercard is experimenting with biometric sign-in using fingerprint or facial data, similar to what’s used on iPhone X. The credit card provider has already dipped its toes into biometric authentication in 2018 with its credit card Gemalto, which uses a fingerprint sensor to authenticate customer transactions in attempt to combat online fraud.

Biometric authentication as a whole is expected to face wide adoption in the retail industry, as it can greatly reduce the opportunities for retail fraud, as well as protect customer data. Voice biometrics may be the next step for payment authentication, but card network providers haven’t yet figured out a way to make voice authentication completely infallible. Payment Depot reports that, even if some may find this idea a bit far-fetched, biometric authentication is expected to support over 18 billion payments by 2021, meaning that this technology will see a prominent expansion in 2019.

With every security issue that comes up, retail payment technology continues to evolve towards a future of more secure and more profitable omnichannel transactions. Through biometric authentication, rotating credit card pins, and iPhone-enabled payments, consumers will soon have a lot more control over who has access to their credit card data and how that data is used. Credit cards processing is expected to get a whole lot more secure, and the retail industry is ready for it.

About Jasmine Glasheen

Jasmine Glasheen loves finding ways to help retailers get noticed by next-generation consumers. As contributing editor at Retail Wire, payment trend researcher at Payment Depot, and contributor to IBM, Retail Minded, and Sourcing Journal, Jasmine has a unique perspective on the big conversations happening in and surrounding the retail industry. Jasmine cut her teeth working for trade show publications where she gained first-hand supply chain and marketing insights and a passion for helping modern retailers bridge the generation gap to reach young consumers. Jasmine is a Vend Top 100 retail influencer, and her Instagram handle, @MillennialRetailSavant, was named by Vend as one of top 15 retail Instagram accounts to follow.