I recently stumbled across an old white paper I wrote with Neil McEvoy some 15 years ago on the subject of securing retail payments and found it fascinating to read with older eyes. The white paper started with a nod to the “ancient” art of securing payments
“For as long as people have been trading goods with each other, there has been the potential for fraudulent transactions and the need for measures to secure payments against attempted fraud.”Securing Retail Payments, Consult Hyperion, January 2004
Now that I myself am ancient (according to my kids, anyway) I look back on the picture we painted a decade and a half ago with a strange sense of déjà vu as I read my younger self lament the disparity in fraud levels between card present and card not present, and discuss the options for closing that fraud gap and generally making the (payment) world a safer place.
If I’d been re-reading this white paper 5, or even 2 years ago, I’d probably have given a wry smile, contemplated how little had changed and put it back in the drawer before moving on to the next thing. Today was different. What I found most interesting, was that one of the ideas we presented was the concept of a distributed payment terminal for the online environment. We suggested that the disjointed, variable experience of the online world needed to come closer the consistent, certified experience EMV provided for chip and PIN. In 2004 the prototypes we built to prove this concept involved moving the terminal logic and security onto a big grey computer hosting a web server (today we call that, putting it in the ‘cloud’).
It was a little bit of a blue sky idea at the time… using EMVCo specifications and standards to deliver a secure online checkout experience with cross industry interoperability and consistent security…Crazy huh?
In December, the Visa Global Head of Payments Products and Platforms TS Anil described the new EMVCo’s Secure Remote Commerce (SRC) specification as EMVCo’s opportunity to create:
“…a single digital terminal that can be used to create a secure, interoperable experience when consumers check out online”Visa On SRC As eCommerce’s Single Digital Terminal Future, pymnts.com, December 2018
And I think he’s right. What online payments have been crying out for is the industry to raise the bar. The lowest common denominator of typing in a PAN and expiry date has to become a thing of the past and that will only happen if the entire ecosystem moves to a new way of transacting.
EMVCo has by and large succeeded in delivering this ecosystem change at retail point of sale with the introduction of contact and contactless chip payments. Can they do the same for the online world with SRC? Time will tell; there are other initiatives vying for the prize that we’re closely watching too, but I have to say, after 15 years of waiting, it’s nice to see them giving it a go.