-
World of Warcraft players are willing to buy security tokens at $6.50 a pop. Why aren't bank customers?
December 29
The video-game industry is amping up its defenses after hackers penetrated numerous payments systems last year.
Banks could learn from watching.
"Gaming has always been a great place to try interfaces … that can be put to use in high-security, more functional areas such as banking and health," says Billy Pidgeon, a senior analyst for M2 Research of Encinitas, Calif.
The latest development in protection technology will likely occur at Nintendo. The Japanese game maker's president, Satoru Iwata, told investors last week that it is about to include a near-field communication reader in its controller for the next version of the popular Wii game system.
An NFC reader would allow customers to use the improved security of a contactless card or mobile wallet to make payments.
Contactless payment is also a smoother technology, as customers could avoid the tedious process of typing in the same name, address and account data for every single purchase.
"That's a clear benefit to the customer," says Jacob Jegher, a senior analyst at Celent. "You're minimizing your burden. You're getting to your game faster."
Contactless cards use dynamic data, a unique code generated for each transaction. If that data is stolen, it cannot be reused to clone a card or to make further purchases. This data is also not shown to the consumer making the payment, so it cannot be stolen in a phishing attack.
But dynamic data has a problem: it cannot be used online without a special reader. Banks have run into the very same issue. They’ve long considered methods for allowing customers to use a card for payment or authentication for online banking, but the stumbling block has always been consumers' resistance to buying special hardware to use for payments.
This obstacle may vanish soon. Intel Corp. is working with companies such as MasterCard Inc. and SecureKey Technologies Inc. to add contactless payment readers to some of its notebook computers. A further security boost may come from Microsoft's Kinect hands-free controller, which can be used for facial recognition and other security functions. Microsoft is adapting Kinect, which was designed for its Xbox 360 game console, to work with Windows PCs, and some computers will reportedly come with the technology
"There has to be some sort of disruption that takes place … in order to further security," says Jegher. "If [banks] can
Game companies may be especially motivated to disrupt their user experiences in the name of security, since they have been prominent targets of payment-data breaches in the past year.
PlayStation maker Sony Corp. reported a breach that affected up to 77 million people, many of whom gave Sony their bank card data to make repeated purchases of games, movies and other media. Valve Corp, which sells downloadable PC games through its popular Steam service, reported a breach that affected 35 million users.
Nintendo's next Wii (which it is calling the Wii U) may have other security features besides NFC that banks can adapt. The Wii U will use a tablet-shaped touchscreen controller, which looks like an iPad with buttons along the edges. The controller will have a built-in microphone and front-facing camera, which could possibly be used for biometric identification. The touchscreen could be used to capture signatures.
And since Nintendo has a reputation among gamers as favoring security over convenience, particularly for online interactions, its example might translate well to the banking world, Pidgeon says.
"Nintendo is a good company to look at because they tend to be more conservative in terms of customer comfort, to their own detriment at some times," he says.
Nintendo has supported payments home systems since the Wii's 2006 launch and on handheld devices since 2008, which is about as long as the iPhone App store has been around.
To reduce risk, Nintendo set strict limits on how much can be purchased on those systems. On its handheld system, the 3DS, a stored-value account can hold just $200 at any one time, and users are prohibited from spending more than $1,000 in any month. (Nintendo declined to be interviewed for this story, but it
Even if banks can duplicate Nintendo's efforts, they might want to consider a different technology besides NFC, which is not yet used by the majority of consumers.
"I continue to become more and more skeptical about NFC as time goes on," says Aaron McPherson, a practice director at the Framingham, Mass., research firm IDC Financial Insights. "If [Nintendo] wants to do micropayments, there's so many other ways they could do it."
