A group of payments industry executives and analysts have teamed up to create a trade group focused on promoting security efforts for online debit transactions and mobile payments.
The Secure Remote Payment Council, as it is called, does not plan to back one product over another, but instead will focus on evaluating any and all security tools, said Paul Tomasofsky, the president of Two Sparrows Consulting of Montvale, N.J., and a member of the council's steering committee.
As online-PIN debit payment formats such as Acculynk Inc.'s PaySecure model gain traction in the marketplace, the council's steering committee members believe a standard security authentication process will be needed.
The organization does not plan to develop standards, such as the Payment Card Industry Security Standards Council, but instead will promote a set of best practices for payments companies.
Focusing on the technology of Internet debit and mobile payments may be getting in the way of concentrating on the security aspects of such transactions, said Mike Keresman, the chief executive, president and chairman of Commercial Commerce Corp., a Mentor, Ohio, specialist in authentication systems.
"You have significant debit traction in the United States and abroad and no one seems to be addressing remote payments and making them safe [regardless] of the technology," said Keresman, who is also a member of the council's steering committee.
Alternative payment formats, such as PayPal Inc. and Google Inc.'s Checkout service, which allow consumers to use debit cards to complete online transactions, also need to be evaluated, Keresman said.
Reducing fraud tops the list of objectives for the council. In 2008, fraudulent transactions accounted for 1.4%, or $4 billion, of the $145 billion spent online by consumers, according to a MasterCard Advisors study cited by the council. Debit cards are used in 30% of online transactions, the report said.
Those numbers "set up the metrics that support our strong feeling that we have a need for a council such as the one we are advocating," said Mike Strada, the group manager of debit product for JPMorgan Chase & Co.'s Chase Paymentech Solutions LLC and another member of the council's steering committee.
While online debit products spurred the members to form the council, mobile payments also are steadily gaining traction in the marketplace.
"You throw mobile into the equation and you have the challenge of protecting payment credentials on the phone," he said.
Merchants that conduct a significant amount of business remotely are "looking for answers [with security] that aren't being addressed by the traditional associations," Keresman said.
The council's formation is still in the preliminary stages, but it has a Web site at www.secureremotepaymentcouncil.org.
The council plans to have a board of directors in place by 2010.
The committee believes the organization will garner interest from merchants' financial institutions, merchant processors, issuer processors, payment brand companies, payments authentication hardware providers, payments authentication software providers and payments consultants.
"We're creating a gathering place for those interested groups to help establish some best practices and get that going in one direction for everyone so that [those practices] can be maintained," said Paul Turgeon, the president of Payments and Processing Consultants Inc. and a member of the steering committee.