The Secure Remote Payment Council reached a watershed moment of sorts last month when it cosponsored a one-day symposium with the Federal Reserve Board of Chicago.
The Fed’s participation illustrated the central bank’s concern with securing remote payments, notes Steve Elefant, the former chief information officer at Heartland Payment Systems Inc. who now is managing director for venture capital firm Soaring Ventures Inc.
The organization’s goal is to promote a set of best practices for payment companies and merchants involved in e-commerce and mobile transactions.
However, the council must address a number of issues before agreeing on which best practices to promote, says Elefant, who is a council member.
“On the mobile side, there are ways to secure [sensitive information] that gets into the phone using encrypted readers,” Elefant says regarding mobile-acceptance devices. “No matter what kind of [malicious software] is in the phone, if [the information is] encrypted, it’s just going to pass through the phone on the way to the processor.”
Elefant should know a thing or two about the process. He was with Heartland when the payment processor announced Mobuyle, a mobile application and card reader for merchants seeking mobility and security (
To help secure e-commerce transactions, the council is working with industry stakeholders to determine how to protect the data as early as possible in the payments process, Elefant notes.
“I think there is no one right answer here,” he says. “There are a lot of stakeholders with different agendas, and the council–and the Fed even–are trying to think through a lot of different scenarios.”
Elefant does not favor is putting more responsibility for securing payments on consumers.
Several executives who spoke at the symposium suggested consumers do more to protect their transactions. Others, however, cited consumer apathy toward such authentication methods as MasterCard Worldwide’s SecureCode and Verified by Visa.
“As a merchant and as an industry, we don’t want to create more friction to make it harder for people to buy,” Elefant says. “The whole idea is to make it as simple as possible, like the Amazon’s 1-Click idea.”
Amazon’s 1-Click enables consumers to enter their payment preference and shipping address once and then click a single button to pay in subsequent visits to the online retailer.
“I think the industry has to look at how we can use various tools between end-to-end encryption and tokenization and securing the environment at the [point of sale] instead of trying to push this onto the consumer,” Elefant says.
What do you think about this? Send us your feedback.
