Payment Security Innovations: Is Your Business Ready?

 I remember when retailers would swipe my credit card using a manual imprinter. This device used the embossing on my credit card to create an impression on carbon paper. That, coupled with my signature, was adequate authentication to clear credit card payments.

A lot has changed since then. For one, there has been a huge increase in credit card usage accompanied by an equally massive rise in credit card fraud. And since credit cards have emerged as the primary online payment mechanism, all participants in the credit card ecosystem expect faster transactions and settlements. Naturally, payment security has seen great advancements.

Despite the added protection that advancements in payment security offer, many merchants are often slow to adopt security innovations, according to a recent article in The Hill. That’s because changing technology is expensive, time consuming, and requires training. So we end up in a chicken and egg situation where most small businesses want to invest in new technology only once many others have already done so.

Yet, this is the not the first time small businesses have had to adopt new payment security technology: magnetic stripes on cards, holograms, CVV numbers, EMV-enabled cards have all provided enhanced payment security for businesses.

So where do we go from here? It’s important to accept that it’s hard to time security decisions: You are often either moving in too early or too late. One of the most indicators is to consider who is promoting this innovation. In a space where change is not easy to push through, only the strongest innovator can succeed.

And here’s the icing on the cake: often organizations that are pushing new technology are happy to partly or wholly subsidize setup costs. So if your business role doesn’t keep you in direct contact with customers and competitors, make sure to tune into the latest trends in payment security marketplace. Here are three upcoming payment innovations and how to prepare for them.

Compliance with enhanced PCI DSS requirements:
While no one disputes the intent of the PCI DSS (Payment Card Industry Data Security Standard), small businesses have often found it cumbersome to comply with. As the pace of payment innovation accelerates, the standards are likely to get increasingly stringent.

To reduce the burden of compliance, consider using a payment solution that does not allow you to access customer data. These payment solutions transmit customer data directly to your payment processor. Since you have no way of accessing customer data, the scope of PCI DSS compliances reduces substantially.

Security innovations in retail: If you physically swipe your customer’s credit or debit card, you capture their payment information. You need to exercise a great deal of caution so that this information doesn’t get compromised. This isn’t something you can buy off the shelf, as it has to be provided by the payment solution provider. MasterPass, for example, includes risk detection tools that can protect against fraud.

Regardless of the nature of payment innovation, confidential data has to be captured and transmitted. That puts the focus on encryption. Encryption is changing rapidly and you will have to make sure your providers are on top of it.

Biometric and other factors of authentication: Many of the upcoming payment security innovations are based on capturing an additional factor of authentication. This means that other than solely relying on a swiped card, new payment methods might require a fingerprint, a face scan, or another form of customer authentication, such as a selfie.

My prediction is that by end 2017, we will see a sizeable adoption of biometric authentication. However desirable that might be, biometrics are going to need at least one new data capture device. And what if wearable technology changes the way customers pay? Or mobile payments become far more popular? While using heartbeat to secure mobile payments may seem farfetched, facial scans for mobile payments may not be.

Regardless of which new method gains popularity, retailers may need additional hardware for authentication. And this tends to be a huge sore point with small business owners. The best way to handle this in the short term is to offer customers several payment alternatives that do not require additional hardware. It’s quite likely that the customer would be able to use at least one of those alternatives. Once an authentication mechanism becomes quite popular, you will find it easier to invest in new hardware. Nothing can stop the march of innovation. As a business owner it’s up to you to be prepared.

Ajeet Khurana
Ajeet Khurana
Ajeet Khurana wears many hats: author, angel investor, mentor, TEDx speaker, steering committee of the NASSCOM Start-Up Warehouse, Director of Founder Institute, Venture Partner with the seed initiative of a top Venture Capital firm, and former CEO of IIT Bombay’s business incubator, among others. Before all this, he was entrepreneurial twice in the field of education and web publishing. As a lecturer at the University of Texas at Austin, he taught e-commerce back in 1993, when the term "e-commerce" had not yet been coined. An undergrad in computer engineering from the University of Mumbai, and an MBA from the University of Texas, Ajeet is presently an active name in the startup ecosystem. From starting two ventures as a solopreneur, to helping a large number of startups with their go-to-market, he has never shied from getting his hands dirty. At the same time he has helped dozens of startups raise investment. He truly believes that small business owners are driving change in the world, and need to be facilitated as much as possible. Innumerable small businesses have gained from his attitude, vast professional networks, financial acumen and digital mindset.

See all posts by Ajeet Khurana
  • All views expressed on the published articles at are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.