The task of risk management in the payments business keeps getting bigger. Where once the concern was confined to payments alone - starting with counterfeit checks and currency - payment electronification has created a universe of potential risks. Risk now includes fraudulent cards, system and network hacks, data breaches, and account takeover with all the havoc that can produce.

And we’re seeing how these impact the reputation and value of businesses even when the hack has nothing to do with payments. (By the way, bogus checks and counterfeit twenties are *still* a problem.)

We’ve touched on this topic in multiple ways on Payments on Fire®. We’ve spoken with Ethoca about its data sharing capabilities. We’ve spoken with Feedzai about its AI and machine learning technology. We’ve spoken with White Pages Pro and its data correlation capabilities. And we’ve spoken to companies deeply involved in the problem of online identity.

Each of those has a particular approach, a particular technology, or a combination of approaches, to apply to the problem of e-commerce or CNP fraud.

In this podcast, we talk to Tricia Phillips, SVP of Product and Strategy, at the fraud and risk management firm Kount. Protecting some 6,500 e-commerce merchants, banks, and payment platforms, Kount takes a deeply layered approach to the risk and fraud management.

This deep dive discussion takes us into not only Kount’s approach but into what fraudsters are doing today and the damage they can do, even to non-payments companies like Yelp. It’s a scary scene. Tricia takes us through it with insight and experience.

If Risk in Payments is a topic of interest, check out our upcoming Insight Workshop by the same name. Led by Russ Jones and Yvette Bohanan, you won’t find a more knowledgeable team to guide you through what is, as I hope we’ve demonstrated, one very complex topic.

Direct download: EP96_Kount.mp3
Category:general -- posted at: 4:16pm EDT

One of the biggest payments challenges for merchants is how to handle payment data - whether it’s at the POS or in the remote domain where e-commerce and mobile payments take place. A lot of this concern is driven directly by PCI DSS compliance and broadly by the reputational risk data breach represents.

One of the major techniques merchants employ, in order to remove the need to store payment data, is tokenization - the replacement of the high value card data with a low value representation managed by another party. Merchants just store the token for lookup purposes while the third party maintains the database that links these low value tokens to the true primary account number or PAN.

At Glenbrook, we refer to these as merchant tokens because they are specific to and paid for by the merchant. We’ve also heard them referred to as acquirer tokens because the tokenization function is often performed by the merchant’s acquirer, processor, gateway, or payment service provider.

Makes sense, right? Put the radioactive payment card data into another party’s hands.

But for large and mid-size merchants, the provision of tokenization services to an acquirer has a few downsides:

  1. The token database maintained by the provider is specific to the merchant. If the merchant wants to shift to another provider, tokenization portability can be an issue and a costly one.
  2. In our merchant work, we are seeing the largest ones looking at a multi-acquirer topology for cost, redundancy, and channel flexibility purposes. But each acquirer will use its own tokenization scheme, adding complexity and limiting functionality.
  3. Omnichannel merchants may employ one provider for POS transactions and another for ecommerce. That doesn’t work when you want to provide a consistent experience to your returning customer. You want a token that works across channels, i.e. an omnichannel token.

In this Payments on Fire® episode we talk with Alex Pezold, CEO of Token, an acquirer neutral, independent tokenization provider. We talk a lot about protecting payment and bank account data. But we also address the growing need for protecting other data assets and how tokenization can help accomplish that.

Direct download: EP95_Tokenex.mp3
Category:general -- posted at: 4:26pm EDT

Digital identity is one of the most solution resistant challenges to online commerce and, indeed, our online lives. It is basic to online trust, an elusive condition undermined by data breaches, abuse of our data by service provider, and fraudsters.

That’s not say we aren’t trying. Providers of all stripes are applying their value add to the problem. Smartphone makers have a role. Fraud management providers see themselves as having a role because they see so many users visiting their merchant customers’ websites or using their apps.

Networks do, too, as evidenced by Mastercard’s recent interest in identity services.

Then there are specialists in identity who play a role between the end user and the party granting access to a service, i.e. a bank. Today’s podcast is with SecureKey, a Canadian firm that has built a system to generate online trust while not sharing too much data between the parties.

Blockchain technology has increasingly gotten the attention of those in the identity space because the idea of having an immutable database as a single source of truth for identity credentials just seems so obvious.

Well, it’s not exactly as simple as putting your drivers license on a blockchain. SecureKey has partnered with IBM to use blockchain technology in support of its function as a provider of identity services.

SecureKey’s Verified.Me service gives the user the ability to quickly identity themselves and to share only the personally identifiable information they consent to share. Customers include Canadian banks CIBC, Desjardins, RBC, Scotiabank and TD. BMO and National Bank of Canada will be available later this year.

Take a listen to this conversation with Andre Boysen, SecureKey's Chief Identity Officer, and Glenbrook’s George Peabody and imagine the power of coupling a service like this to strong authentication services that use biometrics.

Direct download: EP94_SecureKey.mp3
Category:general -- posted at: 5:29pm EDT

1