Bitcoin Answers Payment Questions
By R.J. Carver, Corporate Development Associate, Plug and Play Tech Center
With major credit card breaches recently confirmed at a number of America's largest retailers, payment security has become a serious problem almost overnight. Target, P.F. Chang's, Home Depot, and multiple other household names have been added to the growing list of compromised operations. The root of the problem is the complex and outmoded process by which credit card transactions are completed at the point-of-sale, and there are a number of emerging financial technologies that have the potential to account for this inherent vulnerability.
To complete a credit transaction, a given merchant must communicate with an acquiring bank in order to confirm that the user has sufficient credit on a valid card. Doing so requires the vendor to store card owners' personal data, which is then sent to the bank electronically.
POS Blues
Modern retailers use what is known as a point-of-sale (POS) system, which expedites the process by extracting information from a chip or magnetic stripe on the credit card to be communicated via a direct link to an acquiring bank. POS systems have been in use for the past few decades, and retailers are slow to replace ones that are already functioning. The storage and movement of card owners' valuable personal data is often done using outdated software on machines that are decades old, making merchants easy targets for hackers that want to commit credit fraud.
This issue is compounded by the fact that said outmoded POS platforms are also often remotely administered with simple password protected accounts.
The most recent breach occurred with the nationwide sandwich chain Jimmy John's, where the personal information of each customer that swiped a credit card at one of 216 stores was compromised. A press release posted on the company's website explains the method by which hackers used the point-of-sale terminals, installed by vendor Security Systems Inc., to access customers' information.
According to their website: "It appears that customers' credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John's point-of-sale-vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations."
The announcement of this breach comes almost immediately following news of a similar operation that affected Goodwill Industries International over the course of 18 months. Goodwill's POS technology vendor C&K Systems confirmed that their terminals had been exploited by the same form of malware that compromised 40 million credit cards at Target and 56 million at Home Depot. The malware employed in the attack was designed to extract the data stored on the magnetic strip of each card, enabling hackers to manufacture counterfeit versions for their own use.
In the Chips
With all of the negative media coverage surrounding the credit card breaches just discussed, the question of payment security has been on the American nation's mind. Recent trends in financial technology indicate a desire to move away from traditional banking and payment systems. Advancements such as the integration of Near Field Communication (NFC) chips in high-end smartphones, cloud computing, and the advent of digital currency have the potential to circumvent the complications that make vendors and their customers vulnerable to fraud.
NFC chips are a standard feature on Apple's iPhone 6, Samsung's Galaxy s5, and a few other top of the line smartphones. The NFC chips that are being implemented in today's smartphones are similar to the EMV (Europay, Mastercard, and Visa) or 'chip-and-pin' microchips being integrated into newer credit cards to reduce fraud. These chips employ radio waves to complete transactions using information that is encrypted on the user's cell-phone or card, making it more difficult for criminals to steal and use customers' information.
Pay By Phone
Using a smartphone rather than a credit card for payments is advantageous in terms of security for a few reasons. One of the most promising platforms in the NFC Payment space, Apple's ApplePay, stands as a great example. ApplePay was announced with the release of the iPhone 6, offering enhanced security by using an encrypted NFC chip in conjunction with Apple's Touch ID. A given user is required to supply a fingerprint prior to the completion of any transaction, which provides an extra layer of security through biometric validation.
Bitcoin Offers Unique Features
Cryptocurrencies have been a major topic of fintech discussion since the announcement of Paypal's decision to partner with Bitcoin payment processors BitPay, Coinbase, and GoCoin.
I sat down with Coindesk's contributing editor Daniel Cawrey, who stated: "In the Bitcoin space, payment security is critically important to success. BitPay in particular has long had the stance that credit cards were not built for the Internet, which I think is entirely accurate."
By using a system that is purely peer-to-peer, Bitcoin provides a way for users to make electronic payments directly to one another without the use of a financial institution as a trusted third party. Bitcoin transactions are also completed using an encrypted electronic wallet that cannot easily be traced to a specific owner. By providing users with a way to send payments directly to each other without the use of personal information, cryptocurrency offers a layer of security where POS systems have been vulnerable to attack.
Cloudwalk: Best of Both Worlds
Cloudwalk, a member of Plug and Play's Retail Accelerator, offers a one-stop open payment platform on the cloud. By providing a third party platform based on the cloud, Cloudwalk is able to manage the security of POS software for any type of terminal in the same place.
One of Cloudwalk's founding members, Behzad Malek explains: "Cloudwalk is an EMV platform that is on the cloud, so it is the best of both worlds. It has EMV security, so the latest and greatest in the market in terms of microchip cards, and at the other end the efficiency of the cloud."
By combining the EMV technology used in NFC enabled cell phones with cloud computing, Cloudwalk provides a scalable, efficient, and secure payment solution. They work with acquiring banks and merchant solution providers to give customers a way to manage all of their payment terminals in the same place with full visibility. They are working across a wide range of POS hardware to establish a secure link through which large corporations are able to update and manage their systems to effectively protect them against credit fraud.
With credit card fraud on the rise, there will be a serious push to move away from magnetic strips and traditional POS methods. As credit card companies work towards EMV Compliance, emerging technologies such those previously described bring with them the potential to change the way we think about traditional payment systems altogether. If credit breaches continue to gain national media exposure, the advent of NFC-enabled smartphones and digital currency may render physical wallets completely obsolete much sooner than we think.
More Web Exclusives/Guest Commentaries