4 minute read

Amidst a payment revolution, issuers cite security as the highest priority

Tuesday, February 20, 2024

4 Minute Read

The financial industry is clearly in the midst of a payment revolution. It’s both exciting, and a bit daunting at the same time. Open banking, artificial intelligence, blockchain technology, real-time settlement, embedded payments and digital wallets all remain front and center for executives in the United Kingdom, Europe and beyond. Yet one issue remains above them all in terms of priorities: the need to keep data secure as the industry adopts new technologies and rolls out new products.

This feedback was very clear in the recently released Global Payments 2024 Commerce and Payment Trends Report, an annual survey of issuers and merchants published by Global Payments. About 64% of issuers rated the importance of the security of customer data as a nine or 10, on a scale of 10, involving tools such as biometric payment authentication, encryption and tokenization, according to the report. That far outpaces the next frequently cited priorities for 2024: 38% of issuers rated the importance of embedded payments a nine or 10, 37% said the same for using AI in commerce or payments, and 36% said so for Generation Z-focused payment preferences.

At TSYS, security has always been a top priority, and we know it’s the same for our clients. For issuers, the stakes are high, in terms of financial and reputational risks. Each new technology brings the need for more security. For example, the growth of open banking, where consumers are able to complete transactions from their bank accounts without the need to input their card details or authentication identifiers, typically requires more investment in sophisticated security tools to support the framework. Meanwhile, the rising popularity of embedded payments and digital wallets also supports the need for strict attention to data security. Frequent conversations with our clients support these trends.

Inherent in the securing of data is the challenge of how to reconcile what consumers want—more convenience—with a frictionless experience for account logins and at the point of sale. Meanwhile, fraudsters never stop looking for new ways of stealing customer data and exploiting loopholes in new technologies.

When it comes to security, we have new insights and observations, based on Global Payments’ survey of 91 issuers (seven in 10 of whom have 5 million or more cardholder accounts) covering Europe, North America and Asia, and from subsequent discussions with some of our largest clients:

  1. Artificial Intelligence. Issuers see combating fraud as the most important application for AI. Among the 27 European issuers we surveyed, 22 of them (81%) were very or somewhat enthusiastic about AI’s impact on their business in the future, matching closely with other regions. Among all issuers, 62% said they expect AI to be used for fraud detection, more than any other area. (Customer service came next, at 54%, followed by sales forecasting, at 48%).

    Our conversations with issuers reveal that AI generates its own concerns. In theory, AI and machine learning have the potential to analyze large amounts of data to detect anomalies and identify patterns. But in practice, issuers need to be wary of how they construct their anti-fraud models. For example, the Financial Conduct Authority requires firms to treat customers fairly and communicate with them clearly, so issuers should be transparent in how they apply AI. The rules they construct should be documented and rationalized in order to meet regulatory requirements, issuers note. If an issuer says a transaction is fraudulent, they should be able to say why.

  2. Authentication. Concerns over security also explain the popularity of biometric authentication. Half of issuers said they currently offer biometric authentication with their payment systems, with the other half exploring the possibility. (About 26% of European issuers plan on developing biometric authentication methods in 2024, slightly behind 31% of North American issuers, but ahead of 17% of Asian issuers.) One area scoring high enthusiasm was so-called fingerprinting, a tracking technology that looks at several characteristics of a mobile phone or computer, such as the model, operating system and screen resolution, while pinpointing how users browse the internet. Fingerprinting software can monitor the habits of how people hold their phones, how fast they type, how they move a mouse and other behaviors. When combined, these details create a unique identifier—similar to a fingerprint—that can be used to authenticate a transaction or give access to an account. About 83% of issuers worldwide currently offer or are considering offering fingerprinting. Other biometric authentication methods include facial recognition, with 58% of issuers using or considering using it. And 37% said the same for voice recognition, and 31% for iris scanning.

  3. Data standardization and privacy. For European issuers, security concerns also extend to the migration to new data and privacy standards. Transitioning to International Organization for Standardization (ISO) 20022 ranked as most important among the issuers surveyed. ISO 20022 allows banks and corporations to work with cross-border payments that can hold substantial amounts of information in standardized data fields. About 63% of European issuers rated transitioning a nine or 10, yet only 29% of them reported having transitioned to the standard so far. European issuers were also most concerned about meeting California Consumer Privacy Act (CCPA) requirements, with 60% rating the task as a nine or 10. They also put meeting requirements for General Data Protection Regulation (GDPR) high on the list, with 54% rating the trend a nine or 10. Meanwhile, 53% said the same for implementing regulatory technology solutions.

Overall, the survey gives us a snapshot of how security remains a top issue. From the world’s largest financial institutions, to neobanks and startups, issuers of all shapes and sizes rank security as crucial for good reason. As the world of payments evolves at an accelerating pace, customer data remains sacrosanct. Breaches can be expensive, in terms of absolute losses, liability and possible regulatory fines.

While implementing security-related initiatives can be a daunting task, experienced providers can help. Rely on them. At TSYS, we’re always investing, testing and evolving, helping our clients deliver smart, more secure solutions in the midst of the payments revolution.

Never Miss an Insight

Get the latest from TSYS a Global Payments Company