How would you break into a house?
Or perhaps getting a little more personal, how could I break into your house?
You have a strong front door, right? Of course you do. And you lock it when you go out? And you shut your windows? Yes, and yes again.
You don’t leave a key under a rock, or a mat, or hidden in some other place?
Are any of your windows made of glass? Really? Do you know how easy it is to break glass?
How about roof tiles? Do you know how easy it is to get into a house by just stripping the tiles?
Oh dear… well, at least you have an alarm. But let’s be honest. If it goes off, the chances are that all it’ll do is annoy the neighbours.
We all take security very seriously – but in truth, if someone really wanted to get into your house, they can find a way to do it.
But then, security isn’t the only reason why we own our houses. We want to see out, we want to open windows, we want to live, love, eat, drink….. we want to enjoy ourselves.
Security is an important part of that package, but it’s not the be-all and end-all.
There are lessons in this for Visa, too.
Payment is changing – again.
We‘ve spent years doing the security piece. We’ve upgraded our systems time and time again to keep consumers’ money safe.
When we made the move to EMV (Chip & PIN) a decade ago, it made our house that much more secure. The doors are better, the locks are great, and it’s pretty hard to pop out the bullet proof glass in the windows.
But now, with all the innovation we’ve seen in the market, with all the exciting new services coming down the line, we’re starting to think the steel bars may have been overkill. Not allowing family members to tail gate when entering the house is also starting to make bringing in the shopping a little tedious.
We think we can do better. We know we have to maintain core security standards that are an essential part of our DNA – but we also want to open the doors to let in some more of that innovation.
Let’s think about the business side of things.
EMV is great and has served us well. Everyone loves it – but the days of the plastic card are coming to an end.
The ‘Card Not Present’ (CNP) model invented by our Visa predecessors decades ago has massively passed all expectations. It is increasingly becoming THE way to pay..
Data profiling and predictive modelling is going mainstream; we are starting to understand we can do things with data we never previously imagined were possible.
And in today’s world, everyone has a mobile, and they want to use it to pay.
Either we adjust to meet these new expectations – or we watch the world pass us by.
That means we’ve got some big questions to answer.
Card Tokenisation is a biggie – creating card ‘tokens’ that can only ever work in one device, or at one merchant. How important is it to protect a token which can only be used where the customer wishes to do so or exists only for a few hours or minutes?
The second is Host Card Emulation, which offers the ability to make your phone look like a contactless card, but all built into software – something that we would never have considered in the past. How can we make sure the HCE ‘house’ is secure enough, without limiting its innovation?
Then there’s the question of verification. Should we be removing customer verification for most transactions?
Silly you might say, but if we have the data and the models to show that our customer buys his coffee at 08:45 every morning at this merchant for this amount, and his phone GPS says he is there now – do I really need to check all the cryptography, and validate the PIN?
How much extra security do we really need?
One way or another, there are interesting times ahead. Some of this innovation may remove risk; but most will increase it.
It’s our role to find the best possible balance between convenience, and security. That means our models will need to change; our risk appetites will need to adjust; and I’ll need to check that insurance policy and perhaps get a better alarm…
But the end goal will be worth it, because innovation is what we do.
And sometimes it’s just nice to open a window.