As the incoming President of the Smart Payment Association, I have been reflecting on the challenges facing today’s global payments landscape.
On one hand we have a clear need for efficacy, efficiency and scalability within our payment instruments. On the other, the industry must support the ever-increasing demand for speed and convenience from consumers and merchants. Sitting above all this, of course, are the interconnected requirements of security, transparency and regulatory compliance.
Nowhere are these complex (and sometimes contradictory) demands better illustrated than in today’s rapidly evolving retail payments environment. No longer is the consumer/merchant relationship defined by payment alone. Increasingly, the exchange is one of information – both payment and personal – and the data collected around the payment experience is now an essential asset. Here, strong authentication is a must, but incomplete standards, delayed deployments and the vastly different approaches across the world pose considerable challenges.
Between data protection obligations (GDPR) and the likely monetization by some actors, the retail sector must be supported in mastering the payment process to ensure a seamless customer experience while limiting the risk of default payment or disintermediation extra-costs.
It was with this aim in mind that SPA established its Retail Advisory Council. Open to all retailers - from large multilane brands through automotive to the transport and travel industry - the Advisory Council seeks to balance payment choice and security, leverage payments instruments to improve customer retention, and work with retailers to explore new, frictionless and trusted user experiences.
If you’re interested in more information, or would like to join the SPA Retail Advisory Council, click here.
Exploring a biometric future
Our recently published Biometrics in Payment paper evaluates the value of sensor-on-card recognition and verification, assesses how the approach fits with existing EMV architectures, and offers key recommendations for the design of underlying enrolment subsystems and enrolment programs.
Driving global standardization
Through our workgroup programs, we have submitted our views and suggestions to the European Cards Stakeholders Group (ECSG) at the biometrics issue – all with the aim of enabling banks to comply with regulatory standards on Strong Customer Authentication (SCA) in PSD2 and through proposals in the forthcoming ECSG Volume Book of Requirements. .
We also welcome the recent publication of the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and are in production of a Q&A document to offer guidance on implementation scenarios. This paper will complete our initial publication that focused on the legal aspects of the regulation. .
Our recently published analysis on the Regulatory Technical Standard on Strong Customer Authentication addresses the contentious issues within the text, including areas where specifications need to be tightened. It also explores the continued requirement to develop international standards to ensure Payment Service Providers can fully comply.
With the rise in both volume and sophistication of cyberattacks, the European Union Agency for Network and Information Security (ENISA) has received a mandate from the European Commission to develop a security certification framework for IT components deployed in open infrastructures managing sensitive data. ENISA becomes that way the Cybersecurity Agency in the European Union. It remains that at present it is unclear how this new framework will coexist with the existing certification schemes for payment products. More specifically, the financial industry is providing efforts to better understand the risks for financial assets arising from cyberattacks and help to deploy proper security countermeasures. For instance the European Central Bank has just organized a Public consultation on cyber resilience for Financial Market Infrastructures (FMI).
Given the evolving and highly sophisticated nature of cyberattacks, the collaboration between the public sector and private sector to manage these threats constitutes a priority for our industry. SPA intends to study all outputs in detail and will publish guidelines detailing the most appropriate approaches and technologies to ensure banking infrastructure, assets and consumers are adequately protected from cybercrime.
I would like to end this latest update by reinforcing our commitment to supporting our members and members customers. Whether we are working on technical guidelines, contributing to standards or advocating choice and convenience on behalf of consumers, our aim remains the same – to drive the smart payments agenda and help members and constituents tackle the challenges of today and tomorrow.
With your help, we’ll continue to do it. You can join SPA as a full member or participate in our Advisory Council program. Do not hesitate to get in touch if you would like more details of how to join or partner with us.
If you would like to come and meet us, we participate and speak at events around the globe. You will find a list here.
I hope to meet some of you there.
Smart Payment Association