The digital payments security landscape has seen tremendous change in recent years. Consumers’ increasing adoption of online consumption—coupled with an unnerving uptick in payment fraud—has caused financial institutions to embrace the evolution of payments security.
This progression began years ago with the introduction of credit cards as a means for purchasing goods and services without direct cash in hand and has since transformed into a world dominated by e-commerce. Consider these stats:
- Between 2019 and 2023, global e-commerce sites increased from 9.2 million to over 26 million.
- According to the U.S. Census Bureau, total e-commerce sales for the first quarter of 2024 were $289.2 billion.
- Statista found that mobile e-commerce made up 38% of total digital spending in the U.S. at the end of 2022.
- CSI data shows that less than 25% of transactions in 2019 were card not present and that has since risen to 40% for the first quarter of 2024 for Mastercard volume.
Consumers have made their preferences clear—digital payments are here to stay. So, how can your bank mitigate risk and deliver a secure, seamless payments experience for customers? Read on for a recap of the payments landscape and strategies to strengthen your digital payments security.
Want to take a deeper dive into payments trends? Check out our white paper.
Are Digital Payments Secure?
Before we dive into the past, present and future of digital payments, let’s address this common question about payments security. While digital payments involve risk, the same holds true for physical payments—it’s all about navigating that risk.
Physical payments involve carrying cash or cards, representing risk of loss and making it more difficult to determine fraud or theft. Digital payments mitigate these risks but have specific risks of their own, such as phishing or skimming. Fortunately, technology exists to help protect consumers and businesses from these risks.
Digital Payments Security: From EMV Chips to Online Shopping
The introduction of EMV chip card technology revolutionized payments security both in the U.S. and abroad, and adoption of EMV chips is on the rise. In 2023, the global EMV point-of-sale terminal market was valued at more than $100 billion and is expected to expand at a compound annual growth rate of 8.3% from 2023 to 2030.
Despite this widespread implementation of EMV, e-commerce—or transactions conducted over the Internet—has emerged as a favorite for today’s consumers, who have embraced online shopping. As a result, mobile wallets and payment apps are now commonplace.
According to Forbes, e-commerce is growing immensely, and by 2027, 23% of retail purchases are expected to take place online. Further, social media commerce is expected to reach $8.5 trillion by 2023, and 55% of millennials have made a purchase via social media.
This shift in consumer behaviors—from in-store credit and debit card payments to the mobile shopping boom—compels payment technology companies to stay ahead of the curve while maintaining proper security.
One trend to note as a result of increased e-commerce activity is the accompanying growth of chargebacks, a reversal of funds that occurs when a customer disputes a transaction. According to Sift, 2023 saw an estimated $100 billion in credit card chargebacks and a 367% increase in chargeback values for select verticals. And scammers use fraudulent transactions to request chargebacks, often leading to headaches for financial institutions and card issuers.
Further, the Identify Theft Resource Center (ITRC) counted 3,205 reported data compromises in the U.S. in 2023—an increase from the 1,801 reported compromises in 2022. The threat of breaches is top-of-mind, not only for cardholders, but also for card issuers who want to protect their customers’ sensitive information. So, payment providers adopted tokenization as a security measure to answer that threat.
Tokenization and CoF e-commerce
Tokenization—the process of replacing static card credentials with a series of tokens—continues to be the bedrock of payments security innovation. With tokenization, the tokens pass through the Internet or various wireless networks without exposing the actual bank account details.
And tokenization opened the doorway to yet another advancement in payments security: credential-on-file (CoF) e-commerce. CoF e-commerce occurs when a merchant stores a customer’s card information online for future or recurring purchases. Storing credentials is a huge convenience for customers because it eliminates the need to re-enter their card information at every online purchase.
CoF e-commerce provides a security convenience, because the merchant can employ tokenization to replace the customer’s static card data. These tokens—used only by that particular merchant—create a “walled garden” of information that means nothing to anyone else, and the tokens are of such little value to attempted fraudsters that the merchant is less a target for intrusion.
Where are Digital Payments Headed?
In CSI’s 2024 Banking Priorities survey, instant payments, including the FedNow Service, emerged as a top priority. This interest aligns with the cash-flow benefits individuals and businesses experience when payments clear immediately.
Digital wallets also emerged as a focal point in the payments landscape, with 51% of bankers prioritizing this technology. Institutions with assets ranging from $1.1 billion to $5 billion place particular emphasis on digital wallets, with a significant 64% choosing it as a key priority. Investment in this space could also lead to additional interchange revenue from credit and debit cards that are top of the digital wallet, especially considering that Apple Pay users have five to seven more transactions monthly compared to non-users.
37% of bankers reported they will prioritize P2P payments, emphasizing the enduring importance of person-to-person transaction capabilities. Notably, some are interested in offering P2P through real-time payment rails.
With rising interest in digital wallets and mobile-first payments, industry experts emphasize the importance of finding technology providers prioritizing payment technologies such as push provisioning and instant payments.
4 Ways to Enhance Digital Payments Security and Fight Fraud
Financial institutions must understand that digital payment security has transitioned from a point-of-sale problem to one of customer authentication. Here are four fraud prevention tactics your institution can use to combat this trend:
1. Prioritize Trusted Channels
EMV chips on cards and tokenization for digital wallets make it nearly impossible for useful data to be stolen at the point of sale. Tokenization is a growing threat to fraudsters, as the technology creates unique tokens—which are useless to steal—instead of static card credentials.
To compensate, criminals are now attempting to authenticate using the static consumer card credentials they’ve illegally obtained. So, when authenticating legitimate users—especially via digital means—your bank should prioritize, or encourage the use of, trusted channels. For instance, sending a text message to a customer’s phone or using password verification via an app are considered trustworthy methods. Phishing and social engineering schemes are much less effective within these channels, and your payments processor should block these fraudsters automatically when they detect foul play.
Consider incentivizing customers to use these channels by highlighting their security benefits.
2. Prep the Call Centers!
Despite all the attempts your institution has made to secure the authentication process via text, email, app, etc., there will always be customers who want to speak directly to a representative via phone. Call centers are the main target for modern data phishing schemes. Fraudsters will use social engineering tactics to trick representatives into thinking they are speaking to the real customer since they possess all of the necessary information.
Train your call center staff with social engineering testing to help them recognize and deal with these schemes and protect sensitive information.
3. Use Out-of-Wallet Info
The underlying problem with current verification methods is that they use static, unchanging data or personal information to authenticate users. A mother’s maiden name will never change, nor will the last four digits of a social security number. This information is easily obtainable today and is likely already in the hands of criminals looking to exploit it. Your institution must instead employ out-of-wallet questions to generate dynamic, behavior-based credentials when validating a customer over the phone.
Out-of-wallet information is based on behavior that has no traceable profile. For example, consider replacing “mother’s maiden name” with “where was your last local transaction” and “at which branch did you last deposit money?” These answers are much harder for fraudsters to obtain and give a more realistic insight into the legitimacy of the person on the other end of the line.
4. Incorporate 3D Secure 2.0
Tokenization and other modern payment authentication methods will take time to implement, but institutions can take related steps to fight fraud in the short term. For example, banks can opt-in to new secure payment technologies, like 3D Secure 2.0. This technology, which focuses primarily on card-not-present transactions, enhances the communication of data between merchants and issuers to create a unique risk profile for each transaction. This type of risk-based authentication not only promotes a more secure payment environment, but also enhances the customer experience.
The Evolving State of Digital Payments Security
Payments security is in a constant state of evolution. And while EMV chips are still widely used by consumers, more and more are using digital channels to make purchases. Incorporating tokenization into CoF e-commerce provides secure, convenient payment options to these customers.
As payments fraud risk continues to increase, ensure your bank uses the latest technology to support security for customers. For more information on digital payment trends, download our white paper.
Read our white paper
Matt Herren, Payments Industry Consultant
With a strong focus on emerging technologies and how they apply to the financial industry, Matt has led CSI’s effort to drive innovation in the payment space. Matt has worked for more than a decade at CSI to enhance customer experience and helped direct innovative product offerings to increase bank profitability, allowing banks to realize industry-leading results and maximize program performance. He has spoken at dozens of state and national conferences on the future of banking and is bizarrely passionate about innovation and consumer experiences.