Question

I need a brief summary/your thoughts on the article.

The long-standing narrative of credit card security is that offline transactions are more secure than online. Today, this narrative is more fiction than fact.

Online transactions are more popular and secure than ever before, thanks to advancements in digital payments technology, demographic shifts, and the evolving cyber-security landscape. At the same time, offline payments seem more insecure than ever before. The outbreak of high-profile security breaches at major retailers has shed light on the fact that offline transactions are vulnerable to attack.

These trends lead us to consider a number of important questions that affect every consumer and retailer — are online transactions more secure than offline, and will this realization propel ecommerce into its next stage of growth?

Offline and Off-Guard

The reality is that security concerns exist whether you are online, offline, or on a mobile device. They exist with credit cards, debit cards, and even cash. A common misconception is that offline is safer than online, but this is changing as a result of the massive security breaches that hit the headlines over the past year.

Target announced that hackers stole personal information from as many as 70 million customer accounts between November 27th and December 15th, 2013. Then, Home Depot announced that 56 million cards were compromised in a five-month attack on its payment terminals. 1.1 million credit cards were exposed in a three-month hack on Neiman Marcus. Hackers also hit grocery chain Supervalu multiple times, which has thousands of locations, and Asian bistro chain P.F. Chang’s saw data stolen from eight of its locations over the course of eight months. Even before these huge hacks took place, retailers were already losing roughly $3.5 billion in ecommerce sales a year due to credit card fraud, according payment processor CyberSource.

If this laundry list of major security breaches isn’t enough to convince consumers that offline payments are just as risky, if not more so, than online payments, I don’t know what is.

When you physically offer up your credit card in a retail store, that merchant still stores data on a computer; those computers are generally Windows PCs running old-school Point-Of-Sale software and storing data in environments that are inherently insecure and inadequate. To process transactions, the payment application has to communicate with the payment terminal, POS, and payment processor, which means sensitive data is constantly being circulated. This makes it vulnerable.

“You walk out of the store while the transaction continues to ricochet across the country — using technology from the 1970s,” Jason Oxman, CEO of the Electronic Transaction Association, told NPR.

“What we need to do in the U.S. is completely replace an architecture that has been deployed over the course of the last 40 years. That’s how long mag stripe cards have been on the market.”

The security guidelines put in place by the major credit card companies were designed for collecting data at rest. That is no longer the world we live in, and today these standards don’t do enough to ensure retailers are protecting consumers’ data. The guidelines don’t require credit card information to be encrypted while traveling through a private computer network, and so hackers can steal data as it moves. PCI data security standards are failing us.

Is Online Safer?

In general, big box retailers don’t make the same commitment to security as online retailers. Overhauling their entire system and taking extra security precautions is an expensive and time-consuming proposition, and so they neglect to take extra measures. This stands in contrast to online retailers, who are built from the ground-up with strict security in mind, because just one hack could destroy their business.

Online retailers also have a greater array of security tools at their disposal — tools that were created for the world we live in today, not the world of a decade ago. Square, for example, encrypts card data on the device. Stripe encrypts all card numbers on a disk with AES-256, and stores decryption keys on separate machines. PayPal’s security key offers a second authentication factor when you are logging in to your account. Online transactions from any reputable vendor are also protected by SSL certificates (to protect data in transit), firewalls, and regular systems scans. Furthermore, consumers are empowered to add extra security layers to online transactions. They can create strong passwords, sign up for identify theft protection services, and keep their anti-virus software up-to-date.

Perhaps the most exciting advancement in security technology is tokenization — described by Bain Capital Ventures managing director Matt Harris as “a system where you substitute a proxy set of identifying information for the real payment card data, so that merchants don’t have to handle this sensitive and regulated data and it isn’t exposed more than necessary.” Tokenization not only limits exposure, but also enable more rigorous identification features, such as a fingertip or picture of your face (as opposed to a pin number or signature). It will play a pivotal role in eliminating consumers’ fear of digital payments.

Answer 1

In my opinion it is completely true that a previously set notion is changing with the advancement of Technology. The fear that instilled for using the online payment modes is disappearing. Technology is playing major role in this changing notion. Most of the people were of the thought that offline payment are much secure.

But with the increase in the mishapping this idea has also gone. As it is said that nothing is important than the idea so it us the time for the idea of online payment. Risk is associated with everything weather online or offline. Both have their pros and cons but it is also a fact with the advancement of technology online payment become more safe and secure place.

Advancement like tokenization are becoming pivotal in eliminating the consumers fear about the digital payments. Even now customers have also various options to add extra security layers that makes it more effective and secure.

On one hand where technological advancement are making digital payments a secure option while on other hand various kinds of data theft and other concerns are making offline an unsecured mode of payment.

The narrative that offline payment are much secure than online payments is an old idea . It more fiction than fact.