Security Trends You (And Your Merchants) Need To Know About

As the payment landscape continues to evolve, so do the issues surrounding data security. By offering your merchants the latest in security and fraud detection/fraud prevention tools, you can help them keep one step ahead of the hackers. Here are five of the top payment security trends you should be aware of now and going into the next year.

Biometrics

Identity verification is a vital defense against fraud, but having to remember PINs and passwords at the checkout counter can be a frustrating and time-consuming exercise for customers. A study by AYTM Market Research for Visa found that “86% of consumers are interested in using biometrics to verify identity or to make payments.” In addition, 70% of consumers surveyed believe that biometric screening is easier than other identity verification methods, and that 46% of consumers think biometric methods are more secure than PINs or passwords.

Some of the biggest reasons for moving toward biometric authentication are speed, convenience, and security. Merchants who are able to securely verify a customer’s identity are far less likely to experience costly chargebacks due to fraud. As the technology continues to improve, expect to see more innovative and user-friendly solutions in the future, such as credit cards with embedded fingerprint scanners and POS devices with built-in voice and facial recognition systems.

Machine Learning and Artificial Intelligence

Millions of pieces of cardholder data and payment card information pass between merchant payment terminals and banks every day all around the world, giving cybercriminals round-the-clock opportunities to intercept that information and commit fraud. Safeguarding cardholder information requires technology that can scan transaction information and detect possible fraudulent activity in a matter of seconds.

Using artificial intelligence (AI) technology, banks use machine learning to “train” their software systems to recognize legitimate transactions—as compared to potentially fraudulent ones—enabling the software to learn the differences between them. As the software processes more and more transactions, it gets better at detecting fraudulent activity in real-time and helps prevent fraud before it occurs. 3D Secure 2.0 is an example of technology that reduces potential fraud by authenticating a customer’s identity before a transaction takes place. Cardknox’s support for 3D Secure 2.0 will give your merchants a powerful tool to fight fraud. Our mobile SDKs make it easy to integrate 3D Secure 2.0 technology with your merchants’ mobile- or browser-based system to create a shopping platform that’s also compatible with biometric authentication methods.

Tokenization and the Internet of Things

We live in an increasingly interconnected world. Millions of American homes are equipped with multiple electronic gadgets and devices designed to make life easier and more efficient. Digital assistants (smart speakers); video doorbells and security cameras; automated lighting and heating/air conditioning systems; “smart” TVs; laptops and tablets; gaming systems; smartphones; and even some refrigerators—all connected by the Internet of Things (IoT). And along with all that connectivity comes an ever-increasing need for security.

More and more consumers are comfortable making digital purchases using smartphones and other mobile and IoT devices. While EMV chip-card technology has significantly reduced the incidence of fraud for in-store purchases, digital transactions can still be at risk without the right security software. That’s where tokenization can make a difference.

Tokenization technology substitutes a single-use “token” for a customer’s payment card number during the transaction so the actual card number is not transmitted. If a smartphone, merchant POS system, network connection, or other IoT-connected device is hacked, the customer’s payment card data is not exposed. Cardknox developed a true tokenization system that not only encrypts sensitive data, but also assigns a unique transaction identifier. Each time a transaction is received, all card information is stored in our vault and the system sends a single-use token to the merchant’s payment website. For merchants who accept card-not-present payments, tokenization technology adds another layer of security to protect their customers and their businesses from fraud.

Account Takeovers On the Rise

An account takeover (ATO) is a type of identity theft that happens when a hacker gains unauthorized access to an account belonging to someone else and uses that information to commit further crimes. In the past, ATOs typically occurred at banks and other financial institutions. But now, because more and more consumers store their payment card information (such as card number, expiration date, CVC number, and billing and shipping addresses) on multiple e-commerce websites, personal accounts have become a favorite target of cybercriminals.

Fraudsters know that consumers tend to reuse the same username and password across different business websites, so when they obtain the login credentials for one website, they have the option to use that information to hack into the consumer’s account; try the login credentials on another one of the consumer’s accounts; or sell the login information on the dark web.

Although the best line of defense is for consumers to use unique usernames and passwords for all their e-commerce websites, merchants can help protect against account takeovers by implementing strong, multi-factor identity authentication steps for all their customers’ accounts.

PCI Scan Compliance

Payment Card Industry Data Security Standard (PCI DSS) guidelines continue to figure prominently in payment card security trends. System vulnerability scans help identify vulnerabilities and misconfigurations on a merchant’s website, and provide valuable information that improves protection against Internet hacking. Scans help pinpoint vulnerabilities within a merchant’s POS terminals and/or devices and network systems so that the merchant can address any potential problems. As technology advances and hackers continue to find new ways to compromise payment processing systems, PCI scan compliance will be even more important for merchants in all industries. You can help your merchants avoid the time and costs associated with network vulnerability scans by integrating PCI-ready POS terminals and iFields technology into your system.

Future-Proof Your Business With the Right Security Technology

No one can see into the future, of course, but implementing robust security tools and measures will help merchants stay one step ahead of the fraudsters. Integrating with Cardknox ensures that you can offer your merchants the latest in cutting-edge security, fraud detection and prevention tools.

If you’d like to learn more about Cardknox, visit our website. Or click here if you’d like to know more about our suite of security tools and services.

Want to know more about this topic? Share your email address with us and we’ll send you the latest news and updates on our products and services.

Cookie	Duration	Description
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
ep201	30 minutes	This cookie is set by Wufoo for load balancing, site traffic and preventing site abuse.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
OptanonConsent	5 months 27 days	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_ga_L91N7MKDFX	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_53045244_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
handl_landing_page	1 month	Understand which page was the first webpage a user visited.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
pi_opt_in1055213	7 days	The cookie is used by SalesForce/Pardot to store privacy preferences.
utm_campaign	past	Google Ad Services sets this cookie to store session campaign value if present.
utm_content	past	This cookie is used for storing the session content value if present.
utm_source	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
utm_term	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
visitor_id*	past	Pardot sets this cookie to store a unique user ID.
visitor_id*-hash	past	Pardot sets this cookie to store a unique user ID.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
utm_medium	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.

Cookie	Duration	Description
__wpdm_client	session	Description is currently not available.
_cfuvid	session	Description is currently not available.
_splunk_rum_sid	15 minutes	No description
AnalyticsSyncHistory	1 month	No description
AWSALBTG	7 days	No description available.
AWSALBTGCORS	7 days	No description available.
email	past	No description available.
experiments-fingerprint	6 months	No description
experiments-raw	6 months	No description
gclid	past	Used by Google to track conversions,
handl_ip	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_url	1 month	No description available.
li_gc	5 months 27 days	No description
TESTCOOKIESENABLED	1 minute	Description is currently not available.
username	past	No description available.