The online payment industry was exposed to a slew of attacks in 2013-14, with hackers meticulously examining the payment infrastructure to exploit potential weaknesses. To guard against such security breaches, the payment industry needs to devise global security initiatives and establish common rules.
According to new analysis from Frost & Sullivan, Are Digital Transactions Secure Enough? host card emulation (HCE) has created a new layer of security services. On the other hand, the HCE solutions have raised several concerns as in the absence of a single network, a single protocol and a common set of rules, hackers can breach security layers using sophisticated tools.
Until the recent spate of attacks, banks and financial institutions had been reluctant to invest heavily in protecting their digital transactions. However, new awareness of the huge liabilities and losses that can be incurred through these data leaks is encouraging their support for the use of HCE security technology.
"The emergence of the cloud-based HCE will please security service providers as it offers an alternative that is easy to deploy in a short time frame," said Jean-Noël Georges, Global Programme Director for Information & Communication Technologies at Frost & Sullivan. "The solution is expected to accelerate the deployment of other payment solutions and already, it has forced the ecosystem to rethink the entire roadmap and portfolio strategy."
HCE has drastically changed the way mobile payment is processed and it is demanded because of certain aspects. For instance, HCE's security level is lower than that of near field communication (NFC). Nevertheless, HCE is the answer to part of the bottleneck since it can aid in consumer management and reduce deployment time.
Significantly, HCE does not use a hardware secured element to store secret keys. Credentials are moved to a cloud-based platform and are accessible through a specific payment application. The credentials are available for one-time use and based on the risk, can be used only for a particular amount. With HCE, time is critical during a transaction and the payment mechanism usually does not request considerable encrypted information.
"More than the security component, consumers and retailers seek convenience. Many companies are now building solutions especially for the mobile instead of adapting existing solutions to the mobile," noted Georges. "Technology developers could adopt the same approach with respect to convenience, so that security is an invisible component of the payment process."
The payment industry needs to evolve a global standard that will provide answers to client and customer demands for advanced security solutions. A solution that is secure-by-design, and not merely a compilation of best secured practices, is essential to guarantee the safety of a payment process.