Abstract
Secure payment is an essential element of digital commerce in a world where cash is becoming redundant, credit cards are becoming less and less critical, and mobile devices are becoming means of payment. Therefore, it must be considered through the lens of various payment methods: Credit cards have been around since the 1950s, but the introduction of chip technology and contactless payment raises new challenges for the security of payments. Commercial payment service providers, such as credit card issuers or infrastructure operators, typically implement secure payment. Additionally, there are open-source payment gateways that facilitate the transfer of payment information. The providers of these open-source solutions claim that their products facilitate integration with existing systems on the client side and provide better customization due to their modularity and adaptability.
You have full access to this open access chapter, Download chapter PDF
1 Introduction
The shift towards a digital economy has led to an increase in electronic payment methods, from credit cards to online and mobile contactless payments. Secure payment is crucial in verifying and protecting transactions and customers. Despite implementing security measures such as data encryption and strong customer authentication, online fraud continues to be a concern in the industry. Standards such as the EMV Integrated Circuit Card Specification, Payment Card Industry Data Security Standard, and Revised Payment Services Directive regulate the payment services and providers, mandating various security measures to be in place.
2 Analysis
Secure payment is an essential element of digital commerce in a world where cash is becoming redundant, credit cards are becoming less and less important, and mobile devices are becoming means of payment. Secure payment relies on the verification of transactions and customers that make payments. However, this process has become increasingly challenging. It has been reported that false declines of transactions are increasing as a result of suspected fraudulent activities [1].
2.1 Definition
Secure payment refers to a variety of payment methods - typically in relation to electronic payments. Therefore, it must be considered through the lens of a variety of payment methods: Credit cards have been around since the 1950s, but the introduction of chip technology and contactless payment raises new challenges for the security of payments [2]. Online payments were reported to have been conducted for the first time in the 1990s [3]. There has been an increase in the crime of online fraud since then [4]. Since the advent of smartphones in the 2000s, mobile (contactless) payment systems have become increasingly popular [5, 6]. Additionally, voice payments using voice assistants are becoming increasingly popular [7].
As a means of combating online fraud, banks and fintech companies have implemented techniques such as fraud monitoring (e.g., through the use of emerging technologies such as artificial intelligence [8]), employee training, and active management of compliance with standards and regulations [9]. The following are among them [10]:
-
EMV Integrated Circuit Card Specification for Payment Systems: Payment card standard based on chip technology [11]
-
Payment Card Industry Data Security Standard (PCI DSS): All major credit card companies support a set of rules relating to the processing of credit card transactions [12]
-
Revised Payment Services Directive (PSD 2, Directive (EU) 2015/2366): This directive regulates the payment services and providers in the European Union (EU) and the European Economic Area (EEA) [13]
These standards require various security measures which include:
-
Data encryption: The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that enable the establishment of a secure channel between systems and preserve the confidentiality and integrity of data. As of June 30, 2018, PCI requires migration from early versions of TLS and SSL to the later versions of TLS [12].
-
Strong customer authentication (SCA): PSD 2 requires multi-factor authentication, which is the combination of multiple independent security factors (see Sect. 29.2). There are several exceptions to this requirement, such as for payments of very small amounts [13]. EMV 3-D Secure [14] is one method for implementing SCA for credit and debit cards. This protocol is designed to prevent unauthorized use of credit cards. It is offered, for example, under the name Verified by Visa or Mastercard Identity Check, and requires additional authentication with the card issuer for “card-not-present” transactions (i.e., neither the card nor the cardholder are present). Those merchants who use 3-D Secure can be assured that their payments will be received [15].
-
Account verification, address verification service (AVS), and card verification value (CVV2) are all methods of validating payment accounts offered by credit card companies. With the exception of U.S. and U.K. card issuers, AVS and CVV2 participation is optional [16, 17].
2.2 Trends
It is estimated that the total value of digital payments will reach $8.49 trillion in 2022. By 2026, it is forecast that the market will reach $13.75 trillion with an annual growth rate of 12.82% [18]. Table 32.1 provides a summary of key trends in secure payments in the coming years. As a prerequisite to the use case trends listed in the table, secure payment is necessary, emphasizing the importance of secure payment for the development of new applications in retail.
3 Consequences for Switzerland
PSD 2 is only applicable to EU member states; therefore, implementation in Switzerland is voluntary, and there is no corresponding regulation. SEPA membership, however, requires equivalence in a number of areas [31].
According to a study conducted in 2021 on the Swiss payment market, the number of cash payments is decreasing drastically as a result of the COVID-19 pandemic. Online shopping and the use of credit cards are both on the rise, with the latter being the most popular method of payment [32]. The popularity of mobile payment options is also increasing [33].
In the secure payment market, several Swiss startups are active. NetGuardians SA (Yverdon-les-Bains, JU) develops artificial intelligence-based fraud detection solutions for the banking industry. A payment ecosystem offered by Datatrans AG (Zürich, ZH) allows its customers to access secure payment methods that are most advantageous to them.
The recent outages of digital payment services have raised public awareness of their vulnerability to disturbances caused by service providers or infrastructure providers [34, 35]. In an incident involving Twint, Switzerland’s number one mobile payment provider, a payment was wired to a previous owner of the intended recipient’s mobile number, illustrating the challenges associated with ensuring secure payments with modern methods of payment [36].
3.1 Implementation Possibilities: Make or Buy
Typically, secure payment is implemented by commercial payment service providers, such as credit card issuers or infrastructure operators, such as SIX. A number of open-source solutions are currently available for automated clearing house (ACH) payment (e.g., OpenACH), which is used to transfer money from one bank account to another [37]. Additionally, there are open-source payment gateways (e.g., Open-Source Payment Gateway), which facilitate the transfer of payment information. The providers of these open-source solutions claim that their products facilitate integration with existing systems on the client side and provide better customization due to their modularity and adaptability. It is important to note that while the source code is available, open source does not necessarily mean that the solution is free. In addition to PCI compliance, it still requires an underlying infrastructure and computing power.
3.2 Variation and Recommendation
Secure payment ecosystems can be established using distributed ledger technologies such as blockchain [38]. Due to technological advancements, current disadvantages such as inefficiency and elevated power consumption are expected to be mitigated in the future, making it a viable alternative to existing secure payment methods [39].
4 Conclusion
Regulations require the implementation of technical solutions such as 3-D Secure 2.0, which are becoming increasingly user-friendly as time goes on. Secure payment systems are the foundation of innovation in industries such as retail.
References
Visa. 3-D Secure 2.0: Improving security and increasing authorizations for digital transactions. https://usa.visa.com/visa-everywhere/security/future-of-digital-payment-security.html, July 2022.
T. Editors of Encyclopaedia Britannica. Credit Card. https://www.britannica.com/topic/credit-card, March 2021.
Huffington Post. Pizza Hut Tells Twitter It Made The First Online Sale In 1994. Huffington Post, December 2014.
Europol. Payment Fraud. https://www.europol.europa.eu/crime-areas-and-statistics/crime-areas/forgery-of-money-and-means-of-payment/payment-fraud, July 2022.
Marc Pasquet, Joan Reynaud, and Christophe Rosenberger. Secure payment with NFC mobile phone in the SmartTouch project. In 2008 International Symposium on Collaborative Technologies and Systems, pages 121–126, Irvine, CA, USA, May 2008. IEEE.
Hui et al. MOBILE PAYMENTSYSTEM. https://patentimages.storage.googleapis.com/97/a7/1a/16e48f1cd942e9/US20020073027A1.pdf, June 2002.
Anna Oleksyuk. The Rise of Voice Payment Technology in Banking. https://medium.com/@annoleksyuk/the-rise-of-voice-payment-technology-in-banking-96f94cb2211f, February 2019.
Yang Bao, Gilles Hilary, and Bin Ke. Artificial Intelligence and Fraud Detection. In Volodymyr Babich, John R. Birge, and Gilles Hilary, editors, Innovative Technology at the Interface of Finance and Operations, volume 11, pages 223–247. Springer International Publishing, Cham, 2022. Series Title: Springer Series in Supply Chain Management.
Michael H. Meissner. Accountability of senior compliance management for compliance failures in a credit institution. Journal of Financial Crime, 25(1):131–139, January 2018.
Wordline. Sichere Zahlungen leicht gemacht - Eine kurze Einführung in die neuen Anforderungen Europas für eine starke Kundenauthentifizierung. https://www.six-payment-services.com/dam/download/flyers/e-commerce/Worldline-SCA-position-paper-de.pdf, July 2022.
Michael Ward and Anita Ochieano. EMV. In Henk C. A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, pages 412–416. Springer US, Boston, MA, 2011.
Laura K. Gray. Webinar: SSL and Early TLS Migration: Preparing for 30 June Deadline. https://blog.pcisecuritystandards.org/webinar-ssl-and-early-tls-migration-preparing-for-30-june-deadline, March 2018.
European Union. Directive (EU) 2015/2366 of the European parliament and of the council of 25 November 2015 on payment services in the internal market, amending directives 2002/65/ec, 2009/110/ec and 2013/36/eu and regulation (EU) no 1093/2010, and repealing directive 2007/64/ec. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015L2366, July 2022.
EMVCo. EMV®3-D Secure. https://www.emvco.com/emv-technologies/3d-secure/, August 2022.
Worldline. 3-D Secure 2.0. https://www.six-payment-services.com/de/shared/newsletter/01-2019/3-d-secure-2-0.html, July 2022.
Visa. Getting Started with Payment Account Validation. https://developer.visa.com/capabilities/pav/docs, July 2022.
SIX Payment Services. Increased security with the CVV2/CVC2/CID card verification value for distance payments with Visa, MasterCard, Diners Club, Discover and Maestro1. https://www.six-payment-services.com/dam/download/datasheets/110003502_DS_ErhoehteSicherheit_CHE_EN_opt.pdf.
Digital Payments. https://www.statista.com/outlook/dmo/fintech/digital-payments/worldwide, month = Jul, year = 2022, urldate = 2022-07-27, note = Statista,.
Ransome Epie Bawack, Samuel Fosso Wamba, and Kevin Daniel André Carillo. Exploring the role of personality, trust, and privacy in customer experience performance during voice shopping: Evidence from SEM and fuzzy set qualitative comparative analysis. International Journal of Information Management, 58:102309, June 2021.
Monitor Deloitte. Beyond Touch – Voice Commerce 2030: Wie Voice-assisted Interfaces den Handel in Europa revolutionieren werden. https://www.thinkwithgoogle.com/_qs/documents/8031/Beyond_Touch__Voice_Commerce_2030.pdf.
Sudipta Ranjan Subudhi and R. N. Ponnalagu. An Intelligent Shopping Cart with Automatic Product Detection and Secure Payment System. In 2019 IEEE 16th India Council International Conference (INDICON), pages 1–4, Rajkot, India, December 2019. IEEE.
BNP Paribas. Means of payment. https://group.bnpparibas/en/group/at-the-service-of-our-clients-and-society/innovative-solutions/means-of-payment, July 2022.
Barclaycard. Shopping online becomes even safer from today: The big change to how we pay that all Brits need to know about. https://home.barclaycard/press-releases/2022/03/shopping-online-becomes-even-safer/#:~:text=Rob%20Cameron%2C%20CEO%20of%20Barclaycard,all%20the%20safer%20for%20it., July 2022.
Payment Fraud: Why banks need a smarter approach to AI. https://netguardians.ch/enterprise-payment-fraud/, July 2022. NetGuardians.
John O. Awoyemi, Adebayo O. Adetunmbi, and Samuel A. Oluwadare. Credit card fraud detection using machine learning techniques: A comparative analysis. In 2017 International Conference on Computing Networking and Informatics (ICCNI), pages 1–9, Lagos, October 2017. IEEE.
Switzerland is using TWINT TWINT. https://www.twint.ch/en/press/switzerland-is-using-twint-four-million-active-users/, November 2022. TWINT.
Jungho Kang. Mobile payment in Fintech environment: trends, security challenges, and services. Human-centric Computing and Information Sciences, 8(1):32, October 2018.
Zlatko Bezovski, Ljupco Davcev, and Mila Mitreva. Current adoption state of cryptocurrencies as an electronic payment method. Management Research and Practice, 13(1):44–50, 2021. Number: 1.
Elektronischer Zahlungsverkehr für mehrere Stunden schweizweit gestört. November 2019. Aargauer Zeitung.
Digital payment systems briefly disrupted in Switzerland. June 2022. swissinfo.ch.
Andreas Imthurn. Auswirkungen der PSD2-Regulierung auf die europäische Finanzindustrie unter besonderer Berücksichtigung der sogenannten Open Banking APIs. PhD thesis, 2021.
Sandro Graf, Nina Heim, Marcel Stadelmann, and Tobias Trütsch. Swiss Payment Monitor 2021 - How does Switzerland pay? Short Report Issue 1/2021. https://www.alexandria.unisg.ch/263157/2/Short%20Report%20Swiss%20Payment%20Monitor%202021-1%20ENG.pdf, July 2022.
Statista. Volumen der Zahlungen via Mobile Payment im Schweizer Detailhandel mit Lebensmitteln, Getränken und Tabak von Februar 2021 bis Februar 2022. https://de.statista.com/statistik/daten/studie/1199896/umfrage/mobile-payment-transaktionsvolumen-im-schweizer-lebensmittel-detailhandel/, July 2022.
Netzwerkstörungen bei Six. June 2016. Swiss IT Magazine.
Erich Aschwanden. Wer ohne Bargeld an der Kasse steht, hat allenfalls Pech gehabt – Finanzdienstleister kämpfen mit Störungen. June 2022. Neue Z.
SRF News. Eine fatale Überweisung mit Twint. https://www.facebook.com/srfnews/videos/eine-fatale-%C3%BCberweisung-mit-twint/275016353860855/, June 2020.
Jochen Metzger. Automated Clearing House (ACH). https://wirtschaftslexikon.gabler.de/definition/automated-clearing-house-ach-30813/version-254389, August 2022. Gabler Wirtschaftslexikon.
Qi Xia, Emmanuel Boateng Sifah, Ke Huang, Ruidong Chen, Xiaojiang Du, and Jianbin Gao. Secure Payment Routing Protocol for Economic Systems Based on Blockchain. In 2018 International Conference on Computing, Networking and Communications (ICNC), pages 177–181, Maui, HI, March 2018. IEEE.
Lin Zhong, Qianhong Wu, Jan Xie, Jin Li, and Bo Qin. A secure versatile light payment system based on blockchain. Future Generation Computer Systems, 93:327–337, April 2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Ding, S. (2023). Secure Payment. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds) Trends in Data Protection and Encryption Technologies . Springer, Cham. https://doi.org/10.1007/978-3-031-33386-6_32
Download citation
DOI: https://doi.org/10.1007/978-3-031-33386-6_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33385-9
Online ISBN: 978-3-031-33386-6
eBook Packages: Computer ScienceComputer Science (R0)