Peers Discuss Risks in the Payments World


Posted on by RSAC Contributor

Mike Vergara, vice-president of consumer risk management at PayPal led 25 security and risk professionals in a discussion about risk in the payments world as part of the Peer-to-Peer discussion at RSA Conference 2015 in San Francisco. Below is Vergara's notes from the session.

The attendees of Misconceptions of Risk in the Payments World provided a lively discussion and we all came away with new views on security when it comes to the future of payments.

Twenty-five security and risk professionals discussed emerging payments. We talked about Amazon Marketplace and how in the future, we will have refrigerators that know when an item needs to be replaced and will be able to order it for consumers and pay without anyone lifting a finger.

Payments are everywhere – so how do we mitigate risk when there are so many risk factors? In a world where a ton of information is already out there, and the volume is growing every second, it takes a multi-tiered approach. Many pointed out that there are different risk profiles for each device used. The actions taken for a mobile device are much different than those taken on a traditional computer.  

We also discovered a fact about fraud in the payments space. Fraudsters will go after the weakest link, and sometimes that weakest link is the banks. We’ve moved away from having to actually be in the bank to verify transactions. Regardless of the method, we have to assume customer information is already out there, and plan to protect that information and protect our customers.

Speaking of customers, customers drive the market. And customers want convenience. They don’t want two-factor authentication. While it might be easier as security professionals to instate two-factor authentication when possible, the business will suffer. We have to find innovative solutions that only require one-factor of authentication. Or better, have seamless payments. The room agreed – that is where the future is headed.

When moving towards a more seamless payments experience, there are methods that can offer more security without sacrificing convenience. However, we can offer methods all day, and it won’t matter – we need people to adopt the methods.

The session ended on interesting idea – payments are becoming invisible. And while this is exciting, it also opens up a myriad of risk concerns.

Overall, the session had a direct takeaway to everyday life: we have to do our due diligence. Unfortunately, breaches are inevitable, so as members of the security space, we need to take all of the necessary steps to prevent data breaches, but also be prepared and have plans in place for when they do.

Contributors
RSAC Contributor

, RSAC

Business Perspectives

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs