Last week, our blog focused on a couple of U.S. fast food chains installing self-service kiosks and its effect on cash transactions. The push for cashless societies is more evident in areas outside the U.S. Recently, the Australian government passed a law making it illegal to purchase anything over $10,000 AU with cash. Starting July 1, 2019, all purchases over this amount will have to be made with a check or credit/debit card. The government says that, with this law, they are encouraging the transition to a digital society and cracking down on tax evasion. This law has been passed in what has traditionally been a cash-heavy society. Roughly 37 percent of all commercial transactions in Australia are made using cash as opposed to 32 percent in the U.S. and only 15 percent in Sweden. Australia isn’t the most cash-reliant country. That honor goes to India where 98 percent of all economic transactions are done with cash. But even the Indian government has begun to steer their country towards a cashless society. One major factor weighs heavy on the concept of a cashless future; security.
The benefits of a cashless society abound, especially for retailers. Reduction in overhead associated with brick-and-mortar stores, increased operational efficiency and delivering a better customer experience are just three of the benefits. But there is that one nagging concern; security.
Researchers in the 1970s predicted that a widespread debit card system would be the perfect surveillance tool because of the data this system would produce, and they were not wrong. Vast amounts of data are produced by the billions of digital transactions, but does this data help us find the answers to our security concerns?
Do routines keep us secure? In the military, we’re taught that routines put us at greater risk. Being unpredictable will keep you safe. To this day, 15 years removed from military service, I don’t drive the same route home every day. I don’t think I’m being followed or that I’m in danger, it’s just my routine; the routine of not having a routine. Routine, however, is what the future of digital security is being built upon - your economic routine may just keep you safe.
While the adoption of EMV® in the US market has done a lot to reduce card-present fraud, (according to Visa, counterfeit fraud at U.S. chip-enabled merchants was down 66 percent in June of 2017 compared to June of 2015), it did not stop the fraud issue in its tracks. While EMV has introduced major speed bumps on the card-present fraud route, fraudsters have just found an easier route to travel; card-not-present fraud.
If we were living in a world where all our shopping needs were housed in one physical store, a store we visited every Saturday morning and used the same card each time, this would be easy; this could be the end of the security conversation. Instead of spending time in this fantasy world, let’s spend some time in the actual world – a world where merchants big and small are moving, or have moved, to increased online sales and where omnichannel sales are the norm. These merchants, along with card issuers and every other entity along the payment-processing chain, are looking for solutions to lock out digital fraudsters. The solution lies in the data; in your routine. Spend some time thinking about your routine and you’ll realize it is quite complex. The data trail you create through your routine, combined with the ability to make sense of this data, is a significant part of the future of digital security.
The goal of the gathering data and analyzing it is simple: know what a good transaction looks like. The amount of data needed to know what a good transaction looks like is immense and comes from multiple sources. The algorithm needs to know more than the fact that you regularly buy milk and bread from the local grocer via one processing network. It needs to know that you regularly buy a lot of products and services via several processing networks. It would be easy to design a security apparatus that flagged every transaction outside your most-used processing network, or even a group of networks, but then we would be doomed to only shopping within these networks. Every time we travel, our transactions would be flagged as fraud. The one time we shop at the comic book store for our nephew’s birthday, our transaction would be flagged. Every time we try a new restaurant, our transaction would be flagged. Being able to compile the data from our routine shopping isn’t enough. The system needs data from all your transactions, from all your payment types, to start identifying the good transactions; to understand that a couple times a year you travel to Memphis to visit your sister. OK, it doesn’t need to know why you travel to Memphis, but it needs to know you do.
It’s the profiling of the hundreds and thousands of good transactions you make that enables the system to spot the bad ones. Simply put – it’s in the data. And considering the complexity of modern payments, that means a lot of data from a lot of sources. It’s knowing that you use your debit card regularly for groceries, but you use your point-earning credit card for gas to get to the grocery store. It’s knowing that you use direct debit to pay your monthly gym membership, but you use Apple Pay via your watch to pay for a protein bar and a bottle of water while at that gym. It’s knowing you use your cash back credit card to pay at the restaurant, but you use Venmo to pay the babysitter when you go to the restaurant. And it’s knowing that things change.
The only thing more complex than the digital security question, is the digital security answer. As with many complex issues, it all lies in the data. The future of digital security will be data-driven and it will require a lot of data. As we collectively move towards a cashless society, the importance of an endless stream of accurate data will become more and more critical to keep your information safe and your transactions secure.