Most recently, Apple Pay service was launched in Europe for the first time. Only eminent bank MasterCard holders have this option so far, but soon the option became available to most users. A similar service was available for some users of the Android system. At the same time, the security of such services, and indeed the principle of electronic payments, still raises concerns – we have studied the history and current state of things in this area.
The basis of the work of payment applications from mobile manufacturers was started with NFC (Near Field Communication) system. It is it that is used in cards with a contactless payment method – when you simply bring your card to the payment terminal without using a chip or magnetic strip – and that is what it is in the latest versions of smartphones. In MasterCard cards, this technology is called PayPass, in Visa cards – payWave.
The principle of operation of the Apple Pay service and its analogues: “copying” a user’s card to the phone’s memory, after which it is possible to make payments using NFC, but without using a card, as his phone now acts as a physical identifier for the client.
The main harbinger of the era of digital payments can be considered PayPal as a mobile money solution. Using this service, the user could create a virtual wallet and send money to other wallets or pay with it in online stores. Now it was not necessary to go to a bank branch to send money for many kilometers, and a wide variety of purchases could be made without leaving home in a couple of clicks.
Now that the functions of instant payment or money transfer are built into almost every second application on a mobile device, it doesn’t seem like an accomplishment, but PayPal made a real revolution in the early 2000s that helped in mobile financial solutions. However, PayPal has regularly become a source of vulnerability news throughout its history. As a result of using one of the last For example, you can bypass two-factor authorization and access your account in minutes.
Now the most common type of electronic payments is payments using bank payment cards. Due to the convenience, payment cards crowd out cash, but remain very vulnerable to cybercriminals. Despite the existence of the Swift interbank settlement system, there are still many places where user data (and, accordingly, their money) can be compromised.
The security issue concerns not only the cardholder who pays for goods in the online store, but also the online store, the acquirer, and the issuer, and most of all – payment systems that invest huge amounts of money to ensure secure payments and protect against fraud.Numerous attempts by international payment systems to make payments in the field of electronic commerce as safe as possible led to the emergence of the 3-D Secure protocol developed by Visa International.
3-D Secure technology is a cardholder authentication digital payment solution when making purchases on the Internet, designed to ensure the security of Internet payments: identity verification is carried out online.
3-D Secure technology is implemented on the basis of three domains (which is inherent in its name), in which the transaction life cycle begins and ends. This is the issuer’s domain in which the holder is authenticated, the acquirer’s domain, which includes the acquirer bank and the online store, and, finally, the interaction domain, which contains the services and services of the payment system.
The 3-D Secure security chain consists of links such as:
- verification of the identity of the cardholder in real time, which begins after entering the card number on the payment page of the electronic store, from where the buyer is redirected to the server of his issuing bank. For verification, a password is used that is known only to the cardholder and the bank
- – formation by the issuing bank based on the results of the verification of the response message that the issuing bank protects against unauthorized changes using a digital signature;
- – protection of user’s confidential information, for example, card number, which uses secure pages of the payment server on which the entered information is stored. The payee – an electronic store – does not have access to this information, which protects against its theft.
Note that if a fraudulent transaction has passed through an online store that uses 3-D Secure digital money transfer software, the issuer will be liable for it, according to the rules of payment systems, and it does not matter if the issuer uses 3-D Secure or not.
Thus, digital payment trend not only ensures the safe conduct of the payment, but also delimits the risks of the participants of the transaction due to a clear separation of functions when processing the payment transaction: the issuing bank verifies the identity of the card holder, since it is he who has information about the client, and the acquirer automatically organizes communication with the issuer’s authentication system using the services of payment systems.