Jason Oxman, ETA: "Without electronic payments, global commerce would literally grind to a halt"

Oxman brings two decades of technology and policy experience to ETA, the global trade association representing more than 500 financial and technology companies in the electronic payments industry. He joined ETA from the Consumer Electronics Association, owner of the International CES, where he served as senior vice president of industry affairs. Previously, Oxman served as general counsel of a technology industry trade association and as vice president of a Silicon Valley-based technology company. Oxman also worked at the Federal Communications Commission to develop and implement technology and broadband policies. He began his legal career as a law clerk for the Maine Supreme Court, and he is also a former broadcast journalist. Oxman received his B.A. cum laude from Amherst College, and his M.S. and J.D. from Boston University.

As the only organization leading and representing the payments technology industry, ETA offers cutting edge news and information, facilitates business connections and growth, provides a standard of industry certification, and advocates on issues critical to our members’ success.

How does the Electronic Transactions Association, in collaboration with its members, ensure the efficiency, safety and profitability of electronic trade?

Electronic payments are essential to our economy. Without them, global commerce would literally grind to a halt. 70 percent of all consumer spending is done electronically. Electronic transactions reached USD 4.633 trillion in 2012 in the US. In 2017, spending is projected to reach USD 7.285 trillion. Payment methods like credit, debit and prepaid provide speed and immense efficiency. They also require a complex support system.

The electronic payments industry includes hundreds of strong companies from public Fortune 500 companies to small, local sales organizations and tech companies. These companies are strong drivers of economic growth, providing tens of thousands of jobs and are headquartered in 46 of 50 states.

ETA members not only create more convenient, secure and rewarding payment options for consumers. They provide efficiency and savings to their customers. For example, if the US were to go completely cashless, the savings could amount to 1% of our annual GDP. That would equal about USD 150 billion.

The payments professionals comprising ETA’s membership take seriously their affirmative and continuing obligation to protect the confidentiality and security of their customers’ credit, debit and other non-public financial account information. This protection ensures the free flow of information vital to helping consumers access and use electronic payments, ensures the free flow of commerce, promotes price competition, and maintains public confidence.

In your opinion, which are the top security pressures IT professionals face in a constantly evolving threat landscape?

The breadth of cyber-crime is vast and the sophistication of global criminal syndicates demands sophisticated and dynamic industry solutions. Fortunately, the payments and retail industries are working together to identify and deploy the best solutions. These new innovations in data security are adding even more technologically advanced fraud prevention tools to our nation’s payments infrastructure. New technologies like tokenization and other forms of encryption, as well as mobile payments and digital wallet cloud solutions, also hold great promise to deter and prevent fraudulent activities on our payments systems.

As emerging payments technologies continue to make their way into the US payments market, questions abound: what is the state of US EMV migration? Which are the major hurdles in the move to the EMV standard? Which is your opinion on these 2 aspects?

EMV cards are already present in the US market and will be well established by 2015, which will help deter criminals from producing counterfeit cards. However, the uncertainty surrounding the Durbin Amendment may lead to delay. The courts declared the original Durbin rule as written by the Federal Reserve invalid; that decision is currently on appeal. The next court decision may be further appealed as well. Therefore, we do not know now the final outcome of debit transaction interchange pricing and transaction routing requirements. If transaction routing options were to increase in number, as is possible, the technical solutions for EMV chips become more complicated. It is difficult for Issuers to make a decision today on a specific EMV chip protocol in the face of this regulatory uncertainty.

Much has been written about the potential impact that cybercrime could have on consumers and online businesses. What measures should businesses implement to respond effectively to the growing exploitation of the internet, like organized criminals?

ETA strongly supports industry self-regulatory efforts for the protection of personal information, foremost of which is the Payment Card Industry Data Security Standard (PCI-DSS) created by the PCI Security Standards Council (PCI SSC). ETA believes that a uniform standard for data security and breach notification with respect to personal financial information would best address the rights of consumers to be notified of a breach when the security of their information is truly at risk, while minimizing the compliance and legal risk to businesses. PCI-DSS is a prime example of a successful industry-led, multi-stakeholder program, underway since 2006, that should serve as a model for other industries.

As ecommerce is generating higher revenue with every year, the rate of fraud has led to more money lost, on the one hand, and higher dissatisfaction levels among consumers regarding data protection online, on the other. Nevertheless, new fraud prevention systems and services tap into the market every day, while some of them (3D Secure) fail to deliver on its promises and feature several security flaws. In this context, what does the industry lack and where should improvements be made? At consumer/merchant level/need for more regulation?

As the trade association of the payments industry, the Electronic Transactions Association (ETA) recognizes that protecting the personal financial information of consumers is a responsibility shared among the payments processing industry, retailers and financial services industry. We are proud to join with 14 leading retail and financial services trade groups in a partnership to ensure that our shared infrastructure is secure. Our collaboration represents far more than just a response to the latest crisis – this partnership is the embodiment of our commitment to forward-thinking safeguards. We also need to work with law enforcement to ensure they have the tools to pursue and shut down global cybercrime operations – including those that may operate with tacit or explicit state support.

Consumers deserve confidence in their privacy. ETA believes that the best approach to ensuring the continued safety and security of financial data is through industry-led initiatives and marketplace innovation. Through the influential new alliance of industry associations, ETA looks forward to working with our partners to strengthen consumer confidence in electronic transactions to maintain the trust of our customers.

Legislating a specific technology or process, although well intentioned, can freeze innovation and deter development and deployment of more robust security measures.