Interview with Jason Oxman, ETAs CEO on payments security

Jason Oxman will be a keynote speaker at the upcoming RiskConnect conference, organised by Web Shield, which takes place in Frankfurt am Main, Germany. During the two-day conference on 29-30 November 2018, thought leaders and industry experts come together in Frankfurt to discuss the newest challenges facing the industry - and provide hands-on knowledge you can use in your daily work.

Could you please tell us more about the Electronic Transactions Association? How does your professional background tie in with the association’s main objectives?

The Electronic Transactions Association is the trade association of the global payments industry, focusing primarily on the vast ecosystem of companies that enable electronic payments acceptance for merchants. ETA represents over 500 companies worldwide involved in financial services, payments, and technology. ETA’s main objective is to provide the world’s best business development, networking, advocacy and promotion for the payments technology industry on behalf of our 500 member companies. We were founded in 1990 as the Bankcard Services Association and became ETA in 1996. We are based in Washington, DC.

My career has spanned more than 20 years of technology, financial services, legal and policy work for the government, companies, and trade associations, here in Washington, D.C. As CEO of ETA, I lead a talented team of industry professionals who work tirelessly to help all of our member companies grow their business.

As the topic of our interview is payments security, could you please delineate which are the main threats to the security of online payments?

The biggest threat to the security of online payments is the sheer volume of personally identifying data that’s out there, whether it takes the form of names, addresses, answers to security questions, card numbers, or passwords. The 9 largest data breaches in recent history exposed 6.5 billion records and took place in the last two years. In 2017, Shape Security reported that there were over 2.3 billion credentials from 51 different organizations reported compromised.

It is easier than ever for criminals to scrape this information, both from publicly available sources and from breached databases. Javelin Research reports that 1.5 million consumers have had their Personally Identifying Information (PII) stolen to create fraudulent new accounts. At the same time, it is more challenging for payments providers to identify legitimate transactions, given the volume of breached data.

How can payments service providers play an active role in fighting these threats?

In addition to building stronger and more secure online retail systems, the payments industry is working hard to ensure that any compromised data cannot be used in future fraud attempts. Features such as tokenization and encryption ensure that personal data is never exposed during a payment transaction. Sophisticated authentication technologies, such as biometric identification, add another layer of protection to mobile payment transactions. As we move away from less reliable forms of fraud prevention, like signatures, ETA member companies are deploying robust new technology to win the war on fraud.

What about the challenges for retailers and for banks in keeping online transactions safe while improving customer experience?

Many of the most innovative security protections take place in the background, without any intervention or effort required by the consumer. Biometric authentication, like fingerprint or iris scanning, allows for a more seamless customer experience than inputting a password and answering security questions. Additionally, device fingerprinting, geolocation, and behavioural analytics more generally allow retailers and banks to more precisely identify the user in the background. So, while consumers sometimes feel that there is a trade-off between the quality of their user experience and the security of their account, the two are actually converging. According to the 2018 Experian Global Fraud and Identity Report, 48% of consumers said that the ability of their online bank to recognize them and verify their identity without asking them to input information enhances their experience very much.

In the light of Facebook’s scandal around user data, many individuals are calling for new privacy safeguards for the Internet and other computer networks. Can you name some of those concerns among users when it comes to online payments?

The payments industry takes privacy concerns very seriously and is working hard to ensure that consumer data is never exposed during a payment transaction. When transactions are tokenized for instance, the merchant never receives the consumers’ card number – just a token that represents it (and is later decrypted on the bank’s end by a secure server).

Do you have any final thoughts for our readers with regards to payments security must-haves for 2018 and what to look forward to in 2019?

Security has always been the top priority for the payments industry. Consumers can look forward to a more seamless user experience as security protections recede into the background. Additionally, the payments industry is working toward greater efficiencies, like a uniform national standard for data breach notification, which will reduce the amount of personal information that is exposed and the number of places where it is exposed. Electronic payments, and particularly ecommerce, are growing exponentially. As more consumers take advantage of everything the electronic payment system has to offer, they can rest assured that the industry is innovating just as quickly to keep them safe and protected. This is the focus of ETA and our 500 member companies, and we are working hard as a trade association to ensure the most robust security is deployed worldwide.

About Jason Oxman

Jason Oxman is the CEO of the Electronic Transactions Association (ETA), representing more than 500 payments and technology companies. ETA member companies make commerce possible by processing more than USD 7 trillion in purchases in North America and deploying payments innovation. Before joining ETA, Oxman was SVP of Industry Affairs of the Consumer Electronics Association, served as general counsel of a technology industry trade association and VP of a Silicon Valley-based technology company. Additionally, he worked at the Federal Communications Commission to develop and implement technology policy.