SPA takes stand on future payment security

The France-based Smart Payment Association recently commented on the new European Directive on Payments (PSD2), an initiative designed to increase adoption of innovative payment instruments by encouraging competition in the retail payment market and building consumer confidence in the region's reinforced legal system pertaining to payments.

The association affirmed its ongoing support for the European payments industry, the development of stronger standardization efforts and the new directive's central objective to promote the smart card over cloud-based methods of electronic payment.

According to the SPA, smart-card technology "enables payments interoperability, alongside the highest levels of standards-based security and payer convenience." The SPA also highlighted several supporting factors regarding the strength of smart card security, most of which point to the advantages associated with user possession.

Smart, secure, versatile

In particular, the SPA pointed out that smart card technologies are now being marketed and adapted to work within different types of devices, enabling traditional card-based payments to securely extend to nontraditional, open channels such as mobile networks and the Internet. Because the devices are personal to the user, and therefore decentralized, the SPA feels they are far less vulnerable to large-scale attacks than are cloud-based systems.

Despite the appeal of the cloud, officials at the SPA believe smart cards have built-in securities and data protection advantages that the cloud cannot match. Lorenzo Gaston, Technical Director at the SPA, believes it is premature to consider cloud technologies as a secure replacement for card-based payments within today's retail environment.

"In short term, the cloud does not constitute a realistic alternative to card technology," Gaston said. "Future wallet business models will combine the strong device-level security (a characteristic specific to the smart card) with cloud-based technologies, driving improved efficiencies and innovation for user experiences, while standardizing the back-end cloud computing protocols for interoperability, ubiquity and enhanced security."

While the SPA was careful to maintain its customary technology-neutral stance in its public statement, the association also felt it was important to publicly support the PSD2 on continued smart card usage, especially as it relates to retail services.

While the SPA does not seek to stop innovations in the cloud-based payment application sphere, it does believe the PSD2 will significantly influence how financial services are handled within the European retail industry for some time. And the association indicated it is poised to help reinforce the new regulations in the interest of "a common core of requirements that protect the consumer regardless of the card payment instrument used."

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.