Use-and-throw transaction codes secure payments

Motion Code replaces the static three-digit security code which is printed on the back of a card, by a mini screen that displays a code automatically refreshed according to an algorithm that is controlled by the user.

Just as a presence on social media became something to warn the millennials and politicians about - don't post things out there; they'll come back and haunt you if the information is misused - cashless transactions have traditionally carried a degree of uncertainty.
This is because no one wants to be woken up in the middle of the night by a transaction alert from someone using your card in another hemisphere because six months ago you used it online to make a payment.
A continuing fear of such emergencies keeps consumers wedded to solutions such as cash on delivery, even when shopping online. Even when more and more of our transaction activity moves online - whether it's cinema and airline tickets, electronics, apps, groceries or paying bills and fees - security is the single biggest concern that comes in the way of cashless payment. It's understandable that, with so much of our data out there, security is a concern. Putting together our transaction identity should not be as simple as piecing together a jigsaw with information collected over time from various sources. In a recent UAE survey, 25 per cent of those who indicated that they preferred to use cash instead of cards for online shopping said they would consider switching if they were assured of the safety and security of online transactions.
Payments companies like Network International spend millions of dollars on securing financial data. But the payments enabler is not the only one who has your financial data; the merchant, the site manager and site owner also probably store it in their databases. When we're not the only ones who have the data, any security solutions are not as fool-proof.
In fact, some of the most well-documented credit card data breaches in the recent years have been at retailers such as Neiman Marcus, Walmart and Target.
One of the answers lies in protecting each interaction individually, so that, even if someone breaches layers and layers of security to get to your information, they will come away with nothing they can use.
So what did the social kids do? A new generation paranoid about online security uses something called Snapchat, an app that allows you to send videos and pictures that will self-destruct after a few seconds of a person viewing them. In a similar way, although your card details are stored in multiple databases around the world due to your online shopping activity, each transaction on the card can be protected with a use-and-throw code that can only be used once.
We call it dynamic authorisation, and it can be delivered via tokenisation, dynamic CVV codes (no longer does your card have to be associated forever with those important three digits on the back), and HCE, or host card emulation.
 Dynamic CVV
Just recently, and for the first time in the MEA region, Network International launched a Motion Code credit card, using Oberthur Technology's dynamic cryptogram technology. The card is no thicker than your usual one, but with a difference: the CVV number at the back changes dynamically, say every 30 minutes.
The technology replaces the static three-digit security code which is printed on the back of a card, by a mini screen that displays a code automatically refreshed according to an algorithm that is controlled by the user.
Since you need to provide the CVV (which stands for Card Verification Value, by the way) code for every single electronic transaction, it is saved in a database along with the other details of your card. This could give hackers enough ammunition to wipe out your bank balance. With a Dynamic CVV, however, the stored code would not work. The right number is the one in your hand at that moment.
Another buzz word in the payments world is tokenisation, which is based on the same principle. The clue is in the name, where uniquely generated tokens take place of sensitive credit card authorisation data, meaning that your real card information never enters the merchant environment. Think of places where you use tokens - they represent your entry into a protected space, usually for a limited time. With tokenisation the transaction is based on a randomly generated number attached to your card, so any hackers have nothing of value to steal if they Target (pun intended) a merchant's systems.
 
Host card emulation
Many security innovations that run in the background, without burdening the user, are based on minimising the passing of sensitive card information back and forth. HCE uses cloud systems to host card credentials, and then relies on tokenisation rather than using encrypted card data for each transaction.
HCE is the technology that comes into play when we make mobile payments using Near Field Communication, or NFC, technology, which allows millions of phones to become payment devices via a simple app update. NFC (and HCE) gained prominence when Google said the KitKat version of the Android operating system would have built-in support for it. Visa and MasterCard both said they would work on HCE specifications.
However, we don't want the user to jump through hoops to make a transaction more secure. Making a customer download software, install plug-ins or remember a third passcode are solutions that often result in abandoned transactions. Is it a number? A combination of alphabets? Your mom's maiden name? You try a couple of times before deciding it's too much trouble to shop on that Website. We've learnt that we don't want to pay for added security with increased abandonment of transactions. And the Snapchat of payments is one way to make sure that your transaction is as safe as it is convenient, like a snap!
The writer is group chief executive officer at Network International. Views expressed by him are his own and do not reflect the newspaper's policy.