The challenge with the one-in-a-hundred gamble of increasing your margins begins with the need to innovate in order to stay ahead of the competition and grow your market share. In an established market, it becomes a game of percentage points. Each percentage point can be worth millions or even billions of dollars.
Innovating in payments is especially challenging because you might be about to unleash a new capability that will increase market share, but it could also be something that potentially raises your fraud profile and puts your regular business at risk. There are a number of examples that we could probably go through, but the one I like to talk about is the many articles I've seen that discuss how electronic wallets are suffering from social engineering attacks.
People engaging a social engineering attack will phone the bank and tell them that they have a card that they're trying to register on their device. By impersonating the cardholder, they will have put a stolen card on their device and then go forward making purchases that look legitimate to the payment system. This is a perfect example of a new innovation that has exposed the possibility for fraud. The potential downsides to this innovation can put the regular business at risk.
I think that it's possible to release a safe innovation that doesn't take unnecessary gambles when it comes to fraud. When you consider innovation, you want to be on the cutting edge while also thinking the solution through from end to end. (This is something that we'll discuss in-depth in another post.) There's been a big shift in the last two to three years. You used to innovate first and then think of security afterwards. Today, innovations really are about putting security first.
Security in and of itself can also be an innovative way for institutions to differentiate themselves. Your money and your transactions are secure, safe and private. This is a significant shift that we're seeing, and it's going to continue as peer-to-peer payments take place using mobile devices. It's certainly a key point of some of the e-merchants that are out there. As it stands now, every time I purchase something from Amazon.com or Apple.com, they've got my credit card on file. I need to have confidence that my credit card information will be secure before I'm going to decide to hand it over.
To give an example of an unnecessary gamble taken during the course of innovation, I'll pick on e-tailers for a moment. This is something that's been an issue historically, but it's been in the headlines countless times over the years. Many years ago, Amazon invented the one-click purchase. If I saw an item that I wanted, it was a button click away. My billing address and credit card details were all stored inside of my account information in Amazon. From there, a whole range of retailers followed suit, wanting to store my credit card information for easier purchases.
That's a great innovation, because it makes it really easy for me to do business with them. However, at the same time it's changing the risk profile for me personally, for the institution, and potentially for the organization themselves since they're now holding these credit card numbers. You can go back through the headlines over the last five to ten years and despite all the improvements in technology, the number of credit card details that have been stolen from retailers is just tremendous.
It would seem that if you wanted to steal credit card details, you wouldn't have to worry about hacking the banks themselves. Instead, you'd just hack one of the retailers that stores these details for the sake of convenience. Going forward, this is just one example of how people are now hesitant to store their credit card details on a mobile device. They think to themselves, "What if I lose my mobile device? I want to make sure that my information is secure and I'm in control of it."
