On October 22, 2014, the FIC Observatory welcomed André Delaforge, head of communications at the Natural Security Alliance, Christophe Fichet, lawyer and manager of technical, media and telecommunications practices at the Simmons and Simmons law office, and Jimaan Sané, policyholder of technology, media and society’s at Beazley.
New methods of payment have emerged under various forms of technologies not originally intended for this purpose; such as the smart phone. Furthermore, big actors like Google and Apple, whose initial activity was not in provisional bank services, are now investing in this sector and proposing new solutions.
The problem of authentication in terms of ensuring proof of identity and the existence of the transactions dominated the discussion. In the case of theft, the client is never at fault and banks blame the retailer for sale negligence. It is therefore necessary for merchants, businesses and end users to identify and use secure solutions. Several systems exist, proposing different levels of security. Biometrics, in particular, represents advancement in payment security given that it avoids the use of a username.
From a legal point of view, even if the bank information is not considered noteworthy under the terms of the CNIL, it still must be protected, so as to avoid reuse without customer consent. This control is based on the idea that it is the entity that manages and decides on the end use of this information that has this obligation to follow the terms of CNIL.
Nevertheless, answers exist to this issue. For instance, the eMV (Europay Mastercard Visa) is mandatory for all European countries and is very effective in limiting the propagation of credit card numbers online. Even the United States, who use a different standard of payment, plans to adopt the EMV for transactions between the government and its citizens. The use of “tokens” was also mentioned as an alternative means of data protection, characterized by obtaining and using a virtual number per transaction.