The 13th International E-Banking Conference and Exhibition was held at Pearl Continental Karachi on 23rd April 2015. Pakistan has been hosting the event for 13 consecutive years to bring together industry leaders to share knowledge and insights, that may lead to shaping the future roadmap of the Pakistani E-Banking landscape. Mr. Saeed Ahmed, Deputy Governor State Bank of Pakistan was the chief guest for this event.
The opening session included speeches and a panel discussion. This session included representatives of international ATM vendors, banks, and software houses, including the guest of honor, Dr. Mirza Ikhtiar Baig, Chairman FPCCI, Standing Committee for Banking. The panel discussion was based on OMNI Channel Strategies, to help provide customers seamless transition and uniform experience across various shopping channels, including brick and mortar stores, websites and hand held device applications.
The adjacent exhibition hall was abuzz with solution providers networking both at their booths and elsewhere as well.
In the main discussion hall, however, things were a lot more formal. Following were the key points discussed in the technical speeches.
“Multipurpose, Multi-Instrument Prepaid Issuance – Beyond CASA and Credit Cards” – Mr. Faraz Ahmed, Executive Director, TF Group.
“Banks must move away from only offering card oriented services and such systems are already in motion. Mobile apps can serve as an important channel, based on various customer preferences, and it could be a new revenue stream.”
“Secure e-Banking in The Mobile Era” – Mr. Carl Anders Henrikson, SVP Global Sales, VERISEC AB, Sweden
Highlighting the exponential growth trends in IT industry, he said: “Here’s an example of adoption of various tech products by the first 50 million people: TV 30 yrs, Radio 15 yrs… Angry Birds: 30 days.”
“Mobile platforms are not secure to begin with. VERISEC has tested mobile apps in various countries and all apps showed vulnerabilities like key-input grabs, screen grabs, code insert etc.”
“Revenue Generation through Multi Currency Travel Cards” – Shahzad Shahid, CEO, TPS Pakistan.
On projected growth of prepaid card, he commented: “There is a 22% current annual growth in prepaid market across the globe. The projected size of cards market in 2017 is $822 billion, 45% of it is outside the US, including Pakistan”.
“Customers need travel cards for safety and convenience. Multi currency cards are not a new concept, with up to 18 currencies automatically switched, based on the country in which the customer is transacting.
Real time swapping of money from e-wallets of different currencies is performed when one of customer’s wallets in a particular currency is running low on cash. This eliminates the need to go to money changers or carry cash in multiple currencies.
For Pakistanis Dirham and Riyadlare the most important currencies while traveling to Saudia Arabia for Umrah or to Dubai for shopping.”
“Hardware Security – A Trusted Foundation for Changes in e-Banking” – Haris Sethi, System Engineer, Central Eastern & Northern Europe, THALES Information Security – UK
Speaking about evolving security standards, he said: “The new requirement of Point to Point Encryption (P2PE) by PCI-DSS (Payment Card Industry Data Security Standard) is helping making payments more secure. That is, encryption is done at the device (PIN pad) level, before sending the transaction into the merchant network. It can only be decrypted at the payment gateway, which is hosted in a PCI compliant environment.”
He also introduced exciting new technologies that THALES is working on, including:
– Mobile Point of Sale (mPOS): A pin pad device paired with a smartphone app through bluetooth, that securely authorizes the transaction.
– Host Card Emulation (HCE); Using mobile NFC technology to execute wireless transactions based on credit card account.
– Message Based Transactions.
Following are some of the highlights discussed by the panel:
ATM Skimming Attacks:
“Recent skimming attacks (where customer card data is read by a hidden device and then used to create duplicate cards) are not only a liability to bank institutions but to the payment industry itself.”
“Skimming devices have been noticed on card slots and other areas on ATMs. Anti-skimming devices must be developed.”
“Skimming is mostly based on card data so skimming may be reduced by enabling more cardless banking. But cardless solutions have their own issues and the technologies are not mature.”
“Biometric verification is a possibility due to Nadra databases already in place. But Nadra’s system is only 5-10 years old, and it’s dependability is yet to be fully tested. The problem with biometric data is that if it gets compromised, customer data is irreplaceable. In the case of ATMs or internet banking, if customer data is compromised, then old cards are blocked and new PINs/passwords are generated. But biometric data (like the prints on your fingers) is unique and irreplaceable.”
ATM Malware Attacks:
In the case of ATM Malware attacks, an ATM may dispense cash without actually compromising customer data, since the malware is installed on terminal level. So there is no debit transaction and the fraud is only discovered at the time of end-of-day settlement.
“Basic security of atms must be upgraded. Some banks in Pakistan use only one key to open an ATM”.
“Several ATMs around the world are still running on Windows XP, not just in Pakistan. Microsoft stopped sending security updates for it long time back.”
“EMV is more secure but recent attacks have proven that it is also vulnerable, there is no perfect solution yet. It has to be a combination of several initiatives and solutions.”
While different presenters from across the world discussed payment industry growth needs, vulnerabilities and their respective solutions/products for them, the fact remains that bad guys are always two steps ahead and the industry is always playing catchup. Also, one of Pakistan’s biggest problems is lack of law enforcement, since scammers are not caught and imprisoned.
However, the diligent development by these industry leaders has been the key factor in keeping payments as secure and swift as they are today, with a lot of exciting technologies coming up in the recent future.