This article first appeared on the PayPal Forward blog site. Written by James Barrese, Chief Technology Officer, PayPal.
At PayPal, protecting our customers is ournumber one priority. While we are constantly innovating to meet the changing needs of consumers, we also believe in the importance of complying with consumer protection laws and regulations. That’s why we’re excited to be a part of the White House Cybersecurity and Consumer Protection Summit taking place at Stanford University on Friday.
As PayPal’s chief technology officer, I think about the security of our customers all of the time. We don't believe there’s a silver bullet when it comes to security, and we know we can’t just build a big wall to stop people from getting in. We are a firm believer that open industry collaboration is important to help protect consumers wherever they shop and pay. Progress on tools like tokenization and new authentication methods are promising, but those efforts must be combined with risk analytics and management to help prevent, detect and respond to threats to our customers.
We want to share our point of view on technologies that are crucial to raising the bar for a more secure payments approach. These technologies are part of the White House initiatives around cybersecurity and consumer protection, and will be further discussed at the Summit.
Supporting an Open, Collaborative Approach to Tokenization
Today, we’re pleased to announce PayPal's commitment to an open, collaborative approach to tokenization. PayPal has been doing tokenization for more than 15 years by securely storing customers’ financial information in the cloud, and never sharing that information with merchants. As proof of our commitment to support the worldwide interoperability standards being established around tokenization we recently joined EMVCo, the global body that manages specifications and testing processes for payment card standards, as a business and technical associate. We will partner with companies across the payments industry to further develop an open, interoperable tokenization platform so that merchants can leverage tokenization capabilities across any technology and device, and make the experience seamless for the consumer. As the most trusted brand in digital payments, it is our responsibility to foster and lead industry collaboration that results in a true open tokenization solution that allows all payment methods (e.g., Private Label Credit Cards and loyalty points), and powers any innovative commerce experience.
Leading the Industry Effort to Move Beyond Passwords
It’s no surprise that people reuse the same password for everything, simply because people struggle to make new, unique passwords each time. PayPal is finding new ways for people to authenticate – conveniently and securely on their mobile devices. As a founding member of the FIDO Alliance, we strongly believe that industry collaboration is required to create a future where a password is no longer needed. From our fingerprint authentication technology with Samsung to launching One Touch payments, we’re helping the consumers authenticate in more secure and convenient ways.
Making Risk Management the Heart of our Security Strategy
Protecting our customers is our top priority. While tokenization and authentication are important pieces of the puzzle, PayPal works behind the scenes to go beyond just protecting customer credentials. A person’s data is, unfortunately, exposed in so many different ways – making it hard to think your information is always “protected”. According to Symantec, more than 552 million identities were exposed in 2013. We’ve continued to make it a priority to have risk management at the heart of our strategies. Combining advanced data processing with human oversight is how we keep your money moving to the right people and out of the hands of the wrong ones. Our system gets smarter with every transaction we process, allowing us to accurately establish patterns in order to trust good people, and spot the bad guys.
Our philosophy is, and has always been, to make sure we look at security and consumer protection together. This means, we protect customers’ personal information and their PayPal accounts; and when we collect information it’s for the sole purpose of verifying your identity and protecting you from fraud.
We’re committed to supporting the White House’s efforts to increasing public-private partnerships and cybersecurity information sharing, improving cybersecurity practices and technologies, and most importantly, improving the adoption and use of more secure payment technologies.