The true art of innovation – identifying needs at an early stage and transforming them into simple solutions.
Is security a hindrance to innovation?
Cashless payments have to keep getting simpler and faster. Security is and will remain the order of the day, however. Are the two mutually exclusive? We asked Tom Baur, Head Risk Management and PCI at SIX Payment Services, for his opinion.
When new products, especially in the field of payments, are launched on the market, it always take a while before people accept them. Security concerns play a major role in this. Is that reasonable?
Yes! When our hard-earned cash is involved, it makes sense to proceed with caution. But the word "concern" also evokes fear. Fear is a dangerous emotion, however, since we usually react with an unjustified feeling of uneasiness when we go on the defensive.
It goes without saying that making payments also always harbors an element of risk. There will never be such a thing as 100% security. However, identifying vulnerabilities is the job of the architect and provider of a new payment service. If they want to be successful and get the product off the ground, they need to make sure it's secure. Security is the key to success in the long term.
If cashless payments are becoming continually faster and simpler, doesn't this necessarily mean making compromises in terms of security?
There's some truth to that. The important thing is that such compromises are made consciously – that is, in the awareness of the possible consequences. Responsibilities – in particular, financial liability – must be clearly regulated between the parties involved. When the payment procedure between the parties involved is processed correctly, this must not result in any negative consequences either for the payer or for the payee.
With that in mind, can security become a hindrance to innovation?
The security aspect must not become a hindrance to innovation. This can only be achieved if security aspects are taken into consideration right from the start. They define the sidelines of the playing field on which the innovators can then "kick around" their ideas and feed them into their product designs. If security aspects are brought onto the field too late in the game, in the worst case scenario everyone has to take several steps back. Alongside the time lost (time-to-market), financial considerations also come into play, which in certain circumstances can deal the deathblow to a promising innovation.
Does this mean that product ideas at SIX Payment Services have been dropped in the past due to security concerns?
To the best of my knowledge, we have never not implemented a project purely due to security concerns. The security aspect or risk assessment is just one component alongside market acceptance, economic potential, etc. Among the ideas evaluated, security considerations alone have never led to a project being given the red light.
The Internet of Things: the world is meant to become simpler and more convenient for us by having complex systems support us in the things we do. What does this mean for security?
There is a certain danger in that this will bring us closer to the "glass human". Within this context, data protection and thus the protection of privacy will likely be put to a very harsh test. It will be a major challenge to control the use of data and information in such a way that people's privacy continues to be protected. It is impossible to say at this time the extent to which practicality and convenience will be able to prevail in the face of personal rights and the protection of privacy.
Which is more secure: making cash or cashless purchases? And how does the future look?
Compared to cash, I find cashless payments generally easier and more convenient. My subjective take on the issue of security is that I have mislaid cash more frequently that I have had to contest wrongful bookings from my credit or debit card account. A return to payments exclusively with cash is definitely out of the question given the current zeitgeist and personal lifestyle trends.