Cybersecurity Insights

Jake Dennys

Increased card usage across the payment landscape

22/10/18 10:44

Increased support for contactless payments, digital wallets and mobile payments are making paying for things even more convenient than ever before. 2017 saw some interesting payment statistics, most notably; in the UK, debit cards have surpassed cash for the first time.

According to UK Finance data, there were 13.2 billion debit card transactions in 2017, narrowly surpassing cash payments which came in at 13.1 billion. Contactless purchases have increased dramatically, with a 97% rise in usage (119 million contactless cards were being used by the end of the year). Mobile purchases have also rose by 336% during the first six months of 2017 compared with the same period in 2016.

Drawing from the Payments Cards & Mobile January/February 2018, card usage in 2016 saw some interesting trends.

The end of 2016 saw card payments making up 52.2% of cashless payments, up from 50.24% during the same period in the previous year. Across Europe, we saw 1,005.6 million cards in circulation at the end of 2016. The ownership of cards however, varies drastically per country. For example, Romania sees 0.80 cards per person, compared to 3,94 in Luxembourg. Of course, this would be dependent on many economic and cultural factors, but important to consider nonetheless.

In 2016 there were 67.3 billion card payments, seeing a growth rate of 11.9%. This was accompanied by an increase of 10% of online payments, and a 20% increase in mobile payments. The overall value of card payments saw an 11.3% increase, bringing the total to €3,262 billion by the end of 2016.

4 interesting trends from card usage in Europe:

  • In 2016, card payments by both number and value grew larger than the compound annual growth rate (CAGR) between 2011 and 2016.
  • Contactless card payments have become the new normal in Europe.
  • Digital payments continued to grow by the deployment of digital wallets. Competition from card-less alternative payment services is growing.
  • Android Pay, Apple Pay and Samsung Pay, launched in more countries and continue to expand payment services across Europe.

POS terminals and POS payments

In 2016, the number of POS terminals grew by 11.2%, accounting for a total of 15.02 million machines. This comes alongside a total of 60.9 billion POS payments, up from 55.7 billion in 2015, with an average transaction value of €44.69.

The top countries for POS payments are:

  • Norway
  • Iceland
  • Sweden
  • Denmark
  • Finland

3 notable trends for POS usage in Europe:

  • 1% of all domestic POS payments in Europe are now EMV transactions, this includes contactless payments and mobile transactions.
  • Rollouts of contactless POS terminals continue, and more tablet-based solutions were in used in combination with mPOS terminals.
  • Developments in POS continued with many payment and loyalty applications based on QR-codes displayed, Bluetooth Smart and beacon technologies.

The continually growing Payment Card Industry brings with it a profitable environment for eCommerce businesses and physical retailers alike. Whilst the increase in card usage is great for businesses, it also provides its own set of challenges. Criminals are constantly targeting (and succeeding) in breaching small businesses and stealing customers card data.

It’s not just eCommerce environments that are susceptible to hacking though. POS terminals are vulnerable to malicious actors, like any other device using an online connection. For example, the end of 2017 saw ‘Forever 21’ fall victim to a data breach, whereby the attackers were able to hack into their POS systems. Non-encrypted card data was then siphoned away, potentially for four months, before it was picked up and dealt with.

If you take card payments on your website and you’re concerned about your security, then take a look at our website security solution: FGX-Web.

How does FGX-Web protect your website exactlyThrough FGX-Web you have access to:

An advanced web application firewall (WAF)

A WAF will filter attacks out of incoming traffic before they hit your website. It will examine not only the source of the traffic, but its intention. It can determine whether the person is placing legitimate requests for web pages, or trying to attempt a hack. If an attempted hack is detected, the attack is blocked. Whereas innocent traffic passes freely.

Malware scanning

Our malware scanner runs at minimum every day (it can be set by the user to run a lot more frequently) and is designed to search a website for all known forms of malware, including but not limited to:

  • Webshells
  • Credit card harvesting code
  • Backdoors
  • Spyware

Cardholder data scans

In addition to a malware scan, you also get access to a scan specifically designed to seek out stored, unprotected payment card data on your website. To reduce your risk of data compromise and to maintain PCI compliance, you cannot keep unprotected payment card data stored on your site. It might not always be the case that it’s been stored intentionally.  Sometimes a customer may put their card information in an incorrect field, or malware is storing the data in a file somewhere for later collection by the criminal. Our scan will detect this data and notify you.

File change monitoring

Using our advanced file monitoring system, we are able to log any and all changes made to your website. If a change is made, we will alert you of the time, date and file location so that you can verify its legitimacy.

Website Security Specialists to call for help

Our team of Threat Intelligence Analysts support our FGX-Web clients on a daily basis - helping to quickly manage threats and protect websites from attacks.  As an FGX-Web client, our team becomes your team.

 

BOOK TIME TO DISCUSS YOUR WEBSITE SECURITY

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More