Tuesday, 7 February 2017

Make Online Payments Secure

Make Online Payments Secure

Online payment services can only score if they strike the right kind of balance between security and comfort. Using Germany as an example, we’ll tell you how you can do just that

Cash or card? Online payments aren’t as simple as payments that are made at the shop. When it comes to the virtual checkout counter, you have to choose from an average of five different payment procedures. In addition to classic offline methods such as those involving bills, direct debits and credit cards, the group also covers online payment systems such as PayPal, giropay and paydirekt. When it comes to being an intermediary between customers and retailers, these are the services that are more or less trustworthy. In addition to being both quick and easy to use, they do not force the buyer to hand payment data over to the online shop. We took a closer look at the most popular online payment services, and we’re going to point out the pros and cons. The table at the end of the article contains a compact expert assessment of the security and comfort levels.


Making Payments Via Amazon


No, you don’t have to shop at Amazon in order to be able to use Amazon Payments. You can use the payment data that has been stored with Amazon to make purchases at other shops – The company simply processes the payment. A number of online shops in the US and Europe are planning to offer this payment type in 2017 – If that happens, Amazon will have turned into one heck of a climber. Technically, Amazon Payments is an e-wallet. Whoever decides to use this method uses his Amazon login to authorise the payment procedure in a popup window – The whole procedure is quite convenient indeed. Billing and delivery addresses are also absorbed from the Amazon account, so customers don’t have to do a lot of typing either. The procedure isn’t just convenient for PC-based purchases – It’s actually even more convenient for smartphone purchases. According to Amazon, the shop owners see neither payment data nor shopping histories associated with other shops.

But let’s not kid ourselves: You will only be able to use this payment method if you have an Amazon account – This basically means that you will be registering with a company that is interested in your purchasing behaviour. Consequently, this method isn’t particularly thrifty when it comes to data. Furthermore, you will be left with a bitter taste in your mouth if you take a close look at the SBTs: Amazon reserves the right to forward personal data to service providers. Now, the procedure does offer a high level of technical security – Provided you take the initiative and activate the two-factor authentication arrangement. This basically involves an additional secure login procedure that makes use of a PIN code.

Although this arrangement is officially only available in the USA, other users can activate it through the US site. To do so, log onto amazon.com, select “Your Account > Change Account Settings > Advanced Account Settings” in the status bar in the top right section of the screen and click the “Get started” option, which is next to “Two-Step Verification”. Then follow the instructions.

Online Advance Payment


In Germany, the giropay system is a direct transfer arrangement, and can be used in one out of four online shops. When you’re making a payment, you are redirected to your bank’s online banking site, where you log in and transfer the amount online. Here’s the advantage: All of the bank’s security mechanisms – such as mobileTAN or chipTAN – can be used to authorise the transaction. Furthermore, you don’t have to entrust any third party with sensitive payment data.

On the other hand, here’s the disadvantage: Not all TAN procedures are suitable for mobile phone purchases. For example, those who use mobileTAN to make purchases with their smartphones will be weakening the protection level, because the same device would be used for the password as well as the TAN. The level of security can be watered down even further for reasons of comfort. For example, some participating banks allow you to pay small amounts of up to 30 euros (RM150) without using a TAN at all. In such a case, the login data for the online account would be the sole layer of protection.

PayPal Continues To Expand


According to the latest ECC payment study, 2017 is shaping up to be a big year for PayPal: The American payment service will be integrated into a large number of online shops, which in turn would make it the most frequently-offered payment procedure in the world. With a prevalence level of almost 88 percent, the advance payment option currently continues to be the most frequently-offered payment procedure in the country. However, the level of popularity is also directly proportional to the level of risk – PayPal is already the most popular target for phishing attacks. As is the case with all e-wallets, an e-mail address and a password are all that’s needed to make a payment. The billing procedure is carried out with the help of either a credit card or an account that has been stored within the PayPal account. However, the method definitely isn’t a model of data economy: As is the case with Amazon Payments, you have to hand sensitive data over to an American company. What we like about the method is that the user can decide whether he wants to use PayPal in conjunction with the maximum level of comfort, or in conjunction with every last drop of security. For example, it is very easy to set up a two-factor authentication arrangement for the account. In such a case, you would have to enter a password and an additional PIN code, which is sent via SMS. On the other hand, you can also identify devices that you can use to make immediate payments without logging in – Of course, you should only do this if you are the only person who can access the said devices.

The German Competitors To PayPal


For about a year, Germany’s major banks, co-operative banks and savings banks have been trying to establish an alternative to PayPal in the form of paydirekt – However, they have only been moderately successful so far. Although the figure of 700,000 registered customers sounds impressive, it should be borne in mind that PayPal already has 17.2 million registered customers in Germany. The figure of 240 connected retailers cannot compete with PayPal’s 50,000 connected retailers either. Just like PayPal, paydirekt also works as an e-wallet, but its use is limited to Germany. Here’s an important difference between paydirekt and the American service: The customer doesn’t have to entrust any external company with sensitive banking information; the banks themselves offer the payment service as an extra function in cheque accounts. All you have to do is activate the service, after which you will usually make payments using a username and a password. As an additional security function, the system also asks for a TAN every now and then; you can also activate this transaction confirmation arrangement for every payment. You can simply store the billing and delivery addresses in your paydirekt account.

Making Payments Through The Post


When it comes to online payment procedures, Deutsche Post in Germany is also getting in on the act – It is offering its own e-wallet in the form of Postpay. The Post is taking the principle of e-wallets to an extreme level, because you can, for example, store another e-wallet such as PayPal (as payment data). Furthermore, you can also use SEPA direct debits and credit cards. However, this method doesn’t exactly uphold the principle of data economy either – You have to hand sensitive data over to Deutsche Post. Nevertheless, Postpay’s SBTs are more user-friendly than those of Amazon and PayPal. User-related data is only forwarded if the customer has explicitly authorised such a course of action. However, with a prevalence level of about eight percent, only a few German shops accept Postpay. Payments can be made quite comfortably using desktop and mobile devices, with the help of e-mails and passwords. However, since there is no twofactor authentication arrangement, no additional protection can be set up for access to Postpay.

Secure Bills


Customers are only too happy to make payments using bills, but retailers don’t like this method too much, because they’re afraid they may never get their money at all. This is where service providers like Klarna (which provide so-called ‘secure bills’) come in. They make it possible for customers to make payments on account, by assessing the risk of payment defaults. For example, a customer could access the payment page and declare either his mail address and postal code, or his birth date and telephone number. The provider then uses this data and the information transferred by the browser to draw up a risk assessment for a potential payment default in a few seconds. If the risk is low, the customer is allowed to make a classic payment on account. Buyers can examine the product before they transfer the respective amount. Although this is somewhat laborious in comparison with other payment procedures, there is no phishing risk, and the
payment data remains under your control.

Sofort-Uberweisung


Just like giropay, Sofort-Überweisung is also a direct transfer procedure, and the two processes look quite similar to each other at first glance. However, there is an important difference between the two: With giropay, you access the house bank directly; SofortÜberweisung steps in between the customer and the bank. This basically means that your account data will be going through the hands of a third party. After you have selected Sofort-Überweisung to make the payment, you will be navigated to a transfer form.

Now, you simply enter your online banking details and authorise the transaction using the TAN procedure that you have activated with your bank – This makes for a high level of security. After PayPal, Sofort-Überweisung is the second most widely-used online payment procedure in Germany.

Conclusion


There’s no such thing as a perfect procedure. Those who want to use an online payment system that is widely-accepted, comfortable and fast should go for PayPal. However, the high degree of prevalence also makes the service a prime target for phishing attacks. This problem affects all e-wallets that authorise payments using the username and a password.

This means that Amazon, paydirekt and Postpay have to grapple with the same issue. However, those who already have an Amazon account can use the data stored in it to make payments elsewhere. Paydirekt and Postpay are currently somewhat unattractive because they are not widely-used. Those who do not want to give sensitive payment data to any third party should take a look at giropay or, if available, the secure bill procedure. The advantage of giropay lies in the direct connection to the online account of your bank – This also includes TAN protection. The secure bill procedure basically modernises the purchase-on-account transactions that many customers prefer. If this payment option isn’t too slow and laborious for you, you can go ahead and use it without a second thought.