ShowHide categories

Security: maintaining integrity in a multi-card, multi-device world

Unlocking value
By Gareth Jones - Global Director of Information Security

Managers and users of corporate cards are asking themselves, how can we also provide flexibility and convenience of card spending while keeping in place the checks and balances that protect our business?

We can all agree that business spending is becoming increasingly consumerised. From using apps to manage expenses to mobile payments, employees are bringing their consumer habits and expectations into the workplace. With those expectations they are also bringing their spending paradoxes, in particular the seemingly conflicting needs of heightened security but increased flexibility and convenience.

Biometric potential

Consumer payment methods using biometric authentication are already mainstream. Whether it’s using a thumb or a selfie, mobile wallets defer to the individual’s personal attributes to make secure payments.

These are, however, dependent on a number of elements. Firstly, they relate largely to in-person, at point of sale payments. For larger, corporate card use cases such as settling invoices in the thousands, the most common medium is online or over the phone.

The second element is tethering the card both to the employee’s phone and the employee. Gartner research showed that in 2016 only 23% of employees had employer-issued devices. More than 80% of employees are BYOD - bring your own device.

Few people like juggling, charging and managing multiple devices. The smartphone has become an extension of the person and businesses have to work out how to manage these relationships, particularly when the employee effectively takes sensitive information - like the company’s payment facility - back home with them.

So enabling an employee to use a corporate card within their smartphone wallet may deliver the added protection of biometric authentication, but it opens the company up to other threats. Phones are lost, stolen and hacked all the time. There is no perfect solution but corporate card users and their CFOs must weigh up their appetite for risk against convenience.

Innovations do keep coming, bringing us closer to the convenience/security balance. MasterCard has been trialling a convenient yet secure alternative to the biometric phone option. From 2018 it expects to be able to issue standard sized credit cards with the thumbprint scanner embedded in the card itself. The card, being thus separated from the user’s personal equipment, can remain in the business domain. There is also the opportunity to scan a number of fingerprints to the same card so businesses don’t need to issue multiple cards.

Building convenience back in

Of course, the added value of bringing cards into the wallet environment is the money management aspect. Consumers can see at a glance where and when transactions took place. Depending on the sophistication of the retailers’ and banks’ data warehouses, they may even be able see what was bought.

Taking that transaction back to plastic has the potential to create a disconnect in that real time reporting. We know that visibility of transactions and the ability to manage spend levels in real time is of real value to corporate card customers. Consumers see this with disruptors like Curve and Monzo and expect it in the business world too.

Card security is vital, there can be no argument. But it has to come with intelligent management built in. Taking cards out of the virtual wallet and all its encryptions and protections may seem counterintuitive in a digital age. It’s about being able to link up the data and provide a real time, single source of truth that is meaningful to all stakeholders in the payments chain - from card user to CFO and issuing bank - while maintaining a seamless user experience.