Q&A with Ben Beeson

With all the retail data breaches in the news, will new payment systems like Apple Pay be a potential game changer for security?

Certainly they will help, in the short term at least, and reduce the number of losses. There’s no doubt about that. Are they going to be a silver bullet? Anyone who said that would be pretty bold. The whole point about cyber security is that there is no doubt that the bad guys always seem to be one step ahead of the good guys.

When it comes to the payment system in the U.S. at the moment, it’s hugely vulnerable. Apple Pay is clearly going to make it harder for hackers to get hold of someone’s payment data, but I would not go on record as saying it’s impossible. There are always vulnerabilities. It’s a case of finding out where they are.

In Europe and the U.K., we’ve had chip-and-pin technology for 10 years or even longer in some countries. That has clearly had an impact in trying to mitigate this risk. Chip-and-pin is being rolled out now gradually in the U.S., and there are alternative solutions also being rolled out.

What are the problems with traditional U.S. credit cards with the magnetic strip?

A lot of that depends on what the merchant is doing as much as what the card looks like. What is the merchant doing to lock down the credit or payment data? Typically you have found that the data that is swiped on a card on a magnetic strip is in the clear and it is there to be taken. With chip and pin, the data is encrypted through the chip, so that makes it harder to get a hold of. With Apply Pay, it’s not only removing the credit card from the transaction, but it’s doing other things such as adding a biometric requirement, such as a fingerprint.

A number of other solutions are emerging, whether that be Wal-Mart and others trying to create their own system, whether that be end-to-end encryption or tokenization. None of those will be silver bullets, but all will make it harder for bad actors to take advantage in the way they’re doing now.

What’s the impact on the insurance side?

At the moment, the payment card risk has almost become uninsurable. If you put yourself in the shoes of an underwriter, it’s a pretty challenging risk right now. The insurance market is looking for solutions there too, particularly on the back of the losses at Target and Home Depot.