The evolution of the computer age has brought about greater development and change in the technology sector and consequently also in the payments sector. The development of hardware, software, communication, and systems management has led traditional means of payment to an extension of their function, creating new ways of paying. This specialization has led the modern era to develop unconventional payments referred to as ‘new digital payments’, which include various products that are nevertheless based on traditional payment products, which can be grouped into two types. The two categories are:

• E-PAYMENTS
• M-PAYMENTS

New information technologies have favored the development of payment services on the Internet, supporting electronic commerce. As a result, transactions typically take place using Internet connections. To strengthen the security of payment transactions, intermediaries adopt more robust user authentication methods than simple passwords, such as double-factor credentials or even biometric elements. Factors are represented by something that the user: i) knows (e.g. a password), ii) possesses (e.g. a token or similar), or iii) is intrinsically (e.g. biometric elements). The presence of the double factor makes it more difficult for fraudsters to capture credentials and then use them for unauthorized payments.
The most common payment tools used on the web are:

• CREDIT CARDS allows purchases and cash withdrawals (cash advance with interest payment). The amounts spent are debited subsequently, generally monthly. Furthermore, if provided for, the cards can be used to make recurring payments (direct debits).
• PREPAID CARDS allow you to make payments and withdrawals from a sum pre-deposited by the holder with the issuer (such as a bank). Payments and withdrawals reduce the amount paid until it runs out. It is not necessary to have a current account to have a prepaid card. This type of card can be either rechargeable or non-rechargeable. If the card is rechargeable, the available sum can be replenished within limits permitted by law and the issuer.
• BANK TRANSFER represents an order given by the debtor to wire a sum of money to the creditor’s account. Since 1/08/2014, the standard is the European bank transfer (SEPA credit transfer – SCT), using the beneficiary’s IBAN code.
• E-WALLET is a virtual wallet that allows users to make payments online or in physical stores using electronic devices. The e-wallet stores credit, debit, prepaid or bank account numbers to make payments quickly. Following the creation of the account, users will be able to enable payments without sharing their data. To authenticate the transaction, consumers must enter the e-mail address connected to their wallet and password. There are two types of e-wallets:
  • Device-based (in-store payments), these e-wallets are for payments in physical stores, and they work using electronic devices, such as smartphones. The transaction takes place by bringing the smartphone close to a contactless reader; if there is no contactless POS payment terminal in the store where you want to make the payment, there are many e-wallets with magnetic stripe functionality. In addition, some Apps can transform the phone into a real credit card with a magnetic strip; just slide your smartphone on the payment device to finalize the transaction.
  • Internet-based (online payments) Internet-based wallets are virtual wallets linked to an account to which payment instruments (credit cards, debit cards, etc.) are associated. These wallets can be used for e-commerce purchases: they allow you to make online payments without entering sensitive data by simply indicating the e-mail address and password associated with the e-wallet account.

Mobile payments include those types of payments, different from traditional ones, that use mobile devices such as, Smartphones (i.e. new generation mobile phones), tablets or other technological devices, in order to buy or sell, goods and services. Services for making payment transactions via smartphones or tablets are becoming increasingly popular.

The use of a payment card virtually inserted in the device (via an ‘app’) or associated with the sim card (charged to the phone credit) is a clear example. In this case, purchases relate mainly to digital goods or services that can be used via the mobile device, as well as – within certain amount limits – to public transport and parking services. If the mobile device allows it and the payment card is enabled, it is also possible to pay in contactless mode, by simply placing the device next to the acceptance machine in the shop (POS).

Mobile wallets are e-wallets for smartphones, Apps that can handle the transfer of money exclusively from your mobile phone. Like traditional e-wallets, mobile wallet applications allow payments to be finalized, either locally or remotely, by entering a password.

According to the Legislative Decree No. 11 of 27/1/2010, payment service providers must identify and mitigate threats of technological nature and identify security measures and controls to ensure the objectives of confidentiality, integrity, and availability of information systems and associated data.

In particular, specific safeguards must include at least:

•  MULTIFACTOR AUTHENTICATION: user authentication must take place using two or more authentication factors, independent of each other. In the case of One Time-Password, the validity time of a single password must not exceed 100 seconds.
• PSP (Payment Service Provider) DEVICE AUTHENTICATION: the payment instrument must be able to securely authenticate the payment device in order to minimize the risk of the user unknowingly handing over his credentials and data to malicious devices.
• ON-LINE AUTHORISATION OF TRANSACTIONS: transactions exceeding € 500 must be authorized online via the central server that manages the payment instrument.
• END-TO-END ENCRYPTION: transmission of the user’s authentication credentials must be carried out over channels with end-to-end encryption.