Secure E-Commerce – Burak Kutlu – Asseco SEE

by Sinan Oymacı 0

During ‘New Banking Vision’ conference organized by Asseco SEE in Turkey, we made an enjoyable interview with Burak Kutlu, Division Manager of Payment Systems, at Asseco SEE about today and future.

Hello. Could you please tell about yourself?

I have been working at Asseco as Division Manager of Payment Systems for a long time. I’d say, I was the fore-core team member in a payment system. I worked for various departments such as software engineering, project management, sales, and operations. Currently, I’m responsible for payment systems of all departments except sales.

Could you please give us some information about the positioning of e-commerce in Turkey and the status of payment gateways?

Since 2000, e-commerce has significantly grown in Turkey. Last year, it increased 30%. We are assuming 30% growth for this year as well. We mostly provide infrastructure services. Currently, thirteen banks in Turkey get a virtual POS and e-commerce infrastructure solutions from Asseco. This solution serves to 25,000 companies; such as; e-commerce sites, airline companies, real estate rental sites, subscription or insurance services.

Our system provides security and provisioning for all transactions that you make through the internet by credit cards.

Indeed, Fraud is also considered when we talk about security, isn’t it?

Yes, security means verifying the transaction that made by the real individual. There is a solution called 3D Secure. This solution is just ASSECO’s. Banks send one-time passwords to your mobile phones via SMS, during credit card base online shopping to verify that you are the actual person. You validate yourself by utilizing the password. Currently, this is the most common verification method on the internet.

While saying security, we don’t only mean this. Other than this system, more than 20 million credit card and payment card transactions kept in the system. They should be held safely and need to keep up consistently. Because e-commerce is 7/24 originated and neither a branch nor a store closes. At the same time, card information has to be inputted safely to be avoided from hacking.

In this sense, we have standards, which are entailed, by banks, and also, we have PCI DSS certification, which is entitled to world standards. We are obliged for permanent renewal of these certificates.

When we visit e-commerce sites, most of them say ‘we don’t keep your credit card information; we are just intermediaries,’ Don’t they?

Yes, it’s supposed to be this way, this is the right way. Credit card information can be kept. However, this card information can be stored by banks and according to a new declaration about credit cards, authorized firms which are mitigated to specific security standards might keep this information.

Asseco also has this type of service. Asseco has a solution called ‘Merchant Safe Unipay’ which keeps card information for doing convenient shopping. With one click-shopping slogan, the card numbers are inputted to sites and saved in our system and we let convenient usage just in needs. Card information is not available at the websites dashboards. Reliable banks data rooms at the backhand keep information.

You mentioned 3-D secure. Beyond that, what could be the other security solutions in future? For example, fingerprints came to phones. Few days ago in a meeting, recognition of a iris scan system was displayed. Some companies provide several verification devices. These devices make verification. For example, a bank provides this device. You input your password in the device and give the generated password to the system. Now they removed it. There is information that might be inputted via phone or received by phone. Where are we heading?

Biometric authentication method can be used very widely. But now BRSA has currently blocked fingerprint accessibility due to some reason. We are expecting to re-use it. Apple uses this.

However, except this verification methods, you can identify transactions are fake or real by creating behavioral and numerical ID. Asseco has two solutions for this.

One of them is the behavioral model. It checks your past transactions. Is there any extraordinary case? Do you over limit your expenses unlike usual? Are you out of your shopping routines? They check this kind of information. These are traditional methods of fraud. It’s a very hot topic, and we call this New Generation; creating your digital ID and detecting transactions without using this ID. For example, let’s say you go out in the morning. You connect to a website in a bus. You check your email. You reached to the company and did shopping on the computer. Then you came back home and did another shopping. The reason for that can be your e-mail, the IP address that you use, or device –computer or mobile phone. A system, which superimposes this entire network with each other, understands that you use them and gives it a smart ID. Later even these computers are used by other; it realizes that it’s not you and sends notifications. These mechanisms are the new generation of anti-fraud solutions in the online world for mobile and web.

Can we call it a new kind of artificial intelligence?

Artificial intelligence creates your numerical ID. Various algorithms are working at backhand. Via different algorithms, it determines the right person with a rate of 99%.

There is another thing for sure. It’s just told. In some cases, even there is no fraud, you might realize that its real? As an example sometimes happens to me. Unless I answer the call, they don’t believe that it’s me.

This case is also so important. Since particular clients have significant amount of investments at banks; you shouldn’t disturb these people if you don’t do the convenient job.

The numerical ID helps this. As long as you verify the person by the numerical ID, you don’t have to ask for the one-time password. Or you wouldn’t let the person use that verification device. Because you already know that this is the right person. By doing this, you have to make the perfect shopping experience for that person. You have to simplify the verification procedures and difficulties. Of course, it’s so risky subject but inevitable.

Although I do shop with using the same credit card for the same store, they keep sending me SMS. I expect that the system has to recognize me. It shouldn’t ask me password bootlessly.

Lastly. What could you suggest to customers for online shopping? What should they do?

They don’t need to hesitate to shop online. But there are some important rules while shopping online:

1- They should check the website. This thing is very intuitive. Is it a known site? Any shopping made from this site before? Can site deliver the products?

2- You need to check complaints or negative comments from the customer information forms and related websites.

3- Besides these, while inputting the password; they have to be sure of seeing security lock icon called SSL in browser.

They have to be keen about these 3 points, and 3Dsecure password should be used to them and not to be shared.

They can do a safe shopping if they take care about these.


I also thank you.

You can watch the interview with Asseco SEE’s Payment Systems Department Manager Burak Kutlu, below in Turkish.