Getting a secure payment service is becoming more important than ever!
Organisations are focusing efforts on creating secure payment services in the face of growing risks. Improved access to a more secure payment solution is becoming a greater requirement.
Why? Here we look act two key factors that are driving us to take payments from customers more securely.
Increasing regulation and penalties for non pci compliance is one reason. With the growing number of security breaches and the consequential customer concern being very real.
When you get it right it feels pretty good. Customers are happy, not hesitant, to pay and those in charge don’t spend time worrying all they have built may crumble the moment one of the hundreds of daily breach attempts gets through.
But what are the regulations? Who is attempting to breach payment security and how difficult is compliance?
A Supervisory Push to More Secure Payments
Regulatory and technical organisations have been working hard to provide secure payment solutions to businesses taking payment.
If the annual cost of card fraud of over £10 billion isn’t enough to motivate every business in the payment services sector. Then the loss of revenue from security-conscious customers certainly should be! 40% of UK consumers claim they will never return to a business post-breach.
Providing secure payment services is a growing trend for FinTech companies. Now that European law has opened up the banking sector, a plethora of apps have flooded the market place. Making all manner of financial activities, from bookkeeping to secure payments, much easier.
Types of Secure Card Payments
When it comes to card payments, there are two types. Cardholder Present, and Cardholder Not Present (called CNP) transactions. Cardholder Present payments are ones where the payer physically has the card in front of the merchant. The introduction of Chip ‘n’ PIN technologies in 2015 significantly reduced fraud rates.
It has been CNP transactions where the fraud has really grown up from 3% in 1995 to over 70% in 2018. These are, in almost all cases, payments made online or over the phone. The cardholder is not physically present, and therefore cannot be verified in the same way.
Well, that was until the second version of the Payment Services Directive came into force on the 14th September 2019, which not only set the framework for Open Banking (more on this later), but also mandated Strong Customer Authentication (also known as SCA or 3D Secure) for most online payments over £30.
Unsecure Payments Are Being Targeted
Fraud online is rife, with products and services being bought using stolen card information. These are often sold on the dark web for around £5 per card. It is hoped that the introduction of SCA will significantly reduce this.
There is concern that this will add friction at checkout and cause the abandon rate to go up. This is the number of customers that abandon their purchase when paying or picking up the phone. Obviously bad news for merchants.
MOTO transactions or Mail Order and Telephone Order payments are exempt from SCA. It is here where many feel the focus of fraud will now be more.
The Payment Card Industry (PCI) has a Security Standards Council (SSC), that mandates every organisation worldwide must comply with their extensive Data Security Standard (DSS). This is currently on version 3.2, working toward version 4 which is expected in 2022.
This Standard lays down the requirements for the processing, transmission, and storage of cardholder data, over any channel. Unfortunately, the vast majority of companies taking payments over the phone are not compliant with the PCI DSS. This can land them in really hot water if they suffer a breach.
How hot?
Well, if you don’t have a PCI compliant secure payment solution in place and suffer a breach, liabilities include:
-
- Lost confidence from your customers
- Cost of reissuing new payment cards
- Fraud losses and Audit fees
- Higher subsequent costs of compliance
- Legal costs, settlements and judgments
- Fines and penalties
- Termination of ability to accept card payments
- Going out of business
We know that around 25% of breaches are human negligence, there are system failures too, but criminal attacks account for most. Contact centres agents are being incentivised or bribed to provide card information. With UK small businesses alone suffering on average a whopping 633 attempts to breach their network every day in 2019.
We all trust our staff of course. I hear often from business owners that while insider threats might be an issue for other companies, it certainly isn’t for them because they know their employees. But insider threats account for nearly 75% of security breaches. Directors are personally liable for neglecting secure data, it pays to trust but verify and become safer, faster.
Secure Payment Services For Small & Medium Size Businesses Is Vital
The financial damage a breach inflicts can be equivalent to the total value of a small business. This could very well make a recovery virtually impossible. Small and medium sized businesses are among the most vulnerable to data breaches for a few reasons.
First, they tend to think they are too small to be a target! Which is a mistake, nearly 90% of small business owners believe they are not at risk of a data breach. Secondly, they often lack the time, resources, and know-how to implement measures to protect themselves.
And finally, they don’t detect a breach quickly enough after one occurs, making it even more devastating. It takes organisations an average of 191 days to identify data breaches.
More than 70% of attacks target small and medium businesses, and an estimated 60% of those that experience an attack go under within 6 months.
Large companies suffering breaches get the headlines, but we just don’t hear about the rest.
Today, with the rise in homeworking, the lack of security is growing. Jeremy King, Regional Head of Europe, PCI Security Standards Council, speaking on the 4th June 2020 regarding payments and homeworking said: The use of technologies that ensures payment data remains protected whilst enabling remote personnel to perform their work securely is of vital consideration.
How Difficult Is Compliance?
Secure payment solutions are really coming of age, now that the underlying access and technology is available. This only serves to help organisations mitigate the risks and comply with the regulations.
In 2018 being PCI compliant when taking card payments over the phone was not achievable for small and medium sized businesses. They could not either afford the eye-watering setup fees for secure reliable payment services. Or could not afford to place the technical and procedural barriers in front of making sales.
But it’s 2020 now, and in just 2 years technology has really stepped up to the mark.
Open Banking is a secure way to initiate bank transfers. It’s as easy as paying by card if the customer logs in with any frequency to their bank account. PSD2, the new EU regulation adopted by the UK (mentioned earlier), requires banks to provide an API allowing technology companies the opportunity to draw account information or initiate payments, with the bank account holders explicit permission. This promises to be a low cost and elegant secure payment solution for many businesses.
Furthermore, SME’s have access to affordable technology to enable them to be fully PCI compliant. This can be when processing payments over the phone, via webchat, social media or via email. In fact, the process is actually making it simpler for the customer to pay. Larger companies can access this technology fast, without a large integration project taking many months or costing thousands of pounds.
PayGuard Providing Secure Payments Services
PayGuard is an example of a simple, secure payment service that companies of all sizes can leverage. Enjoy secure and compliant payment transactions, for you and your customers.
More and more companies are adopting the policy of ensuring compliance and payment security because the risks are rising. The cost barrier is lowering all the time, and the benefits are clear for all to see.
