HOW MERCHANTS CAN FIGHT PAYMENT FRAUD
Making online payments a secure process both for merchants and consumers is a topic that never loses its relevance. Especially since major retailers have been subject to data breaches as a consequence of flaws in their payment systems.
The truth is that there is a lot of pressure on both FinTech companies and traditional financial institutions to innovate and think ahead when it comes to security. Consumers are becoming more aware and worried about identity theft and merchants face major losses as a result of payment fraud. Therefore, payment providers are required to keep up with the innovations of fraudsters and continually re-evaluate their security standards.
In Accenture Driving the Future of Payments Survey, it is stated that fraudsters don’t only just steal identities anymore, now they create new digital identities by knitting together real and fictitious information. Existing fraud detection models are designed to prevent transaction frauds and cannot address these threats. According to the survey, even fake fingerprints can outwit fingerprint sensors on smartphones. They are also able to infiltrate cardholder authentication channels to place false alerts and “verify” fraudulent activity. Needless to say, if fraudsters are already outsmarting these systems, the need for an even bigger focus on security is vital to make it in the long run.
According to PwC, 65% of large businesses reported breaches or attacks in the last 12 months and only 22% of CIO's stated they felt prepared for a cyber attack. The most surprising part is that 50% of the worst breaches are due to human error.
Consumers are getting increasingly more worried about these issues. As stated by KPMG, 19% of consumers would completely stop shopping at a retailer after a security breach, and 33% would take a break from shopping there for an extended period. This highlights the importance of taking new measures to fight data breaches, both through handling customer data in a way that complies with regulations and securing the payment gateways.
A payment gateway is a service that processes payments for both online and offline businesses. The payment gateway is taking care of the security and authorisation of the payment and therefore they also make sure that the merchant always gets paid at the moment of purchase. So let's say it's important that merchants choose a payment provider that they truly trust.
The safety of the payment gateway should, of course, be handled by your payment provider but it doesn't hurt to have that extra knowledge so you as a merchant can make an educated decision when choosing your PSP.
Some things that are good to ask your payment provider about are:
1. P2PE (Point 2 Point Encryption)
Basically, P2PE prevents hackers from being able to tap into the payment details when a payment goes from the merchant to the payment processor. It is one of the best ways of keeping a high-security standard on your payments, so make sure that the payment provider you use has this in place.
2. Data minimization
As many data breaches are a result of too much data being collected and thereafter is neglected and misused it is important that payment providers only collect data that is needed for the service. Another thing that is important is that the payment provider deletes customer data once it is no longer needed for the service or is required by the law.
3. Secure Stateless Tokenization
SST is increasing data security without the need of token databases, which also improves the speed and scalability compared to traditional tokenization.
Pseudonymization replaces the majority of identifying fields in a data record with artificial pseudonyms. GDPR defines pseudonymization in Article 3, as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” To pseudonymize a data set, the “additional information” must be “kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.”