Payments Data Security: Avoiding Minefields in Online Payments

As hacks and breaches become more frequent, payments data security has grown increasingly important. Learn how to avoid security minefields and protect payments.

Introduction

The card-not-present (CNP) payments space can feel like a minefield to merchants and fintechs who must combat cyber threats daily. In addition to the risk of data breaches, merchants are also prone to true and friendly fraud perpetrated by people across the globe. E-commerce opens up the possibilities of conducting commerce worldwide, but it also provides a portal by which global bad actors can take advantage of unprotected merchants.

While there are various payments data security measures merchants can put in place to avoid a hack or a breach, they must also balance these measures with considerations surrounding the customer experience (CX). Fraud controls and tools that are dialed up too high can turn away legitimate customers and hurt business.

Security is a critical component of the payment process, though it must also be balanced with the need for a unified, seamless customer experience. Security that doesn’t consider how the customer experience is impacted can hurt brand loyalty and growth. This is a tall order for merchants trying to integrate omnichannel marketing campaigns and to sate the demands of a convenience-oriented consumer base. Connected customers expect quick, frictionless payments as well as security.

Merchants must adapt to be proactive with cyber threats without sacrificing customer experience. In this article, we explore the top CX-friendly security methods and how they impact payments.

Multi-Factor Authentication

As the e-commerce landscape shifts in the favor of mobile (m-commerce is projected to make up 63.5% of digital sales this year), emerging payments data security technologies are making it easier to verify the identity of customers without compromising on user experience. Multi-factor authentication (MFA) has become a prominent way to secure transactions in the age of mobile. SMS-based two-factor authentication (2FA) is one option that enables merchants to leverage mobile identity services to verify a customer’s identity on mobile apps where transactions occur. Adding extra layers of authentication improves the security of e-commerce transactions—and the personal data attached to them—while allowing for frictionless payments.

The bell has all but tolled for passwords. Outpaced by better technologies, this antiquated measure for protecting sensitive data is no longer vogue. Instead, non-password-dependent MFA can enhance security and cut down on identity theft, which is an increasing problem. The 2018 Identity Fraud Study by Javelin Strategy & Research notes that identity fraud victims are a growing population, jumping eight percent in the last year to 16.7 million in the U.S.

Passwords are not completely dead, however. Using them in conjunction with biometrics makes for solid MFA. One-time passwords (OTPs) can be validated with fingerprints or facial recognition to further authenticate users. These physical features used for biometric authentication are virtually impossible to hack or spoof, making it significantly more difficult for bad actors to fraudulently use identities.

Tokenization

Roughly a year ago, tokenization was named as one of the “10 hottest data security and privacy technologies” by Forbes. It’s been proven as an effective tool to secure credit card transactions without impeding customer experience. By simply replacing sensitive data – like a credit card number – with a randomized number (or token), tokenization helps reduce security risk.

Tokenization has been lauded as a payments data security tool that can actually improve customer experience. It innately reduces churn as payment information becomes tied to a token rather than actual digits of a credit card. In this way, churn tied to credit card expiration is eliminated. This involuntary churn, which accounts for 34 percent of total subscriber churn, has long been a problem for subscription service merchants. Tokenization can help decrease disruptions to service for customers and lower churn rates for merchants, boosting profitability in the long run.

Given the exacerbation of the data breach problem in recent years, tokenization is an appealing security measure to mitigate the financial impact of breaches on both customers and merchants. According to a recent report from IBM Security and the Ponemon Institute, the average cost of a data breach to businesses in the U.S. is $7.91 million per breach. That more than doubles the average global cost, giving merchants and consumers alike reason to be concerned. Additionally, merchants that use tokenization make less appealing targets for hackers who know they are not storing credit card data.

Conclusion

As payments technology continues to grow more sophisticated, so do the bad actors. Implementing end-to-end payments data security measures and keeping up with best practices is the best route to ensure payments are protected at every level. MFA and tokenization are two of the top security methods utilized today, and both not only lower risk, but enable a frictionless experience as well.

Want to learn more about us?

Reach out.