Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

Protecting your business against e-commerce fraud

Chase-Shane-Fitzpatrick

With customers migrating to a more digital marketplace, merchants are faced with balancing customer experience whilst ensuring they comply with industry standard and protect both parties of the transaction. Shane Fitzpatrick, president and managing director of Chase Paymentech Europe, sets out guidelines to help ensure your payment process is secure from online fraudsters.

Chase-Shane-FitzpatrickResearch from the British Retail Consortium, ‘Cost of Payment Collection’, found that the use of alternative payment methods, such as manufacturers’ money-off coupons and PayPal, has more than doubled on the previous year and now accounts for five per cent of all transactions (Source: British Retail Consortium). With this growing trend and an ever-increasing number of transactions being conducted online, it has become vital for online retailers to have secure payment processing platforms. Taking payment systems beyond industry compliance rules from the Payment Card Industry Data Security Standard (PCI DSS) by implementing additional security measures has now become necessary in order to help protect future online business growth.

Fraud impacts nearly eight in every ten international online retailers (Dynamic Markets: Putting Customers First, March 2013). In May 2013, the Federal Reserve indicted eight men for netting $45 million by hacking credit card processors in the U.S. and India. Fraudsters know no boundaries and the threat faced by online retailers in the U.S. and India is the same threat facing online retailers in Russia, Brazil, China, Ireland or the U.K. Fraud hampers prospects for growth, restricts profitability and increases overhead costs. But with the right tools, intelligence and strategy, retailers can effectively detect and manage fraud. Effective fraud management can enhance efficiency and productivity and can allow online retailers to focus on expanding their businesses into new countries and markets.

As we continue to migrate to a more digital marketplace, Chase Paymentech has found that merchants are facing a new challenge – mobile commerce and social media. Online retailers are now required to balance customer convenience with the need for data security compliance within their organisation.

Our experience has demonstrated that when it comes to maintaining data security in merchants’ environments, there is no one-size-fits-all approach for adhering to the industry’s global standard PCI DSS. Chase Paymentech has therefore provided guidance to help European online merchants upgrade security and reduce compliance costs while protecting customers’ payment information.

Our guidelines are designed to enhance the security of payment transactions for both retailers and their customers. A comprehensive security strategy is paramount when it comes to ensuring the success of a business. That strategy will vary depending on the size, type and processing capabilities of the business. Additionally, as the sales channels and environment shift rapidly, strategies will need to accommodate this shift and evolve accordingly.

Meeting compliance requirements in the card-not-present environment can be difficult for many organisations. Many solutions available in the market serve only to satisfy the need for PCI DSS compliance and do not take into account the overall consumer experience.

According to a recent survey conducted by Cisco, educating employees on the proper handling of cardholder data is the main cause for concern when it comes to maintaining and achieving PCI compliance (see chart below), and therefore should be given the most attention when it comes to successfully executing a strategy (Source: Cisco, Organizations See PCI as a Benefit, not a Burden 2011*).

pci-compliance

(Chart source: Cisco, Organizations See PCI as a Benefit, not a Burden 2011)

However, when looking at PCI from a more comprehensive perspective, the majority of IT decision makers surveyed did not feel that the PCI requirements are in any way unreasonable. In fact, 70 per cent of participants surveyed feel their organisation is more secure than it would be if PCI were not required, with the vast majority (87%) going so far as to say that PCI compliance is necessary for optimal performance and data security (Source: Cisco, Organizations See PCI as a Benefit, not a Burden 2011.

Ultimately, the PCI standards are designed to protect not only cardholder data, but also the bottom line. Compliance with these standards applies to all systems, staff and processes involved in the handling, transmitting and storing of payment data. Businesses that accept credit card payments can choose to manage that process themselves, a costly and resource-intensive path, or seek to shift that responsibility to a trusted industry expert. But regardless of the avenue with which they chose to pursue data security, the end result justifies the means.

Three steps to secure payments:

  1. Educate the workforce – ensure clear policies are in place regarding the handling of cardholder data and technology usage in order to maintain secure data. Employees must be aware of the proper usage of technologies by employees, vendors, and anyone else who uses the network.
  2. Robust system – Creating a secure, seamless and compliant payment experience can be a complex, expensive and recurring task. The system must make it easy to capture sales, protect customers’ payment account data and provide a payment experience that inspires confidence – all while helping to meet PCI compliance standards.
  3. Tokenisation – This helps to minimise the burden on IT resources while providing the ultimate flexibility to brand and design the customer payment experience. Tokenisation addresses cardholder data at rest (in storage) by replacing the primary account number (PAN) with alternative identifiers (or tokens). The processor generates a token that replaces the card number and returns it to the merchant for use in a more secure manner helping to reduce exposure and helping ensure PCI compliance.

How to integrate and accommodate these technologies will depend on the business, culture and revenue models. Regardless of the type of business, PCI compliance should always be viewed as a business requirement and best-practice, not a one-time, stand-alone IT issue.

Ultimately, there is no quick-fix approach to both achieving and maintaining compliance. It is an on-going process that begins at the strategic level. As such, it is important that merchants address both the business side (e.g., process and payment flow) and the appropriate technological counterpart to ensure the security of payment data. The combination of tokenisation and a dynamic payments page provides the greatest likelihood of significant, long-term data security and PCI scope reduction.

Shane Fitzpatrick is the President and Managing Director of Chase Paymentech Europe Limited

http://www.chasepaymentech.co.uk

Chase Paymentech Europe Limited, trading as Chase Paymentech, is regulated by the Central Bank of Ireland.

The information herein does not take into account individual client circumstances, objectives or needs and is not intended as a recommendation of a particular product or strategy to particular clients and any recipient of this document shall make its own independent decision.

© 2013, Chase Paymentech Europe Limited. All rights reserved.

*Research data used with the permission of http://thenetwork.cisco.com/

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post