The Role of Your Payments Provider in Managing Financial Crime Risk
Digital payments have become the norm, used by nearly 9 in 10 Americans (89%) according to a 2022 McKinsey report. Mobile wallets are rapidly becoming a preferred method, with 81% of people using a wallet such as Apple Pay, Cash App, Venmo, etc.
Overall, that’s good news for billers. Giving customers easier, faster, more flexible ways to pay can help increase on-time payments and lower the total cost of acceptance.
The not-so-good news, however, is that the rapid rise in digital payments has correlated with an increase in cybercrime. It’s estimated that every 14 seconds, an American is subject to identity theft, and credit card fraud losses are expected to exceed $12.5 billion by 2025.
Finding an equilibrium between innovation and security can be tricky. Billers face the challenge of balancing modern payment expectations with the need to protect sensitive data. Both are necessary, but it isn’t always clear how to execute.
Fighting cybercrime and fraud isn’t something that can be accomplished via a checklist. There are many areas to consider, and the “blueprints” for success will be different for each organization. However, there are a few things that can help move the needle for most. One of those is picking the right payments provider.
Picking a Secure Partner
Payments is often the most common touchpoint billers have with their customers, and adding strong safeguards in the bill pay process can go a long way to protect against bad actors.
What should billers look for in a cyber-secure payments platform?
First and foremost, cybercrime prevention is never ‘one and done.’ As threats get more sophisticated, protective measures must keep evolving. That said, the following strategies are foundational best practices billers will want to have in place with their payments platform provider.
Two-Factor and Biometric Authentication
Mobile devices brought biometric verification into the mainstream, with people using fingerprints and facial recognition to unlock smartphones and laptops. Increasingly, these methods are also used to confirm mobile payments such as Apple Pay and Google Pay. This type of authentication is considered highly effective for reducing fraud risk as an individual’s biometric characteristics are more difficult to falsify than an unauthenticated transaction.
An added layer of protection is Two-Factor Authentication (2FA) also known as Multi-Factor Authentication (MFA). In this case, identity verification (e.g., for user login or autopay registration on a biller website) includes an additional step, such as a timed one-time code sent to the user via push notification.
What does this mean for billers? For built-in biometric authentication, it’s smart to work with a platform provider that enables Apple Pay and Google Pay as payment options and generates biller-unique credentials specific to each payer’s bill.
Customers expect authentication to be part of the payment experience and appreciate the safety measures, but they also want it to be as seamless as possible. Biometrics remove the friction. 2FA adds a step to the process for desktop logins and some payment methods. Yet effective communications can reassure customers that it’s an important extra layer of security to protect their account from fraudulent access.
Encryption and Tokenization
Encryption and tokenization play different roles in protecting data, so both should be leveraged to facilitate digital payments. Encryption scrambles sensitive account-level data so it can only be decrypted with a unique key. Tokenization replaces sensitive data for a token that a user must present in order to retrieve the data.
With a payments platform that uses both, billers can earn customer trust with robust protection against sensitive payment data being stolen or ransomed by cyber criminals. This multi-layered strategy also helps ensure the biller and platform provider meet regulatory compliance requirements for any business collecting credit or debit card information.
A Risk Mitigation Team
Cybercriminals are growing more crafty and sophisticated every day, so billers need to have an equally formidable defense in place. A key benefit of partnering with a payments platform innovator is that they embody the expertise needed to build a highly secure and compliant, yet user-friendly, payment environment.
The right fintech partner should have a cross-functional team of seasoned professionals that includes:
- Head of risk to lead the development of a scalable control environment
- Information security officer to oversee monitoring of the perimeter, conduct ongoing testing and perform security audits
- Staff members dedicated to reducing operational risk and implementing dynamic security protocols as needed
- A legal and compliance officer to work with regulatory agencies, coordinate regulatory audits and ensure compliance
Designing risk protections into a payment solution is much more cost-efficient than retrofitting after the fact. Look for a payments platform with built-in controls, supported by an experienced team that can tailor the solution to meet a biller’s specific needs.
Audits, Certifications, and Security Standards and Tests
Another powerful strategic defense—on top of cyber-secure operations, risk management and compliance—includes focusing on internal and external audits, security tests and security certifications. These efforts help ensure the payments platform is sound from both a security and regulatory perspective. Audit functions keep platform providers sharp, accountable and provide assurance to senior management and board members that all the primary lines of defense are meeting expectations.
Billers should only work with a payments platform provider that employs a range of strategies to intensify cybersecurity beyond just technology, including:
- Comprehensive privacy and security assessments and certifications performed by qualified third parties. For example, complete a security-focused certification like ISO/IEC 27001 to keep information assets secure, and follow NIST CSF, a cybersecurity framework of industry standards and best practices.
- PCI compliance for both the platform and the client, including processes to enable the biller’s customer service staff to maintain compliance when accepting customer payments.
- Regular security training for the platform provider’s staff on emerging cyber threats and system testing to identify vulnerabilities. It’s valuable for billers to collaborate with a partner team that can think like bad actors and take preventive measures to stay a step ahead.
Choosing a Secure Partner
Despite the evolving complexity of the payments landscape, choosing the right payments platform can offer billers a combination of great customer experience and strong cybersecurity.
Innovative fintech platforms can satisfy more consumer needs by enabling many forms of digital payments including cards, ACH, digital wallets and scan-and-pay QR codes. And they back it up with the latest security technologies and protocols to protect consumer and client data.
At PayNearMe, relentless commitment to cybersecurity is in our DNA, built into our infrastructure, products and operations. Our platform is built to enable seamlessly easy and flexible payment experiences, while ensuring the strict security that maintains safety and trust.