Despite this growing threat of cyberattacks, the consumer mindset has shifted. When digital platforms were first introduced, consumers hesitated to share their personal information. Now, younger generations who have a greater affinity for technology – and even older consumers who have since become comfortable with emerging technology – rarely think twice before entering their personally identifiable information, trusting companies to keep their data secure. In fact, the ACI Speedpay Pulse that found four out of every five consumers are confident that their financial data is secure when making digital payments.

While billers benefit from consumers’ increasing comfort level with technology, they also have a responsibility to deliver top-notch security that meets regulations and to help consumers understand how these safeguards help protect against risk. With October being National Cybersecurity Awareness Month, it’s the perfect time for billers—who are looking to find the balance between addressing the changing security landscape and consumers’ evolving perceptions about security—to consider the following best practices:

Comply with the regulatory landscape

Regulations are put in place to help billers ensure that their security strategies are up to par and consumer data is safeguarded. Each framework has its own set of regulations that make compliance critical for secure payment operations.

For example, PCI DSS is a set of 12 requirements for compliance, designed for companies handling credit card transactions. These Payment Card Industry Data Security Standard (PCI DSS) safeguards ensure that those who comply are reducing fraud and protecting customer information. Meanwhile, the General Data Protection Act (GDPR) is another regulation that mandates a set of standards for companies that handle data for customers in the European Union (such as providing data breach notifications and anonymizing collected data to protect privacy). U.S.-based billers who have customers based in the EU, like higher education institutions or subscription providers, for example, need to understand and comply with GDPR mandates.

By complying with the relevant regulations, billers are following the industry-standard guidelines and, therefore, setting themselves and their customers up for success.

Boil security down to the channel level

When it comes to payments security, vulnerability can exist in any number of places. For the safety of the company and the customers, it is important to secure every potential attack vector – from software and networks to human exposure. A security system should include micro-level specificity with macro-level interoperability, so billers should consider every channel they and their customers use and shape security strategies specific to each. Then analyze how the systems can work together within the context of the bigger picture – how they can be placed, programmed and implemented to best support a fluid, interconnected system.

When seeking out payment providers, billers should look for partners with this type of holistic security strategy. The best providers will offer a diversified portfolio of security options, ready to fit the needs of each channel and the overall system. This may include investing in top-of-the-line technology as well as considering tokenization and various forms of verification, like 3-D Secure protocols.

Prioritize customer education

Consumers want the companies they interact with to provide more transparency about how their personal data is being protected. In fact, according to the ACI Speedpay Pulse, more than two in five consumers think that companies don’t properly educate consumers on how they keep data secure, meaning there is definitely room for improvement. By providing helpful and timely information on security measures, procedures and even issues, billers can ease the worries of the concerned while bolstering security for all customers (even those who may not be as worried).

One way to be more forthcoming is to use active communication cycles and channels to inform customers what to expect and help them avoid scams. For example, billers who send information out by email might consider removing links (which are easily duplicated by fraudsters) and including reminders of how to proceed safely (e.g., “Do not respond to emails prompting you to provide personal information. We will never ask for personal information via email.”).

Additionally, video-based education and other consumer-friendly digital resources can be extremely helpful in ensuring that customers understand how their personal data is being secured.

Never compromise consumer trust

According to the ACI Speedpay Pulse, nearly half of consumers believe their data is more secure than it was five years ago. While this is a step in the right direction for legitimate companies working to build customer trust, some companies have been accused of monetizing personal data. Selling customers’ information is an invasion of privacy and, while it is beneficial to use data internally to improve customer experience and security when properly authorized, capitalizing on data erodes the biller-customer relationship.

As customers’ perceptions of their own safety are changing, billers have a responsibility to keep data security top of mind. Billers should comply with regulatory bodies and insist on working with vendors and partners that do the same. They should educate and communicate with customers about potential risk factors. And, at all costs, billers must always respect the privacy of customers.

To learn more, check out the Annual ACI Speedpay Pulse report, which includes more information on customers’ perception of payment data security and other current bill payment trends.

Interim Chief Technology Officer

Raj Vaidyanathan is ACI's interim chief technology officer. In this role, he leads ACI's technology and operations organization, focused on developing and running world-class payments software products. Raj joined ACI in 2012 with the acquisition of S1. He has held a number of senior leadership roles in technology and operations, most recently as head of merchant and fraud product development. He previously served as head of product development for our biller segment. Earlier in his career, he served as vice president of product development, director of professional services and lead architect at S1. He has also held key development roles at AT&T and NIIT. He holds a Bachelor of Engineering degree in computer science from Karnatak University in India and an MBA in international business from Georgia State University.