How Billers Can Adapt to a Changing Payments Security Landscape
More and more consumers are adopting digital channels like websites and mobile apps to pay their bills; but at the same time, hackers are becoming more sophisticated and cyberattacks are increasing in frequency. In fact, nearly 20 percent of consumers have fallen victim to online identity theft, according to our most recent ACI Speedpay Pulse, pointing to an opportunity for billers to up the ante when it comes to security measures.
Despite this growing threat of cyberattacks, the consumer mindset has shifted. When digital platforms were first introduced, consumers hesitated to share their personal information. Now, younger generations who have a greater affinity for technology – and even older consumers who have since become comfortable with emerging technology – rarely think twice before entering their personally identifiable information, trusting companies to keep their data secure. In fact, the ACI Speedpay Pulse that found four out of every five consumers are confident that their financial data is secure when making digital payments.
While billers benefit from consumers’ increasing comfort level with technology, they also have a responsibility to deliver top-notch security that meets regulations and to help consumers understand how these safeguards help protect against risk. With October being National Cybersecurity Awareness Month, it’s the perfect time for billers—who are looking to find the balance between addressing the changing security landscape and consumers’ evolving perceptions about security—to consider the following best practices:
Comply with the regulatory landscape
Regulations are put in place to help billers ensure that their security strategies are up to par and consumer data is safeguarded. Each framework has its own set of regulations that make compliance critical for secure payment operations.
For example, PCI DSS is a set of 12 requirements for compliance, designed for companies handling credit card transactions. These Payment Card Industry Data Security Standard (PCI DSS) safeguards ensure that those who comply are reducing fraud and protecting customer information. Meanwhile, the General Data Protection Act (GDPR) is another regulation that mandates a set of standards for companies that handle data for customers in the European Union (such as providing data breach notifications and anonymizing collected data to protect privacy). U.S.-based billers who have customers based in the EU, like higher education institutions or subscription providers, for example, need to understand and comply with GDPR mandates.
By complying with the relevant regulations, billers are following the industry-standard guidelines and, therefore, setting themselves and their customers up for success.
Boil security down to the channel level
When it comes to payments security, vulnerability can exist in any number of places. For the safety of the company and the customers, it is important to secure every potential attack vector – from software and networks to human exposure. A security system should include micro-level specificity with macro-level interoperability, so billers should consider every channel they and their customers use and shape security strategies specific to each. Then analyze how the systems can work together within the context of the bigger picture – how they can be placed, programmed and implemented to best support a fluid, interconnected system.
When seeking out payment providers, billers should look for partners with this type of holistic security strategy. The best providers will offer a diversified portfolio of security options, ready to fit the needs of each channel and the overall system. This may include investing in top-of-the-line technology as well as considering tokenization and various forms of verification, like 3-D Secure protocols.
Prioritize customer education
Consumers want the companies they interact with to provide more transparency about how their personal data is being protected. In fact, according to the ACI Speedpay Pulse, more than two in five consumers think that companies don’t properly educate consumers on how they keep data secure, meaning there is definitely room for improvement. By providing helpful and timely information on security measures, procedures and even issues, billers can ease the worries of the concerned while bolstering security for all customers (even those who may not be as worried).
One way to be more forthcoming is to use active communication cycles and channels to inform customers what to expect and help them avoid scams. For example, billers who send information out by email might consider removing links (which are easily duplicated by fraudsters) and including reminders of how to proceed safely (e.g., “Do not respond to emails prompting you to provide personal information. We will never ask for personal information via email.”).
Additionally, video-based education and other consumer-friendly digital resources can be extremely helpful in ensuring that customers understand how their personal data is being secured.
Never compromise consumer trust
According to the ACI Speedpay Pulse, nearly half of consumers believe their data is more secure than it was five years ago. While this is a step in the right direction for legitimate companies working to build customer trust, some companies have been accused of monetizing personal data. Selling customers’ information is an invasion of privacy and, while it is beneficial to use data internally to improve customer experience and security when properly authorized, capitalizing on data erodes the biller-customer relationship.
As customers’ perceptions of their own safety are changing, billers have a responsibility to keep data security top of mind. Billers should comply with regulatory bodies and insist on working with vendors and partners that do the same. They should educate and communicate with customers about potential risk factors. And, at all costs, billers must always respect the privacy of customers.
To learn more, check out the 2020 ACI Speedpay Pulse report, which includes more information on customers’ perception of payment data security and other current bill payment trends.
Related Blog Posts
The Role of Southeast Asia’s Central Payments Infrastructure in the Emerging Pan-Regional Network
The benefits of a real-time, cross-border payments network in Southeast Asia are clear. As the region’s economies continue to grow, a cross-border payments network will facilitate faster cross-border commerce at a lower cost.
Women in Payments: Breaking into Payments and Cybersecurity
On a virtual panel during the Women in Payments Symposium Canada, Donna Teevens, director of global information security, ACI Worldwide, joined a number of women from payments organizations including Interac, PayPal, RBC and Dentons to discuss, “The Key to Cybersecurity in a Crisis and Beyond.”
Central Infrastructure for Real-Time Payments: Overcoming the Final Hurdle [Mastercard Q&A]
Traditionally, Sibos has been focused on high-value cross-border payments, but – as with so much of 2020 – times are changing. High- and low-value cross-border payments are converging, and the rich-data standards that are emerging for real-time payments will further accelerate this trend. The big challenge will be, how do we deliver on the promise of end-to-end, global real-time payments?
The Two Sides of Payments Modernization in Asia: Real-Time and Financial Inclusion
Home to nearly 60 percent of the world’s population, as well as some of the most dynamic and diverse markets, the Asia-Pacific (APAC) region plays a critical role in shaping the world economy. The diversity of the region is also evident in its payments landscape, with almost every country forging its own path towards payments modernization.
Payments in a Post-Coronavirus World: How the Pandemic Is Influencing Tomorrow’s Industry in Latin America
While the novel coronavirus has (understandably) dominated the day-to-day focus of today’s payment players, the fact is, at some point we will either fully adapt or be living in a post-coronavirus world. How can our industry prepare? In a recent webinar hosted by Fintech Americas, we brought together experts from Redeban Multicolor, Red Link and PROSA to explore where they see the industry going – with a specific emphasis on Latin American markets – and what they’re doing to ensure future success.
Central Infrastructure for Real-Time Payments: Overcoming the Final Hurdle [Mastercard Q&A]
The modernization of cross-border payments has brought transparency, certainty and speed to international business. However, the long-term success of new innovations, such as SWIFT gpi and Universal Confirmations, hinge upon real-time, end-to-end, data-rich transaction flows.
Could COVID-19 Be India’s Cashless Catalyst?
India’s push towards a digital economy has accelerated over the years, with a supportive regulatory environment, home-grown technologies and innovation around digital infrastructure improving “last mile” connectivity to the remote towns and rural areas of the country. While the “Digital India” drive has been consistent, the COVID-19 pandemic has brought out the true value of digitization for businesses and consumers alike. It is a watershed moment and has fast-tracked the pace of digital adoption, particularly for payments, which now plays a critical role in economic recovery.
The Nordics’ P27 Initiative: Payments in Uncharted Waters
The advance of real-time payments around the world seems unstoppable, with 45 schemes currently live and a further 13 (at the time of writing) in the planning stages. In Europe, the Nordics’ P27 initiative – the world’s first integrated multi-country, multi-currency, real-time payments platform spanning Denmark, Finland, Sweden and Norway – promises to make headlines as it takes payments into uncharted waters.
The Pandemic Has Accelerated the New Era of Acquiring
The COVID-19 pandemic has accelerated many trends already taking shape in consumer purchasing behavior. Almost overnight, routine activities ranging from picking up groceries to buying gas unexpectedly became something that they had never been before – risky.