With consumers making more online and contactless payments than ever before, fraud on payment card transactions rose 9.2% in the 12 months to 30 June 2021. Fraud on card-not-present transactions rose 12.3% to a total of $442 million during the same period.
While customers generally love the convenience of paying for products and services online or over the phone, cybercriminals are always looking to exploit payment security weaknesses. Now more than ever, organisations must ensure they offer strong payment security and continue to invest in keeping customer data safe.
What is payment security?
Payment security comprises the rules, processes and security measures organisations take to ensure customer data is protected. In today’s business world, multiple layers of security are needed to protect your business from processing fraudulent transactions or failing to protect customer data.
Your organisation’s payment security approach will be determined by the type of business you operate. However, the following tips are a solid start to ensuring your business takes a best practice approach to maximising payment security.
1. Know your PCI DSS obligations
Any business that processes, transmits or stores cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS), which aims to standardise payment security globally. If you work with a payment provider, they’ll handle many of your business’s PCI DSS requirements. However, your organisation still has obligations pertaining to the way you collect, store and send sensitive data via:
- Your phone system
- Your physical records
- Your email communications (both sent and received emails)
- Your hardware and software
2. Implement and enforce a corporate information security policy
A comprehensive and regularly reviewed information security policy supports your organisation to reduce your payment security risk. Your business’s information security policy should document your approach to:
- Password requirements
- Email security
- Handling sensitive data
- Using technology
- Social media and internet access
- Incident response
3. Partner with a payments provider who knows online payments
Your payments are only as secure as the provider that processes them. Partnering with a payment service provider like Xetta gives your organisation confidence that payment data is managed according to PCI DSS standards.
Xetta is a level 1 PCI DSS service provider, which means PCI compliance is embedded throughout our organisation. We’re subject to an annual assessment by an external security assessor who checks that we meet all PCI DSS requirements.
4. Keep software and operating systems current
The effectiveness of even the most sophisticated payment security measures can be undone by outdated hardware, software and IT infrastructure. Your organisation’s information security policy should outline that all software and operating systems must be kept current, and hardware is updated regularly.
Set software updates to automatic to ensure you’re protected against emerging security threats and make staying up to date with the latest security advances part of your IT team’s role.
Xetta is a powerful payment platform that enables simple and secure digital payments. It integrates seamlessly with existing core business systems to simplify workflows, streamline reconciliation and capture valuable analytics while providing PCI Level 1 compliance – the highest level of payment security available.