Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Safeguarding payments against cybercrime

Ross Macmillan, head of research and intelligence at allpay Limited, the UK’s leading payment specialist

Cyber-attacks are worryingly prevalent at the moment, with large, high-profile organisations like the NHS falling prey to hackers. Businesses are under threat, so cyber security has become a significant issue – with safeguarding payments of paramount importance.

However,some organisations may not know their systems have been compromised until consultants are called in. Such organisations face being specifically targeted by fraudsters, with the primary risk being in accessing personal data and payment processes. Fraudsters are believed to penetrate phone systems first, if only to gauge potential for access. Therefore, it’s important for businesses to implement the necessary cyber-protection controls now – before it’s too late.

Cyber Security

Organisations should ensure their chosen suppliers meet high standards for cyber security through government-supported and industry-backed schemes like Cyber Essential Plus to ensure they are sufficiently covered.

Here at allpay Limited we recently joined a small number of payment companies in being accredited to this scheme, which verifies that organisations have the appropriate security protocols in place to stave off the most prevalent forms of attack. The scheme discourages suppliers from being irresponsible about cyber security, whilst continuing to protect customer data.

A landmark report on Common Cyber Attacks issued by GCHQ detailed for the first time the common attacks used by cyber criminals. The report used real case studies to explain the nature of the risk and how it can be prevented. Around 80% of cyber-attacks could be prevented if businesses put simple security controls in place. The Cyber Essentials scheme shows how to put these controls in place.

PCI DSS Compliance

Safeguarding payments is paramount in the face of cyber threats and being fully PCI DSS-compliant is a crucial step towards a secure payments environment and reassures buyers that suppliers are taking the appropriate measures to protect data.

PCI DSS, or the Payment Card Industry Data Security Standard, is a set of security standards that any organisation which processes, stores or transmits debit and credit card information must adhere to. By becoming PCI DSS-compliant, organisations can preserve customer trust, ensure compliance, lower costs and, importantly, reduce risk.

The UK Cards Association stipulates that, should a business lose card data and not be PCI DSS-compliant, it faces non-compliance fines and the operational costs associated with replacing accounts, as well as liability for any fraud losses.

Latest revisions of the PCI DSS standards have tightened security requirements, and technology can help to mitigate risks for organisations.

A good example is where organisations are taking payments via their call centres, with the potential for security breaches when handling customers’ card data. Recent innovations such as cloud-based call masking services can help to create a secure environment when operatives are handling card data when processing a payment. By rerouting the call through a secure cloud-based environment, it can completely remove desktops, IT and telephony systems, agents and call recordings from PCI DSS compliance scope, enabling customers to type their card numbers securely into the telephone keypad, rather than speaking them aloud to an agent which can be potentially be recorded and/or stored.

Great Places Housing Group recently procured allpay’s DTMF tone masking solution in order to reduce the risk of fraud and data breaches. The group, which owns and manages more than 18,000 homes across the North West and Yorkshire region, is one of the largest developing housing associations in the North of England, so protecting its database and customer information was fundamental.

Becoming PCI DSS-compliant independently, and achieving ongoing compliance, can be an onerous and complex process for businesses, incurring high fees and using valuable staff time that could be invested more effectively elsewhere.

Outsourcing PCI compliance to a Level 1 PCI DSS compliant payment service provider can make a material difference in administration and cost. For example, outsourcing can see organisations only having to complete a shorter version of a mandatory Self-Assessment Questionnaire (SAQ) to their merchant acquirer. Where SAQ A is the least onerous with circa 10 requirements; SAQ D is the most onerous with in excess of 250 requirements, which would also include quarterly scans of their card payment environment. If the solution is outsourced the organisation only requires the completion of SAQ A.

At a time where protection of data and security is all too prevalent in the news, it’s important to ensure systems are protected – and for this to be done in a cost effective and efficient manner. This needn’t be costly or onerous – with much of the risk, compliance and cost outsourced to third-party providers.

Continue Reading

Recent Posts