As hacks and breaches become more frequent, payments data security has grown increasingly important. Learn how to avoid security minefields and protect payments.
The card-not-present (CNP) payments space can feel like a minefield to merchants and FinTechs who must combat cyber threats daily. In addition to the risk of data breaches, merchants are also prone to true and friendly fraud perpetrated by people across the globe. Ecommerce opens up the possibilities of conducting commerce worldwide, but it also provides a portal by which global bad actors can take advantage of unprotected merchants.
While there are various payments data security measures that merchants can put in place to avoid a hack or a breach, they must also balance these measures with considerations surrounding the customer experience (CX). Fraud controls and tools that are dialed up too high can turn away legitimate customers and hurt the business.
Security is a critical component of the payment process, though it must also be balanced with the need for a unified, seamless customer experience. A security that doesn’t consider how the customer experience is impacted can hurt brand loyalty and growth. This is a tall order for merchants trying to integrate omnichannel marketing campaigns and to meet the demands of a convenience-oriented consumer base. Connected customers expect quick, frictionless payments as well as security. According to the PYMNTS’ May 2021 Securing Ecommerce study, 65% of online shoppers reported that a single data breach could cause them to drop a merchant.
Merchants must adapt to be proactive with cyber threats without sacrificing customer experience. In this article, we explore the top CX-friendly security methods and how they impact payments.
As the Ecommerce landscape shifts in the favor of mobile (Mcommerce is projected to make up 53.9% of overall Ecommerce sales in 2021) — emerging payments data security technologies are making it easier to verify the identity of customers without compromising on user experience. Multi-factor authentication (MFA) has become a prominent way to secure transactions in the age of mobile. SMS-based two-factor authentication (2FA) is one option that enables merchants to leverage mobile identity services to verify a customer’s identity on mobile apps where transactions occur. Adding extra layers of authentication improves the security of Ecommerce transactions and the personal data attached to them — while allowing for frictionless payments.
The bell has all but tolled for passwords. Outpaced by better technologies, this antiquated measure for protecting sensitive data is no longer vogue. Instead, non-password-dependent MFA can enhance security and cut down on identity theft, which is an increasing problem. The fraud victims are a growing population in the U.S. — close to 33% of adults in the country have experienced identity theft.
Passwords are not completely dead, however. Using them in conjunction with biometrics makes for a solid MFA. One-time passwords (OTPs) can be validated with fingerprints or facial recognition to further authenticate users. These physical features used for biometric authentication are virtually impossible to hack or spoof, making it significantly more difficult for bad actors to fraudulently use identities.
Not too long ago, tokenization was named as one of the “10 hottest data security and privacy technologies” by Forbes. It’s been proven as an effective tool to secure credit card transactions without impeding customer experience. By simply replacing sensitive data – like a credit card number – with a randomized number (or token), tokenization helps reduce security risk.
Tokenization has been lauded as a payments data security tool that can actually improve customer experience. It innately reduces churn as payment information becomes tied to a token rather than the actual digits of a credit card. In this way, churn tied to credit card expiration is eliminated. This involuntary churn has long been a problem for subscription service merchants. Tokenization can help decrease disruptions to service for customers and lower churn rates for merchants, boosting profitability in the long run.
Given the exacerbation of the data breach problem in recent years, tokenization is an appealing security measure to mitigate the financial impact of breaches on both customers and merchants. According to a recent report from IBM Security and the Ponemon Institute, the average cost of a data breach is $4.24 million, setting the record for being the highest average total cost in 17 years. That more than doubles the average global cost, giving merchants and consumers alike reason to be concerned. Additionally, merchants that use tokenization make less appealing targets for hackers who know they are not storing credit card data.
As payments technology continues to grow more sophisticated, so do the bad actors. Implementing end-to-end payments data security measures and keeping up with best practices is the ideal route to ensure payments are protected at every level. MFA and tokenization are two of the top security methods utilized today, and both not only lower risk, but enable a frictionless experience as well.
We’re giving you a fresh dose of insights, perspectives and the latest trends from the world of payments.