Electronic payment security has become more crucial than ever since the start of the ongoing Covid-19 pandemic.
As shoppers stay at home and workers avoid face-to-face interactions with clients, businesses have rushed to increase their capacity to accept money online and the use of cash has plummeted. Consequently, the volume of online payments has grown quickly around the world. At the same time, however, so have attempts at stealing them. A survey by consulting firm Oliver Wyman found that certain kinds of online fraud have risen by up to 700 percent since March.
According to Jan Davel, CEO of rental payment processing platform PayProp in South Africa, firms that are new to accepting online payments must ensure that they have security systems in place to prevent these kinds of attacks.
“Any firm that handles online transactions or stores client funds owes it to their users to ensure that those funds are kept safe,’ says Davel. “This means tightening up both electronic and human security measures.”
Building electronic defences
Securing client funds starts with deploying the appropriate technology. All aspects of w eb application security, including infrastructure vulnerabilities, cross-site scripting, secure data storage and sufficient back-ups should be considered for optimal security. Companies should take particular care to ensure that information is never passed unencrypted, and should use a strong method such as 256-bit SSL encryption.
Every service provider should also use a data centre that offers rigorous physical, electronic, and personnel security measures to protect the consumers’ personal and financial information. This can either be their own hosting facility or belong to a reputable third party like Amazon AWS. Theft of data can be as damaging to a firm’s reputation as theft of money, and, depending on jurisdiction, can carry extremely heavy fines as well. Securing and backing up data is also essential for the company itself: loss of information can halt business operations and permanently damage relationships with clients.
Managing the human element
Securing your networks from cyberattacks is crucial, but many of the most damaging attacks are carried out through techniques like ‘spear phishing’ – with the attacker posing as a trusted sender to trick targeted employees into downloading malware or handing over sensitive data. Such attacks aim to exploit human vulnerabilities rather than technological ones. Training employees to recognise phishing attempts and other social engineering attacks is critical for any firm handling client funds.
Companies must also adopt strategies to mitigate against this – most importantly, by limiting what any one employee can accomplish without oversight. Segregating duties among different teams so that no one employee can carry out a transaction from end-to-end is a key security measure, as is requiring dual signatories on any bank account activity. Some leading payment services companies have gone even further by preventing any employee from manually facilitating a payment.
Security additionally requires oversight. Transactions should be tracked automatically and overseen on a daily basis by an internal team, aided by an automated early warning system that alerts responsible individuals. External audits are equally essential, both to pick up any discrepancies missed by internal teams and to demonstrate the company’s commitment to transparency and security.
“No-one can afford to become complacent when it comes to handling client funds,” says Davel. “Keeping clients’ money secure requires constant innovation – both to see the potential of new security technologies and to be aware of new regulatory requirements and threats.”