MySagePay
Login >

blog

What is Payment Security?

Published

What is Payment Security?

Payment and cash flow has and will always be one of the most crucial elements of running a business. However, although the principle of taking payment has remained consistent throughout centuries, the modern era has significantly redefined how exactly businesses take, and consumers make payments. Advancements in payment technology has made paying for goods and services quicker and easier than ever before, but the standards of payment security which businesses must uphold are more stringent than ever before.

Long gone are the days where a signature on a cheque is enough to verify the legitimacy of a transaction. With the rise of contactless cards and mobile payment wallets, the scrutiny of payment security and the likelihood of fraud is more prevalent than ever before.

So, what exactly is payment security? And how can you ensure you are fulfilling your obligations as a business? ​

PCI SSC

Before understanding how you can fulfill your obligations, you must first understand where they come from. 

The globally required standards for payment card security are set by the Payment Card Industry Security Standards Council (PCI SSC), to ensure that security standards are consistent across the globe. The initiative began in 2006, headed up by the major card issuers (Visa, Mastercard, Discover, JCB and American Express) as a direct response to the rising level of debit and credit card fraud internationally.

There are 4 levels of PCI compliance, which are entirely determined by the amount of transactions that a business processes throughout a year (Level 1 having the most stringent requirements and Level 4 having the least). The more transactions that a business processes, the higher their PCI compliance needs to be. Specific transaction volumes and guidance can be found here, but the overarching requirement is that any business  processing card transactions needs to have a minimum of level 4 PCI compliance. 

The way in which you take payments in your business also has an effect on the level of PCI compliance you need to achieve; certain integration methods with your PSP (Payment Service Provider) may allow you to have a more relaxed and less strict requirement for PCI compliance. 

A business’s obligation to ensure secure payments

According to to the PCI SSC, small businesses should think about compliance as a three step process:

1- Assess: Conduct an inventory check of all of your systems that capture and store sensitive data. These don’t necessarily have to be card numbers. All personal information should be considered as sensitive. Once taken stock of, conduct a thorough analysis of any and all potential vulnerabilities within the system
 
2- Remediate: The vulnerabilities you have found should have swift action taken against them. Where possible, you should aim to minimize the amount of sensitive data you need to capture for your business needs. This will in turn lower your PCI compliance requirement
 
3- Report: Once these issues have been fixed, you need to compile and submit the necessary report to the acquiring banks and card networks that you work with. This is your Attestation of Compliance form. 
 
Although this is a general overview of your obligations and how the process works, different levels of compliance require more stringent policies to be put in place. More information can be found here
 
Your payment provider can also lower the level of PCI compliance required from your business, as they can offer integration methods that allow transactions to take place in their environment rather than directly on your website. 

3 Tips on Secure Payments

Although ensuring you are compliant with the global standards is key, and will allow you to keep your customer’s personal information secure, there are a number of other processes and infrastructures that you can implement to further improve payment security both in store & online

1 – SSL Certification

An SSL certificate is a digital certificate that provides authentication for a website, and concurrently provides an encrypted connection. If you’re handling or passing over sensitive information (such as card details), an SSL certificate really is a necessity, as it protects your customers from being targeted by hackers and fraudsters

SSL certificates can be purchased from a number of certificate providers, but you should always reading reviews from other customers.

 

2– Fraud Screening Tools

When it comes to fraud, knowing as much as information as possible is always a good thing. It’s sadly an inevitability that businesses will have to deal with fraudulent transactions on occasion. And in those situations, the value of fraud screening tools simply cannot be overestimated.

These tools will analyse transactions and identify certain indicators of fraud. By using this incredibly valuable information, you can choose to reject the transaction. Meaning the victim of fraud will not be left out of pocket and your business will not lose money to risk of a chargeback.

Fraud screening tools are incredibly useful and should be a major consideration when looking at switching to or setting up a new payment provider.

3– 3D Secure

3DS2 is soon to become compulsory for all businesses accepting card payments, and with that in mind there has never been a better time to ensure you have 3DS activated on your payment gateway.

3DS will prompt customers to provide extra information in order to prove the cardholder is the one making the transaction; this is secure information that only the cardholder should be aware of, and this process takes place on the bank’s website, not yours.

Currently, 3D Secure is only in place for transactions which the cardholder’s bank deem to be “high risk”.

To find out how you can activate 3D Secure, you should get in touch with your payment provider

Conclusion on Payment Security

With the rise of contactless and mobile payment methods, taking and making payments are more convenient than ever. However, consumers and businesses must find common ground and agree on the perfect balance of convenience and security. 

By ensuring you understand payment security, and how you can improve it, you are well on the way to running a more secure and trustworthy business.