<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1308192452940245&amp;ev=PageView&amp;noscript=1">

Security, Fraud, Privacy: The 3 Big Challenges in Online Payments


The benefits of accepting online payments are huge. Businesses open the door to more customers, get paid faster and streamline operations.

But online payments aren’t without risks. Strict security regulations must be met, fraud cases are high, and data privacy will always be a concern.

Whether you offload payments to an off-the-shelf provider or you’re considering building your own custom payment solution, understanding the high stakes of online payments is the best way to prepare your business to succeed.


Security Threats and Regulations

Data breaches are one of the biggest risks of taking online payments — and they can be incredibly costly.

A study by IBM found the highest cost of a data breach is lost revenue, $1.59 million on average. But there are other costs, including detection and de-escalation ($1.24 million on average), post-breach response costs ($1.14m) and notification costs ($0.27m)

To keep payments secure, Jim Ducharme, COO at Outseer, recommends following the best practices laid out by the PCI Security Standards Council:

  • Assess: “Take inventory of your digital assets, and review your procedures for processing cardholder data.”
  • Remediate: “Once payment security issues have been identified, they can be properly fixed. Remediation steps can consist of repairing misconfigurations, implementing encryption, or fixing vulnerable code.”
  • Report: “Regular reports are required to maintain PCI DSS compliance. PCI compliance is not enforced, meaning it’s up to the merchant to ensure their payment security meets the proper requirements. The level of reporting merchants need to provide depends on their merchant level.”

Further, any data that businesses store should be tokenized, for instance. Tokenization replaces payment information with randomly generated characters and is one of the best methods to stop data breaches, Sandra Wróbel-Konior at SecurionPay explains.

Payment information is stored securely on a centralized server when a transaction completes without it ever touching the business’ servers. The merchant receives a unique token in place of the real data that can be used as a substitute in future transactions. Even if the enterprise experiences a data breach in the future, there’s no actual payment information for cybercriminals to steal.

Ideally, enterprises should store as little customer data as possible, writes Gadjo Sevilla, a senior analyst at Insider Intelligence: “This avoids inconveniencing your customers and the possibility of losing that data in a breach or a hack. The most embarrassing emails that companies have to write to their customers are the ones explaining that they've lost users' critical personal and financial information.”



Fraudulent Payment Attempts

Fraud is a serious issue with online payments. The majority of businesses are concerned about rising payment fraud, according to a report from Paysafe, with many believing it’s a barrier preventing more people from shopping online. Further, 40 percent of businesses believe customers are looking for more robust payment methods before purchase.

Payment fraud can be incredibly costly, too. A study by Juniper Research predicts e-commerce merchants will lose more than $25 billion to online payment fraud by 2024, up from $17 billion in 2020.

Businesses should be on the watch for several types of fraud, in particular, says Daniel Sevskis, fraud prevention team lead at ECOMMPAY. These include:

  • Identity theft, where criminals make transactions using stolen data.
  • Payment interception, where malicious actors takeover the transaction halfway through.
  • Refund fraud, where consumers initiate a chargeback with their credit cards post-purchase.

There are multiple payment best practices that can limit instances of fraud, the team at Kount writes. Requiring card security codes can prevent fraud in transactions when the card is not present, for example. And address verification systems — where the address a customer provides is cross-referenced with their known address on file —can also be used to spot instances where malicious actors are making fraudulent purchases.


Data Laws and Privacy Concerns

Throughout the world, myriad new laws are being introduced to protect consumer data, and companies must get compliant with those emerging laws anywhere they do business.

In Europe, the General Data Protection Regulation gives EU citizens greater control over their data while forcing companies to have additional safeguards in place. Similar rules exist at the state level in the U.S., like the California Consumer Privacy Act.

A key risk for businesses is failing to keep up with changes in policy. For instance, Singapore recently updated its consumer privacy protection laws in response to a surge in e-commerce fraud, as CNBC’s Sumathi Bala reports. The new changes mean businesses will face tougher penalties. As an example, the HMI Institute of Health Sciences was fined $26,000 for failing to protect personal data.

Laws like these are likely to expand and evolve, says Oana Ducuta, a data privacy officer at 2Checkout. “According to Gartner, by 2023, more than half of the world’s population–as much as 65%–will have its personal data covered under some kind of modern privacy regulations.” Ducata points to China, India, Canada, Brazil and New Zealand as countries that have recently introduced or plan to introduce data privacy regulations.



Off-The-Shelf Payment Providers Present Their Own Risks

A common solution to the issues highlighted above is to offload responsibilities to an off-the-shelf third-party payment provider. Unfortunately, these systems come with their own risks.

Fraud and a lack of security are two of the most common issues with off-the-shelf payment tools. When those software providers fail to maintain good security habits like PCI compliance, tokenization and encryption, it’s their customers who end up facing steep fines.

In fact, third-party service providers place fourth in Gene Scriven’s list of the 12 biggest security threats to payments. While third-party providers have become a core part of many enterprise infrastructures, Scriven, the chief information security officer at ACI, points to a Ponemon Institute study that found third-party providers were involved in almost half of all data breaches.

Given the risks associated with off-the-shelf tools from third-party payment providers, enterprises should consider building their own payment solution with a custom software development studio. At Kingsmen Software, our team has experience developing complex fintech solutions for the biggest companies in the U.S.


Images: Towfiqu barbhuiya, Jefferson Santos, Christian Lue

Learn about Kingsmen
Contact Us