How to Mitigate the Risks Associated with Accepting Online Payments

Man working on tablet with COMPLIANCE on the screen

How to Mitigate the Risks Associated with Accepting Online Payments

Posted on 06.19.2017 by Laurie Nelson under Compliance, Merchant Processing, Payment Processing

Even with the ever-growing list of benefits available through online payment processing, there remain risks involved in using internet technology to facilitate purchasing and payment capacities. Avoiding known risks means knowing what they look like and adopting prevention strategies. Best practice standards in data security management systems offer both detection and deterrence capabilities, as well as compliance with regulations.

Things to Avoid When Accepting Online Payments

Despite the numbers, companies today are still not applying sufficient data security controls over their digital infrastructure. In 2016, hacking (unauthorized access), phishing (invasion through infected emails or social media contacts) and skimming (devices installed on card readers that steal consumer data) accounted for 55 percent of all data breach incidents, a rise of 17 percent over 2015 figures.

Every company can employ tactics to avoid these risks:

  • Every worker must know not to open any digital communication that contains suspicious-looking titles or attachments.
  • Dual authentication for each person with access to digital data prevents unauthorized personnel from gaining entrance to those stores.
  • Strategically placed video cameras keep watch on external or remote cash machines, facilitating monitoring and critical documentary evidence if needed.

Remain Vigilant Over Real-Time Transactions, Too

Check fraud remains popular with cyber crooks, even though the use of paper checks has dropped significantly in recent years. Proper customer/transaction identifications, including routing number verification and account verification, ensure each transaction goes through as intended, without inadvertent or intentional disruptions.

Open Portals Invite Interlopers

Every device that accesses corporate information is a portal through which cyber thieves can walk. Prohibiting access to company information except through secure, company-owned devices reduces this risk substantially.

Best Practices Reduce Risks Through Detection or Deterrence

Each organization can also introduce mandatory activities that reduce risks:

Staff Training

Staff training is an integral best practice element for every company. Every worker should have initial and ongoing training in security practices involving data security, compliance, transaction screenings and anti-fraud activities.

Watching the Supply Chain

Many enterprises are surprised when someone with whom they’ve been doing business hacks their accounts. Often it is not the main business colleague but an enterprising employee who sees an opportunity and exploits the relationship for personal gain. Every weakness in every supplier up and down the chain presents a threat to the online payment institution, too.

Masking Sensitive Information

Even with the most up-to-date data security measures in place, documents still come and go with confidential information contained in their text. Masking or encoding that information prevents inadvertent exposure and the likelihood of a breach through that opportunity.

Mitigating Risks Through Compliance Activities

The online payment industry has many national and international regulatory systems overseeing its operations, most of which are designed to reduce the risks involved in domestic and foreign financial transactions. Following best practices to secure the online payment function often also results in compliance with these standards.

  • Encryption is one option that secures credit card payment processes and ACH payment processes by converting sensitive information into an unreadable state. If invaders can’t read it, they can’t steal it.
  • Comprehensive testing of security operations helps to demonstrate their adequacy (for both data safety and compliance documentation purposes), as well as reveals weaknesses that may have developed over time.
  • Regular auditing of the full data controls environment also responds to compliance requirements that security systems are current and up to date, therefore reducing the risk of data exposure to newly emerging threats. Just as threats continue to evolve, so should the responses to those threats.

Companies that maintain up-to-date data security practices also reduce their risks of loss due to inadvertent or intentional data breaches.