As a business, you’re likely to engage with the world of payment security fleetingly. Managing your PCI Compliance may be the closest you come as a merchant to looking at payment security. Many of the systems protecting businesses and customers are so seamless that they require little thought. However, understanding payment security is increasingly important if you want to protect your business and your customers.
1. Strong Customer Authentication (SCA)
Whilst you may not be familiar with the term SCA, as a merchant, SCA transactions occur all time. An SCA occurs when a customer is asked to enter their pin after trying to pay for an item using a contactless payment system.
The SCA is a fraud preventative measure that stops fraudsters from using a lost or stolen card and using the contactless system to steal the card holder’s money. Typically, card issuers place a limit either on the number of contactless payments or limit the value of contactless payments until a PIN is required.
Firstly, customers may need to verify they are the cardholder with something they know. For example, if the contactless threshold has been reached, the next time they try and pay using contactless, they will be instructed to enter their pin. As a merchant, recognising this process and walking the customer through this stage can be very helpful.
Secondly, customers may need to verify themselves with something they have, such as a mobile phone. Paying via an e-wallet can authenticate customers because they require passcodes.
Finally, customers can verify themselves through biometrics. Customers can use Google and Apple Pay biometrically, using fingerprints and facial recognition that unlock the wallet and allow the customer to proceed with a payment.
2. Card Not Present Security (CNP)
A CNP payment occurs when the cardholder does not physically present the card at the time of purchase. The two most common examples of CNP payments are online and over-the-phone payments.
These forms of payment usually only require the card details to complete a transaction, exposing this form of payment to potential risks of fraud. To mitigate these risks, card providers have started sending users codes via text to confirm their identity before processing the transaction.
Being able to walk customers through this process confidently is reassuring and lends your business a sense of authority and trustworthiness that is valued by customers.
3. Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS), introduced in 2006, is a set of legal requirements that ensures all companies that process, store, and transmit credit card information maintain a secure environment.
PCI compliance is one of the most important aspects of a modern business. The importance of being compliant is ever-growing particularly with the transition to a cashless society.
However, despite the importance of PCI compliance, 80% of UK businesses are not compliant. Failure to demonstrate compliance can result in a costly monthly fine between £4000 to £80,000.
4. Near Field Communication (NFC)
Near Field Communication is something many will not have heard of but will likely use every day. NFC enables contactless payments between devices like Apple and Google Pay via smartphones and smartwatches, as well as contactless bank cards.
NFC payments have gained increasing popularity due to the ease of the payment method. NFC contactless payments have the added benefit of being encrypted and highly secure.
NFC payments only work when a contactless device and payment terminal are within 2 inches of each other. E-wallets can only operate when they have been biometrically unlocked either with a unique fingerprint or with facial recognition software.
As a merchant, to accept NFC payments, you will need to have a payment terminal with an NFC-enabled reader. Whilst contactless payments are becoming the new norm, many merchants still do not have the technological capacity to accept this payment method.
How Can We Help?
If you want to upgrade your business, make your check-out process faster, your customer experience more convenient, and your payment process more secure, then get in touch today. We can provide you with a dedicated account manager who will manage and maintain your PCI compliance as well as provide you with the most up-to-date fintech, helping you keep your customers safe and happy during their customer experience.
More from BMS
Business growth can lead to increased security risk. For SME’s, much of the mitigating risk management will rely on the tools available. BMS can help ensure compliance.
Strong Customer Authentication (SCA) is a security measure embodied within The Revised Payment Services Directive (PSD2) as a set of regulations for payments which came into force last year. We’ve devised a quick guide to understanding SCA for your customers, and how BMS can help.