Payment Risks and How to Reduce Them
It’s easy to imagine the scariest risks of all: having your system taken over and sold back to you by ransomware, say, or a criminal ring intentionally buying all your inventory with stolen credit cards. But the real risks are more mundane: a few too many chargebacks, a few extra pennies in fees, a tiny downturn in transaction completions. These represent the most significant threats to your business because they are the stuff of the day-to-day operation, simple challenges on their own that can build upon one another to create an existential problem.
You can reduce your payment risk, and the associated threats, by taking a steady, careful approach to your business. Here are four proven tactics to a safer payments system.
Reduce the Risk for Payment Data-at-Rest with Tokenization
Although every organization that wants to transact business through credit cards is required to maintain PCI-DSS compliance to one level or another, the reality is that properly filling out an SQA is a necessary but insufficient step to protecting your customers’ personally identifiable information (PII). Every online criminal in the world is poised, ready to exploit any open door you leave so they can run into your database and lift your exposed data.
You can mitigate this threat by using encryption - literally scrambling stored data according to a secretary key. But in some sense you are only swapping one risk for another: if hackers can uncover your encryption key then they can revert stored information to its plain form.
A stronger strategy is to layer tokenization on top of encryption. Tokenization is the process of switching out sensitive data for a randomly-generated alternative string, which can never be converted back to its original form. The data itself is stored in a secure vault, making it way more difficult for hackers to access.
Reduce the Risk for Data-in-Motion with Third Party Data Collection
At this stage, recommending SSL for your e-commerce environment is too basic: customers’ browsers and devices will scare them off transacting business over unencrypted connections. Nonetheless, there are real threats to your customers’ payment details as they are sent to, and loaded into, your internal systems.
You can mitigate this risk by never actually collecting the PII directly into your systems at all, but instead embedding forms from a third party partner like Basis Theory. Your partner will provide the security you need while the data whisks across the Internet, and provide a fully secure vault. Even better, you have full control over, and access to use, the stored data - but never need to actually hold it in your digital hands (see here for how you simply instruct the partner’s system to disperse data to your payment processors).
Protect Against Payment Outage Risks with Automation
Tempting as it may be to commit to a single payment services provider (PSP), especially when they offer exceptional services and an easily-consumed and predictable fee structure, the reality is that not having multiple processing partners introduces significant business risk. Processors act as middlemen between merchants and the card networks themselves, and therefore both aggregate and distribute their own payment risks between and across their customers. In practice, this means that they set their own rules and policies on the risk they’re willing to accept for any individual contracting merchant - and may choose to reduce or eliminate service coverage for a customer at any time.
Merchants who do not invest in automation to ensure their payment transactions can be re-routed between more than one payment processor are at significant risk of finding themselves scrambling for a replacement (while unable to accept payments) at the drop of a hat.
Protect Against Payment Inequities with Optimization
Not only do PSPs have the option to reduce or eliminate services to their customers, they also typically offer essentially unique fee structures, making it difficult to actually identify and focus your business on the ‘best value’. For most merchants, there may be a range of PSPs that offer the best pricing for segments of your customer base - some, for instance, may provide a lower-cost service for high-risk items, while others may have a stronger offering for customers in other countries.
By not only contracting with multiple PSPs, but also implementing a payment optimization routing model to pick the best provider for each transaction, merchants create an ongoing, even structural, payments risk: excessive payment costs.
Payment Risk is Everywhere - Mitigation is Key
The risks to your business may be entirely external but only some of those risks actually come from hackers. The majority of risks come from structural inequities in the payment processing ecosystem, and often-obscure leverage imbalances.
Remove these payments threats by securing data at-rest and in-motion with a tokenization partner; committing to automation that eliminates the risk of losing access to payment infrastructure; and optimization that ensures you manage for high transaction success rates with low processing fees.