The Covid-19 lockdown has seen an explosion in UK e-commerce, with a 72 per cent year-on-year increase in May alone, according to Mastercard SpendingPulse. Many of those responsible for the £5.3 billion sales surge had rarely, if ever, shopped online before. So the crisis has presented huge growth opportunities for online payment-platform providers working with retailers and banks.
But it’s created big challenges for CIOs and CTOs at PSPs, too. All this online financial interaction has attracted huge numbers of fraudsters. National monitoring organization, Action Fraud, has received more than 2,500 reports of coronavirus-related scams, mostly online, totaling almost £9 million in losses. This means that it’s become more important for PSP leaders than ever to be able to show clients that their payment-platform solutions are secure.
A surge in demand for online payments
Many businesses have had online payment platforms for years. Others – from pubs deciding to do food deliveries during lockdown to small furniture-makers opening online shops – have had a sudden need to source one. Both want systems that are easy for customers to use but also have robust anti-fraud defenses. As PSPs know, this is easier said than done at the best of times, and the Covid-19 crisis has made things even harder.
Fraud prevention systems, whether built into a new payment platform, or added to an existing one, can be complicated or slow, causing customers to abandon orders or unwilling to use a website again. For many, the prospect of a fraudster gaining access to their personal details via a phishing email or by hacking into an insecure company online store is less daunting than spending several minutes trying to pay for a book or T-shirt. During the pandemic and afterwards, CTOs and CIOs therefore need to ensure they are supplying platforms that are secure and inspire confidence in customers but are seamless and integrate easily with firms’ existing anti-fraud measures, too.
Build vs. buy
With numerous companies coming forward at the same time wanting new or upgraded payment platforms, time becomes another great challenge for PSPs. Constructing a platform for a business can take months or years. Integrating it with a firm’s complex workflows, customer-data files or accounting systems is often a cumbersome, resource-draining process.
All this uses up precious staff hours that a client could be spending developing new products or better ways to market their business. During a quieter time, it might not be such a problem for the PSP, but when there are lots of demands on its attention, it needs to be able to fulfil customer requirements as efficiently as possible. Worse, where fraud issues are concerned, a drawn-out payment-platform construction and integration process can leave customer and business data more exposed and vulnerable to fraudsters. Finding a way to supply a new, secure platform as quickly as possible, then, should also be high on CTO and CIOs’ lists of priorities.
PSP leaders are all too aware of the need for their products to meet various legal and regulatory frameworks in Britain and around the world. The customer-information security issues thrown up by Covid-19 may make doing so more complicated.
We are in a situation where a firm could already be fined for loss of customer data if they are not compliant with the worldwide Payment Card Industry Data Security Standard (PCI DSS), for instance. This means having to maintain a vulnerability management program and regularly monitor and test networks. New government Strong Customer Authentication rules (SCA), meanwhile, require customers to provide two methods of identification, such as a PIN, entering banking details via a smartphone and a fingerprint, before buying something costing more than 30 Euros. They are already in force for online banking and are expected to reach the e-commerce sector in the UK by September, next year.
Such regulations — and those merchants have to adhere to in other countries — evolve all the time. It is likely that various issues, thrown up by Covid-19 – not just fraud, but the new ways we might work, travel, or communicate in the future – will cause them to change even more. Keeping up with the latest rules and regulations could become increasingly difficult for payment-platform providers and their clients alike.
Staying in control with outside help
So what can CIOs and CTOs do to meet all these challenges? In many cases, using a ready-made platform might be a better idea for them and their clients than trying to create one in-house.
You don’t need to wait for months for a ready-made platform to be built and it can potentially be integrated into a retailer or bank’s systems with a few weeks or even days. This minimizes disruption to clients, makes their customer information less vulnerable to security breaches and saves resources. The platform will still carry the branding of the PSP, however, not the third-party developer.
Ready-made platforms also tend to have a strong array of fraud and security features installed. These might include advanced fraud-prevention filters or monitoring tools based on client behavior, so that suspicious activity is detected and blocked quickly. During the Covid-19 crisis, criminals have shown how quick they are to adapt, using fraudulent online offers of PPE to install password-stealing remote-access programs, for instance. A ready-made platform which is reasonably up-to-speed on new criminal innovations can, therefore, be very useful. It might be faster and cheaper to install than updating the security on an existing platform, too. It is also likely to be compliant with many of the latest regulations, such as Level 1 PCI DSS, saving PSPs and firms the time and effort of ensuring this is the case with platforms they’ve created themselves.
The option of a ready-made payment platform may even be cheaper overall than developing a new one.
Covid-19 and other security issues will continue to be a major concern for CTOs and CIOs at PSPs, banks and other payment businesses. But they are manageable. Using a ready-made platform will, for many, be a very important way of helping clients stay on top of security and deliver a product they’ll be satisfied with.
Sunil Jhamb, Founder and CEO, WL Payments