How Businesses Can Secure Payments Data During The Contactless Revolution

How Businesses Can Secure Payments Data During The Contactless Revolution

Nitin Bhatnagar, Associate Director, PCI Security Standards Council, 0

Holding a Masters in Cyber Law & Information Security from the Indian Institute of Information Technology, Nitin has held key positions across HCL Technologies, Ashmar Research & Technologies, and SISA Information Security, prior to joining PCI in 2018.

We are seeing an increasing number of players in the global payments sector, the development of new technologies and the proliferation of payment channels. This has helped give business more opportunities for growth, but also given cybercriminals more opportunities to steal payment data. Businesses need to ensure they maintain a secure payment infrastructure to minimize their risk to data theft.

The rise in the number of payments players is unsurprising as seen in McKinsey & Company’s latest report which shows that the industry continues to experience year on year growth. The growing variety of payment methods and overall improvement of payments infrastructure is making it easier for businesses to make and take payments, leading to improved business growth. For example, many companies now use commercial off-the-shelf (COTS) smartphones or tablets to process transactions. Here, contactless or ‘tap and go’ payments can be made by cardholders using a contactless-enabled device or payment card. This technology opens-up opportunities for businesses. It does this by lowering the barrier for entry for business owners to start trading through enabling them to use technology that they already possess to start processing their business transactions.

Additionally, the technology provides businesses with more options on how they receive payments, improving their operational versatility. Enabling a smartphone to receive ‘tap and go’ payments makes it possible to process transactions in far more locations than traditionally thought possible. However, new technologies are creating new security challenges by opening the door for new and more efficient criminal models. With more ways to make and take payments, there are also more channels for payment data to be stolen.
Businesses that operate without a secure payment infrastructure represent an opportunity for cybercriminals and hackers who are well-equipped and relentless at finding avenues to steal data where the correct precautions have not been taken. According to a recent report, Indian organizations lost Rs.12.8 crore in data breaches in 2019. This is in addition to the cost factors of legal and regulatory activities, loss of brand equity and declining customer turnover. It also brings light to the fact that such breaches are becoming systematic and advanced, and companies today cannot afford to compromise when it comes to payments data security.

However, as criminals are relentless, so too must businesses be. Every company must ensure that they comply with the appropriate security framework to help protect their business from data theft. For example, the Payments Cards Industry Security Standards Council (PCI SSC) has issued the PCI Contactless Payments on COTS (CPoC) Standard and supporting validation program. This allows vendors to provide businesses with contactless payment methods that have been developed and lab-tested to protect payment data.

These solutions reduce the exposure of cardholder data via trusted encryption methods. They also leverage EMV Payment Tokens which replace cardholder data with tokenised data, non-sensitive substitutes which don’t alter the type or length of data. These both make it more difficult for cybercriminals to steal cardholder information. This is particularly important in a world where contactless payment adoption is on the rise and merchants want affordable, flexible and safe options for contactless payment acceptance that allow them to best serve their customers.

With increased penetration of smartphone usage and internet accessibility in India, the contactless payment market is also set to expand. Merchants and consumers are increasingly becoming aware of this technology, and contactless payment solutions are already being implemented across the country. As per the TechSci research report, India’s contactless payment market is expected to grow at a formidable rate by 2024.

Ultimately, more options for merchants to accept contactless payments in a secure manner helps increase their operational flexibility and allows them to better serve their customers. The PCI CPoC Standard and Program represents another step on the journey towards a better payments ecosystem.

Current Magazine