Payment security: Can it be frictionless and secure?

Wednesday, September 25, 2019 4 minute read

Guido F. Sacchi

Senior Executive Vice President and CIO, Global Payments

Hero image for 'Payment security: Can it be frictionless and secure?' article

4 minute read

The days when customers only interacted with your business through one retail channel are long gone. Today, your customers want to do business with you in many ways. Be it online, via mobile, or on their smartwatch or car, your customers want a choice, and expect to transact with ease.

In the next evolution of retail from omnichannel to unified commerce, businesses are focused not only on managing multiple channels but on delivering a seamless, secure commerce experience across multiple interactions. With that comes a new call to arms: deliver minimum friction and maximum security across all of these interactions.

It’s easy to see why frictionless commerce is a requirement for businesses today. Nearly 70% of consumers abandon their shopping carts at checkout online and upwards of 85% via mobile. Anything businesses can do to remove buying barriers and make the payment process as seamless as possible can drastically improve sales.

Just as providing a frictionless buying experience for your customers isn’t optional today, nor is providing a secure buying environment. According to a 2017 PwC report, almost all (92%) consumers say companies must be proactive about data protection. Most (60%) consumers also say the responsibility of protecting data rests with the company collecting the data.

85% of consumers won't do business with a company if they have concerns about their security process.

Strong security not only protects you and your customers, but it’s also a competitive advantage to win business.

How to Better Secure Your Payment Solutions

Fortunately, new security innovations are built with the customer experience in mind. Consider multi-factor authentication which can include biometrics as one factor, allowing consumers to gain entry most commonly through facial recognition and/or thumbprints. It’s easy for the customer -- requiring only a stare or tap -- and in combination with another factor is more secure than allowing account access through a username and password.

Progress is being made every day to melt payment system security into the background so consumers can continue their daily habits while benefiting from the best possible protection, but it’s your responsibility to ensure that the proper security measures are applied at every stage of innovation.

The Security Mindset Shift

New payment experiences like invisible payments, contactless payments, voice-activated payments, QR codes and unattended payments are among some of the latest ways to pay that improve consumer buying experiences and deliver close to zero friction.

Unfortunately, we see many companies gloss over making the most secure enhancements when evolving their technology in favor of only considering minimum security requirements in new technology implementation. Simply addressing regulatory compliance requirements isn’t security, it’s a bare minimum baseline. It’s imperative that you go further to prevent fraudulent transactions. You must design for security, ensuring it’s woven into the entire lifecycle of everything you do. Resistance to going beyond compliance protocols can put your business and customers at higher risk for a data breach, identity theft and fraud.

"Simply addressing regulatory compliance requirements isn’t security, it’s a bare minimum baseline."

For businesses of all sizes, you can start by creating a foundation of security. Some key steps you should consider include:

  • Creating and publishing internal security standards
  • Controlling development languages
  • Training development teams on design principles
  • Tracking and rewarding compliance
  • Identifying open source and control usage
  • Delivering on-demand, individual training
  • Tailoring training materials to specific company history
  • Requiring an annual training refresher
  • Publishing data about software security internally

Establishing a solid foundation should then evolve into a mature security program, including practices for developing secure code, minimizing vulnerabilities and maintaining a secure environment.  Adopting intelligent security design, developing internal talent and finding seasoned partners is important in building a frictionless and secure business. Asking potential payment partners the right questions will help you build scalable payment security solutions and keep your customers secure.

Shift your mindset to make payment security a part of the innovation process rather than an afterthought and you will be ahead of the curve.