PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

6 Payment Security Measures That Protect Your Business

Alyssa Callahan by Alyssa Callahan
January 24, 2020
in Featured Content, Industry Opinions, Security
0
6 Payment Security Measures That Protect Your Business

Business Corporate Protection Safety Security Concept

5
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Most companies have experienced at least one instance of check theft, in which a bad actor washed a legitimate check and cashed it. Cases of check theft dipped in the early 2010s as companies and banks shored up their security. But according to the Association for Financial Professionals’ “Payments Fraud and Control Survey Report”, 82% of companies experienced fraud in 2018—the highest number in a ten-year period. The fraud was a blend of old-school check and new electronic payment security threats. This is because as companies adopt more processes for each payment type they utilize, another set of potential security threats also emerges.

Electronic payment fraud occurs most commonly when AP teams make changes to secure data—which, in this case, refers to data such as bank account information, remittance email addresses, and recipient names. Criminals hack into company emails and request to update legitimate vendor records with their own temporary bank account number.

Fraud is often under-discussed, but should be a top consideration as you think about integrating a payment solution. It’s essential to know how potential payment automation solution providers (henceforth referred to as “provider”) handle fraud cases, which can give you insight into how instances of fraud would be treated if your company became a victim.

Any company that you share sensitive data with should be protected by the highest industry security standard. The following list is a variety of compliance types and security procedures which potential providers may mention:

1. SSAE 16 and SOC Compliance

SSAE 16 replaced SAS 70 as the definitive security guide in 2010. SSAE 16 compliance includes SOC auditing, which publicly tracks company compliance statuses. Three types of SOC auditing exist:

  • SOC 1: Heavily audits internal controls of a service organization. This report can be used by an entity to assess a service organization for relevant and effective controls. Typical entities include, but are not limited to, publicly traded companies subject to SOX reporting (see below).
  • SOC 2: Heavily audits data relating to the Trust Services Principles (TSPs) in information security: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
  • SOC 3: Lightly audits IT controls relating to TSPs. This audit’s controls are more relaxed than SOC 1 and 2.

2. SOX Compliance

Also known as Sarbox compliance (in reference to the Sarbanes-Oxley Act created in the early 2000s), SOX compliance is a set of government-mandated regulations to which publicly traded companies must adhere. These regulations offer transparency into companies’ financial records, as well as their wholly-owned subsidiaries. It was enacted to protect shareholders from dishonest internal practices. If your provider is either a publicly traded company or the wholly-owned subsidiary of one, they are legally required to be SOX compliant.

3. PCI DSS Compliance

PCI DSS compliance—or “PCI compliance” for short—audits companies associated with cardholder details, whether they store, transmit, or accept secure card data. This compliance ensures that companies have a secure protocol in place to limit fraudulent card payment instances. Please note, if a company is SSAE 16 compliant, they are also PCI DSS compliant, but the reverse is not always true.

4. Fraud Coverage and Assuming Liability

Some providers are financially able to offer a guarantee on all payments through their insurance coverage. Sometimes their insurance plans can also benefit you in other ways than the guarantee—for example, you may be covered for forgery or other fraud instances. Before signing on with a provider, take a moment to ask them if you are also covered under their insurance plan, and for what instances.

5. Employee Security Training

Because fraud often occurs due to human error, staff security training is key to prevention. Ask your provider what sort of training their employees undergo—especially those who interface directly with your vendors. Many providers also have other protocols in place, such as using security questions to verify calls. Understand the measures your provider takes to protect your company’s financial wellbeing.

6. Positive Pay and Positive Payee Tracking

A necessary evil of the AP staff’s day is reconciling cashed check payments against the issued payments in order to catch and prevent instances of fraud. Typically, banks will match client records against their own to determine if the account number, check number, and number of recently-cashed checks match up—a process known as Positive Pay. A related process, Positive Payee, tracks that same information along with the customer’s (payee’s) name, which creates another layer of security. Some banks don’t offer Positive Payee tracking, which is a shame. In those cases, if a fraudster washed the name on a check, but kept the other information the same, the fraud would be undetectable until the intended recipient claimed no-receipt. Some providers offer Positive Payee tracking as a service, so be sure to ask if yours does.

At the end of the day, your company’s security standards will always evolve to protect against ever-shifting fraud threats. It’s important to find a provider that can scale to meet those changes without sacrificing your high security standards. While fraud prevention remains a priority, it’s also important to know how your provider handles fraud instances and repairs damage.

If you’re already searching for a payment automation solution, take some time to research each prospective provider’s security offerings, and learn about their protective measures. Doing so will ensure that you choose a provider that prioritizes security and has your company’s best interests at heart.

Tags: Compliance and RegulationCybersecurityFraud PreventionNvoicepaySecurity
5
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023
    mule. real-time

    Early Detection of Mule Activity Requires Real-Time Solutions

    May 22, 2023
    embedded finance, ecommerce

    How Retailers Can Enter the World of Embedded Finance Confidently 

    May 19, 2023
    cross-border

    Cross-Border Trade is a Cinch with the Right Payments Partner

    May 18, 2023
    debit

    5 Reasons Merchants See Debit As
    Top-of-Mind for In-Store Sales

    May 17, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result