With the threat landscape continuously evolving, comprehensive digital payments practices have become paramount in today’s market. Mohamed Dabo reports on procedures that are likely to yield optimal results
The Covid-19 pandemic has brought about a proliferation of digital fraud and data breaches, putting businesses under increased pressure to maintain transaction and data security.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataToronto-based international law firm Torys has developed ways for organisations to adapt strategies and develop a risk-mitigation approach. Although taking a Canadian perspective, the practices would allow businesses everywhere to stay competitive in the evolving digital payments ecosystem.
Risks for organisations
As they implement products and services within the digital payments’ lifecycle, businesses must consider their risks and vulnerabilities.
Data breaches
When businesses enter the digital payment space there is an increase in cyber-related threats in part because the volume, variety and sensitivity of information an organisation may process is expanded.
A business that relied on in-person transactions, or that has pivoted from wholesale to consumer service, may traditionally not have collected the sensitive personal data associated with digital consumer payments, and may be unprepared to adequately protect it.
Covid-19 further compounds these risks because employees may be accessing sensitive payments data from personal devices or home Wi-Fi networks that are poorly secured in comparison to corporate IT infrastructure or using new tools that may not be vetted by corporate IT.
Regulatory and related risks
Digital payments bring with them new forms of data to which organisations may previously not have had access, including transaction and consumer behavioural data. Organisations need to ensure that they collect, use, share, and safeguard such data in compliance with regulatory and contractual obligations as well as industry standards.
In addition to privacy and competition law obligations, organisations need to be mindful of whether they need to comply with industry-based regulations such as the Payment Card Industry Data Security Standard, and contractual obligations by financial institutions or card networks.
Organisations also need to prepare for upcoming changes in the regulatory landscape such as the federal government’s proposed introduction of open banking in Canada. Failure to comply with regulatory obligations can result in complaints to regulators, or independently attract a regulator’s attention, which can result in penalties.
Quebec, as part of its privacy reform, is proposing to impose monetary administrative penalties of up to C$10,000,000 ($7,320,000) or 2% of the organisation’s worldwide turnover, for a variety of contraventions, including for failure to report a breach and processing of personal information in contravention of Quebec’s private sector privacy act.
Litigation
Organisations are increasingly facing civil liability for failing to comply with regulatory obligations, predominantly in the form of privacy and data breach class
actions. Compliance violations associated with sensitive consumer payments data are particularly likely to attract civil litigation.
Adjust digital strategy
Companies that see, and seize, opportunity in the current crisis to invest in proactive measures and build relationships of trust with customers will fare best in this time of rapid transformation for digital payments.
Companies that invest in prevention, detection, monitoring and ongoing response to cyber threats will stand out from those that merely try to ride the changes out without investing in infrastructure or relationships.
This may be the time to map company data flows, test organisational infrastructure, identify weaknesses that fraudsters could exploit, and triage the plan for improving those systems.
It is also the time to undergo careful diligence on any third-party partners for payment processing, ensuring that contractual safeguards keep third parties accountable, and confirming that backstop measures such as cyberinsurance, alternative data processors, and record-keeping systems address the risks associated with consumer payment incidents.
It would also be timely to review internal cyber and privacy training plans, and the frequency of refresher communications.
The current momentum in the adoption of digital payments offers an opportunity to build on existing relationships with customers and clients through communication and education on privacy and security.
- Explain the risks and ensure that customers are clear on what types of communication they should and should not expect, so they can better avoid falling for scams;
- Remind consumers of the importance of creating difficult passwords and changing them regularly, and send out ‘calls to action’ when passwords are changed;
- Consider creating a reporting service where customers can participate in helping to curb fraud by reporting suspicious texts and emails they receive – Interac was able to take down 4,400 phishing sites that were fraudulently using its logo through this method alone.
Businesses that keep at the forefront of these changes will build enhanced trust with their customers and within the wider community, gaining a competitive advantage as they move to implement robust digital payment systems in their organisations.
