Top priorities for maintaining a secure payment system
Innovative new payments technology is making customers’ lives easier, but carries with it the potential for new scams that can put users at risk of falling victim to fraud. Here, we look at what a secure payments system should be prioritising in order to keep customers safe.
Katherine Graham, Head of Security Services at NatWest and a Chartered Banker Institute Board Member, says that, when it comes to prioritising a secure payments system, for her, taking a data-led approach to security is ‘key.’
Graham believes that, at a time when a huge amount of information about customers is available, secure payment systems must tap into this wealth of data in order to protect customers and keep one step ahead of fraudsters.
“We can use it to spot trends and make sure that we’re there when needed, to help our customers identify things that don’t look quite right,” she says.
Minimise transaction friction
Ensuring that payment systems meet the rigorous industry standards put in place to protect customers and maximise security is vital, but providers must also ensure that it doesn’t come at the expense of a seamless user experience.
For Graham, onboarding talent with a deep understanding of both the ever-evolving nature of security and the requirement for smooth customer transactions can ensure systems are able to adapt to changes in the payments landscape – as well as changes in human behaviour.
“Having visionaries around who understand how we need to change to meet Payment Services Directives, Open Banking requirements, SWIFT mandatory controls and ISO 20022, Payment Card Industry Data Security Standards, and changing Anti-Money-Laundering expectations is very important,” says Graham.
“The payments landscape will continue to change, with the expectation being that transactions will become ever-more integrated into daily life. The challenge is maintaining high standards of security, while avoiding injecting too much friction into those customer transactions.”
Understand human behaviour
Security measures in payments, however, will only be as effective as the understanding of human behaviour that’s been factored into them. The most effective – and secure – systems are the ones that take into account how the average customer will respond to security requirements.
“It’s no good setting a high bar for customers composing passwords and failing to recognise that the vast majority of people will seek to respond in the same way – by adding that exclamation mark to the end of their favourite football club’s name, for example,” adds Graham.
“We need to look at how we can innovate in a way that is cognizant of reality – by creating a complex password for you, for example, and giving you a digital assistant who’ll memorise it on your behalf.”
A double-pronged approach
Incorporating Personally Identifiable Information (PII) provides protection in two areas, says Dougie Belmore, Chief Payments Officer at Pay UK, and helps give consumers more confidence when carrying out online transactions.
“One of the areas is anti-fraud – protecting consumers against someone scamming them into sending money under false pretences. But PII also helps protect the consumer from what has been aptly named ‘fat fingers’ errors”, Belmore explains. “This is when customers hit the wrong button, or get a couple of digits transposed, and suddenly money disappears.
“PII gives the consumer confidence that that extra piece of validation is there in terms of how they transact, and knowledge that they’re transacting in the right way.”