With credit card transactions being a major target, businesses should focus on offering the widest range of secure digital payment methods.

The strong growth in the global payment security market is driven by the need to protect consumer data, comply with regulations, and keep up with the evolving threat landscape.

In tandem with this growth, cybercriminals are becoming more sophisticated and focused in their attacks.

How is the industry tackling this vicious trend? Are new and more advanced payment security solutions on the horizon?  

CybersecAsia.net interviewed Geoff Forsyth, CISO, PCI Pal, to gain his insights on the latest security trends of the payment industry. 

CybersecAsia: What are the key challenges in establishing faster and more secure international payment options? 

Geoff Forsyth (GF): With customer service as a top priority, and consumers open to alternative options, the payments landscape is primed to expand and evolve to support initiatives. However, security is still at the top of the agenda.

From a payments perspective, there are methods that hackers will typically look for. For example, firms that concentrate on taking card payments are likely to be the main targeted group. Our advice is to look at adopting a multi-payment strategy that meets consumers where they are — one that provides payment options that allow for greater choice and additional security benefits.

Another challenge for those operating internationally is the ability to navigate the intricacies of cross-border transactions. For example, currency conversions, differing settlement processes, and regulatory compliance rules. All of these have the potential to pose obstacles to achieving faster and seamless international payments.

Geoff Forsyth, Chief Information Security Officer, PCI Pal

CybersecAsia:  Mobile payment options such as digital wallets and apps are a preferred payment methods in some domains, but how can they be made more secure?

GF: Some people like digital wallet solutions because they consider the latter to be faster and simpler for check-out processes. Another appealing payment solution is Buy Now Pay Later (BNPL), which some analysts estimate will account for 12% of total global e-commerce spend on physical goods by 2025. However, personal information security is an important factor when people choose a payment method. 

It is therefore important for merchants to not only offer a range of payment choices to consumers (including the increasingly popular digital wallet options) but to ensure they are adhering to the latest security and compliance standards. 

For example, adopting tokenization techniques can help replace sensitive payment data with unique identifiers, reducing the impact of data breaches. Implementing robust authentication methods such as biometric or two-factor authentication can provide an additional layer of security. For BNPL, robust credit checks, contract agreements, and clear payment terms are crucial to mitigate potential risks. In addition, implementing secure payment solutions and encryption protocols will help protect sensitive B2B data during such transactions. 

Also, in keeping up-to-date with the latest PCI Data Security Standards (version 4.0 comes into effect from 31 March 2024), merchants should prepare for the new requirements that are being introduced.

CybersecAsia:  What do you think of the increase of open banking payment systems in the USA?

GF: Analysts have predicted that almost three-quarters of digital consumer payments globally will be conducted via platforms owned by non-financial institutions by 2030. In our view, open banking creates efficiencies and benefits not only for large enterprises.

Digital payment methods of this type enable merchants to not only minimize the cost of transactions, and provide instant refunds, but also reduce the risk of fraud and chargeback costs.

We are therefore opening up open banking payment methods for all sizes of organizations, where transactions are handled via mobile banking apps or online banking portals. 

CybersecAsia:  Will the future of payments hinge on the One-Time Password or biometrics or any new authentication technology in the pipeline?

GF: The future of payments is likely to be shaped by a combination of various technologies and authentication methods, and this will of course be dependent on the channel being used. 

Whatever the future of payments looks like, security remains the priority, regardless of method used. We know that there are payment methods that hackers look for. For example, organizations that prefer taking card payments will still be the main targeted group for attackers.

Instead of focusing on one payment method, we therefore suggest businesses adopt a multi-payment strategy. This is where the increased adoption of the latest Open Banking application programming interfaces (APIs) will also come into play for supporting variable recurring payments, in addition to one-off payments.

This shift could see the decline in direct debits as such processes gradually lose market share as a payment method.

CybersecAsia thanks Geoff for sharing his insights on payment trends.