Taking payments electronically is something most of us take for granted these days. But for any business owner planning on accepting payments on any sort of commercial scale the mechanics of those transactions are not something to take lightly. Contactless cards and instant online authentication may be what the public see, but each one of those seemingly seamless transactions calls on an infrastructure of communication and security software that operates 24/7, 365 with some of the smartest software anywhere.
Holding the cards
According to figures published by creditcards.com three out of every four Americans holds at least one credit card at any time, and between them they accounted for up to $56,101 million of online spending alone in 2015. Credit card payments account for 48% of online payments, debit cards another 30%, with PayPal making up the difference – although PayPal customers invariably feed their accounts with – you guessed it – a card of some sort.
For any serious customer facing business, there is simply no getting away from card payments.
Security on a grand scale
Making such a vast system secure is a Herculean undertaking with massive responsibility. Imagine if there was a serious hack that undermined public confidence in electronic payments generally – the impact would be disastrous.
The way that such a catastrophe is averted is part legislation and part enlightened self-interest. Underpinning it all is what is known as The Payment Card Industry Data Security Standard – PCI DSS. PCI certification entails a series of protocols that anyone processing credit or debit card transactions must abide by. There are twelve key requirements that reflect six fundamental security goals that range between data security, access control, and ongoing security monitoring.
As the security breaches at Sony, TalkTalk, Barclays and the UK’s Carphone Warehouse have shown in recent years, the reputational damage that a business can suffer if its security is compromised can be enough to threaten the viability of the business – however big it might be. For smaller brands, there is unlikely to be any second chances. And if the breach directly involves client credit cards it’s easy to see why customers would stay away.
Electronic payments call for full-time security
Cyber-crime generally is predicted to reach $2 trillion by 2019, a figure which extends well beyond the matter of credit cards alone, but nonetheless one that gives an indication of the level of threat that all traders are faced with. And it is a threat that is increasing all the time.
In the face of such an unpleasant threat, small businesses are increasingly being targeted. The big banks and corporate giants are sufficiently well-resourced to be able to – for the most part – stay one step ahead of the hackers. But it is smaller concerns that are increasingly being targeted: they are typically less well secured, offering relatively easy pickings. So far the PCI is holding the line – payments remain reliably secure, confidence in the system is retained, business carries on as normal. But anyone taking credit card payments needs to be aware that not only are they running a business, they are also on the front line of a vast global battle. We may only glimpse the occasional skirmish, but it is a conflict that we should never take for granted.