Sep
10
2020
September 10th, 2020 by Admin

There are few moments like now where American consumers are collectively open to the idea of new payment methods – especially contactless ones such as mobile wallets. This is good news for businesses since mobile wallets offer a safer payment alternative to credit cards and drastically reduce customer wait times at checkout.

Mobile wallets (such as Apple Pay and PayPal) use authentication, monitoring and data encryption to secure and transmit personal information, and the level of security associated with them has payment card issuers backing their use. This is certainly helping drive consumer adoption, as does convenience.

In fact, global mobile wallet transaction value is estimated to reach nearly $14 trillion by 20201 – and that is a pre-COVID-19 estimate. New estimates are higher and point to further rapid adoption given the current need for touch-free payment options. According to a recently published Visa Back to Business report,* 70 percent of consumers surveyed in June 2020 have used a new shopping or payment method for the first time this year.

A rapid shift has begun and the numbers tell the storySo what is holding back business adoption of mobile wallets? Until recently, it just wasn’t a priority for many small- and medium-size businesses to enable it or educate their employees on its use. The lack of preferential demand didn’t make it a pressing topic. But that is changing. Consider this:

  • According to Forbes,2 by 2026, digital natives will be 59 percent of the consumers in the U.S. market.
  • Of this, 45 percent will be specifically Millennials and Gen Z, representing the largest purchasing power.
  • As Gen Z move into becoming the largest generation cohort, their purchasing power will be $143 billion.

But it’s not just what lies ahead that SMBs should be focused on now.

According to Visa’s Back to Business report, shoppers are now putting COVID-19 safety measures at the top of their shopping lists and they will reward stores that do the same. In fact, if all other factors were equal (price, selection, location), nearly 63 percent of consumers surveyed would switch to a new store that installed contactless payment options, such as mobile wallets.3

What does this mean for you? Now is the time to connect with customers to make sure they are fully contactless capable and have the technology in place to accept many of the most popular mobile wallets.

1Payments Industry Intelligence, “The rise of digital and mobile wallet: Global usage statistics from 2018,” November 25, 2018.
2Forbes, January 2020
3Visa Back to Business report 2020

Posted in Digital Wallet Privacy, e-commerce & m-commerce, Electronic Payments, Internet Payment Gateway, Mobile Payments, Uncategorized Tagged with: , , , , , , , , , , , , ,

Apr
11
2014
April 11th, 2014 by Elma Jane

PCI DSS 3.0 standard, which took effect January 1st, introduces changes that extend across all 12 requirements, aimed to improve security of payment card data and reducing fraud. There will be some shakeups for many organizations when it comes to their day-to-day culture and operations. Transitioning to meet the new requirements will help e-business build a stronger, safer, lower-risk environment for their customers.

While the growing number of digital payment avenues offers convenience to customers, it also offers a larger attack surface for criminals.

As cloud technologies and e-commerce environments continue to grow, creating multiple points of access to cardholder data and online retailers will only become more appealing targets for hackers. Cybercriminals are cunning and determined. They understand payment card infrastructures as well as the engineers who designed them.

A scary proposition and it’s exactly why the payment card industry is so determined to help keep e-commerce organizations protected. Meeting the new standard, businesses will be better armed to fight evolving threats. Changes will also drive more consistency among assessors, help business reduce risk of compromise and create more transparent provider-customer relationships.

Transitioning to PCI DSS 3.0 will involve some work, but doing that work on the front end is going to save much work down the line. Adopting the new standard ultimately will drive your e-commerce business into a secure and efficient era.

Cultural Changes – One of the main themes of 3.0 is shifting from an annual compliance approach to embedding security in daily processes. Threats don’t change just once a year. They’re constantly evolving and that means e-commerce organizations must adopt a culture of vigilance. Only through a proactive business-as-usual approach to security can you achieve true DSS compliance. Realistically, this could mean the need to provide more education and build awareness with staff, partners and providers, so that everyone understands why and how new processes are in place.  

Operational Changes – The 3.0 standard addresses common vulnerabilities that probably will ring a bell with many of you. These include weak passwords and authentication procedures, as well as insufficient malware detection systems and vulnerability assessments, just to name a few. Depending on your current security controls program, this could mean you’ll need to step up in these areas by strengthening credential requirements, resolving self-detection challenges, testing and documenting your cardholder data environment and making other corrections.

Overview Changes – How much work lands on your plate will depend on your current security program. Examining your current security strategies and program is a good idea. Below are the areas requiring your attention, which this series will explore in more detail in future installments.

Service Provider Changes –  Some organizations made unsafe assumptions in the past when it comes to third-party providers. Some have paid the price, from failed audits to breaches. One reason that the new standard is designed to eliminate any confusion over compliance responsibilities. Responsibilities, specifically for management, operations, security and reporting all will need to be spelled out in detailed contracts. In addition to improved communication, an intensified focus on transparency means that you should have a clear view of your provider’s infrastructure, data storage and security controls, along with subcontractors that can impact your environment. So if your organization isn’t exactly clear on which PCI DSS requirements you manage and which ones your providers handle, prepare to get all of that hammered out.

The Compliance Rewards – The path to preparing for the 3.0 deadline in January 2015 sounds like it’s a lot of work. So to get started request your QSA’s opinion on how the changes will impact your organization, by doing the gap assessment and you’ll be able to address any shortcomings.    

Meeting the new 3.0 requirements isn’t just about passing audits. In fast paced payment IT landscape, staying smart and protected is part of our commitment to our customers. Beefing up security game not only reduce audit headaches, but also enjoy stronger brand reputation as a safe and reliable e-commerce business.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, e-commerce & m-commerce, Electronic Payments, Financial Services, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,