For the CIOs and CTOs of banks and PSPs, fraud and security are never very far from their minds. Protecting both their own organisations and their merchants from the threat of cybercrime is a truly business-critical challenge – and one in which the stakes are always changing.
The ongoing COVID-19 pandemic has brought the issue even more to the fore. With many bank branches closed, cybercriminals have jumped at the chance to develop tailored scam and spear phishing campaigns, attempting to steal consumers’ login credentials. Others have capitalised on people’s desire for information in these uncertain times, creating phishing emails purporting to offer official updates and advice. According to one report, more than 500 coronavirus-related scams and over 2,000 phishing attempts had been made in the UK by early April alone.
At the same time, the pandemic has exacerbated demand for online shopping. According to one estimate, global online retail sales increased by 74% in March compared with the same period last year. Growth in the ecommerce sector can be a great opportunity for merchants, but it also introduces new security and fraud challenges, particularly when such expansion happens internationally, across multiple different jurisdictions. Different countries have different regulatory frameworks regarding fraud and cybersecurity, and merchants trading across them need to take account of this.
The upshot for banks, PSPs and other payment companies is a more dynamic, diverse and challenging fraud and security landscape than ever before – and one that their CIOs and CTOs need to be able to navigate with ease. How to do this?
Meeting merchants’ fraud and security requirements – worldwide
A foundational principle has to be ensuring that the payments platform meets all relevant legal and regulatory requirements designed to protect the ecommerce landscape from fraud and cybercrime – that is, the likes of PCI DSS, PSD2, GDPR and so on.
In one sense, this is relatively clear and straightforward – in another, it is hugely complex. The regulatory and compliance landscapes are evolving all the time, and if merchants are trading across multiple different countries, then the combination of fraud and security requirements can get even more complicated.
A payments platform that is truly putting merchants’ needs first should also offer integration with a range of security and counter-fraud solutions, so that customers can pick and choose the right combination according to their needs. However, this is yet another challenge for CTOs and CIOs to pick up.
White-labelled payment platforms: a solution for retaining control?
This is why an increasingly compelling option for payment businesses can be to deploy a white-labelled payments platform as opposed to developing one in-house.
This model offers immediate access to a wide range of fraud and security solutions – all already integrated with the payments platform. And it is the platform provider that ultimately takes responsibility for managing security and compliance across different jurisdictions and payment methods – not the CIO or CTO. All they need to do is undertake a single integration with the platform in question.
Furthermore, this integration is far faster than the time to build a payments platform – a boon for CIOs or CTOs who have been tasked with a payments platform development project but have competitors to keep up with. Creating a new payments platform from scratch will take years but integrating with an existing platform and white-labelling it can take weeks or even days.
Migration of merchant data is typically similarly quick and seamless, with no downtime and disruption of normal business operations. And this is another crucial piece of the fraud and security picture, because merchant downtime can be exploited by fraudsters and criminals to target their customers or even attack their infrastructure.
Staying in control of digital payments is a crucial challenge for CIOs and CTOs of all banks, PSPs, and payment businesses. A white-labelled payments platform can be the answer.