• Sharebar
Banking
Wednesday, July 8, 2015 - 02:16
Password nightmare

Credit card fraud continues to increase and more than R454m was lost last year from R366m in 2013. For businesses to protect themselves, it's safer to entrust sensitive information to a reliable third party than managing it yourself - especially in the e-commerce space.

The days are long gone when you could protect your bank accounts by keeping your PIN number safe, says PayGate IT Director David Beukes - these days the business of security is a lot more complex and best left to experts.
“We all instinctively believe that if something is close to us, it’s under our control and secure,” he says. “But as financial transactions have become more complex and abstract, the balance is shifted: it’s now safer to entrust sensitive information to a reliable third party and keep it at arm’s length.”
He says the rise of personal password vaults is a good example. “Nowadays we all have so many logins and passwords it’s impossible to remember them all. Many people are tempted to have just one or two passwords and use them everywhere, but that’s a security nightmare waiting to happen. Instead, it’s better to use a password manager like LastPass or 1Password that can generate and store complex passwords easily.”
In the same way, he says, “we want the lowest possible number of people to have access to our credit card details. The technology and processes needed to keep this information secure are complex and expensive: only banks, specialist payment gateways and very large retailers can afford it.”
The lesson for almost all online retailers, he says, “is don’t try to do it yourself. Don’t process your own payments, and don’t ever let customer card details pass through your own servers. Rather integrate with a payment service provider you can trust to keep that information secure -- and delete it promptly when they no longer need it.”
Compliance with the global Payment Card Industry Data Security Standard (PCI DSS) is the current gold standard, he says. “South Africa’s banking system is sophisticated and our banks take security very seriously -- at PayGate it’s notable that the banks have been following up with us on our levels of PCI compliance, conducting audits and beefing up their own internal security teams. This is all a very good sign.”
For consumers, he says, “the lesson is to deal only with online retailers who are either PCI compliant themselves - which is only possible for the very largest organisations -- or hand off all their transaction processing to a PCI-compliant service provider. Nothing is ever 100% secure, but that is the best protection available.”

About PayGate

PayGate is a payment service provider that offers online retailers simple, effective services to accept electronic payments, which can be a very complex part of running a business. It offers merchants connections to multiple acquirers and fully manages the technical connections and relationships with the banks, card, and payment networks. It also offers risk management services with payment notifications, settlement reports and fraud protection. PayGate is linked to more than 70 banks in over 30 countries and has been providing secure, reliable online payment services since 1999. Its immediately accessible services help businesses of all sizes stay on top of the continuously evolving world of online payments. For more information visit www.paygate.co.za

Copyright © Insurance Times and Investments® Vol:28.7 1st July, 2015
2089 views, page last viewed on October 20, 2019