Compliance is a perennial concern for CIOs and IT teams, particularly when it comes to storing and processing sensitive customer data.
Online payments have sped up the financial transaction process for businesses, allowing them to reach scales and growth rates that were previously impossible. But ensuring that customer payments are secure, along with safely storing customer payment information following their purchase, is a strain that has come along with this leap forward.
Keeping up with compliance demands can be a strenuous task and the security and data protection obligations required can be a major drain on businesses. UK businesses have a duty to remain compliant to the Data Protection Act 2018 (DPA 2018), the UK’s implementation of the EU’s General Data Protection Regulation (GDPR). A recent survey by the National Bureau of Economic Research (NBER) found that GDPR compliance costs enterprises $70 million (£52 million) per year.
To ease this strain, businesses should look to upgrade their payment system to the most up-to-date solution possible, with a secure-by-design approach that cuts the need for manual work. This is open banking.
Open banking is the use of application programming interfaces (APIs) to securely connect third-parties to financial data. It can be used to process customer payments without needing to collect and store personally identifiable information (PII) such as a customer’s bank details.
No one company has control over open banking, which is a standard that was mandated for banks in the EU under the Second Payment Service Directive (PSD2). In the UK, it was implemented under the Competition and Market Authority’s ‘Retail Banking Market Investigation Order 2017’, which mandated the UK’s nine largest banks to agree to a standard API for open banking.
Companies looking to harness the benefits of open banking should choose a solution by a trusted banking partner, such as Payit™ by NatWest. This allows customers to send payments online securely without the enterprise needing to store debit and credit card records.
A streamlined payment process
When a customer makes a payment to a business using Payit™ by NatWest, they’re redirected to authorize each payment through the online portal of their chosen bank, which is contacted directly by the Payit™ API.
At the end of the process, the customer’s unique transaction ID is combined with a date, for a sanitized receipt that can be used to securely keep track of customer payments.
The service is also capable of streamlining other financial transactions such as Variable Recurring Payments, an open banking alternative to direct debits. This helps businesses receive regular payments for services rendered, without having to retain customer details.
At present, businesses have to keep a Direct Debit Instruction (DDI) from customers authorizing their PII to be kept on file. But Payit™ removes the need for this excessive paperwork while ensuring compliance is upheld.
Finance teams can also use Payit™ to generate a secure link for customers to pay for specific services. As this is handled via API, businesses can cancel them without delay if needed and can view secure historical data for payments made via the link.
As Payit™ connects directly with your company’s existing business payment systems, customers can embrace this easier payment process without your staff having to learn to use new software.
In short, all systems can stay as they are without the need for duplicate data to be created or stored.
Secure foundations for peace of mind
Open banking has inherent features that greatly reduce the burden of data compliance and governance on IT leaders.
This is because, as outlined above, payments made using services like Payit do not necessitate a customer’s PII being sent in full, nor does it need to be stored by a firm receiving payments from a customer.
As the compliance landscape becomes increasingly complicated, services such as Payit™ by NatWest help businesses stay on top without having to allocate more time and money to storing customer information.
From a customer perspective, services such as Payit™ provide a greater degree of freedom for payments, as they can be given assurances that their PII is kept secure, only used when necessary, and only securely used to enhance third-party fintech services with their consent.
All of this meets the stringent controls set out in PSD2, as well as the spirit of legislation such as the EU’s General Data Protection Regulation (GDPR) and UK’s Data Protection Act 2018.
Other open banking methods present within Payit™, such as strong customer authentication (SCA) help ensure users have ultimate control over how and when payments are made. This provides peace of mind when it comes to payment privacy, on top of the assurances that come with making transactions via a certified secure API.
NatWest is also planning to allow Payit™ to handle international payments in the future. This will help businesses meet compliance requirements for cross-border transactions without needing to add an additional compliance layer; it will simply come as one of the many benefits of the service.
All of this helps enterprises know that onboarding Payit™ by NatWest won’t add to their existing compliance burden. An accredited open banking solution, with built-in protections against generating or storing sensitive data, Payit™ is a win-win for leaders looking to embrace the convenience and scalability opportunities of online payments without the accompanying compliance headaches.
For more information on how open banking can ease your compliance problems could help your business visit www.payitbynatwest.com
Disclaimer
Eligibility criteria and fees apply. You must hold a business current account with the NatWest Group and you will need to sign up to full Payit™ terms and conditions. You will need to allocate technical resources to work with NatWest to integrate the solution. Fees are based on the volume and average value of e-commerce transactions. Speak to a NatWest Relationship Manager for further information.
