The volume of online payments has skyrocketed in recent years and shows no signs of slowing down. Analysis from Statista predicts that the total value of digital payments globally will reach $11.55 trillion by the end of 2024.
A key factor in this surge has been digital transformation of the financial services industry. In recent years, institutions have pursued a campaign of rapid digitization of services in a bid to meet growing consumer demands.
The speed, efficiency, and ease of online transactions makes it an appealing option for everyday consumers and businesses alike, ensuring seamless payment capabilities.
While this sharpened focus has delivered benefits for both providers and clients, there are still significant risks associated with online payments and financial services companies.
Cybersecurity-related threats have risen significantly for providers in recent years. According to cybersecurity firm Sentinel One, financial institutions reported the second largest number of data breaches in 2023 by sector.
Similar research into security risks from the International Monetary Fund found financial services companies lost $2.5 billion due to cyber attacks between 2020 and 2024 alone.
The use of distributed denial of service (DDoS) attacks against payment services has been a key threat for many organizations. This type of attack has been a long-running challenge for operators, with the US National Credit Union Association (NCUA) having raised the alarm on DDoS attacks five years ago, in 2019.
Payment services are beholden to strict regulatory requirements
Security incidents of any kind can be highly damaging for financial services institutions, leading to a drop in consumer trust and significant financial losses due to remediation and recovery costs.
In addition to these potential effects, financial services institutions can also fall foul of stringent regulations aimed at improving the safety of online payments.
The UK’s Payments Services Regulations, for example, requires operators to employ robust customer authentication practices for electronic payments.
Additionally, payment initiation service providers (PISPs) must also harness techniques to protect the confidentiality and security of a users’ credentials and personally identifiable information.
In the European Union, a piece of legislation known as the Payment Services Directive 2 (PSD2) requires PSPs to maintain strict cybersecurity practices. These rules apply not only to businesses operating within the union, but also those actively engaging with customers based in the region.
In mid-2023, the European Commission published draft legislation for the third iteration of the Payment Services Directive, PSD3, alongside drafts for a new Payment Service Regulation (PSR) specifically aimed at strengthening security practices for payment services providers.
In particular, the PSR legislation looks to reduce the volume of payment-related fraud, bolster broader security practices, and improve the reliability of payments.
Analysis of both PSD3 and PSR from EY shows that by building on PSD2, the new legislation will help create a safer operating environment for financial services institutions and consumers alike.
“Compared to PSD2, PSD3 and PSR increase the regulatory scope, demanding more providers to combat payment fraud, reduce reliance on cumbersome technical data interfaces, and overall removing obstacles for payment providers and consumers for safely using payment services,” the consultancy said.
Choosing the right payment provider is critical
With these considerations in mind, it’s critical that businesses implement techniques that mitigate risks for consumers. One approach is to remove the volume of sensitive customer information held to limit potential exposure.
A host of providers, including NatWest, have implemented such measures to reduce customer exposure while maintaining efficient services. NatWest’s Payit™ platform is a secure service that’s specifically aimed at protecting user privacy and curtailing the risk of fraudulent transactions.
You can find more information on the Payit™ platform and how it could benefit your business by visiting NatWest online.
Disclaimer
You will need to sign up to Payit™ terms and conditions and you may need to hold an account with us. Your business must be based and trading in the UK with a turnover above £2M. You must be 18 years or older. Fees are based on the volume and average value of transactions.
