Businesses across the world are locked in a perpetual battle with legacy IT and infrastructure – and replacing these older systems with newer pipelines and processes is no easy feat. Payments mechanisms and other types of financial infrastructure are a key example of this, but refraining from moving on from such legacy systems introduces more problems than simply lagging behind with the times.
Not only can older payment systems fall below customer expectations, they are also potentially vulnerable to attack from cyber criminals. Exploitation of this weakness could be catastrophic for any business.
Embracing the principles of open banking, on the other hand, could be a step in the right direction, especially as it’s founded on secure protocols like end-to-end encryption to protect customer data. Services like Payit™ from NatWest are tapping into open banking in the services offered to customers to provide an intuitive, friction-free experience. It’s also a safer experience, thanks to security being embedded by design into the product, while also offloading these processes and workflows from the customer, effectively reducing opportunities for cyber criminals.
The vulnerability of legacy payment systems
Since financial services went online some 20 years ago, various payment methods have emerged to manage financial transactions, from online shopping to mobile banking and proprietary services provided by large organizations to manage the customer payments journey. While these technologies may have offered something new at the time, several are now not only outdated, but have also been vulnerable to attack the entire time.
Some common threats include Tojans that can infect PCs, especially banking Trojans, and denial of service (DOS) attacks that try to flood services with requests in order to take them down. Digital platforms, meanwhile, can be vulnerable to attack if code is not written properly. There is also the prospect of phishing attacks, in which attackers may pose as trusted platforms to communicate with unsuspecting users through email or text message — to harvest credentials from them. Beyond malware and poor patching, application vulnerabilities and middleware are also a vulnerability, according to ACI Worldwide, alongside third-party service providers that have been the victim of a data breach. The Ponemon Institute found that third-party organizations accounted for 42% of all data breaches, stressing the need to guarantee supply chain security.
This "Wild West'' of the online payments sector is an inadvertent byproduct of its success. Modern systems can counteract these threats, however, thanks in part to the principles of open banking and products like account information services (AIS) can ensure many of these problems are mitigated. This is because regulations like GDPR and Strong Customer Authentication (SCA) — as well as the payment service regulation (PSR) — are ingrained in AIS. Plus, with AIS designed to replace manual processes with a smoother and more automated workflow, it eliminates many of the potential points of failure that we are used to seeing in online payments. This is where adopting services like Payit™ by NatWest can strengthen a company's security posture and eliminate the risks once associated with digital payments.
The security-by-design of Payit
With open banking breaking down silos and encouraging data to be shared between financial institutions as well as to licensed providers, like Payit™, it does introduce some risks — which is why embedded security is essential. Modern payment systems like Payit™ are underpinned by the principles of open banking, of which end-to-end encryption is a key component. This means that AIS systems are encrypted, allowing end users to share information with merchants securely and without the threat of interception.
Payit's proposition to unite payments and data sharing — combined with the seamless and automated one-click nature of the verification service — also reduces the threat of fraud. There is no need to use intermediary services or manually enter any information.
This means cyber criminals who formerly relied on assuming these roles and swindling customers into believing they were legitimate organizations will lose out. When setting up direct debits, for example, merchants using AIS can validate customer details and screen any information they need to with ease. It guarantees a degree of fraud protection that's ingrained into the product and verification is also conducted in real time.
Businesses, especially those that must handle the payments of numerous customers on a regular basis, can also enjoy a much reduced attack surface given they don't need to take on, record, or process customer information. Using NatWest's Payit™ means letting the service provider take control of these processes — especially accessing customers' bank account information, which can only be done with explicit customer consent. With the backing of a major financial institution in NatWest, and the layers of security protocols already in place, Payit™ can provide large businesses and their customers the ability to make online payments a fuss-free and streamlined experience.
For more information on how secure payments could help your business visit Payit™ by NatWest .
Eligibility criteria and fees apply. You must hold a business current account with the NatWest Group and you will need to sign up to full Payit™ terms and conditions. You will need to allocate technical resources to work with NatWest to integrate the solution. Fees are based on the volume and average value of e-commerce transactions. Speak to a NatWest Relationship Manager for further information.
