What are the critical challenges confronting payment security today?

 George Ralchev, Group Head of Risk Management, emerchantpay


Amidst the constant evolution of technology and the dynamic shifts in consumer behaviour, unfortunately, bad actors have seized the opportunity to exploit vulnerabilities in security to undertake cyber attacks, meaning the demand for robust payment security has surged in importance for merchants, consumers and all stakeholders involved in the payment process.

Cyber attacks may involve the encrypting, stealing or destroying of data upon which critical systems depend, or they may result in disruption to operational systems. Research from the UK government shows that cyber attacks are among the UK’s top security risks in 2023.

Multiple looming threats necessitate the vigilant focus of the payment industry, demanding immediate action to fortify payment system integrity and secure sensitive financial data.


Phishing attacks and card data breaches 

Among the prevailing cybersecurity threats confronting businesses, two are significantly rising: card data breaches and phishing attacks, through which malicious actors adeptly pilfer sensitive information via increasingly intricate fraudulent emails and websites.

Phishing attacks are becoming ever more intricate, transcending traditional email channels to encompass text messages and a diverse array of personal communication avenues. This doesn’t only result in financial woes; it also erodes customer trust, posing a grave threat to a business’s reputation.

Card fraud introduces a dual threat, casting a shadow over both merchants and consumers alike. For consumers, these breaches place their personal information, including sensitive financial details, in peril, making them potential prey for an array of crimes, including identity theft. For merchants, the stakes soar, involving the spectre of potential litigation, revenue loss, and the gradual failing of consumer trust.


AI’s impact on cybersecurity 

The emergence of AI has ushered in tools that have found utility in the hands of cybercriminals. For instance, technologies capable of mimicking human voices can deceive individuals into believing they are interacting with a trusted source, coaxing them to divulge sensitive information. The consequences of these technologies circumventing security measures could result in substantial breaches that affect individuals and organisations alike.

Predicting the trajectory of the next technological wave and its risks from malicious actors remains a challenge. Nevertheless, there’s an imperative shift towards implementing more sophisticated and secure authentication methods, fortifying payment security and implementing a resilient defence against the ever-expanding landscape of cyber threats, whether they are familiar, emerging, or entirely unforeseen.


Enhancing authentication through Multi-Factor Verification 

The utilisation of Multi-Factor Authentication (MFA), incorporating elements like biometrics and behaviour analysis, plays a pivotal role in reducing fraudulent activities and fortifying payment security by introducing an additional layer of safeguard into the authentication process. For instance, MFA necessitates users to present multiple forms of verification before gaining entry to their payment accounts or conducting transactions. These encompass something they know (e.g. a password or PIN), something they possess (e.g. a device), or something inherent to their identity (e.g. fingerprint or facial recognition).

Through the demand for multiple factors during authentication, MFA significantly raises the bar for cybercriminals seeking unauthorised access to accounts or sensitive data. Even if one factor, such as a password, is compromised, access to other factor(s) remains elusive.

Furthermore, MFA methods exhibit adaptability across a spectrum of payment scenarios, encompassing online and mobile payments. This flexibility assures users the seamless application of MFA, irrespective of the specific payment channel they engage with. Simultaneously, it underscores the necessity for merchants to maintain close collaboration with their payment service providers, ensuring the prompt deployment of MFA when required while optimising their conversion rates.

As we grapple with the intricate challenges posed by cyber attacks, phishing schemes, and the profound impact of AI, one thing is certain: there is a call to action that businesses cannot afford to overlook. The collaborative efforts between merchants and their payment service providers are paramount, marking the way forward towards a safer and more secure digital ecosystem, one that safeguards sensitive data and preserves trust in an interconnected world.



Explore more