Christian Damour, Product and Services Manager – Security at FIME
As worldwide card fraud continues to rise, it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses. One of the key elements of keeping data secure is PCI DSS compliance. The security standard has been around for a long time. But, shockingly, not all payments actors take it seriously. So, what is PCI DSS and why is it so important?
Introducing PCI DSS
PCI DSS compliance is a requirement for any entity storing, processing or transmitting customer cardholder data.
Whenever a card payment is made – in-store, online or over the phone – the acceptance and processing infrastructure needs to be secure. To restrict the opportunity for fraud, the major payment brands (American Express, Discover, JCB, Mastercard and Visa) created the Payment Card Industry Data Security Standard – aka, PCI DSS.
Tackling the technical: why is PCI DSS so important?
Fundamentally, PCI DSS helps to prevent fraud for both consumers and businesses. When thoroughly aligned with the standard’s requirements, the risks of cardholder data being compromised are significantly reduced.
However, the requirements are much more technical than other industry standards. Plus, many companies are not used to managing the myriad areas that need to be controlled across a payment IT infrastructure.
But failure to comply is dangerous, and common. Negative consequences include lost funds, identity theft, financial fines and, crucially, reputational damage. Research from Verizon in 2018 found that no organization affected by a payment card data breach was in full compliance with the PCI DSS requirements. This is a testament to the need for compliance to be taken more seriously.
Building compliance into your business
PCI DSS aims to pin-point the simple mistakes cyber thieves commonly target, such as weak passwords, misconfigured technologies and uneducated employees.
It may be tempting to just “check the boxes” of compliance. But dedicating the time to do a thorough infrastructure review is vital to protect your business. Responsibility does not just sit with merchants, either. Every entity touched by cardholder data has a role to play in ensuring the security and integrity of their systems to protect cardholder data.
This can be hard to achieve alone. But with the right approach and partner, companies can seek to significantly reduce the scope of its infrastructure that falls under PCI DSS. This in turn reduces the risk, ongoing expense and time of compliance long term. At the same time, it encourages the introduction of new technologies and methodologies to increase efficiency and deliver new innovative value-added services.
Seizing the opportunity
It is true that PCI DSS compliance can be complex, time consuming and expensive. But by not approaching compliance in the right way, your business could put data at risk. It could also exponentially increase the cost and time required to become certified. This is without considering the devastating impact that fraud could have.
By working with a strategic partner, merchants, public transport operators (PTOs), processors and acquirers can turn certification nightmares into business enablers. Utilizing their deep understanding of the ecosystem and the nuances of PCI DSS, the rules can be applied intelligently to reduce the scope of your compliance. This cuts the time and cost investment needed, all while reducing risk. What’s more, the right partner can help you to put new technologies and infrastructure to work, adding value to your business and customers.
To learn more about the challenges and opportunities of achieving PCI DSS compliance, read our eBook.
‘MOVE FAST BUT DON’T BREAK THINGS’ – WHY FINTECHS WILL COME TO LOVE REGULATION
Alex Johnson, Director of Portfolio Marketing, FICO
The guiding ethos of fintech is move fast and break things. It’s the fundamental advantage that disruptors have over the incumbents they’re disrupting — the ability to move quickly and make mistakes, learn from them and deliver innovative services to customers. Generally, this ethos is presented as a virtue. Banking is ‘broken’ so any investments in improving it are both notable and noble – even if there are bumps along the way.
Conversely, anything that stands in the way of this ‘march of progress’ is generally cast as a villain.
The most prominent villain for fintech companies is regulation. From their perspective, it’s a competitive moat, based on rules written for a different century, that protects banks’ ability to make money without needing to innovate and offer more or improved services to their customers.
So, it’s easy to see why a fintech company — believing fully in the virtue of its mission and faced with a litany of illogical and intractable regulations — might just say ‘we’re doing it anyway.’ That’s what Robinhood co-founder Baiju Bhatt reportedly did when his company tried to roll out a checking and savings product that it claimed was insured without confirming that with regulators first.
The problem is that while we may mythologise the ‘move fast and break things’ ethos in the abstract, consumers don’t love it when their stuff breaks in the real world.
And when fintechs and challenger banks aren’t constrained by regulation (as they mostly are in the U.S and Europe) the harm caused by this ‘move fast and break things’ approach can be much more severe than a service outage or a false claim of deposit insurance.
Stories from overseas
In China, online P2P lending exploded in popularity, with the number of P2P lenders growing from 50 in 2011 to 3,500 in 2015. Then the whole industry imploded when it was revealed that 40% of P2P lending platforms were Ponzi schemes.
In India, online lending companies raised a record $909 million in venture capital last year (the third-biggest market behind the U.S. and China). And those lenders are now using personal data from borrowers’ mobile phones to make lending decisions – which although illegal, is reportedly ignored by Indian regulators.
In the Philippines (another emerging market where venture capital dollars for online lending are pouring in), the National Privacy Commission is investigating hundreds of complaints from consumers about lending apps leveraging their personal data to shame them into making their payments.
A prediction for the decade to come
In the 2020s, I believe fintech companies will come to love – or at least quietly appreciate – regulation for two primary reasons:
Fintechs and challenger banks understand that brand recognition and affinity is key to their long-term success. Building their brands will be a challenge. A recent survey of 2,000 Brits found 40% don’t trust challenger banks at all and 67% said they are more likely to do business with banks that have branches on the high street. As Zach Bruhnke, co-founder and CEO of U.S. challenger bank HMBradley recently said, ‘We’re going to have to grow by word-of-mouth and doing the right things for our customers.’
Fintechs and challenger banks focused on the long-term task of building brand affinity and trust will, over the next decade, come to despise bad actors that skirt the rules and dress up get-rich-quick schemes in the same language they use to describe their own firms. Regulations that constrain and/or shut down these bad actors will be increasingly appreciated by legitimate market participants.
In the 2010s, we saw the beginning of a trend that will strengthen in the 2020s — regulations designed to foster competition between incumbents and new market entrants. To date, such regulatory action has run the gamut, from vague (innovation sandboxes and special-use charters) to hyper-specific (U.S. regulators’ cautiously approving the use of alternative data, or the Bank of England considering giving non-banks access to its 500-billion-pound balance sheet). Perhaps, most promising, has been the work done by the Competition and Markets Authority (CMA), which has been proactively driving the adoption of rules and standards around Open Banking for past couple of years. O
ver the next decade, through careful management of public perception and increased investment in lobbying, fintechs and challenger banks will further reshape the regulatory environment from a competitive moat to a more level playing field.
Reaching fintech maturity
’As a licensed broker-dealer, we’re highly regulated and take clear communication very seriously. We plan to work closely with regulators as we prepare to launch our cash management program’.
This was the statement issued by the chastened co-founders of Robinhood shortly after they backed away from their plan to launch a checking and savings product without government insurance. And here’s the crazy part — that’s exactly what happened! Less than a year later the company announced a new deposit product, this time insured by the Federal Deposit Insurance Corporation (FDIC).
As fintech companies mature in the 2020s and the focus of their strategic objectives shifts from growth to profitability, regulation will play a vital role in transforming the ethos of those companies into something a bit more sustainable. Call it ‘Move fast, but don’t break things’.
HOW TO MERGE YOUR FINANCES AS A COUPLE?
By Nelisiwe Ndlovu, Certified Financial Planner at Alexander Forbes
There is never a good time to discuss finances with your partner, married or unmarried, and one key issue that needs to be discussed is whether you should merge your finances.
Joining all your money matters can seem overwhelming at first, so you don’t have to combine every bank account and credit card from the get-go.
Start by having an honest discussion with regards to your individual money management and financial commitments before deciding to merge or co-manage your household finances while deciding if you want to fully merge all your finances. Detail all individual income, expenses, and all your financial commitments. The best way to achieve this would be to first take your individual budgets and combine them. This will tell you what you can and cannot afford as a couple. If one partner does not usually budget, this is a chance to start doing so as this will ensure that your household finances are under control.
Before you think about merging your finances, be open and honest about:
- How much you earn – what is the income that you will bring home? What is the frequency of your income? Are you permanently employed or a contractor?
- What are your current individual expenses and financial commitments? List your assets and your current debt.
- Your individual financial goals and money management techniques – don’t worry if you might have not figured this out at the time of merging your finances – the important thing to do is to be open and honest so that you both build a stronger money foundation
- Disclose your financial obligations, this becomes very tricky if left until too late and may cause unnecessary tension in the relationship
- What are your goals as a couple – what is the purpose for merging your finances?
Married couples can formally or informally merge their finances as detailed above where household expenses are split between the couple (the split could be 50/50 or any fair split agreed upon by the couple, which could be based percentage-wise depending on one’s income). Some couples tackle finances by adopting the ‘pick a bill’ approach, where one couple pays the water and electricity while the other covers the food.
Being married does not mean necessarily that you need to have one joint account. You may also just want to open one joint account where you each deposit money to pay just your monthly household expenses.
The top five things to remember when merging finances as a couple:
- Have the ability to manage your own finances before expecting another person to merge their finances with you.
- Be mindful of your potential spouse/life partner’s money management behaviour and skills so that there are certain things you can address together before considering merging your finances
- Always keep an open line of communication – honesty is the best policy
- Set a money limit which you can each spend without having to consult each other
- Don’t forget to change your wills and beneficiaries on pension or provident funds as required.
THE END OF YEAR TAX CHECKS THAT COULD SAVE YOU THOUSANDS
Charlie Reading, Founder and MD of Efficient Portfolio After HMRC’s tax return deadline at the end of January, it can be...
RISK VS REWARD: IS AI TAKING OVER?
Xavier Fernandes, Analytics Director at Metapraxis A study by Oxford University academics into “The Future of Employment” in 2013 prompted...
HALO TRUST USES ADAPTIVE INSIGHTS FOR STRATEGIC BUSINESS PLANNING
Cloud-based financial planning helps HALO Trust deliver greater benefit to communities affected by war Adaptive Insights, a Workday company,...
IS DATA PROTECTION AND PRIVACY RELEVANT ACROSS ALL STRATA IN INDIAN SOCIETY?
A Study by Pensaar Design With CGAP Pensaar Design has been working on a research study with CGAP to better...
THE RISE OF CHALLENGER BANKS AND HOW LEGACY BANKS ARE TRYING TO KEEP UP
Jean Van Vuuren, Regional VP for UK, Middle East and South Africa at Alfresco The finance world has been...
NEW STUDY: AI HELPS ORGANISATIONS GROW PROFITS 80 PERCENT FASTER
Global research highlights how organisations are capitalising on emerging technologies to enhance finance and operations for competitive advantage Organisations...
UK START-UPS MUST MAKE THE MOST OF A SMALL WINDOW TO CAPITALISE ON INVESTMENT OPPORTUNITIES, FOX WILLIAMS WARNS
Despite rising investment, Brexit and growing interest from tech giants could cut off start-ups’ opportunities in 2020 While a...
XPEDITION UPGRADES MORE THAN ONE MILLION OPENWORK CLIENTS TO THE DIGITAL AGE
Xpedition, leader in the implementation of cloud-based business applications, has deployed a new system which has digitally transformed the customer...
ORACLE AND MICROSOFT BRING ENTERPRISE CLOUD INTEROPERABILITY TO EUROPEAN CUSTOMERS
Today, Oracle is announcing the continued expansion of its cloud interoperability partnership with Microsoft with a new cloud interconnect location in Amsterdam....
THE EMOTIONAL AND FINANCIAL COST OF WORKING WITH OUTDATED TECHNOLOGY
Slow Tech Could Waste 24 Hours of Worktime a Year In this digital age, businesses are hugely reliant on technology...
HOW TECHNOLOGY IS FUTUREPROOFING STOCK MARKET TRADING
Tony Shaw, Executive Director, London Office and Head Sales UK & Ireland at the Swiss Stock Exchange Markets are shifting,...
REVEALED: THE TOP 10 COUNTRIES THAT ARE REDUCING THEIR RELIANCE ON OIL
Ben Lobel, Copywriter at DailyFX New tool charts global commodity trading over the last decade The UK has reduced its...
‘MOVE FAST BUT DON’T BREAK THINGS’ – WHY FINTECHS WILL COME TO LOVE REGULATION
Alex Johnson, Director of Portfolio Marketing, FICO The guiding ethos of fintech is move fast and break things. It’s...
OFFSHORE COMPANY FORMATION TACTICS FOR SMEs
James Turner, Director at company formation specialists, Turner Little Starting a business brings with it its own set of challenges,...
EMV® 3DS – PAVING THE WAY FOR SEAMLESS AUTHENTICATION
Jean Fang, Product Manager, FIME The growth of e-commerce, m-commerce and remote commerce transactions is showing no signs of...
WITHOUT C-SUITE COLLABORATION DIGITAL TRANSFORMATION IS UNLIKELY TO BE SUCCESSFUL WITHIN FINANCIAL SERVICES
By Nick Gold, founder and Chief Executive of Speaker’s Corner A path to digital transformation Mapping a clear path...
LOOKING BEYOND THE PAYMENTS PRICE TAG
Rob Straathof, CEO, Liberis In the face of tough competition, cutting costs often seems like the quickest and easiest...
MITEK SETS NEW IDENTITY VERIFICATION STANDARD WITH ONE STEP LIVENESS DETECTION
Omnichannel Liveness Detection ensures more effective, safe and simple identity verification Mitek (NASDAQ: MITK, www.miteksystems.com), a global leader in digital identity...
HOW TO MERGE YOUR FINANCES AS A COUPLE?
By Nelisiwe Ndlovu, Certified Financial Planner at Alexander Forbes There is never a good time to discuss finances with...
INTERNATIONAL BANKING NETWORK IBOS ASSOCIATION APPOINTS NEW MANAGING DIRECTOR
International banking network IBOS Association is delighted to announce the appointment of its new Managing Director, Manoj Mistry. Formerly Managing...