As we enter the final months of the year, we would like to look back at October, which also happened to be National Cybersecurity Awareness Month in the United States. Cybersecurity is a top concern for executives in all industries, at all company sizes, and of all organizational motives. Today, we would like to talk about cybersecurity in payments, and tips to protect your company’s finances.
Cybersecurity: Always a Top Concern for CEOs
According to the 2016 US CEO Survey completed by PwC, leaders—especially those in technology, banking, insurance, and media—are ‘extremely concerned’ about their cybersecurity and are beginning to acknowledge that cyber threats and cybercrime are issues they must proactively address to advance to the forefront of digital business.
"Information security will continue to be a major concern for CEOs in 2016. We've all seen a rise in increasingly sophisticated methods that hackers use to gain login credentials, sensitive data or — worse yet — money from their victims. Cyber security is no longer a concern solely for the IT department — everyone in an organization, right up to the CEO, must remain vigilant to protect against breaches." – BC Krishna, CEO, MineralTree
These concerns are well justified, and executives must sustain their focus on—and investment in—cybersecurity and acknowledge its pivotal role in our connected world.
Key Focus: Payments Security
One of the most commonly targeted parts of an entity is said entity’s finances. Compromised emails, phony vendors, EFT fraud and more, pose immense risks for organizations. Cyber threats need to be addressed with planning, awareness, and technology.
According to the 2016 Trustwave Global Security Report, the vast majority of attacks were designed to breach payment card and financial data—31% targeted card track data, 29% targeted card-not-present data, 7% sought financial credentials, and 4% sought personally identifiable information (PII).
This is why it pays to secure your payments practices in any way possible. In a recent blog on the WEX website, we took a look at the steps organizations can take to improve the security of their payments processes:
- Secure Payment Hardware and Software: Implement multifactor authentication rather than relying on a password to prevent unauthorized access and limit the number of authorized users, particularly those with admin privileges.
- Define a Secure Payment Process: Implement a funds management and payment process that reduces your risk. Log all activity and review it daily. Go beyond reconciling payments to reviewing all admin changes in the payments software, such as adding users or modifying privileges.
- Train Your Staff: While the dual controls and reconciliation process may make employee fraud easier to detect, you also need to train your staff on safe computing practices to avoid accidental compromise of payments. Emphasize smarter password use and train employees to recognize phishing attempts from unscrupulous attackers.
Virtual Card Numbers on the Forefront of Payments Security
An option for more secure (and lower-cost) B2B payments processing is the virtual card number (VCN). VCNs are becoming a widely adopted digital alternative to wire transfer payments, especially for cross-border payments. With the VCN, exposure is virtually eliminated. A VCN is generated for a single use and a designated purchase, and cannot be used for any other purpose. A VCN in the wrong hands is pretty much useless to an attacker.
Adding to the advantages of VCNs, since they use credit card networks, no banking information needs to be exchanged between the two parties in the transaction. On the back end, each transaction yields rich remittance data allowing for efficient reconciliations.