Skip to main content
payments processing the cloud

Using the Cloud Safely for Payments Processing

October 10, 2016

The drive for efficiency and cost reduction in back office operations is pushing many companies to revisit their manual payments processes and explore how to automate them. In today’s world, automation is likely to mean moving processing and data to the cloud.

But payments data includes sensitive financial information. You know customer credit card details to refund payments to them and you may know vendor bank account details to make payments by wire transfer but can you really keep your customer and vendor information private when it’s stored and processed in an environment you don’t control? Can you rely on your vendors to protect your own information if they’re using cloud-based services?

Off-Site Storage and Computing

Cloud computing environments are basically off-site data centers, where you have access to computing and storage capacity. You don’t own the hardware or software; the cloud provider allocates servers and storage to you. Your business is probably not the only business running its processes on that piece of hardware. Virtualization technologies are used to isolate your applications and data from others users on that machine.

Benefits and Risks of a Shared Environment

There are several benefits of a shared, cloud environment. You pay only for the capacity you use, without having to buy machines, install software and perform maintenance. Getting started is quick and adding more capacity if you need it later is also fast and easy. Applications in the cloud can be accessed from anywhere, including mobile devices, so your data is always on hand. Your data will also be properly backed up, so combined with the access-from-anywhere features, cloud provides a business continuity and disaster recovery solution.

But there are also risks in a shared environment. There’s a loss of control because you don’t own the environment. You may not be in charge of when upgrades are deployed. The cloud provider could experience outages and downtime that interfere with your processing. You’re also reliant on the provider to keep your data secure.

Addressing the Risks of Processing Payments in the Cloud

For many businesses, concerns about the cloud provider’s ability to keep data secure are the major hesitation preventing moving processing to the cloud, but in many cases, cloud providers devote more resources to security than their customers would be able to. You can address concerns about storing data at the cloud several ways:

  1. Do due diligence before selecting a cloud provider. The provider should be able to tell you how they provide both physical and online security for applications, data and networks. Be sure you understand the SLAs regarding security and how the provider handles any incident.
  1. Encrypt data in storage. Many cloud providers can encrypt your data when storing it for you. This typically means that they manage the encryption keys, which means that they are able to access the data. Consider using additional controls, such as a cloud access security broker, which leaves you in control of the encryption keys.
  1. Choose a provider with security certifications. Cloud providers can choose to obtain certification that ensures their environments provide security for sensitive data, even for financial data. If the provider has certifications, make sure you are set up with a secure environment, as they may not provide those levels of security by default.
  1. Choose a provider with a track record of security. Along with looking for certifications, look for a provider with a proven record for secure data and transaction processing.

Minimize the Amount of Data Needing Protection

Even if the cloud provider offers a secure environment, your business continues to own responsibility for your data’s security. Make sure you limit the number of employees with access permission to this data. Also, minimize the amount of detailed information you need to store.

When you pay your vendors with Virtual Card Numbers (VCNs) instead of a wire transfer to their account, you don’t need to know their bank account information and don’t need to protect their sensitive information.

VCNs also mean that your own account information is safe whether you or the vendor tracks and processes payments in the cloud. Because VCNs can be used only once, even if there’s a breach, as has happened with hotel chains including Hilton, Marriott, and others, there’s no risk of fraudulent transactions.

The less data you need to protect and the less you reveal to your vendors, the safer you are and the easier it will be to reap the benefits of automating your payments process in the cloud.

Stay connected

Subscribe to our Inside WEX blog and follow us on social media for the insider view on everything WEX, from payments innovation to what it means to be a WEXer.

"*" indicates required fields

Find out how WEX can help grow your business