companies & people
Industry Views: Risky Business
What should payments providers be most concerned about when it comes to data/cybersecurity?
A primary concern with data and cybersecurity relates to integrations or third-party service providers or partners. We ensure that all of our partners follow API and remote access security best practices, such as enforcing multifactor authentication, requiring unique credentials for each user and setting least-privilege permissions.
Capturing a comprehensive audit trail of all activity is key, as well as disabling third-party accounts as soon as they’re no longer needed. Staying a step ahead of security threats is di cult but achievable if your moni- toring systems are real-time and alert key parties the moment an attack or suspicious event is detected.
—Hunter Wolfe,
senior vice president, sales and operations, Cachet Financial Solutions
Regardless of how many data breaches are yet to come, our daily focus is to safely transfer card funds from customers, merchants and  nancial institutions, and to prevent someone else’s data compromise from damaging Store Financial’s portfolio. The challenge is to obtain timely information, have the experience to understand red- ag redemption patterns and make necessary adjustments to limit exposure without creating a negative customer experience.
—Mark Tomasic,
vice president, risk management and fraud prevention, Store Financial Inc.
Cybersecurity and protecting data are two of the largest—and most impactful—issues we face.
In the payments industry, companies must apply
an internal phased assessment approach. What sensitive information does the  rm need in house? What sensitive information does the  rm need to be able to access but not necessarily need on its servers? What information is truly being transmitted and stored by the company? What data are vendors passing along in  les? What are employees unknowingly storing, etc.? We’ve seen multiple situations where vendors were sending personally identi able informa- tion and personal account numbers to contracted partners that weren’t PCI-compliant. While data are great for multiple purposes, companies must
also keep in mind the increased risks and costs associated with data and cybersecurity. An internal assessment of information received at the  rm will provide more clarity.
—Andrea Corbine,
senior consultant, SightSpan Inc.
Cybercrime is a phenomenon against which secu- rity doors and alarm systems are powerless be- cause it trespasses our privacy using completely di erent methods. When data security is endan- gered it can massively weaken the reputation of a brand. Having the best possible protection against this permanent threat requires continual invest- ment in employee training and technology.
—Udo Mueller,
CEO, paysafecard
6