Tim Murphy is vice president and head of risk at the company PayNearMe.
Digital payments continue to rise, with 82% of Americans using digital methods to pay in 2021, compared to 78% in 2020 and 72% in 2016, according to McKinsey’s 2021 Digital Payments Survey. Consumers increasingly want digital and mobile bill payment options that are frictionless, fast and ubiquitous.
As a result, they are gravitating toward technologies like person-to-person payment apps, digital wallets and scan-and-pay QR codes. However, new payment types and channels can add complexity to the payment delivery chain that can put businesses and their customers at risk of excessive declines or disputes, service interruptions, increased transaction cost, and potential data breaches.
It’s up to billers to understand this increased risk and choose a payments platform partner that prioritizes operations resiliency and data security. Otherwise, it will be a matter of when — not if — payments fail or create friction with customers, or a data breach occurs, resulting in a tainted reputation and loss of customer trust.
Cyber risk has evolved over the past five years from targeted data compromises to highly efficient ransomware attacks that impact control of an entire database of sensitive customer and corporate data. According to Verizon’s Data Breach Investigations Report, ransomware attacks rose 13% in 2021 — more than the last five years combined. Research firm Cybersecurity Ventures predicts by 2031, ransomware damages will cost its victims more than $265 billion annually, with a new attack on a consumer or business every two seconds.
By layering new payment experiences on top of traditional payment rails, processors, vendors and third parties potentially create additional security and operational vulnerabilities if controls are not prioritized or suitable to the scale and complexity of the payment architecture and operations.
The rapid proliferation of digital payments, and increasing number of fintechs chasing their piece of the payments pie, creates opportunity for cyber criminals. As billers rush to expand payment options to meet customer demand for payment choice and convenience, due diligence on potential payment partners is required.
In the Verizon report, vendors, partners and third parties in the payments delivery chain were responsible for 62% of system intrusion incidents in 2021. Though that number was elevated due to one especially massive incident, their analysts concluded it may represent “larger trends that we’ve been seeing in the industry, in terms of the interconnected risks that exist between the vendors, partners and third parties.”
Not all payment platform companies are managing operational and security as judiciously as they could, and that will eventually result in costly payment failures, customer friction, or potentially a breach; it’s only a matter of time.
Billers must do everything in their power to dodge that bullet. After all, their reputation and customer trust are on the line, and those are valuable assets no company can afford to lose.