Securing Payment Data

Successful cyber-attacks  gain a lot of attention in the press, especially when big merchants are targeted and hacked with various degrees of breach. This is an alarming trend going on around the world, and it is clear that hackers are increasingly targeting sensitive consumer information, and payment details in particular.

In some past scenarios, the impact of a breach was minor and simply caused a company to lose face by having to ask customers to change their passwords. In more severe cases, the cost of being breached exceeded a hundred million Euros, and companies were required to re-issue all bank cards, implement extra fraud monitoring, and pay substantial regulatory fines and fines for PCI accreditations, not to mention the damage caused by the negative reputational impact.

We live in a payments eco-system where security breaches can have a severe impact on merchants and on the online payments industry as a whole. Because of this, keeping your customers’ payment data secure should be a top priority for all merchants in eCommerce. 

The Main Message is: Payment Data Protection is Key

Touching a customer’s payment data requires trust from the online consumer. To maintain that trust and minimize the risk of a breach, it is vital to ensure that sufficient security measures are implemented . Without the right elements, trust is lost and customer churn rises. It is hard to regain trust once it is lost, which is why the most important message that merchants can send to their customers is: ”protecting your payment data is of utmost importance for us!”

While it is the merchant’s responsibility to ensure payment data security, the process can be outsourced to reduce this burden. One option is to outsource card data management by using a hosted solution. Consumers on a hosted payment page still feel as though they are on the merchant’s website (maintaining the trust element), but in reality all the sensitive card data is managed by a separate PCI-compliant provider.

Another option for securing payment data for subscription-based or recurring transactions is through tokenization. In tokenization, when the first payment transaction is initiated by the merchant, the customer’s payment information is stored on the third party’s secure server and it is exchanged for a token, or reference ID. From there, the token is the only information that is transferred back and forth for each recurring payment. This eliminates the need for the customer and merchant to continuously exchange sensitive payment data, while ensuring transaction security, as the token itself has no meaning to anyone outside of the process.

Securing Customers’ Payment Data

As a payment service provider, we move customers’ payment details safely, reducing the security burden for both the merchant and the consumer. It’s our job to worry about transaction security and our industry specialists support some of the world’s largest merchants, offering expertise and consulting on strategies for reducing the risks associated with managing sensitive data. We go further to secure payment data with our dedicated Fraud and Information Security Teams, making it easy for merchants to do business with their customers, so everyone can be confident that their transactions are safe.


To learn more about how we help merchants secure sensitive payment data, check out our Managed Fraud Services and visit our Developer Portal for information on Hosted Payment Pages and Tokenization.

Posted by Matthew Harrod

Topics: Events, Payments, data, security