CA Jayesh Mahesh Mishra
Friends’, “Shopping” is something which was one of the hobbies of individual and families which is becoming habits. Payment is one of the vital activities once anybody completes the Shopping. Let us first understand that how payment works in the system.
Traditional payment systems are negotiable instruments such as drafts/cheque/letters of credit. With the advent of computers and electronic communications a large number of alternative electronic payment systems have emerged. These include debit cards, credit cards, electronic funds transfers, direct credits, direct debits, internet banking and e-commerce payment systems. Some payment systems include credit mechanisms, but that is essentially a different aspect of payment. Payment systems are used in lieu of tendering cash in domestic and international transactions and consist of a major service provided by banks and other financial institutions.
Payment systems may be physical or electronic and each has its own procedures and protocols. Standardization has allowed some of these systems and networks to grow to a global scale, but there are still many country- and product-specific systems. Examples of payment systems that have become globally available are credit / debit card and automated teller machine networks. Specific forms of payment systems are also used to settle financial transactions for products and to transfer funds between financial institutions both domestically using clearing and Real Time Gross Settlement (RTGS) systems. The term electronic payment can refer narrowly to e-commerce – a payment for buying and selling goods or services offered through the Internet, or broadly to any type of electronic funds transfer.
A payment card is a device—usually an embossed plastic card—that allows its owner (the cardholder) to make an electronic payment. The most common types of payment cards are credit cards and debit cards. As per statistics published on website of RBI Bank-wise ATM/POS/Card Statistics – May, 2015; which reveals ~ 60% number of transaction are made at POS (point of sale) through Debit card and 40% via Credit card. Hence it is essential to note that the payment has to be secured.
As a retailer, deciding on a payments processor can be overwhelming. With the recent string of high-profile customer data breaches, security should be the focal point. Here are some security tips to be considered while payments:
Meaning: MV stands for Mastercard and Visa. In this a microchip is embedded on a card to serve as a continually changing data point. This makes the card virtually impossible to clone. Look for a payment processor that has the capability to support chip-and-pin on a worldwide basis. MV is already widespread in most of the countries across globe.
Purpose: Cards in the U.S. are very easily cloned just by reading the magnetic stripe off of the back. Even if customer data is compromised, it is extremely difficult to duplicate and make copies of MV cards.
Meaning: A vault is used to set up recurring payments. With a vaulting mechanism, customers can enter their card information into the vault via the retailer’s website, and set up recurring payments. Stored information can also be used during the next transaction with the retailer. This is the “remember me” option most of us see when making online purchases.
Purpose: Vaulting makes you more secure as a retailer because you’re not tasked with the burden of securing that data yourself. That responsibility is left up to the payments processor.
iii. P2P ENCRYPTION
Meaning: In point-to-point (P2P) encryption, the card reader at your point-of-sale reads the information on the magnetic stripe of a card and transmits an encrypted version of that data to your payments processor, ensuring sensitive information is encrypted at the earliest possible point in your POS system. The processor then is the only party with a device capable of decrypting the data, which it does to perform an authorization.
Purpose: Data encrypted end-to-end, from the point of swipe to the point of the payments processor, guarantees zero exposure of plain text, non-encrypted information on the part of the retailer. This protects card numbers from a variety of attacks.
Meaning: Tokenization is the process of using a unique code to represent a card number, thereby mitigating the risk associated with the exposure of the actual card number. To give a simple example, if a card number was 1234, it may be tokenized as PQRS. PQRS has zero value for a fraudster because it’s meaningless. For the payment processor, however, PQRS references an actual card number.
Purpose: Rather than exchange card numbers, merchants and payments processors can pass tokens, minimizing visibility into a payment account number. And, while breaches can still occur, hackers who intrude a token system will find that information useless.
v. FRAUD PROTECTION
Meaning: Advanced payment processors can now facilitate automated pre-authorization on fraud checks. Sophisticated analyses of behavioural profiling and multi-currency factoring allow real-time payment authorization, minimizing unnecessary voids and reversals. Self-learning machines even update fraud rules at a high frequency to make the process truly automated.
Purpose: If the payments processor can minimize fraud that is occurring through them, they won’t have to charge more to recoup from charge losses. A robust fraud protection program benefits both the processor and the retailer from a cost perspective.
vi. ENCRYPTED MOBILE HARDWARE
Meaning: Payments processors that offer P2P encryption must also offer mobile encrypted hardware. The actual point-of-sale device at the register, or the dongle that plugs into a smartphone, should support data encryption from the moment it is obtained via a card’s magnetic stripe.
Purpose: With mobile encrypted hardware, retailers do not have to rely on their own infrastructure to be as secure as possible because the data passing through is encrypted and useless to anyone who may gain access on the retailer side. Mobile hardware that encrypts the card data at swipe also offers additional protection against malicious mobile applications that may attempt to access the card data if it were present in plain-text form on the mobile device.
vii. OMNICHANNEL SECURITY
Meaning: Just as omni channel payments rely on one processor across all channels (mobile, in-store and online), omnichannel security involves one provider to protect sensitive information across all channels. The same, consistent set of security controls, no matter where your processing is occurring, is key.
Purpose: By choosing a processor with omnichannel security capabilities, retailers are tasked with managing just one relationship, rather than three separate for each form of payment. Customer information is contained to just one provider, reducing risk and eliminating the need for data duplication across locations.
Once the shoppers follow any of the aforesaid tips his/her shopping became secured. Hence follow it enjoy the hassle free “Shopping” J.