As we have just seen with the Equifax data breach that affects over 140 million people, hackers are capable of pouncing on any data security weakness. And while cyber crimes tend to draw the biggest headlines because of their frequency and magnitude, there are other vulnerabilities that criminals seek to exploit.
In the payments realm, there is one commonly observed, but seldom discussed vulnerability that billers should address; mail-based payments.
A sizable percentage of billers still send invoices to customers via the mail. Many of these invoices prompt the customer to mail in a payment by writing payment details on a tear-off and sending them back through the mail system. So if customers write down their credit or debit card information including their billing address and the card’s CVV (the three or four-digit anti-fraud number on the card) on an invoice and then place it in their mailbox, it’s quite easy for someone to snatch it before the mail carrier arrives. Presuming it makes it to the biller, the threat still remains should one of the biller’s employees steal the information and commit fraud.
What Billers Need to Know
Aside from the security threat to customers’ card information, there are many issues that mail-based manual payments pose to billers. Processing payments manually is time-consuming, laborious and costly, and prone to security breaches and human error. What’s more, billers are subject to stiff fines should such information be compromised during transmission, processing and storage.
Billers who don’t adhere to Visa’s Core Rules and Visa Product and Service Rules could face monetary and operational penalties including prohibition of paper forms and postcards as a means to collect credit or debit card information. Under Section 12.7.11 of the Visa Rules, Account Information Security Program Non-Compliance Assessments, “A Member deemed non-compliant with Account Information Security Program (or Cardholder Information Security Program in the US Region) is subject to a non-compliance assessment as follows:
First Violation: Up to USD $50,000
Second Violation: Up to USD $100,000
Third or Subsequent Violation: Up to USD $200,000”
Leaving the customer’s Primary Account Number (PAN) details unencrypted and then transmitting and processing them through unsecured channels exposes the biller to PCI standards (which, if not followed, could lead to fines) and fraudulent activity. Couple PCI fines with Visa’s own penalty structure, and billers could potentially get hit hard financially, not to mention the damage to their reputations.
Even if you argue that you’re exempt from PCI-DSS regulations because you don’t actually store customers’ credit or debit card data, think again. According to the PCIComplianceGuide.org, even if you don’t technically store credit or debit card data, just accepting those cards as a payment form requires you to adhere to their standards. Other billers will argue that they have very few card transactions, particularly those written and mailed in. Again, you are still expected to comply – whether you process scores of transactions or just a few – regardless of whether you accept credit or debit cards manually or electronically.
Electronic Billing and Payment Presentment is More Than Preventative
If you could process invoices and payments faster and more efficiently, would you? What about reducing overhead costs associated with manually processing payments? If you could get your money faster and with fewer late payments and account interruptions, would you consider a new way of processing payments? And, if you had a choice between leaving your organization and customers vulnerable to fraud and fines or mitigating both quickly and easily, which would you choose?
Of course, you’d want to opt for processes and tools that afford you and your customers better protection, cost savings, ease of use, greater productivity and higher satisfaction. Consider switching to electronic payment and presentment methods. More and more billers are making the switch today. You’ll meet Payment Card Industry Data Security Standards requirements as well as reduce penalties and fines. You’ll alleviate the cost and burden associated with manual payment collection. Best of all, you and your customers will have peace of mind that billing and payment information is secure and protected.
Learn how Paymentus’ secure cloud deployment will keep your customer data secure and PCI compliant.