Data Security, Application security, Asset Management

Will automated security improve online payments security?

Mastercard showcased Masterpass, its global digital payment service in 2016 in Farmingdale, New York. (Photo by Michael Loccisano/Getty Images for Mastercard)

In this new world of digital payments, there are always existing and emerging vulnerabilities which bad actors may exploit, contributing to losses from online credit card fraud jumping from $6 billion in 2019 to an expected $8 billion by the end of 2021, according to a report from Aite-Novarica. Hence, the ability to add automation to monitoring security and compliance for card payments becomes an increasingly relevant option.

At the Money 20/20 conference in Las Vegas Tuesday, San Francisco-based automated security compliance vendor Vanta launched its own solution, to help card issuers and merchants mitigate potential fraud online. The goal of Vanta’s offering is to “make compliance attainable for the many small- and medium-sized businesses that would otherwise not seek to verify that their payment systems or customer cardholder data are secure,” according to Christina Cacioppo, CEO and co-founder.

This flies in the face of traditional card compliance, which may typically require “extensive company time and money to pay expensive consultants,” says Cacioppo. “Clearly, that isn’t working.”

Meanwhile the fraudulent use of credit card information is estimated to reach $7.9 billion this year, especially going into the busy holiday shopping season, which is expected to be done predominantly online, according to most e-commerce experts. The Vanta offering seeks to support compliance with the Payment Card Industry Data Security Standard (PCI DSS), the global standard that applies to any online business that accepts, processes, stores or potentially impacts the security of cardholder data. The company claims to automate 60 percent of the compliance work through the offering, keeping with a trend that experts are seeing at the Money 20/20 conference and throughout the industry of vendors aiming to automate cybersecurity or compliance processes more aggressively.

According to Risk Based Security’s 2021 Mid Year Report, credit cards and financial data represented roughly one-third (32 percent) of the 18.9 billion records exposed in data breaches in the first half of this year. PCI-DSS compliance is particularly important for payments and fintech companies, especially for customers who require compliance annually or to earn new business.

Service providers like Vanta are aiming to streamline critical PCI-DSS compliance, in order to remove the guesswork from understanding and completing assessments and reports by automating more than half of the work needed to prove compliance. “The online payments and fintech industry is bigger than ever, which means more consumer data than ever is vulnerable to data breaches,” said Christina Cacioppo, Vanta CEO and founder in a prepared release.

Indeed, Vanta launched a private program with real-time engagement network and payment platform Flow Networks to examine what is most important to financial customers when it comes to PCI DSS compliance.

"When you lead the payments industry through a transformational change, trust is a foundational pillar; there are no shortcuts,” said Flow Networks co-founder Klas Hesselman.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

You can skip this ad in 5 seconds