7-day free trial with Stripe

 

No setup fees, no long contracts, cancel anytime. 

Local free phone number with unlimited minutes.

 

stripe_verified_woosignal

Stripe pricing & plans

 

 

    About Paytia

      Paytia Blogs

      Telephone payments made simple and secure. Read our blog to learn more about secure payments and compliance.

      Working from home? No, you can't keep card details on a Post-IT!

      Our data privacy and security laws were drafted with traditional offices and computers in mind, but even before the ink was dry on the GDPR documents, the data landscape was changing.

      More firms and organisations are outsourcing their live data resources, archive storage, analytics and even network security - muddying responsibility in the event of breaches.

      Then before we'd finished writing the disclaimers into our new IT contracts,
      the lockdown transformed the workforce into a diaspora conducting business in home offices, bedrooms and laybys on a diversity of unvetted equipment. According to cybersecurity firm SentryBay [1], 42% of all remote workers were targeted by phishing emails in the first weeks of lockdown.

      At this point in time, few companies have had time to consider the full
      extent of their new compliance risk exposures, let alone retrained their
      workforce, standardised remote equipment, tightened procedures, or redrafted policies to clarify where responsibilities (and penalties) come to rest. Shredder company GoShred estimate that 1/5th of remote workers have printed confidential documents at home [2]. Even more have jotted sensitive details - including credit card numbers - on notepads or Post-It notes. Who else has access to those notes and where do they end up?

      Better protection for customer payments

      Few things are more sensitive, or invite bigger penalties, than customer
      payment details. Card fraud is rife and remote working adds new risks.
      Stolen data is used to commit several kinds of fraud, some direct, others
      indirect. For example, card details are easily used to make unauthorised
      purchases but with a few more details you can take control of an entire
      account or set up new accounts in someone else's name. Personal data is also used by criminals to make other scams convincing to new victims -
      potentially framing someone in the process.

      Public awareness is growing, and that is good but it creates another
      headache for legitimate businesses - mistrust. Suspicion changes
      expectations and reduces the public's willingness to use online services or
      complete transactions. That damages firms of all sizes. Even businesses that are household names lose custom when clients are reluctant to place trust in their data protection policies. For lesser-known small to medium-sized companies, it can be fatal. As any business that has tracked visitors
      through their website knows, many customers just baulk at old-fashioned
      checkouts and abandon the goods in their shopping basket.

      Although COVID-19 has suddenly reduced the circulation of cash, not all
      firms equipped to complete transactions digitally have benefited. The
      problem also affects person-to-person sales and telephone payment systems, especially when payment details have to be entrusted to strangers. Ironically, this means that firms with a human face could be suffering most, with customers more inclined to trust systems that provide anonymity. Consumers are now beginning to expect the same kind of security whether they pay online, by phone or in bricks and mortar shops.

      Compliance is ever more important

      The other risk to businesses is falling foul of increasingly tight data
      protection rules. Neither you nor a customer needs to be the victim of an
      actual crime in order for the way in which you have handled their data to
      constitute an offence. Any lapse in your security can lead to bad publicity
      at best and prosecution with punitive penalties at worst.

      In the past, obliging customers to read their card details over the phone,
      or reveal them in a public place or to a stranger, has been commonplace.
      Today, these practices pose a major risk and have long been contrary to
      Payment Card Industry Data Security Standards (PCI-DSS) and the terms of trader's merchant accounts. When remote workers solicit such details over insecure lines or in public places and scribble them onto Post-Its, you have drifted far over the red line.

      The Information Commissioner's Office (ICO) are taking a lenient (or at
      least "pragmatic") line on GDPR transgressions in the wake of the pandemic - because they appreciate that remote working and online trading has thrust many companies (and sole traders) into territory for which they were unprepared [3]. That leniency will not last. On the contrary, the huge growth in digital transactions, online business and remote working is likely to precipitate a new round of privacy law and data protection rulings. Recent fines and court decisions against Google and Facebook demonstrate that new climate.

      Banks and insurance companies swallow a substantial portion of the losses inflicted by fraud so have good reason to lobby for routine audits of
      commercial security practices. In any event, market forces are likely to
      eliminate a large number of traders who do not improve the security of their payment systems. Customers are already beginning to look for safer
      alternatives and businesses that support them.

      New solutions

      Some security improvements on the near horizon require considerable
      investment in new hardware (such as biometric payment cards) but others require little or no new tech, can be implemented immediately and are readily affordable to SMEs and sole traders.

      Multi-factor-authentication (MFA) or two-step-verification are simple
      improvements on the traditional username/password combination used to access computers, networks and accounts. These strategies range from simply challenging the user for additional information to Cloud services that send a single-use PIN number to their mobile phone. MFA is a great deal less troublesome to both employees and customers than insisting on long complex passwords no one can remember without writing them down (which defeats the point).

      Payment transactions are even more sensitive and must proceed with minimum inconvenience to the customer. The new phone payment solution from Paytia simply interposes a trustworthy automated payment handler between the payer
      and payee. It works as a standalone solution or can be integrated with the
      payment processors already used by most SME's, such as Worldpay, Stripe and Paypal.

      There are similar solutions for online and mobile transactions (Secure
      Virtual Terminal and Keyphone) and both take only minutes to set up. By
      adopting these solutions now, you can reduce fraud, reassure existing
      customers, convert more visitors and comply with current and future industry standards.

      Remote working and online shopping are both terrific ideas and consequently they are here to stay - pandemic or no pandemic - the future has simply come early. We need to catch up quickly and there are many things we need to review such as employment law and tax liabilities.

      But nothing is more urgent than updating and securing our payment processes.

      Resources:

      [1]
      https://www.sentrybay.com/news/security-expert-predicts-at-least-30-40-incre
      ase-in-cyber-attacks-during-coronavirus


      [2] See
      https://www.securitymagazine.com/articles/94495-remote-workers-are-printing-
      confidential-documents-at-home
       or read their report here
      https://goshreduk.tumblr.com/post/641368333191675904/working-from-home-the-h
      idden-risks-of-printing


      [3] See the ICO statement here:
      https://ico.org.uk/media/about-the-ico/policies-and-procedures/2617613/ico-r
      egulatory-approach-during-coronavirus.pdf

      What the twelve requirements of PCI DSS compliance ask of your business

      Card fraud is damaging for everyone; for customers who have to negotiate getting their stolen money...

      Why you should care about PCI DSS compliance

      If your business or organisation takes payment by card or handles customers' financial information,...

      Taking card details over the phone: how to keep your customers data safe

      It's an unfortunate fact that with the increasingly digitised nature of today's trading...

      What you need to know about MOTO payments

      When you're looking to start trading online, or perhaps expanding into home delivery or other...

      Why Taking Card Payments Can Help to Grow Your Business

      In today's trading environment, being able to accept cards for payment can be a great asset to your...

      Preventing Fraud When Taking Payments Over the Phone

      When it comes to taking card payments, there are essentially two categories: electronic (for...

      Achieving PCI Compliance with a remote workforce

      A business has to place a lot of trust in employees who work remotely and take credit card payments...

      How to regain consumer trust after a data breach

      Any business can suffer a data breach. Despite what you may think, they don’t only affect large...