That’s why at Optomany security is, and will always be, in our DNA. We’ll continue to stick to industry best practices and standards as they evolve, exceeding them where possible, to give our customers the assurances they need to partner with us.
Data under fire
When it comes to payment card security, the stakes couldn’t be higher. Merchants need to have confidence that their payment providers are doing everything possible to keep customer data secure and compliant. Any failures could cost them dear: in customer loyalty, regulatory fines and IT remediation and investigation costs. In serious cases, mass breaches can even lead to expensive legal cases.
Yet the risks have also never been higher. Cyber-criminals are empowered by an underground economy said to be worth as much as $1.5 trillion annually: it offers them all the hacking tools and expertise they need plus a readymade market on which to sell stolen card data. It’s then snapped up by scammers to commit identity fraud via account takeovers, account creation and transaction fraud.
To give you an idea of the scale of cyber-attacks, government figures from 2019 suggest that a third (32%) of UK businesses identified a breach or cyber-attack over the previous 12 months, rising to 60% of mid- and large-sized firms. Meanwhile, identity fraud reached record highs in 2018, increasing 8% from the previous year, with credit and debit cards particularly targeted, according to Cifas.
Plus, the hackers are always innovating with new tools, tactics and techniques designed to get their hands on card data. Increasingly popular are so-called “formjacking” attacks where malicious code is inserted into e-commerce payment pages to covertly harvest details in real-time as they are entered in unwittingly by the cardholder. On average, 4,800 websites are compromised with this code each month, according to Symantec.
What are we doing?
At Optomany we have a duty to keep customer card data secure for our merchant clients. That’s why we’re regularly and rigorously assessed for compliance with the Payment Card Industry Data Security Standard (PCI DSS) — including an annual penetration test to check for any vulnerabilities that may be lurking in IT systems – with none found to-date. We also go above and beyond the industry-standard monthly scans of our online systems to check our Gateway, Checkout and Optomany Control Centre (OCC), ensuring we complete in-depth scans multiple times each month to highlight any security or compliance issues as soon as possible.
We also build best practice security into all of our products. Our payments platform was the first globally to be certified compliant with the PCI’s Point-to-Point Encryption (P2PE) v2 standard. This means that card data is encrypted from the moment it is entered into a physical in-store terminal until it’s decrypted in our secure environment. This is great news for customers as it not only minimises the chances of data theft, but it can reduce the scope of PCI DSS compliance, freeing up extra time and money for merchants.
Cybersecurity is often incorrectly seen by businesses as a block on innovation. In reality, it is the crucial foundational layer on which growth must be built. Thanks to Optomany’s best practice approach to security, customers can have the confidence to build their businesses with us, no matter how the threat landscape evolves.