How the Cloud Enables
Compliance for Global
Payment Providers
As the financial services and technology industries merge, smarter payment solutions
According to a Verizon
are quickly coming to market. Both established players like Stripe and PayPal and
80%
of organisations
FinTech start-ups such as Aztec Exchange are changing the payment landscape
are still not fully PCI DSS
considerable challenges in meeting regulatory compliance such as PCI DSS and AML
compliant.
regulations.
Enterprises report,
through multiple technology innovations including mobile payments and online
exchanges. Yet in the face of Fintech innovation, all these companies continue to face
Banks have hundreds, sometimes thousands, of employees
committed to compliance functions. Now just think for
a moment of a FinTech start-up with just a couple of
employees, mostly engineers, who have to navigate the
landscape of a highly complex regulatory environment.
Bruce Wallace, Chief Digital Officer, Silicon Valley Bank Financial Group
Fines for non-PCI DSS
compliance range from
$5,000-$500,000.
Satisfying PCI DSS
Many FinTech companies find that as they try to sell their products and expand
into new markets, customers will ask about compliance. For payment providers,
compliance with PCI DSS (Payment Card Industry Data Security Standard) is a
necessary component of the business. PCI DSS applies to any company that stores,
processes or transmits cardholder data, including processors and gateway providers.
Protecting sensitive customer data and maintaining full compliance can prove costly,
at times even hindering the growth and expansion of FinTech companies.
However non-compliance is simply not a viable option. Payment providers found to
be non PCI DSS compliant are subject to fines ranging from $5,000 to $500,000,
which are levied by banks and credit card institutions. In the case of an identified
card data breach, the resulting losses can prove quite significant for both start-ups
and established players in the payment landscape:
- $50-$90 fine per cardholder data compromised
- Suspension of credit card acceptance by a merchant’s credit card account provider
- Damage to reputation among customers, suppliers, investors and partners
- Possible civil litigation from breached customers
Enabling Cross-Border Payments
Approximately
$4.2 billion in non-
Facilitating payment transfers between different countries presents additional
complications for FinTech payment providers, as each country has its own regulating
compliance penalties
body and set of AML (anti-money laundering) requirements. For example, the United
were imposed by the SEC
States has SEC, the European Union has MiFID II, and the UK has the FCA. As more
countries introduce their own variations of AML governance guidelines for online
in 2015.
payments, the compliance challenges facing payment service providers are set to
increase.
Vigorous and comprehensive enforcement protects investors
and reassures them that our financial markets operate with
integrity and transparency.
Mary Jo White, Chairperson, SEC
Leveraging Cloud Technology
Aztec Exchange was
named among
Forbes
Managing evolving and disparate compliance regulations across international
markets presented an increasing challenge to Aztec Exchange, a Forbes Top 50
FinTech Top 50 of
FinTech company. As demand for their innovative PayMe solution grew rapidly in key
2016, alongside Stripe &
emerging markets, Aztec faced considerable challenges with scaling and supporting
Klarna.
different telephony and carrier solutions in each location. Aztec needed to
consolidate their global communications on a single platform, one which also would
meet compliance requirements around call recording, encryption and archiving.
As a global payment solution provider, we operate in many
regions globally, particularly in emerging markets where our
platform is heavily in demand. We require a communication
solution that provides us with the same service anywhere,
including across mobile devices.
Bhairav Patel, CTO, Aztec Exchange
Aztec Exchange found their solution in cloud technology. By implementing the
Solgari cloud communications platform, they were able to meet and even futureproof their telephony, contact centre and compliance requirements through the use
of innovative features and functionality.
Secure IVR Credit Card Handling
48% of
organisations
Just
have compensating
Cloud solutions such as that offered by Solgari, include the ability to input credit and
debit card details via a secure IVR (interactive voice response) facility that integrates
with the company’s credit and debit card processing provider. As the communication
between customer and agent is recorded, whether conducted via a voice call, video
controls in place to secure
call or online messaging service, IVR ensures that all credit and debit card details are
cardholder data.
not included in the recording.
Verizon Enterprise report, 2015
This functionality ensures that at all times, only the credit card processing provider
is able to access the card details, as is required by PCI DSS and other regulatory
compliance standards.
Advanced Word & Phrase Search
The technology offered by cloud platforms enables users to search for specific words
or phrases within an archived voice call, online chat, payment transaction or video
call. With Solgari, they can even extract only those excerpts to share instantly with
customers or provide evidence to regulators for dispute resolution or in the event of
an audit.
Payment solution providers can also use this functionality to identify and avoid
compliance breaches. They can analyse client communications and transactions, and
minimise any potential risks to or violations of compliance. These proactive steps help
providers adhere to AML and KYC (know your customer) analysis regulations.
AML-Compliant Voice Verification
Advanced cloud communications platforms offer voice verification functionality
that enables payment providers to verify that a customer is who they say they are.
Likewise, the customer is offered the option of listening to a recording that they made
when they first spoke with or contracted to a payment provider. Such functionality
constitutes active measures on behalf of a payment provider to combat phishing and
fraud, which are key requirements of AML compliance.
Future-proofing compliance needs
Issues with data encryption
78% of PCI
DDS compliance
cases regarding storage
relate to
of cardholder data.
As compliance regulations for fast growing payment solution providers become
increasingly complex, consolidating telephony and contact centre communications
to a single, scalable cloud-based platform ensures they remain compliant, even as
new regulations emerge. And as they expand their product offerings and bring their
PayMe solution to new markets, Aztec is able to count the benefits of advanced
cloud functionality and streamlined communications as a major asset to their
Verizon Enterprise report, 2015
success.
We are seeing a lot of demand for global PCI DSS compliant
solutions in the cloud, driven by expanding payment
solution providers dealing with credit and debit card
customer payments. The cloud offers a far more efficient
and intelligent solution compared to the legacy approach of
trying to resolve PCI DSS needs locally within each country.
Vance Harris, CTO & Co-Founder, Solgari
Providing comprehensive telephony and business communication services through
the cloud to all devices and users. To learn more, visit solgari.com
[email protected]
EMEA +353 1 246 1130 Asia Pacific +61 2 8070 2110
UK +44 808 238 9584 USA +1-855-304-0022 Germany +49 69 222 222 514