The U.S. mobile payments industry, powered by the explosion of services like Square and Google Wallet, is expected to grow from USD12.8bn in 2012 to USD90bn in 2017 (Forrester), with much of that growth expected to be among small businesses. Faced with this growth, the Payment Card Industry (PCI) Security Standards Council this month announced new data security guidelines for merchants who accept payment via mobile devices not designed primarily as point-of-sale tools. In response to these new guidelines, insureon, the nation’s leading online insurance provider for small and micro businesses, today released a checklist for small businesses currently using or exploring mobile payments.
Despite the benefits, merchants who turn to mobile payment solutions are introducing new risks to their business in the form of fraud. A 2009 survey by Javelin Strategy and Research found that merchants accepting mobile payments experienced a higher fraud loss as a percentage of revenue than both online and brick-and-mortar stores.
“Small and micro businesses constantly struggle to contain costs while making purchases easier for their customers,” said Ted Devine, CEO of insureon. “Mobile payments can offer a great solution that balances those interests. However, accepting mobile payments also opens small-business owners up to a number of liability risks.”
To help small-business owners mitigate those risks and comply with PCI’s new guidelines, insureon issued the following recommendations for avoiding liability in the event of a data breach related to mobile payments:
- Ensure compliance with PCI Security Standards.Unlike the most recently released guidelines, the PCI standards are thresholds that merchants must legally meet in order to accept credit card payments. Failing to meet these standards could open small businesses to fines, penalties, and even the withdrawal of their right to accept credit and debit cards. The specific standards of a business depend on which payments they accept.
- Review the General Liability business insurance policy to determine whether the business is covered in the event of a data breach. Every General Liability Insurance policy is different. If the business is considering accepting mobile payments or have already started doing so, review the policy to see whether the existing policy covers the business in the event of a data breach.
- Invest in Cyber Liability Insurance if the existing coverage has any gaps. If the General Liability policy doesn’t offer data breach coverage, talk to an agent about a first-party Cyber Liability policy, which protects the business if their employees’ or clients’ data is stolen.
- Secure the business’ devices, its software, and the payment system it uses. This involves using complex passwords, changing passwords regularly, installing anti-malware software on any devices, and working only with payment systems known to be secure. While no business can ever be 100 percent secure, protection is about defending off the easiest and most frequent attacks.
As the demand for immediate payments implementation grows in the United States, Iliad Solutions have identified one of the largest risks to face the payments industry over the next few years.
Barclays has signed contracts with six of the fintech startups that just graduated from its second New York accelerator programme.
Company card killer Pleo has raised $3m in new funding as it prepares for public launch in the UK and Denmark.
Cheques are become less and less common in the UK according to new research from global market research firm Mintel which claims contactless card use has overtaken cheque payments in the UK for the first time.