Delegating responsibility for electronic payment security

While new payment processing technology has become widespread in recent years, so too have issues with wire and ACH card fraud. This serves as a clear example of why more clarity needs to be reached on the topic of mobile and electronic payment security, as many payment processing providers, merchants and financial institutions struggle with best practices. For one, older payment card industry security requirements are not specific enough - or updated - to dictate best security practices in the sector. While Payment Card Industry Data Security Standards (PCI DSS) requirements serve as a good basis of the proper steps to take to ensure the integrity of systems, advanced and new devices are beyond the traditional scope. Retail Gazette recently pointed out another issue that seems to be frustrating everyone from merchants to banks and consumers - who is responsible for security when it comes to mobile payments. Additionally, figuring out what parts of the process should be designated to which entity remains largely foggy in the payment processing industry. According to the source, merchants that simply believe the security of their networks is the responsibility of the service provider are running a major risk of failing to meet compliance, experiencing a data breach and losing face with potential and existing clientele. Further, when a PCI DSS compliance issue is discovered by an investigating entity, the merchant is often the one that will field the fines and sanctions. Though certain instances, such as negligence or misrepresentation of policies, will leave the third-party provider liable, merchants need to be extremely vigilant when assessing the systems they are using. Retail Gazette added that the two parties should always be in constant collaboration with one another, especially in the time leading up to deployment of transaction systems. This way both can assess the integrity of the systems while coming to clearly-outlined delegations of responsibility. Similar to the way in which merchants need to ensure the integrity of payment systems for their customers, they also need to ensure the security of their own ACH card and wire transfers. In some instances, financial institutions and service providers have avoided liability following ACH and wire fraud, leaving the business with the bill of the theft. This is a growing issue, as several experts have cited a steep increase in instances of electronic payment fraud over the last three years.