How secure are our most-used payment options?
1 Feb 2019 - by
A host of changes on the horizon will alter the way the travel sector engages with providers and makes payment, says Kevin Lomax, Diners Club SA head of Corporate Cards.
Some of these changes include NewGen ISS – the New Generation of Iata Settlement Systems that pertains to the distribution and settlement of funds between the retail travel trade and airlines – as well as Iata’s New Distribution Capability (NDC).
Another topic featuring increasingly on agendas is the need for Payment Card Industry Data Security Standards (PCI DSS) compliance, as this shows a commitment to the protection of customer card information. Attention also needs to turn to the EU General Data Protection Regulation (GDPR) that recently came into effect to protect the data privacy of all EU citizens, whether the processing and holding of personal data takes place in the EU or not. Regardless of an organisation’s location, if it is in breach of GDPR and accepting card payments from EU citizens, it could face hefty fines of up to 4% of annual global turnover or €20m (R310m), whichever is highest.
For Diners Club, the approach is to co-create with customers on emerging payment trends, says Lomax, as a large amount of investment and co-operation across the value chain helps card companies stay ahead of threats. “If we work closely with our travel partners on, for example, agency card solutions, we can create offerings that reduce current risk and work in conjunction with other systems,” he says.
Virtual cards and tokenisation
Currently, a great deal of conversation is around virtual cards and tokenisation, notes Pascalle Albrecht, senior manager Commercial Issuing American Express South Africa. “American Express is working on an advanced virtual card solution to launch into the market in 2019. Work has also been done internally to ensure that no physical plastics are created for the BTA cards, hereby limiting the number of people who will have the ‘card in hand’ and reducing the chances of fraud.”
In this age of automation, there’s no excuse for companies to be using antiquated methods to manage payments of expenses or suppliers, leaving them at risk of abuse or fraud, believes Martin Heyman, md of Billback. While he says virtual cards are greatly improved, they are not risk free. “Hotels used to demand a copy of the card upfront, but this has changed with the virtual card limited to a specific amount. It can, however, be used by anyone for any charge within certain parameters.” That said, Heyman believes payments in South Africa are generally secure. “The banking features ensure sufficient steps are mandatory so that security is not compromised.”
Kirby Gordon, head of Sales and Distribution at FlySafair, posits that the biggest risk with cards is still the human one. “Any person with access to credit card details and a means to the OTP can use that card for anything, so we see clients working around their own systems and protocols to limit this.” FlySafair offers corporates a line of credit with weekly, fortnightly or monthly settlements. “Usually we ask for a small trading deposit to secure this line of credit and, in truth, this is usually the simplest and safest route.”
Diners Club has a range of sophisticated security protocols built into its products, including fraud engines that are updated constantly with new drivers, adds Lomax. “We’ve also started working with industry players on tokenising card data to make their environments more secure.”
The strongest combination of solutions, Lomax believes, is using the virtual travel lodge card for the bulk of payments (i.e. airline transactions) and a single-use virtual card for transactions that need to be processed by a third party. “Couple this with enhanced data reporting on statements to identify suspect transactions and then taking immediate action.”
Full adherence to travel policy remains an important consideration, emphasises Albrecht. “In some instances we are seeing the delegated authorities not approving travel and then later questioning the travel transactions.”
Bonolo Sekhukhune has taken over the corporate cards portfolio from Kevin Lomax, who is staying at Diners Club to run merchant solutions. Sekhukhune joins Diners Club from Standard Bank where she was heading up the Standard Bank Instant Money product. She has a background in innovation and digital solutions and an MBA from GIBS Business School.