PYMNTS-MonitorEdge-May-2024

Aligning Payments and Data Operations With Compliance and Cyber Risks

As businesses move online and data becomes a critical asset, organizations must navigate a minefield of potential threats.

And with the news Thursday (Sept. 12) that Lehigh Valley Health Network (LVHN), one of the largest primary care groups in Pennsylvania, has paid a $65 million settlement to patients impacted by a breach that saw their sensitive personal information stolen by a criminal ransomware gang, socializing best practices across the entire organization and fostering a culture of security is top of mind for firms across sectors — particularly for leaders like chief information security officers (CISOs).

After all, as cyber events become not just a bug but a feature of business operations, the need for effectively communicating cyber-risk to internal leadership teams and C-suite colleagues has never been more pressing.

Particularly as businesses in critical sectors like financial services move to adopt innovations like real-time payments, mobile wallets and other advances, the potential points of vulnerability multiply. Cybercriminals are no longer just focused on hacking networks; they are targeting payment ecosystems that contain sensitive data, including customer payment credentials, transaction histories, and personally identifiable information (PII).

PYMNTS Intelligence finds that just 57% of Americans trust financial institutions (FIs) to protect their data.

To manage today’s risks, as well as protect against tomorrow’s, organizations need a holistic approach to payments and data security that integrates compliance into everyday operations.

Read more: Decoding Cybersecurity: Understanding FedRAMP and ISO 27001 Standards

The Evolving Landscape of Payments and Cybersecurity

Aligning payments and data operations with cybersecurity efforts is an intricate process, largely because these functions traditionally existed and operated in silos. Payment teams often focus on transaction speed, efficiency and customer experience, while cybersecurity teams concentrate on risk mitigation and data protection. But this fragmented approach weakens the company’s defense mechanisms and failing to integrate these priorities can lead to vulnerabilities that cybercriminals exploit.

Modern consumers and businesses expect payments to be instantaneous, but real-time payment systems come with real-time cyber risks. Striking a balance between the need for speed and stringent security measures is crucial. CISOs must work closely with payment teams to ensure that cybersecurity protocols do not hamper operational efficiency while maintaining robust security standards.

The cyber threat landscape is in constant flux, with ransomware attacks, phishing schemes and fraud evolving rapidly. Payment systems are particularly attractive to cybercriminals because they are gateways to financial gain. Payment fraud, business email compromise (BEC) and identity theft are becoming increasingly sophisticated, forcing CISOs to be agile and proactive in their approach.

“Security events and security alerts are something we deal with every single minute of every day,” David Drossman, chief information security officer at The Clearing House (TCH), told PYMNTS for the series, “What’s Next in Payments: Protecting the Perimeter.”

“The key for us is to make sure that none of those events or alerts become incidents or major crises,” Drossman said.

Research from PYMNTS Intelligence has shown that virtual cards and digital spend management solutions can help finance departments close the books faster while guarding against fraud.

See also: Guarding the Gate: Cyberattacks Won’t Stop, but Their Fallout Can Be Prevented

Socializing Best Practices Across the Organization

In separate interviews for the “What’s Next in Payments” series, executives also stressed to PYMNTS that a multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.

One of those key defensive layers is increasingly the digitizing of legacy and paper-based payment workflows. With workflows digitized, businesses are able to turn to artificial intelligence (AI) and machine learning (ML) technologies to detect anomalies in payment transactions in real time. These systems can analyze vast amounts of data to identify unusual patterns that may indicate fraud or cyberattacks.

For instance, AI can monitor payment systems for irregularities, such as unauthorized access attempts or unusual transaction patterns, and automatically flag them for further investigation. This proactive approach strengthens the organization’s ability to defend against emerging threats.

At the same time, CISOs need the backing of the C-suite to drive a company-wide focus on cybersecurity and compliance. Engaging leadership through regular reporting on security metrics, potential risks, and the financial implications of non-compliance can help secure the necessary resources and buy-in from decision-makers.

PYMNTS-MonitorEdge-May-2024