Tips for keeping your business and data safe from cyberattacks 

With data being dubbed “the new gold,” security breaches are becoming commonplace, especially for international businesses. If you need to process a high volume of cross-border payments, you need a trusted provider to handle your valuable transactions and keep both your money and your data secure.

According to data from the 2019 AFP Payments Fraud Survey, 82 percent of companies were targets of payments fraud last year. And the Merchant Risk Council (MRC)’s 2019 Global Fraud Survey Results show that 96% of all eCommerce businesses report experiencing fraud attacks.

New data privacy laws like the GDPR and the Australian Privacy Act are also changing the payments landscape. The impact of data breaches extends far beyond financial loss and significant fines to loss of reputation, trust and customers.

Data security risks and recommendations

Account takeover (ATO) is near the top of the MRC’s list of fraudulent attacks experienced by eCommerce businesses. ATO involves an attacker stealing a user’s login credentials to break into their account, where they can access private information. This is frequently used for the purposes of credit card fraud.

Malicious emails are a primary weapon of choice for cyber attackers, with phishing and business email compromise (BEC) topping the list and social media not far behind. Criminals are increasingly using social engineering to hijack accounts and trick organizations into wiring large amounts of money into these accounts.  As the lines between business and personal communications blurs, these attacks are becoming more difficult to spot until it is too late.

Some recommended best practices to help keep your data safe include:

• Train employees on data security protocols, including how to recognize these scams, how to protect sensitive data, and how to report threats.
• Password security is paramount — not just creating a secure password, but not sharing it, writing it down, and changing it regularly.
• Implement access controls to ensure that only the right people have access to the right data, and only when needed is always a good policy.
• Encrypt sensitive data to ensure it doesn’t fall into the wrong hands.
• Keep hardware and software up to date with the latest security patches and threat protection software.

Addressing payments data security

When you’re looking for a payment provider, it’s important to know what to look for and what questions to ask. A trusted provider with proven security protocols that can also demonstrate compliance with international financial and banking regulations can help give you peace of mind.

When partnering with Payoneer, you are guaranteed that all of your disbursements are made through a fully compliant, secure and tightly audited payments platform that is recognized and valued by financial regulators all around the world.

The Payoneer platform features multiple layers of information security and risk technologies that keep you protected against fraud and breach attempts, including registration fraud and account takeover. (Read our blog post, “Securing Your Payoneer Account” for more details.)

Third party tools are implemented at various layers of our platform, including 41stParameter, RSA Adaptive Authentication, MaxMind, AU10TIX, InRule, IDChecker, G2 Web Services and IBM content analytics. This technology, our operations and our years of experience have proven invaluable in preventing all kinds of cyberattacks targeting the organizations that use Payoneer, their sellers and buyers.

• Password security — Payoneer users set up their own passwords, which are encrypted and inaccessible to anyone inside Payoneer. All personal data, as well as each transaction, is protected by strong encryption that makes data unreadable. Any information we receive is protected within our network by secured firewalls.
• Fraud and scam prevention — Every transaction is heavily guarded behind our firewalls and sophisticated anti-hacking techniques. We monitor all transactions to prevent fraud, identity theft, phishing encounters and other attacks. Once a probable attack is identified, our dedicated teams of security specialists investigate the source and take precautions to protect your account, as well as those of other account holders.
• Virtual and physical protection — We back up all your data, all the time. Plus, we protect the physical security and integrity of all data. We are constantly updating our protocols to prevent losses to our facilities through fire, physical theft and accidents. Every access point, either hardware or software related, is protected by secured firewalls and virus detection systems which eliminate tampering and hacking. We apply software patches regularly to close any potential breaches in security, and our systems undergo a mandatory annual and comprehensive PCI audit.

A trusted global provider

• Multi-jurisdictional licensing – Payoneer is registered as a Money Service Business in the US, is licensed as a Money Transmitter in all required states, holds an e-money license in the EU, is a registered as a Funds Transfer Service Provider in Japan and is a licensed MSO in Hong Kong.
• PCI-DSS certification – Payoneer holds Level 1 Payment Card Industry (PCI) Data Security Standard certification (the highest level!), so you know that any personal and credit card data is safely stored and secured.
• Top-level KYC – Our world-class forensics techniques and extensive experience in managing payments related risks let you leave complex KYC due diligence in our capable hands.
• Strict AML procedures – Payoneer adheres to anti-money laundering policies and procedures in full compliance with FATF-GAFI, EU and US regulations, and strict KYC/CIP processes based on payment method and country.
• Global sanctions screening – Protect against registration fraud by screening each payee submitted during the registration process against sanctions lists including OFAC SDN, PEP, HMT, RES 1988, AQ and CFSP.
• Regular audits – Payoneer is audited monthly, quarterly and annually by the world’s leading auditors.