preloader

There are risks n the world
of digital payments.

We help you protect your customers and your business.

Card brands receive trillions of dollars in payments worldwide (VISA data 2021) and these figures are based on the trust that the cardholder has to place their card data for purchases of goods and services in present and non-present card channels.


IQ Information Quality has fourteen years of experience in providing security services in digital payments for Latin America and the Caribbean, approved by the PCI SSC (PCI Security Standard Council), to perform the evaluation of compliance with international standards (PCI DSS, PCI PIN, PCI 3DS) that protect payments made with cards (VISA, Amex, Master, Discovery) in card present (POS) and card not present (e-commerce and telephone) environments.

PCI standards are industry best practices to protect any electronic transaction where sensitive data must be protected and can be used to secure other payment ecosystems such as:

  • Private Cards
  • BNPL (Buy Now Pay Later)
  • International Wire Transfers
  • Person-to-Person P2P payments
  • Toll Payment
  • Loyalty points
  • Cryptoassets.

In any payment your customers make, there is sensitive card data information that must be protected.

PRIVATE CARDS

Private cards, which are generally issued by commercial establishments or financial entities, need to protect the sensitive information of this means of payment that enables the realization of a transaction and that in case of its compromise allows the realization of fraudulent transactions.

Just like franchised cards, these merchant or financial entities must protect the sensitive information of their private cards in the processes involved in the issuance, delivery, portfolio, reconciliation, among others. PCI standards allow you to use these industry best practices to protect your customers’ information and your business.

Seguridad de la información.

Risks in the private card payment ecosystem are:

  • Leaks of sensitive cardholder information that generate reputational losses for the card issuer.
  • Changes in transaction data with man-in-the-middle attacks.
  • Compromises in the systems that perform transactions that can lead to fraudulent transactions.
  • The services that support the protection of private cards are:
  • Identification and documentation of information flows in processes where sensitive private card information is used.
  • Scope identification and validation
  • Identification of the controls that apply to the scope according to the best practices of the PCI standards.
  • Diagnosis with respect to PCI standards.
    Validation and support in the action plan to close the findings. Third party audit to validate compliance with controls.

BNPL - BUY NOW PAY LATER

The use of the BNPL option grew significantly in the Covid Pandemic as an option for customers to acquire products and services with the possibility of obtaining the product immediately and paying its value in installments.

In this sense, companies emerged that provide BNPL services with direct sales and/or affiliate businesses that sell products and services based on this purchasing model.

In the BNPL model with merchant acquiring, the mechanism for sending the necessary information for the BNPL company to carry out the transaction must be integrated into the merchant's portal. Depending on the integration of the merchant with the BNPL company, a series of requirements must be taken into account to mitigate the risk of:

  • Redirection of the client to a fraudulent portal where personal data can be captured.
  • Capture of sensitive information by not properly protecting the information when sending it to the BNPL portal.

The BNPL uses as authentication methods personal customer information (cell phone, names, date of issuance of the ID card, biometric information and dynamic authentication through a token sent to the cell phone), which needs to be protected to ensure that it is not compromised and fraudulent transactions that affect customers and massive leaks that affect the BNPL entity in its reputation affecting the confidence of customers can be made.

The services that support the protection of BNPL are:

  • Identification and documentation of information flows in processes where sensitive customer information is used.
  • Scope identification and validation
  • Identification of the controls that apply to the scope according to the best practices of the PCI standards.
  • Diagnosis with respect to PCI standards.
  • Validation and support in the action plan to close the findings.
  • Third party audit to validate compliance with controls.

INTERNATIONAL MONEY TRANSFERS

What is it? It is a service provided by different financial institutions, through which you can send money abroad to various countries in the world, through a wide network of banks that are affiliated to a worldwide network.

The companies that make international money transfers or that use agents that are generally financial entities use sensitive information that is used to make the transaction. Such information is associated with:

  • Account numbers to and from where the transfer is made.
  • Personal data of the persons sending and receiving the transfer.
  • Identifiers of the agents or associates to and from which the transfer is made.
billeteras virtuales | pci dss

PAYMENTS PEER TO PEER - P2P

Person-to-person payments (P2P payments) are an online technology that allows users to transfer funds from their bank or credit card account to another individual's account via technologies such as the Internet or cell phone.

Person-to-person payments generally use personal data of those sending and receiving the transfer and authentication mechanisms to access web portals or mobile applications in digital wallets.

The risks associated with this type of payment ecosystem are related:

  • Leaks of sensitive information that are used to make payments.
  • Changes in transaction data with man-in-the-middle attacks.
  • Compromises in the systems that perform transactions that can lead to fraudulent transactions on web portals or mobile applications.

In some cases transactions are made from digital wallets and/or applications which are connected to the international money transfer ecosystem.

The risks associated with this type of payment ecosystem are related:

Leakage of sensitive information that is used to make the drafts.
Changes in transaction data with man-in-the-middle attacks.
Compromises in the systems that perform the transactions that can lead to fraudulent transactions.

Services that support the protection of international wire transfers are:

  • Identification and documentation of information flows in processes where sensitive customer information is used.
  • Identification and validation of scope
  • Identification of controls that apply to the scope in accordance with PCI best practices.
  • Diagnosis with respect to PCI standards.
  • Validation and support in the action plan to close the findings.
  • Third party audit to validate compliance with controls.
Protege la Información de tu cliente

Services that support the protection of P2P payment transactions:

  • Identification and documentation of information flows in processes where sensitive customer information is used.
  • Scope identification and validation
  • Identification of controls that apply to the scope in accordance with PCI best practices.
  • Diagnosis with respect to PCI standards.
  • Validation and support in the action plan to close the findings.
  • Third party audit to validate compliance with controls.

LOYALTY POINT PROGRAMS

A loyalty program is a marketing strategy established by a company with the purpose of rewarding the purchasing behavior of its customers, which produces in them a sense of loyalty and faithfulness to the brand.

Fraud also surrounds loyalty points programs.

Your accumulated points and air miles - hard to earn - can be an easy target for cybercriminals, so you should protect yourself. If you are a loyal customer, you should take extra precautions to protect your accounts and the benefits you have accrued.

It's not just about protecting the points you can redeem, but also any sensitive personal information stored in those accounts.

Where can Points loyalty programs be included?

  • Free flights and hotel stays (e.g., airline miles)
  • Free or subsidized cab rides (e.g., Uber)
  • Free groceries

How do cybercriminals operate?

Essentially, there are three potential threats to loyalty cards in general:

  • Malicious employees within the company, who steal customer personally identifiable information (PII) and points.
  • The biggest threat is from external attackers, who hijack accounts to steal points, make purchases, transfer points and/or steal customers' PI to sell illegally.

The risks associated with this type of payment ecosystem are related:

Leakage of sensitive information of users' personal data.

  • Compromises in the systems that perform transactions associated with the accumulation of points and their redemption. These compromises can lead to unauthorized changes in users' accumulated points balances.
  • Compromises in the sensitive information with which users authenticate themselves in the stores that are part of the loyalty program that may lead to fraudulent transactions with users' points.

The services that support the protection of point ecosystems are :

  • Identification and documentation of information flows in processes where sensitive customer information is used.
  • Scope identification and validation
  • Identification of the controls that apply to the scope according to the best practices of the PCI standards.
  • Diagnosis with respect to PCI standards.
  • Validation and support in the action plan to close the findings.
  • Third party audit to validate compliance with control

ELECTRONIC TOLL PAYMENT

Yes, the main objective of electronic tolls is to improve mobility, but their technological platform is also to "guarantee the security, privacy and transparency of information",

How does this payment technology work?

It consists of the use of an on-board device or TAG in the form of a sticker affixed to the vehicle's panoramic window, which enables the user to pay electronically.

The sticker is read by the electronic toll and the payment is processed through the payment method configured by the user in the mobile application or on the website.

For this, you need to recharge the device, in the same way that prepaid phones are recharged, and you will be ready to pass through the tolls without having to use cash.

This innovative system allows the toll to be deducted from any bank account or wallet.

Registering your payment method has sensitive card data that must be protected.

PCI DSS EN BNPL
14

The risks associated with this type of payment ecosystem are related:

  • Leakage of sensitive information of personal data and data of means of payment with which recharges are made.
  • Compromises in the systems that carry out transactions associated with recharges and send them to the entities for authorization processes. These compromises may lead to unauthorized changes in users' recharge balances.

Services that support the protection of toll transactions in digital form:

  • Identification and documentation of information flows in processes where sensitive customer information is used.
  • Identification and validation of scope
  • Identification of controls that apply to the scope in accordance with PCI best practices.
  • Diagnosis with respect to PCI standards.
  • Validation and support in the action plan to close the findings.
  • Third party audit to validate compliance with controls.
There are risks in the world of digital payments

Your mission:

Start NOW to protect your customers and your business.