What are split payments?

The payments industry is ever-evolving to match customers’ changing needs. A quick payment experience isn’t enough anymore: customers want a more tailored journey, using their preferred payment methods in whichever way is more convenient. Split payments are part of this constant industry transformation. This article guides you through all you need to know about split payments, including their use cases, benefits, and business implications.

What is a split payment?

A split payment is a transaction involving paying for one purchase using more than one payment method, which could be additional credit or debit cards or even vouchers. Split payments can be made by a single user who chooses to pay using various methods or by more users who are splitting a bill for a product they bought together. Most banks offer this functionality to their customers by enabling them to request money from whoever they split the bill with (also called sub-payees).

Split payments can be used both by individuals and companies. For individuals, split payments may be helpful to pay, for instance, for a shared restaurant or household bill. For businesses, split payments are helpful when dealing with multiple vendors, sellers, or merchants. Brick-and-mortar shops are more likely to offer this functionality, as online shops have been slower in adopting it. However, most global e-commerce shops already enable users to use, for instance, use their gift card balance to pay for part of their purchase, along with their debit card to pay for the remaining costs.

Types of split payments

It is possible to split payments across various payment methods, subject to the company’s offerings. Some of these payment methods include:

  • Credit or debit card
  • Cash
  • Gift card
  • Reward cards
  • Store credit card
  • Checks
Insurers must be able to offer a wide variety of payment methods.

Split payments vs. deferred payments

Deferred payments can be split into a set number of installments, paid for throughout a specific period. Rather than a one-off, full payment, customers divide the costs of a purchase into separate installments that they can pay at a later date, usually with no interest added. The most popular form of deferred payments is Buy Now Pay Later, or BNPL made common through solutions like Klarna, which was adopted by major retailers worldwide. BNPL is a type of split payment that, rather than being processed in full at the time of purchase and simply using different payment methods, is divided into smaller payments processed on other occasions.

Usages of split payments

There are various use cases for split payments, some more popular than others. Let’s look at three relevant use cases below:

E-commerce sector

Global marketplaces such as Amazon offer products from thousands of sellers across the globe. When customers purchase items from different sellers in one order, the payments must be divided by each seller’s product so that all sellers get the correct amounts on time. Split payments make this possible, enabling easier cash flow management and simplifying the settlement of payments into various accounts.

Education and Ed-tech sector

Schools and other educational organisations may charge different fees for courses, access to resources, sports, etc., and they may want to have these fees allocated to various departments. Split payments enable them to distribute the correct amounts to each department with minimal manual efforts. In the case of ed-tech, online educational platforms like Coursera need to transfer the right parts from the students to each tutor, which is also made possible through split payments.

Aggregators

Aggregators like Uber need to collect payments from various customers and pay each Uber driver accurately and timely. Split payments enable them to gather all the gains from different customers into a single payment to the driver.  

Benefits of split payments

Generally, providing customers with a wide range of payment options means that companies can cater to each customer’s payment needs and preferences. For instance, while most customers may choose to pay with a debit card, others may use PayPal as their first choice to pay for services online. Split payments enable customers to pay however they want to pay, resulting in a much higher conversion rate, more sales, and more revenue for the businesses. In sum, split payments enable companies to:

  • Increase conversion rates
  • Reduce checkout friction and checkout abandonment
  • Deliver a better customer payment experience
  • Boost customer satisfaction and customer loyalty
  • Potential increase of order value due to higher payment flexibility

Split payments challenges for businesses

While split payments greatly benefit customers and businesses, enabling this functionality isn’t a straightforward process. Here are some implications you may want to keep in mind if you are considering providing your customers with split payments options:

  • Technical integrations– Offering split payments means that you need to provide a range of payment options to start with. For instance, you need to accept a range of card networks, digital wallets, bank transfers, or vouchers. A single payment provider won’t cater to all these options, so you must integrate with multiple providers. Integrations with providers are costly, lengthy, and resource-draining. Thankfully, solutions like Imburse can help.
  • Card verification- If customers use two different cards to purchase a service or product, both cards need to be verified, and the billing address needs to be matched with the card issuers. However, most often than not, providers will do the verification process for you.
  • Refunds- Refunds are slightly more complex when they involve more than one payment method, as the payment needs to be refunded to the same payment methods used in the purchase. Split payment refunds may require further communication with the support/customer service team.  

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using various payment technologies and providers around the globe.

In a world where consumers’ payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or needs, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

What is a Virtual Terminal?

[et_pb_section fb_built=”1″ custom_padding_last_edited=”on|phone” _builder_version=”4.4.4″ background_enable_color=”off” custom_padding=”||||false|false” custom_padding_tablet=”30px||30px||false|false” custom_padding_phone=”0px||30px||false|false” da_disable_devices=”off|off|off” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.4.4″ width=”90%” max_width_tablet=”” max_width_phone=”” max_width_last_edited=”on|phone”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ text_font_size=”12px” header_3_font=”Lato||||||||” header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone”]

By Mariana Almeida Marques

[/et_pb_text][et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” hover_enabled=”0″ inline_fonts=”Lato” sticky_enabled=”0″]

87% of the UK population made online purchases in 2020 (Statista report). Whenever you purchase goods online, you are directed to a payment checkout page to complete the transaction. Whilst customers see a checkout page, merchants see a virtual terminal. In this article, we discuss all about virtual terminals, including the types of virtual terminals available and their characteristics.  

 

What is a Virtual Terminal?

A virtual terminal is a webpage that enables merchants to insert payment information on behalf of their customers. Think of a physical terminal at a shop- merchants use an online system to insert the type of product you want to purchase, the amounts, offers and extras. This helps them to calculate the total amount to pay, to keep the product inventory in check, and also to give your customers more details about their order. Once the merchant is done adding all the information, customers can insert their card into the card reader and finalise the payment.

Much like a physical terminal, a virtual terminal is a webpage that merchants can use it to add information about the order, to charge customers and even to create recurring payments. However, when doing this virtually, merchants are also responsible for adding the payee’s details and therefore initiating the payment (with the customer’s consent). In this case, customers provide the merchant with their payment details and agree to being charged beforehand.

These types of platforms may also connect to your accounting software and other payment tools, making for more optimised operations. They are ideal for B2C businesses that operate online and require remote billing.   

[/et_pb_text]Millennials are more likely to use online payments.[et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” hover_enabled=”0″ header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone” sticky_enabled=”0″]

 

Types of virtual terminals

The most common type of virtual terminal is a webpage where merchants log into their accounts from an internet browser, either using their mobile phones or computer (Windows or Mac). However, virtual terminals can also be accessed through apps on a smartphone or tablet, or through a screen on a physical card machine. In some case, you may be able to use your terminal both virtually and in-person. This depends on the payment provider/s you choose to connect with. Your PSP will give you access to a virtual terminal, which you can then use in multiple ways (through a web page and app, for instance).

 

Virtual terminals characteristics

Firstly, the customer/cardholder needs to express consent for that payment. This is particularly important when using virtual terminals, because merchants are responsible for initiating the payment. Not only do customers need to agree to the transaction, there also needs to be tracked record of these communications. If merchants can’t prove that the customer has agreed to that payment, they may have to refund the customer if a chargeback occurs. Since customers aren’t the ones to manually insert their details and initiate the payment, chargebacks pose a bigger risk.

Virtual terminals also involve stricter security rules, as keyed payments are more prone to fraud. In a few words, keyed payments are card-not-present transactions in which merchants don’t have the physical card with them, but they have the keys to the card number, expiration date and other codes. This type of payment runs a higher risk of fraud because the person initiating the payment isn’t the cardholder, nor do they have access to the physical card.

[/et_pb_text]virtual terminal[et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” hover_enabled=”0″ inline_fonts=”Lato” sticky_enabled=”0″]

Usually merchants are requested to comply with PCI-DSS regulations, which may come with additional costs. However, most PSPs are already PCI-compliant. Transaction fees may be higher than other types of online or in-person transactions because of the higher risk of fraud. This is something that you need to check with your PSPs, as each payment provider charges differently.  Overall, the main difference between virtual terminals and other online payments is that, through virtual terminals, merchants initiate the payment on their own screen, and customers don’t have access to it.

 

How Imburse can help

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.

In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.4″ max_width=”500px”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_button button_text=”Contact Us” button_alignment=”center” module_class=”sg-popup-id-612″ _builder_version=”4.4.4″ custom_button=”on” button_text_size=”16px” button_text_color=”#ffffff” button_bg_color=”#0937f2″ button_border_radius=”8px” button_font=”Lato|300|||||||” button_use_icon=”off” custom_padding=”8px|15px|8px|15px|true|false”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]

What are 2FA and MFA? A Guide to Authentication Methods

Cyberattacks are amongst the top concerns of the financial industry, and they show no signs of slowing down. According to an Accenture report, security crimes have risen 31% between 2020 and 2021, despite all the innovative security tools companies and individuals can have in place. Data protection is crucial for any organisation, especially as the cost of cybercrime is expected to hit $10.5 trillion by 2025 (Cisco/Cybersecurity Ventures report).

Both 2FA and MFA help organizations protect their customer data by adding an extra layer of security when creating accounts, logging in, or making payments. In this article, we explore the advantages of 2FA and MFA and how they differ from each other.

What is 2FA?

2FA or 2 Factor Authentication is a process by which users need to add an extra piece of information before accessing their accounts. Aside from the usual username and password entering, 2FA requires users to add other personal data to verify their legitimacy. This adds extra protection to their data because even if criminals could find out the user’s username and password, they are unlikely to know or have the second factor required to authenticate themselves, so they wouldn’t be able to access the account. The second factor could be any of the following:

Something you know

This can be another password or, most often, a secret answer to a particular question related to your hometown, pets, childhood, parents, etc.

Something you have

This is something that users own, which could be a credit card, smartphone, or other pieces of hardware that they can use to verify their identity.

Something you are

This includes biometric patterns such as a fingerprint, voice print, or iris scan. Users are required to, for instance, take a selfie, so their face is scanned and matched to their account records.  

The pandemic and rise of online payments required strong security tools.

Types of 2FA

There are various types of 2FA that websites have in place. Some are slightly more advanced than others, but any 2FA is more secure than the regular password and username combination. These are some of the most popular 2FA types that users may find on websites and apps:

SMS-based 2FA

Various companies use SMS-based 2FA to verify their customers’ identities. This type of authentication includes sending a unique one-time passcode or OTP via SMS to customers once they have correctly introduced their username and password. Customers often have a limited time to check the OTP and add it to their website. Once the time limit has passed, customers must request an OTP again. While this method is widely used, it is considered one of the least safe ways of authentication, so companies that manage personal information may opt for more advanced techniques.

Push notifications

Another common type of 2FA is push notifications. When users log in to a website, they get either an email or SMS message stating that somebody tried to access their account. Then, they can either confirm it was them or deny access if it wasn’t them. These notifications often contain the exact time when the tentative log-in happened and the IP Address of the person who tried to access the account. No password or tokens are required for this method, just a button click.

2FA Software Tokens

This 2FA method requires users to download an authentication app such as Google Authenticator, Microsoft Authenticator, or Lastpass. These are all free to install and contain time-limited codes, usually composed of a set of numbers. These codes, or soft-tokens, change every other minute. When logging in to a website and adding the username and password, the website will require users to add their unique code. Users must open their authenticator app, check the code and add it to the website. The apps enable users to connect to multiple websites, so having one app is enough. 

Differences between 2FA and MFA

MFA, or multi-factor authentication, is a method that requires more than two authentication factors. These factors are taken from the list above: something users have, something they own, or something they are. The only difference between the two methods is that while 2FA requires only one extra factor from the list, MFA requires at least two.

Despite MFA seeming more complete and more secure, it is difficult to determine precisely which method adds more security. This is because it very much depends on the types of authentication chosen. For instance, as we have seen, SMS-based authentication is not highly reliable, whereas a fingerprint or iris scan is much more challenging to fake. Generally, however, the more layers of security, the better.

Customer identity processes help to prevent money laundering crimes.

Advantages and disadvantages of 2FA and MFA

Advantages of using 2FA and MFA include, naturally, higher security and higher flexibility as both employees and customers can access systems from anywhere without risking their safety, reduced costs in help desks and security management, and increased credibility and trust from customers. 2FA and MFA are also convenient for customers, as they don’t have to go out of their way to authenticate themselves and most users have a mobile phone on hand. This creates a more frictionless experience for them, which also helps increase customer satisfaction.

On the other hand, customers want as few steps as possible when logging into their accounts, and it takes longer to go through various authentication steps. So, there has to be the right mix of security and speed. MFA also isn’t free for companies, and they can’t build a security tool like this themselves, so they have to outsource it to a third party. Luckily, various platforms offer 2FA and MFA, so there isn’t a lack of choice or availability in the market.

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using various payment technologies and providers around the globe.

In a world where consumers’ payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or needs, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

What does ASAP mean in payments?

ASAP isn’t just the acronym we use in our everyday lives. In payments, it holds a different meaning. If you are based in the US, you may already be familiar with this term. Though it is unlikely you will come across it in your day-to-day, ASAP is an essential system for federal payments in the US. This article explains what ASAP stands for in the payments industry and how it works.  

What is ASAP?

ASAP, short for Automated Standard Application for Payments, is an electronic payment and information application used by federal agencies in the United States. Initially, it was developed by the Financial Management Service (FMS) and the Federal Reserve Bank of Richmond, which now operates the system. The ASAP allows organizations receiving federal funds to draw these funds from pre-authorised accounts established by the agencies issuing the payments. It is free to use for both parties.  

Recipient organisations must be enrolled by the federal agencies, responsible for authorizing every payment, managing their accounts, and providing technical support. The list of recipient organisations includes state and local governments, educational institutions, banks, other financial institutions, and vendors and contractors. ASAP only applies to organisations receiving federal funds- it doesn’t apply to any other party or individual. In this tax year of 2019, close to half a million payments were processed, totaling $594 billion.

How organisations can enroll in ASAP

Receiving organisations must have a Data Universal Numbering System (DUNS) to receive a payment via ASAP. They can get one for free by filling in this form. Organisations must also have an active registration in the Central Contractor Registry (CCR), and the registration is also free of charge. Once organisations meet these two conditions, the process goes as follows:

  1. Federal Enrollment Initiator starts the enrolment process by entering the DUNS, TIN, contact information for the Point of Contact, and type of organisation.
  2. Organisations can enroll online. The Point of Contact nominated by the organisation needs to confirm that all the information entered is correct and to enter information for the other officials who have roles in ASAP.
  3. The Head of Organisation approves this information.
  4. The Authorising Official confirms that all information is correct and identifies who in the organisation will use ASAP.
  5. The Financial Official enters the organisation’s bank account details.
  6. ASAP notifies the federal agency’s Federal Enrollment Initiator, who completes the enrollment.
  7. Organisations are notified that the enrollment process is completed, and the funded accounts are ready.
  8. Organisations can log in to ASAP to request payments, see payment status or get reports. They will also get a ASAP ID which they can use for reference.

Recipient users and roles for ASAP

Various roles must be fulfilled to receive federal funds through ASAP, some of which we mentioned in the section above:

  • Initial Point of Contact – added by the federal agency, self-designates all roles, and adds additional users
  • Point of Contact (POC) – adds users and can modify their roles
  • Head of Organisation (HOO) – approves changes to users and their roles
  • Financial Official (FO) – enters and manages bank account details
  • Authorising Official (AO) – Adds Payment Requestors and Inquirer Only users
  • Payment Requestor – initiates payment requests
  • Inquirer Only – Runs reports

When will organisations see the funds in ASAP?

The US Treasury may take up to 10 business days to validate bank information. Once this information is validated, the federal agency can enter the organisations’ ASAP ID into their financial system and link it to ASAP. Once this link is established, the funds will be transferred to the correspondent account. ASAP suggests waiting at least 15 days for the payment to be completed after enrollment.

Types of ASAP payments

There are two main types of ASAP payments: Fedwire and ACH transfers. ASAP payments can be processed on the same day or scheduled for a specific calendar date, depending on the type of payment organisations choose. Let’s check the differences between both:

Fedwire

Fedwire offers real-time payment settlement, so payments are processed instantly. Despite being quicker than ACH payments, Fedwire transfers often come with added costs, such as bank fees, making them more expensive. You can check their 2022 pricing structure for a detailed overview of all the potential costs and extra expenses you may be charged with.

ACH

ACH offers next-business-day settlement or same-day settlement for payments requested before 2:30 pm Eastern Time. Though you can’t receive your funds instantly, there are fewer costs associated with ACH transactions. The ACH network is often the preferred payment system for ASAP payments, as it is cost-effective and secure and enables payments to be scheduled for later dates. Have a look at our latest post if you want to know more about the ACH network and how it works.

payments middleware are the connector between enterprises and providers.

Advantages of ASAP

  • Flexible payment options (Fedwire or ACH network)
  • Live customer support
  • Unlimited report access
  • Web-based and secure
  • Reduces the liability of having funds held outside of the Treasury
  • There are no fees to use ASAP

ASAP offers a range of training opportunities for organisations that wish to learn more about it. You can visit their Resources page to access their webinar training and further information and check their user guide.

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using various payment technologies and providers around the globe.

In a world where consumers’ payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or needs, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

What is EMVCo?

The payments industry is regulated by a set of regulatory bodies that produce international industry standards for all payment players and merchants to follow. These regulatory bodies are formed in order to ensure maximum security across the industry, at times when cyber-attacks are becoming more frequent and smarter. One of these organisations is EMVCo. Though you may have not heard about it before, EMVCo plays a significant role in the security of card payments worldwide. Let’s dive into EMVCo and the impacts it has on the industry.   

What is EMVCo?

EMVCo is a technical body composed of six of the largest payment networks worldwide: Amex, Discover, JCB, Mastercard, UnionPay, and Visa. These payment networks have incredible power in shaping the payments world and defining some of its rules.

The purpose of this organisation is to facilitate the security and interoperability of payment technology worldwide, by providing and promoting standard specifications that are applicable industry-wide. However, the EMVCo is not responsible for enforcing rules or ensuring that issuers, acquirers, and merchants are compliant with them. Instead, these obligations belong to each payment network.

The EMVCo was established in 1999 and EMV initially stood for Europay, Mastercard and Visa. While it focused on debit and credit chip cards and chip terminals at that time, it has evolved to include QR Codes, eCommerce payments, and mobile contactless payments too, as these are some of the most popular payment methods. Its specifications continue to evolve to meet the ever-changing and increasingly innovative trends in the industry.

EMVCo’s collaboration with other organisations

EMVCo collaborates with other standardisation and regulatory bodies in the payments industry, in order to share perspectives and ensure their worldwide goals are aligned. Some of these organisations include the NFC (Near Field Communication) Forum, GlobalPlatform, GSMA, PCI SSC, AFSCM, APSCA, ETSI, the European Payments Council, US Payments Forum, and the Secure Technology Alliance.

Some of these bodies are already quite well-known, particularly the PCI SSC and ISO. GlobalPlatform, for instance, is responsible for the standardisation of the management of applications on secure chip technologies, whereas the NFC Forum is responsible for managing NFC interactions. All of these organisations benefit from collaboration with one another in order to ensure alignment in terms of security and innovation.

Vendor management speeds up the onboarding process.

Furthermore, in order to establish a more centralised and collaborative environment, EMVCo runs an Associates Programme that is open to all interested parties. These parties may include banks, merchants, processors, vendors, and other stakeholders.

What are the EMV specifications?

As we discussed, the EMV specifications are set to provide an industry standard, rather than rules enforced on payment players. The enforcement of these standards and other rules is the responsibility of payment networks independently. The EMV specifications are the following:

  • Merchants and payment players must support payment security risk management parameters and cardholder verification methods in order to reduce card fraud.
  • They must provide the framework to promote innovative payment capabilities and deliver robust payment technology.
  • They must deliver enhanced security, interoperability, and acceptance of EMV-based payments worldwide.
  • They must offer flexibility to accommodate national and regional payment needs so that these payment methods can interoperate easily with the global payment infrastructure.

What is EMV Compliance?

Compliance with EMV means that merchants and all the other payment players are taking all the precautions needed to prevent card fraud, including investing in the right security technology. Every credit or debit card contains an EMV chip nowadays. However, before this was introduced, cards would contain a magnetic stripe that contained data that never changed. This means that fraudsters who were able to get hold of your card could instantly access all of your cardholder information. Magnetic stripe cards were also very prone to counterfeiting.

EMV chips, however, create a unique transaction code every time they are used. This means that fraudsters wouldn’t be able to duplicate your card based on a transaction, making it much safer for cardholders. EMV compliance is crucial because it means that businesses have the right point-of-sale equipment to support EMV payment technology. The card reader is EMV compliant and customers can insert their card and initiate the payment safely. If the only option offered is to swipe the card, then merchants may not be EMV compliant, and the risks of card fraud are higher.

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.

In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

How payment digitalization impacts finance teams

Digitalising payment systems has become a priority for many businesses, regardless of their size or the industry they operate in. Payment digitalisation answers customers’ demands of speed and convenience, enabling them to pay however they want to pay through the click of a button. For industries such as insurance, it also allows customers to be paid however they want to be paid instantly. This is a desirable proposition for most customers worldwide.

But payment digitalisation goes way beyond simply answering customer needs. It provokes a transformative shift in the way businesses operate, and in a few key business areas in particular. Finance is one of the areas that can reap incredible benefits from an optimised payment system. In this article, we discuss how payment digitalisation affects finance departments in organisations.

Improve working capital efficiency

According to a PYMNTS study, 84% of CFOs say payment digitalisation has improved their working capital. This has become a key priority for Finance teams, as they focus on entering their digital transformation journeys whilst reducing their dependency on external capital. Ensuring an efficient working capital management system enables companies to have higher flexibility and more control over their funds. It also improves the utilisation of working capital.

With instant payments, organisations are able to draw funds immediately into their accounts. Not only do companies get paid faster, but they also have better control of disbursements. Being able to more easily manage cash flow is key to maintaining stability and it empowers the company to make better business plans.

Improve visibility and transparency

When payments are processed in real-time, payment data is also delivered in real-time. This enables companies to have a much clearer overview of their payment operations and to easily access any data. Enterprises can also use unified reporting tools like Imburse’s to ensure that all data is gathered into one single platform. This provides greater visibility and makes it easier for Finance teams not only to control cash flow but also to make more informed decisions.

virtual terminal

Increase operational efficiency

Payment digitalisation isn’t just about being able to get paid and to pay out in various payment methods. It involves a significant transformation of operations and the adoption of a series of capabilities, including, as previously mentioned, unified reporting, but also mandate management, KYC authentication processes, tokenisation, and analytics. These capabilities, along with easy access to real-time data, enable enterprises to improve efficiency and productivity in teams. Automating operations also means that are fewer risks of errors and helps groups to comply with standard regulations.

Decrease accounting errors

Eliminating or reducing dependency on manual data entry by automating processes can increase accuracy in accounting. Equally, shifting payment data from physical paper to the cloud makes losing or mishandling data less likely to happen. CFOs and their finance teams can easily access all payment information and automate most of their processes, from reporting to mandate management.

electronic invoices are documents issued, managed and stored online.

Reduce payment fraud  

Lastly, payment digitalisation can help teams to prevent and more easily spot payment fraud. The easier access to data enables teams to spot suspicious actions faster and solve issues promptly. Alongside that, there is a wide range of payment technologies that companies can integrate in order to prevent or reduce payment fraud, including tokenisation, encryption, and two-factor authentication. With the rise of cybercrimes, ensuring payment security is vital for any company that handles payments or payment data.

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.

In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

Guide to payment processing fees

[et_pb_section fb_built=”1″ custom_padding_last_edited=”on|phone” _builder_version=”4.4.4″ background_enable_color=”off” custom_padding=”||||false|false” custom_padding_tablet=”30px||30px||false|false” custom_padding_phone=”0px||30px||false|false” da_disable_devices=”off|off|off” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.4.4″ width=”90%” max_width_tablet=”” max_width_phone=”” max_width_last_edited=”on|phone”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ text_font_size=”12px” header_3_font=”Lato||||||||” header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone”]

By Mariana Almeida Marques

[/et_pb_text][et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” inline_fonts=”Lato”]

When customers make payments, whether online or in-person, they don’t pay any direct fees to the merchant or their bank. However, payments processing actually incurs a wide range of costs for merchants, so it is important to be aware of them. In this article, we provide a breakdown of the main fees involved in payment processing.

Interchange fees

Every payment that uses a card network (like Visa, Mastercard, Discover, or Amex) will involve an interchange fee. Interchange fees cover the costs of payment processing for the issuing bank, processor, gateway, card network, and acquiring bank (or merchant’s bank). They are paid by the merchant on a per-transaction basis. Though there are a lot of payment players involved in this fee, merchants often only see a single interchange fee being taken out of each transaction.

The interchange fee varies based on various factors, including changing interest rates, how risky the transaction is, or simply depending on the card network or country. They can go from 0.2% to 2% of each transaction. Other matters that may influence how the interchange fee is calculated are:

  • CNP vs CP transactions

Card-Present transactions (meaning payments initiated at a Point-of-Sale, physical shop) usually have less risk of fraud, and therefore have lower interchange rates than CNP transactions (any online payment where the card is not physically present).

  • Commercial vs Personal cards

Business debit or credit cards often come with higher interchange rates than personal/individual cards. This doesn’t affect the card owner, only the merchant who is charged a higher fee.

  • National vs Cross-border transactions

Domestic A2A payments are those where both the issuing bank and acquiring bank are based in the same country. For example, if you are a UK resident purchasing from a UK-based business, this is considered a domestic transaction. Domestic payments are usually cheaper than international payments and incur smaller interchange fees.

Card networks are responsible for updating this fee, and they are non-negotiable. Visa and Mastercard, for instance, update their interchange fees twice a year, in April and October, and these changes are public and easily accessible. American Express, on the other hand, doesn’t publish its fees online. Issuing and acquiring banks have no control over the interchange fee- this matter is solely the responsibility of card networks.

[/et_pb_text]credit cards processing involves a wide range of fees.[et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” hover_enabled=”0″ header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone” sticky_enabled=”0″]

Assessment fees

Assessment fees are paid directly to the card networks. They are charged on the merchant’s total monthly sales done through each card network. For instance, Amex would charge a set percentage of the merchant’s monthly sales done with Amex cards. The current assessment fees for all card networks range between 0.13% and 0.15%, though these numbers may be updated at any time.

Payment processing fees

In addition to the interchange and assessment fees, payment processors also charge their own fees for processing payments. These fees cover the costs of running and updating software, technical support, operations, and billing, amongst many others. These fees may vary widely depending on the processor merchants choose, as well as the added services and functionalities they offer. Some added functionalities could be reporting analytics, 24/7 technical support, and acceptance of a wider range of payment methods. The fee may also vary depending on the size of the business and the volume of payments that need to be processed.

[/et_pb_text]payments middleware are the connector between enterprises and providers.[et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” inline_fonts=”Lato”]

Merchant account fees

Every business needs a merchant account to receive payments. Essentially, a merchant account is a business bank account that enables merchants to take payments from customers, as this can’t be done with a regular individual bank account. Businesses can apply for a merchant account with any acquiring bank. The merchant acquiring bank usually charges a per-transaction fee to the merchants. Alongside the per-transaction fee, acquiring banks may also request a fixed monthly fee to cover potential risks with payments, as well as the daily operational costs of settling payments.

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.

In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.4″ max_width=”500px”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_button button_text=”Contact Us” button_alignment=”center” module_class=”sg-popup-id-612″ _builder_version=”4.4.4″ custom_button=”on” button_text_size=”16px” button_text_color=”#ffffff” button_bg_color=”#0937f2″ button_border_radius=”8px” button_font=”Lato|300|||||||” button_use_icon=”off” custom_padding=”8px|15px|8px|15px|true|false”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]

What is a Standing Order?

[et_pb_section fb_built=”1″ custom_padding_last_edited=”on|phone” _builder_version=”4.4.4″ background_enable_color=”off” custom_padding=”||||false|false” custom_padding_tablet=”30px||30px||false|false” custom_padding_phone=”0px||30px||false|false” da_disable_devices=”off|off|off” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.4.4″ width=”90%” max_width_tablet=”” max_width_phone=”” max_width_last_edited=”on|phone”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ text_font_size=”12px” header_3_font=”Lato||||||||” header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone”]

By Mariana Almeida Marques

[/et_pb_text][et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” hover_enabled=”0″ inline_fonts=”Lato” sticky_enabled=”0″]

There are multiple situations in which we need to transfer money on a regular basis. Rent and utility bills may be the most common ones, but recurring payments are also equally popular to pay contractors, freelancers or suppliers. In this article, we discuss what is a standing order, how it works and what it can be used for.

 

Meaning of standing order

A standing order is a automated method of making payments on a recurring, fixed basis. When you set up a standing order, the payments are automatically taken from your account on the agreed day and at the agreed frequency. The payer has full control over the standing order, so payers are the only ones that can cancel or amend it. For instance, if you have to pay a supplier for their services on a monthly basis, and the rates and hours of work are the same every month, you could set up a standing order to avoid missed or delayed payments. Standing orders can have a fixed duration, but they can also be permanent. Payers are able to cancel them at any time. 

 

What are standing orders used for?

Standing orders are recurring payments, therefore used for repeated sales rather than one-off purchases. This could be rent, utility bills, subscriptions, regular charity donations, freelancers or contractors’ salaries or even adding money to your savings account. The examples are various, but they all have one thing in common: these are payments that payers make on a recurring basis.

Freelancers may use standing orders to get paid from their various clients, as they provide services on an ongoing basis. If they have a fixed rate and fixed work schedule, they are able to determine how much they need to get paid and the frequency of the payment. Standing orders are quick to set up, and a great way to avoid missing payments, especially when there’s a specific due date for them.

[/et_pb_text]PSP integrations[et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” hover_enabled=”0″ header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone” sticky_enabled=”0″]

 

How to set up a standing order

Standing orders can only be set up by the customer and owner of the bank account. Companies can’t set up standing orders themselves – the customers must do this directly with their bank, either at a branch or online via their banking app. Equally, customers are the only ones who have the power to manage how much money they send and to whom.

When setting up a standing order, they will be requested to provide information regarding the amount of money they would like to send, the payee’s bank details and the frequency of the standing order (weekly, monthly, quarterly, etc). Customers may also be able to provide a payment reference and an end date for the standing order. When this information is provided, the recurring payments will cease on this date.

 

What’s the difference between a standing order and a direct debit?

Both a standing order and direct debit work on a recurring basis. This means that the contract is ongoing and automated, so the amounts of money are taken directly from the accounts on the dates that were initially set.

However, as opposed to standing orders, direct debits are set up by the payee. Companies will set up the payees’ bank details, amounts to be paid, as well as frequency of the payment. Payees have to agree to this direct debit contract beforehand. Though payees are able to request cancellation of this contract whenever they wish, only the payer can directly cancel or amend it.   Standing orders, on the other hand, are set up and fully controlled by the payer. The payer is the only person that can amend or cancel them.  

In short, the payer needs to authorise both standing orders and direct debits. However, with standing orders, the payer is requesting their bank to make payments to other person or organisation on a recurring basis and a set frequency. With direct debits, the payer is requesting their bank to allow a company to take money from their account.

[/et_pb_text]contract standing order[et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” hover_enabled=”0″ inline_fonts=”Lato” sticky_enabled=”0″]

 

How to cancel a standing order

If you don’t specify an end date for the standing order, the payments will be ongoing until you manually cancel it. Payers can do this easily either by visiting a branch, through the bank’s website or through their mobile banking app. Standing orders can be cancelled at any time. However, if a payment is due on the date you wish to cancel the standing order, you may still have to make this payment. It is important to notify the payee that the standing order will be cancelled, or else they will be expecting the payment still and you may have to find other ways to pay.   

 

How Imburse can help

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.

In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.4″ max_width=”500px”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_button button_text=”Contact Us” button_alignment=”center” module_class=”sg-popup-id-612″ _builder_version=”4.4.4″ custom_button=”on” button_text_size=”16px” button_text_color=”#ffffff” button_bg_color=”#0937f2″ button_border_radius=”8px” button_font=”Lato|300|||||||” button_use_icon=”off” custom_padding=”8px|15px|8px|15px|true|false”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]

PCI DSS Compliance Checklist

[et_pb_section fb_built=”1″ custom_padding_last_edited=”on|phone” _builder_version=”4.4.4″ background_enable_color=”off” custom_padding=”||||false|false” custom_padding_tablet=”30px||30px||false|false” custom_padding_phone=”0px||30px||false|false” da_disable_devices=”off|off|off” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.4.4″ width=”90%” max_width_tablet=”” max_width_phone=”” max_width_last_edited=”on|phone”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ text_font_size=”12px” header_3_font=”Lato||||||||” header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone”]

By Mariana Almeida Marques

[/et_pb_text][et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” hover_enabled=”0″ inline_fonts=”Lato” sticky_enabled=”0″]

As payment digitalisation becomes more popular than ever, private information and payment data is also more likely to be compromised. These risks don’t concern financial institutions solely, but any company that handles card data. The PCI DSS is a crucial set of standards, established to prevent and reduce fraud whilst ensuring cardholders’ protection. In this article, we discuss what is the PCI DSS, its objectives and requirements.   

 

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standards) is a set of information security standards developed by the PCI Security Standard Council in 2006. It aims to reduce card payment fraud risk and protect cardholder data. This set of standards are mandatory for any company that requires or handles card data and personal information, regardless of company size, the number of transactions or amount of data it collects. The PCI Security Standard Council (PCI SSC) is an independent body composed of the main card payment brands, which include Visa, Mastercard, American Express and Discover.

Payment security is taken very seriously by customers, so payment fraud can truly damage a company’s reputation. PCI DSS plays an important role in providing companies with the right guidance when it comes to security systems and tools. Compliance with this standards is therefore crucial to ensure that all tools are in place to authenticate and monitor payment and customer data and to prevent and mitigate fraud risks.

[/et_pb_text]Increase online security to avoid chargebacks.[et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” hover_enabled=”0″ header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone” sticky_enabled=”0″]

 

What are the PCI Compliance levels?

There are four merchant levels, determined by the number of transactions that companies perform each year. The different levels still have to comply to the same requirements. However, the main difference between them is that level 1 is required to get an on-site external audit, performed either by a QSA (Qualified Security Assessor) or an ISA (Internal Security Assessor). This external auditor then has to submit an RoC (Report on Compliance) to the company’s acquiring banks. Companies in levels 2 to 4 don’t need an external auditor, and can complete a self-assessment questionnaire (SAQ) themselves. Level 2 companies must also complete a Report on Compliance.

PCI levels are defined by:

  • Level 1: Merchants with over 6 million transactions annually, or any merchant that has had a data breach
  • Level 2: Merchants with between 1 to 6 million transactions annually, across all channels
  • Level 3: Merchants with between 20,000 and 1 million online transactions annually
  • Level 4: Merchants with fewer than 20,000 online transactions a year or any merchant processing up to 1 million regular transactions per year

 

The PCI DSS 6 goals and 12 requirements

The requirements of PCI DSS are both technical and operational, all aimed at protecting cardholder data and preventing fraud. These 12 requirements of PCI DSS are divided into 6 goals:

 

Build and Maintain a Secure Network

1. Protect your systems with firewall configuration

The first step to becoming PCI compliant is to install a firewall. This will prevent hackers from accessing your data and contribute to a much safer network overall.  

2. Do not use vendor-supplied default settings

These default settings include passwords and other details that are pre-configured by vendors. Default settings are easier to hack, so they put your organisation at an incredibly high risk of vulnerability.

 

Protect Cardholder Data

3. Protect stored cardholder data

This section details how companies can protect stored cardholder data, including encryption, and how data should be displayed when needed.

4. Encrypt transmission of cardholder data across open, public networks

This requirement aims at ensuring that data is safe when being moved across networks. This includes encrypting data and making sure that the recipient has a valid security certificate.

 

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software or programmes

Anti-virus software needs to be frequently updated and it needs to cover all known malware. Companies also need to maintain a list of procedures that check for the effectiveness of the anti-virus software used.

6. Develop and maintain secure systems and applications

Similarly to updating your anti-virus software programme, keeping all security systems and applications updated prevents the increase of vulnerabilities.

 

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need to know

Access to cardholder data should be restricted and accessed only by those who need it to perform their jobs. There should also be defined roles and different permissions based on the information each person needs to access.

8. Assign a unique ID to each person with computer access

Providing each person with a unique ID enables organisations to track which information is seen or used by whom, making it easier to hold people accountable. Users should also have two-factor authentication, as recommended by the PCI DSS.

9. Restrict physical access to cardholder data

If any cardholder data is kept physically on a specific location, access to this location should be as restricted as possible, especially to those outside of the organisation. The location should also be monitored with a video camera.

 

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

Using activity logs to track and monitor access to cardholder data enables companies to have a clearer view of how data is being used and act faster should it be compromised.

11. Regularly test security systems and processes

Testing security systems and processes regularly enables companies to ensure that their procedures and security tools are working efficiently.

 

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for all personnel

This requirement includes establishing company policies that address all security components and applications, as well as all possible vulnerabilities.

[/et_pb_text]regulations[et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” hover_enabled=”0″ header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone” sticky_enabled=”0″]

Imburse can deliver a fully Level 1 PCI compliant solution whilst offering a truly payment provider agnostic ecosystem and highly customizable user interfaces and journeys. Imburse is PCI Level 1 compliant, delivering a suite of services and features that suit a wide set of needs in the enterprise world.

 

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.

In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.4″ max_width=”500px”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_button button_text=”Contact Us” button_alignment=”center” module_class=”sg-popup-id-612″ _builder_version=”4.4.4″ custom_button=”on” button_text_size=”16px” button_text_color=”#ffffff” button_bg_color=”#0937f2″ button_border_radius=”8px” button_font=”Lato|300|||||||” button_use_icon=”off” custom_padding=”8px|15px|8px|15px|true|false”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]

What is ISO27001?

[et_pb_section fb_built=”1″ custom_padding_last_edited=”on|phone” _builder_version=”4.4.4″ background_enable_color=”off” custom_padding=”||||false|false” custom_padding_tablet=”30px||30px||false|false” custom_padding_phone=”0px||30px||false|false” da_disable_devices=”off|off|off” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.4.4″ width=”90%” max_width_tablet=”” max_width_phone=”” max_width_last_edited=”on|phone”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ text_font_size=”12px” header_3_font=”Lato||||||||” header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone”]

By Mariana Almeida Marques

[/et_pb_text][et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” inline_fonts=”Lato”]

Financial services companies are facing a worryingly increasing number of cyber-attacks and data breaches. In fact, only in the first half of 2021, the banking industry saw a 1318% increase in ransomware attacks (Trend Micro). It is estimated that cyberattacks on banks from 2020 onwards will result in a loss of $347 billion. The insurance industry follows closely with a loss of $305 billion (Accenture report).  

It is now more relevant than ever that companies ensure that all private information is handled securely. The ISO27001 certification is a way for organisations to formalise their processes and prove that they are handling data in a secure way. In this article, we explain what ISO27001 is, how it works and its importance for companies.  

 

Meaning of ISO27001

ISO27001 is an international standard for information security management. It is composed by a set of policies and guidelines that help companies in any industry to better protect their information assets. Over time it has become the de facto measurement of the degree to which an organisation takes information security seriously.

The Information Security Management System (ISMS)  is a framework which defines an approach to implementing information security controls based on a clear understanding of objectives and risk levels. This enables adopters of the standard to set well-considered policies and procedures that can help prevent security breaches and mitigate security risks.

[/et_pb_text]regulations[et_pb_text _builder_version=”4.9.2″ text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|desktop” custom_padding=”|0px||||” header_3_font_size_tablet=”22px” header_3_font_size_phone=”20px” header_3_font_size_last_edited=”on|phone”]

ISO27001 was published jointly by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC), two organisations known for developing international standards. As ISO27001 is a requirements standard, it is possible to become certified to it. This involves a third party certification body carrying out an audit to verify the implementation of the standard.

This certification is useful because it provides other organisations with assurance that the standard has been implemented correctly. Although ISO27001 certification is not mandatory, it has a number of benefits for companies that wish to build trust and assure their clients and partners of strong information security processes.

 

How does ISO27001 work?

The ISMS consists of a number of basic building blocks including the establishment of a set of policies, the definition of clear information security objectives, ongoing risk assessment, monitoring and reviews. It starts with an initial review of potential security risks, followed by the definition of processes that can prevent or mitigate each risk. The main purpose of ISO27001 is therefore to improve risk management by discovering which risks are there and implementing policies and solutions to increase security. Naturally, each company faces different risks, so there isn’t a one-size-fits-all set of solutions.

Technically, ISO27001 is divided into two parts: a set of 11 clauses and the Annex A. Clauses 0 to 3 include Introduction, Scope, Normative References and Terms and Definitions, and clauses 4 to 10 include the mandatory requirements to become ISO27001 certified, broadly these cover the following key areas:

[/et_pb_text]ISO processes[et_pb_text _builder_version=”4.9.2″ _module_preset=”default” text_font=”Lato||||||||” text_text_color=”#000000″ header_font=”Lato||||||||” header_text_color=”#000000″ header_font_size=”24px” header_2_font=”Lato||||||||” header_2_text_color=”#000000″ header_2_font_size=”24px” header_3_font=”Lato||||||||” header_3_text_color=”#000000″ header_3_font_size=”24px” inline_fonts=”Lato”]

Annex A forms an integral part of ISO27001 and includes a list of practices that enable companies to better manage their security risks. These aren’t mandatory to follow, they simply serve as guidance and can be applied to different business scopes.

 

Why is ISO27001 important?

Though ISO27001 isn’t mandatory, is it still an internationally recognised standard. This means that companies that do have the ISO27001 certification can prove to their clients and partners that their data is protected. Furthermore, it also shows that companies have the necessary processes in place to react appropriately should there be any kind of data breach. This helps to build trust between companies and clients. Not only is ISO27001 important to protect clients’ personal data, but the organisation’s own data too including that of employees, suppliers and partners.

 

How can companies get their ISO27001 certification?

The requirements for being ISO27001 compliant are addressed in clauses 4.1 to 10.2, as well as in Annex A. Companies need to be audited by an external accredited body and, if the audit is successful, this external organisation will provide them with the certificate. You can find more information about the ISO27001:2013 certification and its requirements on their official website.

At Imburse, we care deeply about our clients and are committed to the security of our data. For this reason we decided to implement an ITSM that follows the ISO27001 framework and successfully obtained certification in April 2021.

 

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.

In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.4″ max_width=”500px”][et_pb_column type=”4_4″ _builder_version=”4.4.4″][et_pb_button button_text=”Contact Us” button_alignment=”center” module_class=”sg-popup-id-612″ _builder_version=”4.4.4″ custom_button=”on” button_text_size=”16px” button_text_color=”#ffffff” button_bg_color=”#0937f2″ button_border_radius=”8px” button_font=”Lato|300|||||||” button_use_icon=”off” custom_padding=”8px|15px|8px|15px|true|false”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]