BankThink

Buy now/pay later creates new risks for personal data

Tighter budgets and a rise in online shopping have driven a boom in buy now/ pay later payment options during the COVID-19 pandemic.

Customers appreciate the option to spread out payments across multiple installments, making high-value purchases more affordable — especially for those who don’t have credit cards.

On their end, merchants who use BNPL benefit from higher conversion rates and increased purchase values. And thanks to partnerships like the one between Verifone and BNPL provider Klarna, this lucrative payment option is now making the leap from e-commerce to physical stores.

However, adopting BNPL isn’t without its risks. Any service that requires long-term storage of payment data increases attack surface and raises your cybersecurity risk. To enjoy the benefits of BNPL while keeping your customers’ private information safe, you’ll need to secure your payments data — and the best way to do that is to devalue it.

Most common cybersecurity protections like passwords and firewalls aim to prevent data breaches by denying attackers access. Unfortunately, there’s no barrier strong enough to keep attackers out 100% of the time. Payments information is one of the easiest types of data for cybercriminals to monetize, making e-commerce and payment platforms common targets.

But while it’s likely your company will eventually suffer a data breach, data compromise is not inevitable. By devaluing your data, you can make sure that the information leaked during a breach won’t be useful to attackers. This generally involves two main strategies, both of which are relevant to companies offering BNPL.

Encryption translates personally identifiable information (PII) into a code that can only be understood by someone with the right digital key. It’s generally used to protect data in transit, such as the credit card number involved in a financial transaction. BNPL increases the number of transactions your company processes per purchase, making it even more important to secure data in transit with encryption.

Tokenization replaces PII with a random string of characters — a “token” — that is stored digitally in place of the PII itself. The information that links a given token back to its associated PII is stored in a separate, secure location. Tokenization is best for protecting information that’s stored for the long term on a company’s servers, such as credit card numbers stored for weeks or months as part of a BNPL purchase.

Keeping up with new retail trends shouldn’t come at the cost of keeping PII safe. By devaluing your payments data through encryption and tokenization, you can offer your customers a secure and convenient BNPL solution.

For reprint and licensing requests for this article, click here.
Risk Payment fraud Data security Merchant
MORE FROM AMERICAN BANKER