Pin It

Achieving the “Right” Level of Security to Protect the Institution and the Brand

Online Security

The Online PaypersWhen it comes to online security, financial services such as Payza face a dilemma: how do you maintain a reliable level of security without sacrificing accessibility and customer ease-of-use?

There is such thing as being too diligent. It goes without saying that the most reliable way to avoid cybercrime is to not go online – but that means to miss out on all of the convenience and versatility of e-commerce.

Payza VP Mohammad Hashemi has published an article in The Paypers detailing how online finance services try to find a balance between security requirements and usability, and how companies can differentiate themselves from the competition.

Achieving the “Right” Level of Security to Protect the Institution and the Brand

The Online Paypers, Vol. 5, Issue 15, 05 Oct 2012 – By Mohammad Hashemi, Vice President, Payza

One of the biggest challenges that payment service providers face is the threat of fraudulent transactions. Companies invest millions of dollars to ensure that they have the latest in cutting-edge fraud prevention technologies. They hire bright analytical minds to sort through the abundance of transactional, financial and device data at their disposal to detect financial crimes or prevent them from occurring. . They employ various mechanisms to confirm the identity of their customers and the validity of the transactions.

Payza Online Security

Online Security

It goes without saying that every payments company must put robust security systems in place to prevent illegal activity. However, introducing numerous tools, rules and processes to prevent fraud can result in a security framework so overly restrictive that legitimate customers are needlessly put through the ringer. It is as important to recognize the cost of bloated security measures as it is to acknowledge the business cost of security measures that are too lax.

Fraud and risk professionals must carefully evaluate the direct and indirect costs associated with security measures. Overly aggressive measures, such as creating an excessively wide “security net,” can significantly increase the likelihood of false positives, generating a direct cost to the business. Additionally, there is an indirect cost resulting from the negative brand association and a loss of repeat business that occurs when customers are impeded or prevented from completing legitimate business.

“Balancing the requirements for security and usability is a complex challenge that most financial institutions face. How a company approaches this issue creates opportunities for competitive differentiation.”

When building fraud prevention rules, processes and technologies, following a few basic guidelines will ensure that an institution does not compromise the customer experience in the pursuit of robust security. At a minimum, these companies should strive to:

  1. Always validate new security processes by conducting retroactive tests against historical data. This approach allows managers to tweak and modify the rules to ensure there is minimal collateral damage to legitimate customers.
  2. Whenever possible, make security processes transparent and intuitive. Often, when the system asks a customer to provide additional information or documentation on a transaction, the reasons are convoluted and shrouded in secrecy. At the same time, companies must avoid divulging too much information, which would allow fraudsters to reverse-engineer security triggers.
  3. Keep in mind that there is a direct relationship between security and usability. Managers must respect this fact when building fraud prevention rules, processes and technologies.
  4. Ensure that there are systems and processes in place to resolve false positives quickly and easily. This way, in the event that the system falsely engages a legitimate transaction, the mediation process does not contribute to further customer dissatisfaction.

By following these simple guidelines and ensuring the customer experience is at the forefront of security discussions, not just an afterthought, institutions can maintain the integrity of their payment systems while simultaneously providing the customer with a valuable service.


The Online Paypers is a biweekly mix of news and analytical articles highlighting the “internet economy”. It reports on and analyses developments in payment methods, online banking, new technology, corporate changes, regulations, market research, and more. The Online Paypers comprises several feature articles as well as news items from the previous fortnight.