After being in this industry for more than a decade, we’ve heard more than our fair share of myths and misconceptions about payment processing.
And if there’s one thing that we’re most sick of hearing about, it’s the mistaken idea that large companies, like the big banks, can provide more secure payment processing.
We’re not sure why people still cling to this misconception, as there’s nothing to back it up, but at the end of the day, we understand these kinds of concerns.
As a business owner, you want to be able to accept as many forms of payment as possible, but you also want to make sure that your payment processing is as secure as it can be.
Unfortunately, our industry tends to make everything needlessly convoluted, and this, coupled with the concerns of business owners, is a big part of what’s kept this fiction alive.
But the reality of the situation couldn’t be any more obvious, and if we look at this logically, it’s not difficult to dispel this myth.
With that in mind, we’ve published this article, which will hopefully be the last of its kind, to set the record straight on this once and for all.
So, if you’re looking for the most secure payment processing, thinking about switching providers, or want to learn more about payment processing security, then this article is for you.
Who Offers the Most Secure Payment Processing?
First off, we want to set the record straight on this myth in no uncertain terms.
The truth is no company, no matter how big it may be, can provide payment processing that’s significantly more secure than any other.
What’s more, as we’ll explore in this article, no company is immune to data breaches, and if anything, the bigger the company, the bigger the target.
As we detailed in our previous article on Two of the Biggest Myths About Payment Processing, any company that wants to process payments – no matter how big or how small – will have to follow the incredibly strict rules set by credit card companies like Visa and Mastercard.
Among many other things, these rules cover everything from the implementation of fraud prevention and detection measures to compliance with applicable laws and regulations, and adherence to data security standards, like how data is stored, transmitted, processed, and encrypted.
Of course, companies can choose to be lax with these rules if they like, but no legitimate business would ever do that, as they’d be risking everything for no good reason.
The fact of the matter is those who don’t meet the requirements set by the credit card companies may be subject to massive fines or end up getting blacklisted from this industry altogether.
For example, Visa’s rules state that the company can audit, inspect, investigate, or review any payment processor to make sure they’re following the rules and any Canadian merchant who’s not following the rules can be hit with hundreds of thousands of dollars in fines.
Merchants who fail to provide Visa with information related to a non-compliance assessment, for instance, can be charged fines of up to $100,000 per month.
At the end of the day, businesses that don’t follow the rules will eventually be caught, and they’ll either be fined into oblivion or banished from the payment processing industry forever.
That being said, no one in their right mind would dare break these rules when the viability of their business depends on following them.
So, if we’re focusing solely on security standards, the truth is, when you’re picking a payment processor, it doesn’t matter whether you go with one of the big banks or a smaller local processor like us.
Either way, you’re going to get the same level of security because everyone is expected to follow the same rules and those who don’t are not long for this industry.
But if you go beyond the idea of security standards, and think about this logically, you’ve got to ask yourself, “Who’s the biggest target?”
Who’s the Biggest Target for Hackers?
Before continuing, we want to clarify that we are in no way criticizing the level of security offered by any payment processor or financial institution.
As we’ve already explained, every player in this industry is subject to the same rules and penalties for not following those rules, and no business would destroy itself by refusing to adhere to them.
But if we approach this from a purely logical standpoint, and think about it from the perspective of a hacker, wouldn’t the biggest company also be the biggest target?
Simply put, the answer is yes. Understandably, hackers would prefer to go after bigger companies, as they have a much higher volume of customers, which makes them much more lucrative targets.
On the other hand, while they’re by no means immune to these kinds of security threats, smaller companies do tend to be smaller targets, as there’s just not as much incentive for hackers to go after them.
With that in mind, and to show you that no company is immune to this sort of thing, let’s explore some of the major data breaches that have happened in the payment processing industry in recent years.
Records of these incidents have been compiled in a timeline by the Carnegie Endowment for International Peace, so check it out if you want to learn more on this topic.
In any case, according to this timeline, back in February of 2011, a criminal gang was able to breach at least three payment processors, taking customers’ card information and using administrator privileges to lift withdrawal limits before proceeding to steal $55 million.
Then, just a few months later, in June of 2011, Global Payments suffered a major data breach. Hackers stole the details of about 1.5 million credit cards, giving them enough information to counterfeit cards, although they were unable to access customers’ names or addresses.
A few years after that, in August 2014, account info and addresses for 83 million JPMorgan Chase customers were exposed. U.S. authorities believe the stolen information was used for things like money laundering, securities fraud, and credit card fraud.
In 2018, up to 90,000 customers of Canadian banks Simplii and Bank of Montreal (BMO) were exposed to a data breach, resulting in a class action lawsuit, which cost BMO over $21 million.
Then, in the summer of 2019, Capital One suffered a data breach, which compromised the credit card applications of about 100 million people after a software engineer managed to hack into a cloud-based server.
This is just a small sampling of the kinds of cyberattacks that affect payment processors and financial institutions, so it’s really only scratching the surface.
However, this offers more than enough evidence to show that not only are the big banks and larger payment processors unable to provide more secure payment processing than anyone else, but they’re actually the biggest and most lucrative targets for hackers.
That being said, if you’re searching for the most secure payment processing, you should ditch the idea that bigger processors offer better security, and you might want to consider partnering with a smaller local provider.
Looking for greater clarity and a better price on your payment processing? Give us a call today to learn more and find out how we can help.