A. Khedron de León - Mar 24, 2020

Social Distancing and Payments: CNP and COVID-19

Payments/E-Commerce  COVID-19  PCI DSS  PSD2

StrongKey fully supports the global effort to stem the spread of COVID-19. With precautions in place, communities across the globe are adjusting to the need for more socially conscious conduct—possibly for months to come.

This perforce includes limiting physical contact and interactions in groups or more than a few people, and only venturing into the world for critical supplies. Of course, doing so means spending money. The coronavirus has been found to survive on cardboard (ergo, paper) for up to 24 hours, and the WHO advises washing one’s hands after handling bank notes—if only because people then touch their faces, increasing the risk of the virus entering the respiratory system. Pin pads and credit cards, and your phone, however, harbor bacteria at the same level or worse than public toilets, making them some of the riskiest methods of payment given the circumstances.

For consumers, enter the card-not-present (CNP) transaction, where no physical contact is needed. Digital wallets like Apple Pay and PayPal are one option for consumers who are shopping in physical stores. Or if you want to order by phone from your favorite stores and trust the employees where you shop, you can call and give them your credit card number—if they are just punching it into their pin pad and not writing it down for later use (unlikely, but it has been known to happen). Ideally, you’d use online ordering, such that no one has to know your credit card information or even touch a pin pad. If the website uses strong authentication, all the better.

For businesses already in the payments process space, or if the events of a global pandemic have made you realize that you need to secure CNP payments for your business’s customer base, it’s a good time to review your national regulations (PCI DSS as a global regulation, and PSD2 in the E.U., etc.) and assess if you have the right cybersecurity solution to protect your customer’s credit card data. When assessing solutions for payments, avoid the following:

  • licensing that charges your business by the transaction—paying for security by usage can be cost prohibitive, forcing you to raise prices
  • deals that lock you into coding for a proprietary secure element, versus using open API calls
  • forcing you to use only one cloud service provider versus whichever you choose

If any of these is limiting you unnecessarily, consider continuing your search.

The global face of business shifted almost overnight in what might be one of the largest coordinated efforts the world has ever seen. It has affected the way we eat, the way we work, the way we interact with family and friends. Fortunately for most people, the world has evolved its infrastructure robustly enough to enable a lot of trade to continue. The global fabric of society needs stability, and securing payments is one small step we can take towards satisfying that need.

As you take steps towards a security solution, contact StrongKey; we provide an easy-to-implement, cost effective (no per-token charge!) answer that has been proven in the payments space for leading financial institutions across the globe.

Click here to request our expertise and become PCI-DSS compliant.