Darren Blair: Could Virtual Cards Protect Governments and the Public Sector Against Online Payment Fraud?

As the world comes to increasingly rely on digital commerce, it is no surprise to see an increase in security breaches, where attackers manage to gain access to individual or employee information and payment details. This is a sharp reminder of the vulnerability that traditional payment processes expose us to. With governments and public sector organisations becoming large spenders as part of a wider drive to recover from the recessionary phase and also taking over the provision of services that otherwise lay with the private sector, it is not surprising that fraudsters are increasingly looking to target government-led businesses.

This week’s cyberattack directed at two dozen Canadian government platforms forced the shutdown of most of its online portals over the weekend. Very recently hackers stole reams of sensitive corporate files from CWT. Last month, a national survey found more than 80 percent of U.S. medical practices have been the victims of cyberattacks. In March, a cyberattack was targeted at the U.S. Department of Health and Human Services (HHS) amid the agency’s role in the COVID-19 mitigation.

We need to take proactive steps to reduce the risk legacy systems pose to organisational data. The spike in cyber-crime and the need to deploy tokenised solutions is even more prevalent with the mass migration to eCommerce in the new world. While there are payment options like PayPal for consumers to keep payment details secure, businesses can rely on virtual payment to keep their funding account details restricted. The surge in demand for contactless payment cards in the retail sphere is also translating into a similar need for virtual cards and cloud-based spend management tools in the B2B space.

More and more public sector organisations are looking to virtual cards as a promising solution. Remotely issued virtual cards and other digital payment solutions equipped with controls are quickly gaining traction as businesses work to mitigate the risk of cash flow shortfalls in a strained economy and to protect their workers from exposure to the virus. With virtual payments, individuals at work create specific-use virtual cards in seconds, with card details that automatically expire after the pre-approved transaction(s). This means that, even if the credentials of a large online retailer are compromised, organisations are protected as their card details are no longer in existence or cannot be used for unintended purposes. Mitigating risk is crucial. Even if user credentials are compromised, the virtual payment process protects you. Should the worst thing happen, and a fraudster manages to steal a cardholder’s virtual card payment data, that data is useless to them.

GSA SmartPay® 3, the US government’s payment scheme, positioned virtual payment as a core requirement from their preferred banks. Conferma Pay was selected by Visa Inc. to enable the move to virtual payments. Today, a unique virtual card is issued for each travel booking with pre-set card limits and validity reducing risk of fraud or loss. Automated transaction data eliminates time-consuming and error-prone manual reconciliation for the travellers and organisations alike. The UK Crown Commercial Service did similar back in 2015 which meant that over 100 government bodies including HMRC, DWP and the Home Office utilise virtual cards for travel booking and expense as part of its corporate card programme.

In supporting online merchants’ efforts to reduce risk, it is important that businesses and public sector organisations do their bit to take proactive steps in minimizing fraud risk.

Read the article on:

PYMTNS

References

https://www.pymnts.com/news/security-and-risk/2020/hackers-hike-attacks-hospitals-amid-pandemic/

https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26P