Opinion: Paytech and accelerating frictionless finance

By Andy Barratt, UK MD, Coalfire
Andy Barratt, UK MD at cybersecurity leader Coalfire, discusses how cloud-based services must overcome business’s remaining security hang-ups.

It’s a mark of how far payment technologies have advanced in recent years that the Treasury and Financial Conduct Authority (FCA) felt comfortable to more than double the spending limit on individual contactless transactions to £100 earlier this month. While that leap was in no small part designed to encourage Covid-cautious consumers back to the high streets, it’s indicative of the rising confidence in the power of frictionless payment systems.

Indeed, three in every five debit and credit card transactions in the UK were contactless in the first seven months of this year, accounting for more than £81bn in spending. Clearly, the appetite for frictionless payment has only grown since the advent of contactless – now nearly 15 years ago – as our daily lives increasingly see us ‘tapping in’ to transport systems, paying for coffee via Apple Pay, or having food delivered and paid for via subscription services and takeaway platforms.

Critically, these advances have developed the role payment technologies play in how we experience the brands we interact with. What, for example, does it say about a major retailer in 2021 if it doesn’t accept contactless payments in-store, or offer Klarna or other credit options to fulfill our online needs? Meanwhile, the presence and competitive tension between major tech players including Google, Apple, Facebook, and Amazon in the payment space will continue to ensure payment experience is a differentiator for consumer brands.

If other, perhaps smaller, consumer brands are to keep pace and harness the benefits of offering customers frictionless digital payment options, the big enabler will be public cloud solutions – that is, services that are widely available or white-labeled, rather than bespoke payment systems commissioned by brands themselves.

However, the shift in mindset required to embrace the cloud and allow third-party providers to handle payment processes is in many cases proving to be a significant barrier to many businesses taking this next step – so it’s important for us to shatter a few myths that persist around the technology.

Myth one: Public clouds are insecure

One of the chief barriers to businesses adopting cloud payment platforms is a lingering perception that it is less secure than their own systems, particularly for those who don’t want to shell out for expensive private cloud infrastructure. 

In fact, public cloud service providers’ entire business model depends on them offering the very best security. Done right, it is every bit as secure as virtually any in-house solution that would be affordable for most businesses.

Of course, the onus is still on the business using the platform to keep its own data safe, as would be the case if they were using a local server. If an employee has their login details phished and an intruder gets inside, there is still a risk of a data breach. Although, a public cloud provider is far more likely than the business is to have a framework of technology and procedures in place to investigate the incident and restore lost data.

Myth two: Regulatory compliance is harder to manage in the cloud

Cloud services are not the solution to all brands’ data protection challenges but they can deliver impressive levels of transparency and are often specifically engineered to make regulatory compliance easy.

Much like security, data privacy is all part of the service for hosting companies and there is very long and ever-expanding list of cloud services that have been given the blessing of the Payment Card Industry (PCI) Security Standards Council.

Again, what any given user does with their own data is often beyond the control of the cloud service provider, so it is not possible for a company like Amazon Web Services (AWS), for example, to offer its customers a compliance panacea. However, what it can and does do is guarantee users that rigorous data-privacy policies are in place and give full disclosure on exactly where a brand’s data is stored at all times.

This should give businesses all the information they need to answer even the most challenging compliance questions.

Myth three: Buying cloud services means relinquishing control

In the end, a lot of the resistance to adopting cloud payment platforms boils down to a perceived loss of control.

However, the growth in popularity of public cloud services means that the choice of suppliers and the kinds of services they offer has grown rapidly in recent years; handing control back to those using the services, who are now free to vote with their feet if any aspect of a service doesn’t meet their requirement.

The key for any brand looking to bring a cloud payment service into the mix is to be a discerning customer and to understand exactly what the agreement entails.

As with any outsourced relationship, the devil is in the detail. There is no substitute for carefully understanding the full breakdown of roles and responsibilities and scenario-planning to identify potential flaws in the workflow before a contract is signed.

Cloud providers should be happy to share a matrix breaking down how their partnerships work, making this process easier.

Changing expectations

As seamless payment systems grow in popularity among the most forward-looking companies and customer expectations around their payment journey evolves, brands that don’t join in stand to miss out on a fast-growing portion of consumer spending.

Of course, as the threat of cybercrime increases and regulations aimed at keeping customer data safe get tighter, it’s easy to understand the trepidation of some in adopting the public cloud services that will allow them to get a slice of the action.

Ultimately though, the misconceptions about cloud security will fall away for those with a thorough and accurate understanding of what it can offer. It’s these firms that will win the race to offer customers the very best payment experience.

About the author: Andrew Barratt is a problem-solving Cyber Security Executive with over 20 years of industry experience and is the UK managing director at international cybersecurity consultancy Coalfire


Featured Articles

Amberdata: RWA tokenisation gains significant momentum

Explore the world of RWA Tokenisation and why finance professionals are investing in the technology for sustainable growth and risk mitigation

WE’RE LIVE! FinTech LIVE Singapore

Kickstarting the year of events for FinTech LIVE, FinTech LIVE Singapore returns featuring speakers from Amberdata, Standard Chartered, ING, WeLab and more

FinTech LIVE Singapore: Just One More Day to Go!

Just one more day to go until FinTech LIVE returns in 2024 with FinTech LIVE Singapore

Top 100 Women 2024: Allison Paine Landers, UBS - No. 10


Top 100 Women 2024: Akila Raman-Vaseghi, Goldman Sachs No. 9

Financial Services (FinServ)

FinTech LIVE Dubai: 1 Week to Go!

Digital Payments