Direct Debit Failures Costly To Businesses

Direct debit failures costly to businesses
News
Businesses risk losing money and customers due to mistakes made when they are setting up direct debit and credit payments.
About six billion automated payments worth £4.3tn are made in the UK per year.
Almost a quarter (23%) of consumers have experienced problems when they set up or amend direct debits, and 14% have cancelled payments as a result, according to research carried out by Redshift research on behalf of payments software maker Bottomline Technologies.
Costly data input errors
The cost of rectifying failed direct debit and credit payments is high, with 60% of 200 businesses questioned believing the cost to be at least £50 each time. Over 40% of finance departments spend longer than four hours a month fixing direct debit mistakes, which 71% said occur because of sort code and bank account number read errors.
The research revealed that 95% of failed payments from employers to employees are down to human error, with 59% of the businesses questioned blaming human error within the finance department and 39% claiming the employees put the wrong information in.
Customer loyalty at risk
It is not just the direct costs related to rectifying mistakes that are damaging business, but also the loss of customers. The research revealed 53% of businesses believe failed payments damage customer relations and 35% said revenue is lost as the customer switches to a competitor.
More on payment technology
Competing firms jockey for position in mobile payments gold rush
The most common failures are payments made by customers, according to 63% of businesses. A total of 38% said the most likely to fail are payments made to suppliers by businesses, and 21% said payments made to employees by businesses are most likely to fail.
When direct debit and credit payments are set up, the system will check that the bank account number and sort code exists, but does not verify whether it belongs to the applicant until later. This enables mistakes to get into the system, which then take longer and cost more to fix.
According to Bottomline Technologies, only 10% of businesses currently verify the applicant and details at the point of application.
Jim Conning, payments director at the company, said businesses would save time and money if they could verify the account and applicant in real time. “The current failure to check account information in real time is clearly undermining the experience and disenfranchising hard-won customers.”

For the original version including any supplementary images or video, visit http://www.computerweekly.com/news/2240204779/Direct-debit-failures-costly-to-businesses

Security Think Tank: In The Cloud, Low Or No Cost Means Little Or No Control

Security Think Tank: In the cloud, low or no cost means little or no control
Opinion
Security Think Tank: In the cloud, low or no cost means little or no control
Robert Newby
Tweet
I recently wrote a KuppingerCole analyst report on how cloud computing brings the threat of industrial espionage to the fore. With this in mind, it must be asked whether using low-cost or free services is ever a good idea.
While there is clearly a risk to the confidentiality of your sensitive information in cloud computing, the question remains as to whether industrial espionage is an internet-era or cloud-era problem. The internet made this type of attack exponentially more possible, but cloud has put sensitive corporate information directly and willingly into the hands of a third party.
Governance in the cloud is complex, and requires thorough consideration from the outset. The legal environment of the cloud is global, and needs to be clarified before technical setup. Once the legal environment is clear, make sure your operational requirements can be met. Ask your business the following questions:
Do you need to put your highly sensitive data in the cloud? If you can avoid it, do so – you are more likely to be able to protect it better on-premises. In the low-cost/free world, you will certainly be able to protect it better on your own terms. Agree a level of risk you are happy with and perform a proper risk assessment that ensures any data above this level of risk is not exposed. You may be happy with transaction details being held in the cloud, but not customer credit card information, for example. Tokenisation solutions are available to deal with the latter issue.
What happens when the provider experiences downtime? What are its service level agreements (SLAs)? Do they meet with your requirements? If you need the storage to be available 24×7 and the provider only provides a guaranteed 9×5 service, consider what you can do outside working hours to mitigate – local data stores and asynchronous delivery, for example.
What happens if your provider pulls the plug? Do you have backups of all sensitive data? Ensure all data is backed up and encrypted to a write-once read-many (WORM) device or tape somewhere under your control. Make sure that the data in their possession is either returned to you or ask to see a destruction certificate. This requirement needs to be in an original contract. Some operators will not agree to this level of control, so again you have to ask yourself whether the level of risk is acceptable.
What would happen if your competitor acquired the company processing your data? Not so pie-in-the-sky these days. Does your service definition protect your data from being copied and worked on offline, at least in legal terms?
So, we can see that from the outset, the best approach is to define the value of your data assets, perform a risk assessment and consider all eventualities in governance.
Encryption, authentication and authorisation
Once you are happy with the level of risk involved in putting data in the cloud, encrypt everything and ensure your access controls are sound. Report on the access regularly, and ensure that any incident management processes address software at the provider include an immediate report back to you about any potential data exposure.
More from the Computer Weekly Security Think Tank on free or low-cost cloud storage
How to keep data secure when resident or used by cloud applications
The key to feeling safe in the cloud is an information-centric security solution. Encryption is a good way to physically protect your data once it is out of your control, and should certainly be used where data is kept in any publicly available store. 
Free or low-cost cloud storage does not have to be insecure. Check with the provider as to the controls used to separate access to data, and whether any system-level encryption is used to protect from physical attack on its premises.
Encryption is a fantastic means of implementing a preventative security control for information in the cloud, but it requires good access control. If possible, you should add an authentication and authorisation layer. Using good governance from the outset retains control of information, access to information and the monitoring of processes around it. Operational security is then paramount, and reporting and testing vital for continued assurance.
Good cloud service comes at a price
One area that may cause friction between your business and a service provider is in security healthchecking. If the provider will not allow you to perform your own checks, ask for assurance that it has done the same. If this is refused, it may be that you should be looking elsewhere – an unknown risk is a high risk.
My last word on this subject is not so positive. Having worked in highly regulated environments as an advisor for private (i.e. not free or low-cost) cloud providers serving a number large businesses, I could not recommend a free solution.
The cost of the solution relates to the contract, which gives you your right to demand a proper service. No cost means little or no contract, which means no recourse, and certainly no provider keen to keep you happy. Always remember that a little skin in the game is a useful control.
Robert Newby is an analyst and managing partner at KupingerCole UK.
Email Alerts
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Read More

For the original version including any supplementary images or video, visit http://www.computerweekly.com/opinion/Security-Think-Tank-In-the-cloud-low-or-no-cost-means-little-or-no-control