The Safe Pay label tells consumers at a glance whether it’s safe to shop at an online store. Paytrail is the first payment service provider to be granted the Safe Pay certificate.
Paying by invoice is not regulated by the same laws as other payment methods, which has left certain loopholes that can make it easy to make purchases with a false identity. Neither does the law guarantee that your personal data will be processed or stored securely.
Until now, it has been nearly impossible for consumers to gauge the security of paying for their online shopping by invoice. The new Safe Pay by Qvik certificate guarantees that the online store will process your data securely, and that the invoice service provider has taken the necessary measures to prevent fraud.
“There are two weighty reasons for sticking to responsible and reliable online stores”, says Qvik’s payment services expert Mikko Vahter.
“The Safe Pay label tells you that the information you submit will be processed securely. In addition, you can be sure that your purchase will support a responsible online store that promotes safe shopping.”
Getting certified was a no-brainer for Paytrail – the Vastaamo data breach has made consumers wary
Paytrail’s eCommerce payments professional and sales director Johannes Kumpukoski heard about the idea for Safe Pay in Qvik’s webinar about the security of invoice payments in November.
“The online store payment process is familiar to vendors, but it has been extremely challenging to communicate to consumers that it’s really, truly safe to make a payment through us”, Kumpukoski says.
“Immediately during the webinar, I thought that we absolutely need to get this certificate if it becomes a reality.”
It has been difficult for responsible players to stand out, because any website can claim that their information security is golden. The security of paying by invoice became a hot topic after the Vastaamo data breach, however, and consumers began asking for reliable information.
“After the Vastaamo case, we double-checked our service and made sure that the invoice and instalment plan payments offered by Paytrail require strong authentication. When the queries started coming in, we could state with confidence that everything is as it should be”, Kumpukoski continues.
”The certificate adds to our credibility, as we have now been declared secure by an independent expert. We can refer consumers to the Safe Pay site, where the contents of the certificate are explained in clear terms.”
What is the certification process like?
In the Safe Pay certification process, the information security of invoice payments is verified through practical tests, an extensive in-house survey and a technical information security audit. For Paytrail, the process took roughly two weeks.
Paytrail was certified by Qvik’s Mikko Vahter, who was also responsible for the certification of Collector Bank’s pay-by-invoice service—the first service to be granted the Safe Pay certificate this January.
“From the technical perspective, it’s vital to verify that the APIs have been built in accordance with best practice and security protocols”, Vahter says.
“We also make sure that the service is clear for vendors, and that they can’t use it without taking information security into account.”
The most common cause of information security issues is human error. The certificate guarantees that the provider’s personnel has received the required information security training, the company has a designated DPO (Data Protection Officer) responsible for information security, and that personal data or address information cannot be changed without strong authentication.
“We check who has access to sensitive information within the company – is access actually limited to the personnel who really need it or is it open for all employees?”
More information on the subject:
Illustration: Jukka Forsten