Introducing Safe Pay: The World’s First Consumer Invoice Payment Security Certificate

Making purchases on the internet with a false identity is currently easy, since online invoice payments are not regulated by law. Qvik seeks to address this with the launch of a new certificate that improves the security of online purchases. Safe Pay is the first security certificate for consumer invoice payments in the world.

The personal data breach committed against the Vastaamo psychotherapy center has highlighted the ambiguity of current legislation and requirements on online payments. What’s more, not all payments made on the internet, including payments by invoice, are even covered by the legislation.

Tech company Qvik has developed a solution for the security issue: Safe Pay, the world’s first security certificate for B2C invoice payments.

Invoices are a popular payment method in Finland: According to payment service provider Paytrail, no less than 36 percent of Finnish consumers preferred to pay for their online shopping by invoice in 2019.

In invoice payments, the law of the jungle rules

According to data security expert Petteri Järvinen, online invoice payments have been governed by the law of the jungle until now.

“We’ve ended up where we are now because, by law, the vendor is not required to verify the identity of a customer making a purchase by invoice. Online traders seek to minimize verifications to make buying as easy as possible for the customer.”

According to Järvinen, there is no legislation on invoice payments because the risks only applied to the merchant before e-commerce became commonplace.

“The premise for the law was that identifying the customer was up to the merchant. With the triumph of e-commerce, however, the world has changed, abuses are common, and the situation has gotten out of hand”, says Järvinen.

“You can’t see the buyer on the internet, and verifying the identity of consumers paying by invoice is a challenge. Even the EU’s PSD2 payment service directive does not apply to invoice payments.”

Certification looks at security from multiple angles

The Safe Pay certificate focuses on the security of processing the consumer’s data. Qvik performs the certification and grants the certificate to the invoicing service after examining the applying company’s data processing practices and the security of its systems and processes.

“We developed the Safe Pay certificate to improve consumers’ awareness of the security of payment by invoice, and to showcase reliable invoice payment service providers. Consumers can identify Safe Pay certified companies from the logo that companies can display in their online stores. Certified companies are also listed on the Safe Pay by Qvik site”, says our Consulting Director, Sami Vellonen.

The certification process ensures that the certified company has addressed the following questions to our satisfaction:

• What information is needed to make a purchase?
• Has the customer undergone strong authentication?
• How can customers change their authentication credentials?
• What is the level of the vendor’s internal data security competence?
• How is customer data processed?

First certificate issued to Collector Bank

The Safe Pay by Qvik certificate is valid for one year. It must be renewed if significant changes are made to the system or processes. Collector Bank was the first company to obtain the certificate on January 18.

“We are very positive about the initiative for a certification. It is a good way to inform consumers about which payment services follow best practices in these matters. We are proud that Collector is the first player to be certified by Qvik”, says Philip Winberg, Product Manager for Collector Checkout.

Qvik is qualified to issue the certificates due to the tech company’s years of experience in payment service consulting, design and implementation.

“Certificates come in many shapes and sizes. For example, the contents of the well-known ISO certificates are specified by an international organization, but the certification process is always performed by a private company. This kind of certificate for ensuring the security of invoice payments is a fantastic development for consumers. It’s great that Finland is the first country in the world to introduce something like this”, Järvinen concludes.

Illustration: Jukka Forsten