Technology Demands a Proactive Approach to Information Security
Advances in technology come with more security considerations. With cyberattacks and malicious software deployments on the rise, companies need to take a proactive approach to protecting and improving their valuable infrastructure. Outdated tech can leave you vulnerable to compromising information security. The good news is there are many things businesses can do to keep themselves as protected as possible.
The Origin and Purpose of PCI
According to an article earlier this year from the Federal Trade Commission (FTC), the FTC received 2.8 million fraud reports in 2021, amounting to $5.8 billion in losses for consumers. That was a staggering 70% increase in fraud reports from 2020. So it goes without saying that security considerations go beyond the physical safety of customers and the hardware on-site.
As a payment processor of millions of transactions each year, maintaining the highest level of security certifications is a must for CityBase. And the Payment Card Industry Security Standards Council (PCI SSC) has a lot to do with shaping the landscape of data security that we follow. Any business involved in the payment industry utilizes the framework provided and regularly updated by the PCI SSC to construct the safest payment infrastructure they can to protect client and customer information. And the best place to start that process is with understanding the basics in PCI Compliance.
Any business involved in the payment industry utilizes the framework provided and regularly updated by the PCI SSC to construct the safest payment infrastructure they can to protect client and customer information. And the best place to start that process is with understanding the basics in PCI Compliance.
How Payment Processors Can Stay on Top of It
CityBase is a PCI Level 1 service provider and maintains both SOC1 and SOC2 certifications. Our infrastructure team takes a proactive approach to monitoring, alerting, and blocking security threats. And the benefit of the CityBase approach is that we assume the burden of PCI compliance and PCI audits, saving clients human hours and hundreds of thousands of dollars.
“I think PCI [compliance] was really critical and I think it’s really hard for government to take on PCI [compliance]. It’s expensive, it requires a lot of thought process… and there truly is a cost to it. And so I think recognizing those pieces and doing the ROI on it was really critical.” – Tajel Shah, Chief Assistant Treasurer, City and County of San Francisco
This allows our clients to use the resources they would ordinarily spend on maintaining PCI compliance towards expanding services for their customers and delivering even better customer service.
One thing that distinguishes CityBase from most competitors is how the payment technology is architected and implemented. Unlike most other companies, CityBase has cloud-native kiosk and Point of Sale (POS) solutions. All software, data, and payment processing functions are stored in a secure cloud environment hosted by Amazon Web Services.
In addition to providing best-in-class data security, CityBase architecture provides superior physical security of hardware as well. Any customer and payment information collected at the kiosk or POS station is transmitted directly to a CityBase cloud application, leaving nothing stored on the physical hardware. The result is a solution that offers no danger if someone were to break into the hardware itself to steal any customer’s personal information.
PCI compliance plays a major role in how CityBase architects products as it can be costly to maintain. With the CityBase kiosk and POS solutions, our approach to handling card data effectively removes our clients from any PCI compliance responsibility. All information is stored on a cloud-based system and information is transferred over a separate CityBase supported cellular network. And operating on a separate cellular network has the added benefit of allowing CityBase to utilize security tools that come with the network host as well as customized tools made by our engineering teams. This extra layer of security only reinforces CityBase’s efforts to keep all sensitive information well protected.
Lastly, it is essential to stay on guard. Security should remain a priority once a project is implemented. CityBase actively monitors networks which allows the Engineering Teams to collect and aggregate anonymized data from each client and utilize it to prevent malicious attacks for all clients collectively. Security at CityBase is truly an ecosystem of clients that builds upon itself as more traffic is routed through systems.
New GovTech Comes with a Big Responsibility
Technology in the GovTech space is changing at lightning speed and with the exciting advances comes a responsibility for payment processing companies to not only keep up with the latest security information measures but to anticipate new malware and cyberattacks before they happen. Being proactive is key and partnering with the right vendors is essential to supporting these crucial efforts.