Merchants Deal With Data Regs As COVID-19 Clears

data privacy

Open banking was ready for its close-up when COVID-19 placed many such advanced initiatives on hold, in lieu of more practical and urgent considerations like applying for bailout money.

International consumer data privacy law forges on, however, largely unmoved by pandemics and the chaos they create. While certain data privacy compliance deadlines may move as the result of the coronavirus pandemic, make no mistake: compliance is mandatory, and the clock is ticking.

The PYMNTS April Merchants Guide To Navigating Global Payments Regulations, done in collaboration with Ekata, is a valuable analysis of what merchants and financial institutions (FIs) must arm themselves with in terms of data protection and fraud-defeating systems now, ahead of a global economic reawakening the complications of which can only be guessed at.

Keying In Solutions

Banks, merchants and service providers of every stripe are watching their transaction data and seeing spikes in fraud all over the map. As predicted, the pandemic presents a smörgåsbord of fraud opportunities taking the form of every bogus identity trick in the book.

Worldwide stay-at-home orders and the lockdowns of major cities have supercharged eCommerce, which in turn is spiking fraud. Ekata Vice President of Strategy and Operations Arjun Kakkar told PYMNTS, “The emerging trends foster a breeding ground for fraudulent behaviors. Merchants that house rules-based risk models take what they have learned about past behaviors and adapt to it. Those that house machine learning-based risk models need to account for atypical purchasing patterns.”

That represents a great deal of risk in a climate of absolute consequences, be it from cybercrooks to the left or regulators to the right. Stuck in the middle is a tough spot, so advanced identity solutions are now a primary means of business cyber-defense.

Biometrics is one area of intense development to fight fraud post-pandemic. Another is keystroke authentication, “… which uses automated algorithms or AI to monitor how consumers type to make sure such actions are concurrent with their typical typing behaviors during purchases,” the report states.

“The EBA approved keystroke biometrics as an inherent factor companies could use for SCA last year, alongside other biometric forms like facial recognition or fingerprint scanning. One benefit of using keystrokes for authentication is that it does not require consumers to physically enter personal information, instead tracking the ways they type. This means the tool can tell if automated technology or bots have typed in users’ passwords, for example, as the pattern or speed would differ significantly from consumers’ usual tendencies. Typing data is also more difficult to steal, since it is not stored the same way as facial or fingerprint data.”

Compliance After COVID

With the European Union (EU) and government agencies worldwide now handing out stiffer penalties for mishandling data, companies face important decisions. Fraud and data privacy can’t be managed manually, so making system choices now is unavoidable. It’s also smart.

“Regulators’ main focus is slowly shifting from how they can respond to COVID-19 to what those responses mean for data privacy standards in its aftermath,” the report states.

“Consumers in some countries may end up comfortable using mobile health apps in the long term, which could lead to privacy standards that are very different from those that emerge elsewhere. This would create additional discord on the global privacy stage, meaning financial and industry leaders in the APAC, EU and U.S. must carefully track current developments to better understand their potential trajectories.”



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.