To build trust, payment providers need to ensure they are compliant and follow standards

By Thabiso Serake: Information Security Officer at Pay@

October is Cyber Security Awareness month and is observed globally to help individuals protect themselves online as threats to technology and confidential data become more common. Former South African finance minister Tito Mboweni recently made headlines when his bank account was hacked, and a large sum of money was stolenfrom him. Earlier this year, pharmacy retail giant Dis-Chem fell victim to a cyber-attack, resulting in data of over 3.6 million South Africans being compromised2.

This goes to show that South Africans need to be more vigilant when protecting their data on the internet and organisations must take into consideration all types of security measures to keep everyone protected.

Cyber-attacks on organisations such as financial institutions impact more than just money. It’s a breach of the required compliance and diminishes trust amongst consumers.

An IBM Report3 notes that financial service providers are the most targeted by criminals. While fintech firms do not have to adhere to as rigorous regulations as their legacy banking counterparts, they still must take their security seriously.

As our way of life has evolved in the digital space with more people working, connecting and transacting online, so too has our vulnerability to cybercrime increased.

Financial service providers, therefore, have an obligation to protect their customers’ data, in addition to their money and ensure trust.

At Pay@, in order to ensure data protection and the security of our payments, we are doing our very best to comply with security standards by partnering with organisations that we trust and are trusted by the financial services environment.

Here in South Africa, data security falls under the Protection of Personal Information Act4 (PoPIA). In July 2021, the implementation of the most critical provisions of PoPIA was enforced. This legislation promotes the protection of personal data processed by public and private bodies.

It outlines the rights of data subjects, regulates the cross-border flow of personal data, and introduces mandatory data breach reporting and notification obligations. It also has the power to levy penalties for breaking the law. The safeguarding condition in the PoPIA dictates that a person must guarantee the confidentiality of personal data. It requires this to prevent loss, damage, or unauthorised access or destruction of personal data.

As we work with hundreds of bill issuers and the widest range of payment collection networks in SA to process millions of payments, we continue to focus on our security environment to build trust in the process. We do this, in addition to complying with standards, by using modified and secured Application Programming Interface, better known as APIs. An API is a software intermediary that allows two applications to talk to each other.

For example, when you use an application on your mobile phone, the application connects to the internet and sends data to a server. The server then retrieves that data, interprets it, performs the necessary actions, and sends it back to your phone. The application then interprets that data and presents you with the information you wanted in a readable way.

This way, we keep communication between bill issuers and payment networks open and clear. We have this mechanism that allows the biller to see the amount that is being paid before it is authenticated, and this has resulted in a very low error rate. For over five million transactions per month, we have seen an average of 35 errors. When errors do occur, we work closely with billers and networks to correct transactions – putting the customer first.

To achieve this, we look to the Confidentiality, Integrity and Availability model, better known as CIA. It is a model that has been designed to guide policies for information security within an organisation.

In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people.

We put a big focus on this by ensuring that the funds are paid into the correct account. We do not share data without permission and by doing so, we safeguard the data.

We also have a look at any issues that occur and look best at ways to resolve them to maintain our relationship with billers and retailers.

There are several requirements that I would advise other organisations to ensure trust between all parties involved.

It’s very difficult to complete a sentence without talking about standards. Standards are there to safeguard and protect you. Firstly, you must ensure that consumers are making use of legitimate payment channels. There are platforms out there that are trying to sell goods that do not comply with standards.

Furthermore, Pay@ makes use of partners that are trusted and protected and that make secure payments. We avoid using intermediaries as there may be delays or hidden service charges. It is always safest to follow standard best practices in the environment – this maintains financial service providers to keep competing in a healthy environment. Above all, look out for well-known, reputable, safe, and secure service providers

For consumers, it’s advisable to make use of a payments company that has a good relationship with its trusted partners. Look for companies that put your protection first by ensuring that they are compliant without the risk of your funds being compromised.

Look for a payment partner that not only delivers a service but also offers support in case anything goes wrong. There’s nothing worse than making a payment and the funds get lost in the pipeline and there’s no support team to provide you with assistance.

Cybercrime has grown exceptionally over the years and if financial institutions, payment networks and organisations alike want to maintain consumer trust, then they must ensure they are compliant in all aspects of their payments processes.

About Pay@

Established in 2007, Pay@ is one of Southern Africa’s leading payment solutions providers and is trusted by prominent South African organisations to optimise their billing and payment processes. Pay@ is in the business of providing payments experiences, offering a capability that allows a client to accept payment from their customers through relevant, simple, secure and reliable payment journeys. The company offers consumers a growing variety of secure, innovative and convenient bill presentment and payment platforms. Its robust system ensures highly efficient processing, with unallocated payments being eliminated and proven transaction success rates of more than 99.996%.

For more information about Pay@, go to