This is a challenging time for UK businesses. Recent research from risk analysis firm Maplecroft painted a worrying picture, citing the UK as the country most at risk from a worsening Eurozone crisis. Its high level of interaction, and even dependence upon Eurozone countries, together with its stressed domestic economy, means it is positioned at the head of Maplecroft’s Eurozone exposure index.
In light of this, organisations must prepare themselves to not only survive the tense economic conditions by limiting their reliance on gap loans from banks to maintain business cash flow, but also seriously consider how they protect and manage customer data, because more than ever, a breach leading to loss of customer confidence, reputational damage or costly fines could prove fatal.
In the current economic environment the banks’ reluctance to lend is forcing businesses to better manage cash flow. There is a real need for solutions that help companies improve their cash flow.
Improving payment processes and automating the accounts receivable function is a simple way organisations can improve cash flow. Trader Classifieds (PBL) upgraded their payments processes to an online portal system that distributed the invoices. This offered customers an online payment page and automated the delivery of receipts; enabling PBL to reduce the number of days an invoice was overdue from 87 to 45.
This online portal system improved customer satisfaction, with complaints dropping from 300 a month to ten. The total outstanding payments as a percentage of total revenue fell from ten per cent to just one per cent. Bad debt collections dropped from $5,000 a month to a few hundred dollars and cash flow improved by 43 per cent. All this was achieved with 30 per cent less staff.
In this difficult time, companies that can better manage their cash flow like PBL will have an advantage over their competitors and will both reduce their reliance on credit from banks as well as instil a level of diligence which will increase their business case to the banks.
In addition to cash flow issues, businesses are faced with an increased threat of cybercrime as fraudsters and cyber criminals attack sites and companies for customer credit card data. A number of high profile breaches have increased the number of customers who are concerned about the loss of their personal data.
It is crucial for businesses to ask themselves whether they have taken the right precautions to protect their customers. Many UK businesses are aware of the need to improve their payments standards compliance, but don’t have a full grasp of the standards. At the same time, they are becoming quite aware of the dangers of mismanaging sensitive customer data and their exposure to security compromise.
Payment Cards Industry compliance applies to every organisation worldwide that stores, processes, or transmits cardholder information. The standard specifies 12 requirements for security technologies and business processes.
For example, all businesses dependent on processing customer payment information must have “risk rankings” and be able to demonstrate – not only their awareness of known vulnerabilities – but a process for ranking them against their own systems and software. With payments technology changing frequently and complex standards requirements evolving all the time, the issue can be confronting for businesses.
In 2011, Gartner issued its Retail Security & Compliance survey, which found that the costs associated with PCI security and compliance for merchants – excluding the cost of assessors – is an average of $1.7 million over 2.35 years. Over the same time period, tier one retailers spent an average of $2.1 million on PCI compliance, with tier two-to-four retailers spending an average of $1.1 million.
Although this sounds expensive and may result in a few businesses deciding not to become compliant, the business risks and ultimate costs of non-compliance far exceeds the cost of implementing these measures. Consider the cost of losing customer confidence, negative public exposure, potential industry fines, legal fees and potential decreases in share price.
Even businesses that are compliant must consider how they maintain the company’s level of compliance. Businesses must not only keep abreast of the changing requirements, but be aware of the burden of audits. Outsourcing the management of credit card numbers can be one way to ‘de-scope’ or reduce the lengthy audit processes a company faces.
This process of outsourcing can have multiple benefits for large organisations including: a reduction in the number of compliance requirements, easier audit preparation, reduced audit times, alleviating the pressure on internal resources required to manage compliance, cost savings and of course a reduction in risk.
I advise all businesses that handle customer credit card data to seek advice and understanding around the regulations. While many companies might think that their data is secure, the reality is often very different.
Take Sony as an example. In 2011 it was the victim of multiple breaches of confidential customer data worldwide. Hackers were able to access the payment details of over 77 million customers who had registered on the PS3 network and various Sony websites. The hackers used a common method of attack which, had Sony undergone a PCI audit and remediation program, would have been unsuccessful in their attempts with that particular technique.
The impact to Sony was significant. First there was a drop in share price, then the reputational damage to their business and customer reactions, and finally, the physical cost, which some analysts in the US have predicted at around US$1.5 billion. In this case there was not only a cost to Sony, but also to the credit card lenders, which some analysts predicted at around US$300 million. The question UK businesses must ask themselves during this turbulent economic time is ‘are we risking reputational damage at a time when consumers are more discerning than ever?