Episode 29 | Why information security is critical to every software business

11/14/23 • 12 min

Jack Tsigankov, Payrix Information Security Director, really knows how to put things in perspective when it comes to data and information security.

As our guest on this episode of the PayFAQ Embedded Payments podcast, he tells host Bob Butler that cyber threats and attacks are constantly happening across merchants and the financial industry. In 2022 alone, there were around 1,800 publicly reported data breaches, a 40% increase from 2021 and at an all-time high average cost of over $4,000,000.

“Data and information security are not just important, but absolutely critical for our partners in the payments industry,” he says. Staying vigilant and proactive and safeguarding sensitive information is imperative for all software companies with Embedded Payments.

The leading cause of data breaches often include human error, according to Tsigankov. To prevent them, it’s crucial to implement a multi-layered security approach, involving employee training and awareness programs, robust access controls, regularly software updates, strong encryption methods for databases and using applications, and continuous monitoring for suspicious activities.

He also recommends that security audits and penetration testing should be part of a software company’s robust information security policy as well as the top 10 security controls. In addition, he suggests using tools like Big Fix or Auto Mocks that help companies automatically push updates to end users’ machines.

With a company’s credibility, trust, and success on the line, the significance of information security cannot be overstated. “Follow the best industry practices. Pick one framework, like PCI DSS or NIST, and implement their best practices in your ecosystem. By sticking to those practices, you shouldn't have any data breaches or vulnerabilities in the future.”

Don’t miss this informative conversation to learn more about what you can do to protect your payments data and what Payrix does to help protect you.

Jack Tsigankov, Payrix Information Security Director, really knows how to put things in perspective when it comes to data and information security.

Don’t miss this informative conversation to learn more about what you can do to protect your payments data and what Payrix does to help protect you.

Previous Episode

Episode 28 | How to create your software company's payments roadmap

It’s easy to feel like a kid in a candy store when considering Embedded Payments for your software business. Before you know it, the enticing numbers, models, and spreadsheets can have you taking on more than you can chew.

The smart move is to take your time and be very thoughtful about your payments roadmap, according Greg Hatcher, Head of Payments at iClassPro and this week’s guest on the PayFAQ Embedded Payments podcast.

Listen in as he tells our host Bob Butler about iClassPro’s journey to becoming a PayFac®, from what drove their decision and the considerations that went into building their roadmap to how they got leadership on board and what set them up for success.

iClassPro is a class management software platform for gymnastics, cheer, and swim schools. Like many other platforms, the decision to “own more of the value chain” was based on improving their customer experience as well as the ability to grow its business with a new revenue stream.

“If you're a software platform, looking at building up payments, you've got to start by considering the pillars of what that even means and what it means to process payments. So, you have to think about onboarding, the act of processing and transacting, funding, reporting and risk management, and you really need to dig into each of those and identify what you want to own, and how deep that ownership will go, as well as what your partner will continue to own.”

So, before you get out in front of your skis, spend a few minutes listening to this week’s podcast to learn what it takes to nail the basics.

Want to learn more about iClassPro’s transformation? Click here

Next Episode

Episode 30 | The world of PayFac Part 1

The world of payment facilitation is an exciting place for software companies who want to become PayFac® developers. In this first part of a two-part conversation on the PayFAQ Embedded Payments podcast, Richard Drake, Senior Strategic Partner Manager at FIS, along with host Bob Butler, provide a look inside “PayFac land” and how Worldpay for Platforms has become the one-stop shop for software companies wherever they are on their payments journey.

“We've been offering the payment facilitator model since 2010, but we never had the ability between referral and full-blown payment facilitator. And we now have that with the Payrix acquisition,” he says. The in-between model is a key entry point into payment facilitation for software companies, because it offers attractive benefits and infrastructure support without a lot of the risk.

Drake explains that while everybody wants to be a full-blown PayFac to own the payments relationship and experience, you have to be ready to do it. “First of all, you’ve got to have a decent payments volume. If you don't have enough volume to generate the revenue to offset the costs of being a payment facilitator, then it doesn't make a lot of sense.”

He also says you need an experienced payments risk manager to onboard submerchants as well as a support infrastructure to answer questions about chargebacks, settlements, and billing. “When you're a payment facilitator, while we're on the back end, while we’re the engine, submerchants really have no idea who we are, because the payment facilitator is providing the infrastructure, the support, and has the relationship with the submerchant.”

It sounds like a big responsibility because it is. According to Drake, the reality is payments is hard, and being a PayFac is payments on steroids. Having someone who knows all the pitfalls and can help guide you toward better decisions is invaluable to your success. “We were a pioneer in building out this product and have the best and the most superior support team in the industry. You get all that knowledge at your beck and call, ready to go.”

So, take a listen and breathe a shy of relief. Then watch for part two of the conversation coming soon!