Secure international payments: how to check your provider’s security credentials
When sending your hard-earned money overseas, you're entrusting the safety of your funds to your international payments provider - so make sure you choose the best one from a security perspective.
Convenience can lead to complacency when making secure international payments online. The ability to open an account in minutes and make transfers at the touch of a button often overshadows the need to check your payment provider’s security credentials. Simply assuming they’re regulated and have robust processes in place will leave your finances and data exposed to nefarious activity.
To avoid this unwanted scenario, answer the following questions when choosing an international payment provider – it won’t take long, and it could save you a huge headache in the future.
Are they FCA authorised?
Fortunately, no one can start providing international payment services overnight. Any business entering the market must obtain the relevant regulatory authorisation first, so they can guarantee that their customer’s money has a certain level of protection.
The Financial Conduct Authority (FCA) regulates financial services firms and financial markets in the UK – to protect customers, increase market integrity and promote healthy competition. All UK-based firms that handle international money transfers should be authorised by the FCA, to ensure their conduct is monitored and controlled.
An FCA authorised firm must safeguard your money by keeping it separate from company funds in segregated client accounts. This ensures that if the firm goes bust your money has a level of protection.
Are they registered with HMRC under the Money Laundering Regulations?
Any business that “transmits money, or any representation of money” must register with Her Majesty's Revenue and Customs (HMRC) under the Money Laundering Regulations. Under HMRC supervision for anti-money laundering purposes, businesses are subject to fit and proper approval requirements, as well as annual audits. These provisions examine whether a business’s beneficial owners and senior management are appropriate people to undertake those roles. They must pass the relevant test before the business can register, and remain registered, with HMRC.
Do they conduct the necessary KYC checks?
Any business that’s covered by the Money Laundering Regulations must meet certain day-to-day responsibilities. These include implementing customer due diligence measures to check that the people they transact with are who they say they are and risk assessing them. Referred to as Know Your Customer (KYC) checks, they help protect against fraud, money laundering, bribery, human rights violations and other forms of corruption and crime.
These KYC checks require your payment provider to obtain a customer’s:
· Name
· Photograph on an official document which confirms their identity
· Residential address and date of birth
They are also responsible for knowing each customer's financial situation. They achieve this by exploring and gathering crucial information:
· Age
· Other investments
· Tax status
· Financial needs
· Investment experience
· Investment time horizon
· Liquidity needs
· Risk tolerance.
Do they offer SSL payments?
Cybersecurity should be a consideration for anyone making online payments amid the proliferation of attacks targeting people transacting online.
Provide a valuable layer of protection by ensuring your international payment provider offers Secure Sockets Layer (SSL) payments. SSL is a protocol that encrypts transactions between a client application (a browser) and the provider’s platform. SSL prevents sensitive data, such as credit card details, from being compromised by making them private and confidential over the internet.
Do they fulfil their GDPR obligations?
Data protection covers the fair and proper use of information about people. It’s about recognising their right to have control over their own identity and their interactions with others. By maintaining this fundamental right to privacy, it’s possible to build trust between people and organisations.
The UK data protection regime is set out in the Data Protection Act (DPA) 2018 and the EU’s General Data Protection Regulation (GDPR) – which forms part of UK law through the DPA. All international payment providers must comply with the legislation because they process personal data.
Read their privacy policy
All reputable international payment providers will have a privacy policy on their website. This explains how they collect, use, share and transfer your personal data when you use their services.
Transferring your money online might be simple, but is it secure? And have you considered whether your data is protected when you do so? Make sure the answer to both questions is yes by ensuring your international payment provider is complies with relevant regulations and takes cybersecurity seriously.