Digital payments have been projected to reach over US$15.41-billion in 2023, reflecting the reality that these payments have become an essential part of our daily lives. From shopping online to paying for services, we rely on the security of digital payment systems to keep our information safe and secure.
During the pandemic, reports found that one in four customers experienced some form of fraud. In light of this, digital payments have had to evolve, improve, and comply with every iteration of developing technologies, changing customer demands, and regulators to protect users. As such, from 2020 to 2021, digital banking fraud incidents decreased by 18%, overall the biggest decline came from mobile banking fraud.
Ozow takes pride in the security of our platforms' ability to protect our merchants and consumers. From a regulatory perspective, we go to every length possible to guarantee our compliance with regulations. Ozow is a Systems Operator (SO) and a licensed Third-Party Payments Provider (TPPP). We’re also a member of the Payments Association of South Africa (PASA). These measures ensure security, but we go above and beyond to make our systems even more secure.
Compliance with industry regulations
Ozow is compliant with industry regulations such as the Protection of Personal Information (POPI) Act and the Financial Intelligence Centre Act (FICA). Compliance with these regulations ensures that we operate within the legal framework and that our users' data is protected according to industry standards.
The POPI act provides a framework for the lawful processing of personal information and gives individuals the right to access and correct their personal information. This ensures our user data is protected.
FICA is another regulation that we comply with. FICA is designed to combat financial crime, such as money laundering and the financing of terrorism. This act aims to deter financial crime and promote the integrity of the financial system.
Along with these two acts we also comply with the Payment Card Industry Data Security Standard (PCI DSS), an international security standard for credit card data protection. Because we cover all bases, even when we don’t have to.
Compliance cannot be overlooked and involves a lot of moving parts that work together to form the secure payment solution that millions of South Africans have come to expect.
PCI DSS Compliance
Firstly, one of the elements that hold our security protocols to the highest standards is that we’re PCI DSS Level 1 compliant.
PCI DSS is a set of security standards that are designed to ensure that companies that accept, process, store, or transmit credit card information maintain a secure environment. Consumer, merchant, and transaction data are fully encrypted. We store the minimum amount of information required for compliance purposes.
Compliance with these standards demonstrates that Ozow takes data security seriously and has implemented extensive measures to protect our users' data. We’ve gone to this effort to ensure our customers have the utmost confidence in our systems, even though we do not process credit cards through our platform.
Encryption at every step
We understand that consumers want their data to be safe from harm, and from the sight of those who would misuse it. So when customers start a transaction, their credentials are encrypted and passed securely to the bank, after which the system discards them. Customer transactions are logically isolated from each other, and inherit the intrinsic security mechanisms of internet banking.
Multi-factor authentication (MFA) is an essential step of the process. This information gets sent outside of Ozow by the consumer's bank. Then approved in-app, over Unstructured Supplementary Service Data (USSD, a form of secure data transfer), or in the form of a one-time pin.
Storing data
Ozow uses Amazon Web Services (AWS) for hosting and utilises many of the best-in-class security systems available.
We continuously scan our infrastructure for vulnerabilities, perform network monitoring and intrusion detection, and utilise Web Application Firewall (WAF) and distributed denial of service (DDoS) tools to detect and prevent common exploits and attacks. Each compute instance comes equipped with:
- Anti-virus
- Anti-malware
- Intrusion detection software
Ozow has formal patch management processes (both physical and virtual) in place using AWS Systems Manager.
Riaan Hanekom, Ozow’s Chief Technical Officer, has this to say about our security measures: “Security is always a moving target. Ongoing improvement is essential. In addition to our scheduled and required PCI-DSS penetration testing and security scanning, we’ve partnered with F-Secure, a leading security company, to perform regular penetration testing of its platform and products.”
He added that: “We secure access to the Ozow platform via VPN, strong password authentication, and MFA. Ozow completely segregates testing environments from production environments and reviews any access to systems and components regularly. All actions by users get logged and audited.”
Fraud detection
Ozow has implemented advanced fraud detection measures to prevent fraudulent transactions. These measures include:
- Real-time monitoring of transactions
- Analysis of user behaviour
- The use of machine learning algorithms to detect patterns of fraudulent activity
By detecting and preventing fraudulent transactions early, Ozow protects its users from financial loss and maintains the integrity of its payment system.
Data Privacy
According to the Global Consumer State of Mind Report from 2021, 76% of users believe companies must do more to protect their data online.
That’s why we’re committed to protecting our users' privacy. Ozow’s privacy policy outlines how we collect, use, and protect users' personal information. We ensure our users have full control over the entirety of their data and we provide extensive options for them to manage their data privacy preferences however they wish.
Online payments are a crucial part of our daily lives, and it's essential that we can trust the systems we use to make these payments. We implement a wide range of security measures that ensure our payment system is safe and secure for its users. By prioritising security and data privacy, we make online payments safer and more reliable for our users.
