Acquirers: What’s Your Payment Technology Partner’s Track Record with Security?

Listen to this article

No one wants to be associated with a data breach, least of all an acquiring bank or payment processor. Still, the financial industry is too often finding itself a target. In fact, the 2023 State of Ransomware in Financial Services report noted that ransomware in the financial sector rose sharply, with nearly 64% hit last year. These threats highlight the urgent need for secure payment solutions and strong partnerships with trusted technology providers.

Where Threat Actors Find Vulnerabilities

Although acquirers work hard to build iron-clad cybersecurity in their IT ecosystem, they need to do more. It’s also critical to consider their partners’ payment technology. Attackers have been successful at gaining entrance to systems and stealing data by exploiting vulnerabilities in payment devices. The Register reported in 2022 that threat actors used two types of point of sale malware to infect payment terminals and steal data from more than 167,000 credit card accounts. A few years earlier, hackers deployed malware on a convenience store’s payment terminals on the counters and fuel pumps to steal credit card data, affecting about 34 million consumer accounts.

These incidents reinforce the importance of working with payment partners who deliver end-to-end secure payment solutions. Any weak link—from outdated software to poorly secured terminals—can lead to data compromise and brand damage.

How to Evaluate a Partner’s Payment Technology Security Posture

Choosing a payment technology partner that’s Payment Card Industry (PCI-certified) and committed to best practices in encryption, terminal protection, and application integrity is critical to enabling secure payments. It’s not just about device specs - it’s about the security strategy behind them, starting with verifying that the partner and its specific products are listed on PCI’s approved PIN Transaction Security (PTS) devices list.

Ingenico prioritizes a security-first approach with layered defenses, including cryptographic protections, remote key injection, and hardened Android-based platforms that support secure payment transactions from the ground up.

Tokenization also helps to protect cardholder data. It replaces readable cardholder information with a randomly generated code that merchants can use to “remember” customers' account information for their convenience when making future purchases. But it doesn’t put data at risk if a cybercriminal gains access to a merchant’s IT environment. A layered approach helps to protect data because if threat actors gain access to a system, they won’t find anything monetizable to steal or hold for ransom.

When evaluating a partner, acquirers should dig deeper than surface-level promises. Look for providers that not only meet compliance standards, but actively invest in innovation to deliver future-ready, secure payment environments.