The digital payments ecosystem has been burgeoning in major parts of the world and the COVID-19 pandemic could be a defining moment for the thriving fintech ecosystem. Across the world, there is a significant upsurge in e-payments due to the pandemic. Utility consumers are opting for the best-suited payment methods like one-time pay, auto-pay, etc. to pay their bills when they’re due.
Consumers have the flexibility of paying the bills directly on the utility company’s website or the service provider’s (SP) website. The service provider that acts as the facilitator for the bill payment should comply with PCI DSS (Payment Card Industry Data Security Standard). This compliance is essential to minimize (or avoid) the probability of data breaches and credit card frauds.
What does PCI compliance mean and how does it impact the utility consumer’s journey on the SP’s platform? All this and much more in this introductory blog on ‘online payments’ through the lens of a utility consumer.
What is Online Bill Payment
Online bill payment is a service that lets consumers pay their bills using the electronic medium. The emergence of service providers has more or less eliminated the need for consumers to visit the utility provider’s website for payments.
Most service providers provide the facility to pay bills for utilities like gas, electricity, etc. under one roof. This avoids the headache of maintaining umpteen accounts on different websites!
However, consumers need to enter their utility account details so that the service provider can fetch the bills and provide a mechanism through which the payment can be done.
Different Bill Payment Types
All service providers offer flexibility to the users (or consumers) whereby they can choose to do a payment with/without setting up an account on their platform. It is like doing a payment like a Guest on their site, hence called ‘Guest Pay’. There are other options where the user can select a recurring or one-time payment after the requisite details (about the biller) are entered on the site.
Here are some of the common options provided by service providers for facilitating online utility bill payment:
- One-time Payment – As the name indicates, this is a payment option that is issued for a single time. A classic example of a one-time payment is consumer ‘A’ paying the bill for consumer ‘B’.
Since this payment is a one-time activity for consumer ‘A’, there is no need to save the biller information in the back-end.
- Guest Payment – The user is not required to login to the service provider’s website for making a payment. However, the user has to enter either a mobile number or email address so that a notification about payment status can be sent to the user.
- Quick Pay – In this case, the user would have earlier entered details about the biller on the service provider’s website. The user has also authorized the service provider ‘saving of the preferred payment method’ (i.e. Credit Card, Debit Card, etc.) to expedite future payments on the site.
A merchant, acquirer, or service provider that can process, transmit or store debit (or credit) card data has to follow the necessary procedures outlined by PCI DSS. Since the user has authorized the service provider to store the desired payment method, a unique tokenized payment link is emailed by the service provider for future utility payments.
The user can pay the bill through this link using a one-click payment method. Quick pay is the most hassle-free and super-quick way of paying utility payments.
- Automatic Payment – If you are in awe of automated processes, automatic online bill payment should suit your needs. Automatic bill payment facilitates one-time or recurring payments in an organized manner through the service provider.
As the bill payment does not require any intervention from your side, you need to authorize the service provider to complete the payment using the preferred payment method. Automatic online bill payment is preferred for automating recurring bill payments, as you no longer have to remember the due dates of numerous utility bills!
- Future Payments – With this option, consumers can schedule payments at a later date. This particular payment mechanism is useful when the bill due date is not in the near future but you still intend to set-up a payment method in advance, so that you do not forget it at a later stage.
With an exponential increase in online frauds, consumers have to be vigilant and make utility payments on websites that have PCI DSS compliance. Let’s have a look at the nitty-gritty of PCI DSS compliance:
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a unified globally accepted policy aimed to protect debit, credit, and cash card transactions. The PCI Security Standards Council was established in 2004 by top major international card payment brands like AMEX (American Express), VISA, MasterCard, JCB, and Discover.
Only merchants, acquirers, service providers, and sellers that have compliance with PCI DSS are authorized to accept, process, store, and transmit customer information (and card data) during online transactions. Being PCI DSS compliant means that the information systems, payment applications are secured in real-time. This is over and above the protection of the cardholder’s data (or information).
PCI DSS has been playing a pivotal role in strengthening the global digital payments industry.
Different Levels of PCI DSS Compliance
The number of card transactions being processed on an annual basis largely depends on the customer base of the business. The larger the customer base, more are the chances of intruders trying to exploit vulnerabilities on the platform.
Hence PCI DSS compliance has four levels that are based on the number of card transactions processed by the business in a year. Here are the four different levels of PCI DSS compliance to enhance a user’s confidence in using online transactions over a secure connection:
- Level 4 – Businesses or merchants that transact (i.e. card transactions) less than 20K transactions/year are eligible for level 4 PCI DSS compliance.
- Level 3 – Businesses or merchants that transact (i.e. card transactions) 20K to 1 million transactions/year are eligible for level 3 PCI DSS compliance.
- Level 2 – Businesses or merchants that handle (or process) 1 million to 6 million card transactions annually have eligibility for level 2 PCI DSS compliance.
- Level 1 – Businesses or merchants that process more than 6 million online transactions on an annual basis are eligible for level 1 PCI DSS compliance.
Recently, Tekgeminus developed web client and interfaces for connecting the online payment modules of the self-service web portal of a utility company in North America to a PCI DSS compliant payment vendor. This way, a utility customer does not expose his confidential information regarding his payment methods to the utility company. PCI DSS compliant payment vendor makes utility payments seamlessly
Provided integration of various payment method types for the following ways to pay online:
- AutoPay – Enroll once and relax. Payments will be made automatically out of the chosen payment methods
- Onetime Pay – Pay bill with one or multiple of the saved payment methods in the secured payment wallet
- Pay Multiple Bills – Pay one or more bills in one shot using payment methods saved in the PCI compliant payment wallet
- Quick Pay – Pay using primary payment method saved in the payment wallet quickly by clicking a link on the paperless bill
- Guest Pay – Pay using any payment method online without logging into the utility site