Accepting credit and debit cards in your brick-and-mortar environment—online and even at remote business locations using mobile payment technology—equips you to give customers the flexible payment options they’ve come to expect from larger retailers.
However, accepting the forms of payment that involve the transmission of sensitive financial data also demands that you take proactive measures to prevent the likelihood that payment data falls into the wrong hands.
Here are a few simple processes all small-business owners should follow to ensure they’re equipped to safely exchange payment data.
Choose Your Processing Partners Carefully
Nearly 60 percent of small-business owners surveyed by Travelers said they are concerned with cybersecurity. Therefore, it’s important take steps to prevent the likelihood of a breach by choosing your payment processing vendors carefully.
Though there is no shortage of payment processors competing for small-business customers, not all of them offer the same levels of security during payment processing.
In fact, The PCI Security Standards Council estimates that 63 percent of businesses that have had a security breach relied on a third-party vendor to provide such protection at the time of the incident.
Choose a payment processor that guarantees it follows Payment Card Industry (PCI) compliance standards—which change and evolve frequently—during transaction processing. For example, PCI compliance standards were updated this summer to include point-to-point encryption. This means that when PCI compliant payment processors transmit payment data, the customer’s identifiable card information is replaced with tokenized data that is essentially useless to a thief or malware that successfully intercepts the transaction.
Though PCI compliant payment processing doesn’t guarantee you won’t suffer a breach, it mitigates the likelihood of it, along with minimizing the possible repercussions your business could face if a breach occurs.
Related Article: PCI Compliance: What It Means to Your Digital Security
Keep Your Internal Systems Current
A PCI compliance payment processor will take steps to secure transactions by using the latest PCI compliant security features like point-to-point encryption and tokenization—but you must keep your business resources up to date, in tandem.
For example, if emails sent within your company contain sensitive information, the experts at Hartford Steam Boiler recommend using your encryption technology, too. (Likewise, educate your staff and customers that no sensitive payment information should be sent via non-encrypted email.)
Keep browsers up to date with the latest versions, and test regularly for configuration weakness. If you use older operating systems, upgrade.
As the PCI SSI points out, if you are using an older system like Windows XP—there is no longer support for security or patches to address vulnerabilities. Many of the newer operation system versions also include the security improvements designed to address the latest cybersecurity concerns, for optimal data protection.
Secure routers with strong passwords, and avoid using public Wi-Fi networks—especially when processing mobile payments at an off-site location. (Many mobile payment providers offer an “offline” transaction so you can collect the customer’s payment information, but delay processing until you can connect to a secure network.) Educate staff on the importance of keeping their passwords—especially on mobile devices that may be used to process payments—strong and secure, as well.
Accommodate EMV Smart Cards
Beginning October 2015, financial institutions and merchants that accept credit and debit cards are expected to have new EMV smart card terminals in place and ready for payment processing.
Those who do not could bear the financial responsibility of a data breach if it occurs. (The party involved in a breach found to have the lowest level of security will be found responsible for the damages that ensue.)
PCI compliant processing and EMV card technology work in tandem, for maximum transaction security. If you use one and not the other, you expose your customers—and your business—to undue risk.
Though your business may seem too small to be a target, cyberthieves consider anyone who accepts payment data “fair game.” In fact, The Hill reports a 48 percent increase in cyberattacks from 2013 to 2014.
By choosing your payment providers carefully and taking consistent measures to ensure your internal systems are as secure as possible, you’ll proactively work to ensure that you’re exchanging payment data in the safest means possible.