Secure payment transactions: best practices for small business
Beware, cyber attacks! Warning, security breaches! And, oh, the sky is falling, too!
No doubt, you’ve heard the rhetoric. But, as Chicken Little in the well-known fable learned, if everything is a screaming alarm, people start to tune out. So, let’s talk calmly about payment security for small businesses in this ever-evolving world of commerce, in a world where technology, credit card transactions and compliance keep changing. It’s an essential topic.
First, here are some small business cyber security statistics that may shed a bit of light on the subject. According to the Cybersecurity Business Report, a survey of small businesses revealed that 55% of all respondents said their company had experienced a cyber attack or data breach in 2016. In addition, 43% of all cyber attacks targeted small business. Surprisingly, 32% of the small businesses didn’t know the root causes of the cyber attack or breach, and 51% were not planning to do anything to mitigate their risks.
What are the implications of the cyber security statistics?
Logically, we can draw some conclusions from these numbers. Most importantly, what do they mean for your day-to-day operations when it comes to securing debit and credit card payments?
a) Cyber threats are real. If more than half of all small businesses have experienced a data breach or a cyber attack, small businesses need to pay attention and take practical precautions. It’s vital to protect against payments fraud, too, where so many businesses are both vulnerable and liable.
b) Small businesses are targets. Maybe hackers think they’re easy targets. And, maybe they are. Larger companies may have more information to hack, but small business have fewer walls to break through and fewer best practices in place to prevent a breach. And, every small business has a lot to protect––not only credit and debit card data, but also customers’ email addresses, billing addresses and phone numbers.
c) If a good percentage of small business owners don’t know how a breach occurred, where do they begin to repair the weak spots in their systems? How can they secure credit card transactions? What best practices should be put in place? What software or hardware might be needed? All good questions to ask.
Now, we need some answers.
5 best practices for more secure payments:
Whether your business is online, in-store, on-the-go or all of the aforementioned, there are steps you can take to protect your business from hackers. A big part of it comes down to protecting your customers’ debit and credit card payment data, from the beginning to the end of the transaction.
1) Tokenization and Encryption
These two words are key in the world of payments security. Make sure your payments processor and all of your POS systems––including your mPOS devices––provide you with both of these advanced cyber security technologies.
How do they work?
Imagine if your credit card payment acceptance was set up so if a criminal did manage to get ahold of your systems, there would be nothing there for them to find. With encryption, the card data is manipulated so that each legible entry will only read as a string of incoherent characters if an unauthorized user manages to access it. With tokenization, the card data is safely stored by your payment processor, a much harder system to infiltrate than your store. More secure credit card payments allow you and your customers to feel better about every transaction.
2) Secure Online Payments
If customers have any suspicions about a website, they may not even want to give out their email address. Today’s customers are protective of all of their data––for good reason. They are particularly protective of their credit and debit card information. One breach can invite a surprise, and very costly, credit card bill.
So, how can you protect each and every credit card transaction without hiring a developer to rebuild your site?
Today’s build-your-own e-commerce websites often have options that offer built-in security systems. Secure payment gateways can also be used in conjunction with payment processing services to protect your online customers with layers of security for all kinds of payments.
3) Protect Computers
If you store your customers’ payment data on your own system, you could be extra vulnerable to cyber attacks. If not, there’s still a lot of customer information in your system that needs to be protected.
In the top ten list of the Small Business Administration’s cyber security tips, #1 is to protect each of your business computers from viruses, spyware and malicious code. They also recommend to have your systems update automatically.
Also, making sure you have a strong firewall in place is essential to securing data on a private network, says the Federal Communications Commission (FCC). If you have work-at-home employees, you should make sure their systems are also protected with a firewall.
4) Secure all mobile devices
It’s becoming more common all the time: your employees use mobile phones and tablets for work purposes––even for credit transactions when adapting a mobile device into a mobile point-of-sale (mPOS). Securing payment data on every mPOS is essential.
In addition, your employees should have strong passwords protecting each device, ones that must be changed frequently. It’s important that everyone on your team create strong, complex passwords that make it difficult for device thieves to obtain access to the information in the event that the mobile device is stolen.
5) Talk to your employees
Your security is only as strong as your weakest link, and oftentimes that link is an employee. If your employees are lax with security, customer data is at risk––plain and simple. Have a discussion with your employees, create rules, make them change passwords often on all computers and every device––often. Especially make sure they understand the importance of securing credit card payment information. Don’t assume they will protect your business without you mandating it.
Sure, even if you follow these and other payments security best practices, some threats will still remain. However, you will feel a lot calmer knowing you’ve put some protections in place.