Accepting Credit Cards: Securities for the Non-EMV Merchant
If you are accepting credit cards in your store but have not yet switched to an EMV card accepting terminal, it is wise to consider making the switch. Currently, thieves most often target small businesses because their payment processes are the most likely to be out of date and not caught up with the newest and most secure technologies. What's more, after October 1, 2015, liability for fraud at the point-of-sale is shifting away from the major credit card company issuing brands and institutions (MasterCard, Visa, etc.) and back in the direction of businesses that accept fraudulent transactions. This is because liability is shifting to the least secure party in the payment chain; which could be your business if you’re not accepting EMV. EMV chip cards offer a significantly better technology to combat fraud.
However, if you are not quite ready to make the switch, or perhaps you work solely online, you can still take measures to minimize the risk of fraud. It would be wise to at least consider the following tactics if you're going to continue accepting credit cards. It's important to note that as with the experience in Europe, it's expected that more fraud will find its way into online payments, so-called card not present transactions, because a physical chip card is not used in the transaction. This makes it easier to pass off fraudulent or stolen card information.
Monitor Your Equipment
Skimmers are small devices that can easily infiltrate a swipe machine, especially if your equipment is outdoors (e.g., a gas station credit card swiper). Again, the technology used to steal customer information evolves quickly and regularly becomes more advanced, so it gets easier to plant and is nearly indistinguishable from legitimate machines. Use cameras and stay vigilant when you're at work so you can catch someone in the act. If you aren't able to do this, you may not notice a physical trap until it's too late. You'll need to be careful not just with all of your customers but also with your employees. There are plenty of opportunists who will quickly notice if you're not cautious with what's happening to your machines. This is a common way data is stolen if you have a physical location. Be sure to remain vigilant with your card accepting equipment to minimize fraud risk.
Encryption and Tokenization
Knowing your business inside and out is already a large task, so letting those who know payment services and security handle your data may be the wisest route. Find out if your payment provider and your terminal can process transactions with point-to-point encryption, which essentially scrambles card data to render it useless if it's caught by thieves in the process of transmittal. For online payments, the equivalent is Tokenization.
Firewalls, anti-virus software, specific fraud detection and protection, and card data security technology aren't just for techies. Every business needs to be knowledgeable about security measures or at the very least be willing to put their trust in payment providers and the ones that do know. This applies not only to in-store technology, but to technology used to run websites and online payments. So consider how your business operates and where and how your customers pay for purchases to make the best decisions.
Because every merchant has their own priorities between meeting customer needs both in person or over the web, you will want someone who can understand what it means to customize solutions. Staying secure when accepting credit cards should be a high priority in your decision. You most likely won't need every feature available so consulting with a trusted source means you can focus your time wisely when implementing new payment processes.
Run an online store or just haven't switched over to an EMV terminal yet? Partner with Vantiv and learn the ways you can protect data even without the latest technology.