5 tips to avoid high risk processing
Consumers expect to be able to pay for goods and services with their preferred payment type, and the ability to accept credit and debit cards as payment is critical to doing business. But processing payments can be risky. Every transaction initiates a complex process involving not only the merchant, but the bank, the acquirer, the payment processor, and potentially other players. Businesses that don't take the necessary security precautions could be vulnerable to a card data breach with devastating effects. What can you do to avoid high risk processing? Read on to find out.
1. Maintain PCI compliance
All merchants that accept credit cards must be in compliance with the Payment Card Industry Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process. Your payment processing partner and POS vendor are two excellent resources to turn to for assistance in the compliance process. Although PCI compliance is the current benchmark of payment security, it's a fast-evolving discipline. Look for a payment processor that offers comprehensive services to ensure your business is equipped to deal with current and future secure card processing protocols.
2. Use data encryption technology
Businesses should never store sensitive data, even if it is encrypted. For example, merchants should never store card numbers or card validation codes where hackers can access them later. However, it's possible for hackers to obtain this data in the transaction process before it is encrypted. To help avoid this situation, implement a point-to-point encryption solution that encrypts credit card information from the moment it enters the POS system all the way through the transaction. While encrypted data can still be stolen, it will be virtually useless to anyone who obtains it.
3. Use strong passwords
Many merchants utilize the preset passwords that come with their point-of-sale or credit card processing systems. These are easily compromised by clever hackers, so it's best practice to immediately reset existing passwords. A strong password is a merchant's first line of defense against an attack. Make passwords at least eight characters long and include a combination of numbers and symbols, and capital and lowercase letters. Don't use words that are found in the dictionary, or post your password on a sticky note in plain sight. It's also a good idea to change passwords frequently. In fact, PCI DSS standards require it.
4. Keep software and equipment updated
Many breaches occur simply because merchants fail to keep systems, like anti-virus software, up to date. It's important to download new patches when they become available. Replace payment processing technology that is old and out of date with newer versions. Best practices for security and equipment change frequently. Make sure you work with a vendor that updates their technology frequently and performs regular maintenance.
5. Upgrade to EMV-enabled technology
Europay, MasterCard and Visa standards have now replaced the magnetic strip card and reader as the go-to standard. Instead of a strip, new cards contain a chip that generates a unique transaction code each time the card owner uses it. EMV technology increases card data security mainly by making it virtually impossible to create counterfeit cards, and by requiring cardholder authentication that verifies that the card belongs to the person using it. The October EMV chargeback liability shift has officially passed, but many businesses are still using older technology, leaving them susceptible to fraud. It's important to note that while upgrading to EMV acceptance won't necessarily help merchants catch fraud, it will help prevent the fallout of a fraudulent transaction.
Avoiding high risk processing is the first step to gaining customer trust and running a successful business. It's worth the time and investment to address payment card industry compliance, keep your payments technology and related systems updated, and enlist a trusted processing partner to help ensure your business' data is safe and secure.