3 data security elements every payment processor should provide
If your small business is collecting customer data for back-end analytics use, it's critical that you prioritize security. In the local merchant landscape, customer retention is a primary driver of business. But you can't create a positive customer experience if consumers are worried that their sensitive information is at risk.
According to customer service software company Get Satisfaction, 71 percent of consumers have ended their relationship with a business because of poor customer service. Another 6 in 10 customers take their business to a company's competitor once they severe ties in a business relationship. If you're wondering what drives clients away from a small business, poor customer service - which includes a lack of data security - is right at the top of the list.
Safeguarding sensitive customer data should be a number one priority for your business going forward, especially at the point of sale. Small businesses rely heavily on POS transactions to generate bottom-line revenue. Keeping that in mind, here are three data security elements to be aware of when partnering with a payment processor:
- PCI compliance: The Payments Card Industry Security Standards Council was created to make sure processors and their business partners comply with stringent and modern-day security measures with regard to data protection. Since technology is always changing, industry stakeholders are working to help companies reduce fraud occurrences and continue to serve their customers safely and responsibly. These guidelines exist to ensure that all parties involved in a transaction are complying with industry best practices and keeping consumer information safe.
- EMV-capable POS terminals: The payments card industry is rolling out new guidelines on Oct. 1, 2015, meaning there may be a liability shift in the event of a data breach. The parties involved during a transaction - merchants, payment processors and the card providers - are all responsible for protecting customer information during a sale. However, if merchants don't upgrade their POS systems to comply with the new EMV guidelines by fall, they can be held accountable for financial damages incurred with fraud.
- Tokenization and P2P encryption: In addition to adding EMV-capable terminals to your payment infrastructure, your business should also add tokenization to the transaction process if your business does recurring billing. Tokenization assigns credit card numbers a valueless token, rendering the data useless if a breach occurs. In addition to tokenization, small-business owners should also inquire about point-to-point encryption. P2P encryption encrypts the data at the point of swipe and protects the sensitive information while it’s in flight throughout the payment transaction.