Protect your business with merchant account services that provide secure payments
With all the news headlines reporting large-scale payment data breaches, it's apparent that accepting credit cards can be risky business. However, there are a number of steps you can take to make sure your business is protected as much as possible.
Accepting EMV chip cards
EMV chip credit and debit cards look like their traditional magnetic stripe counterparts, but are embedded with a computer chip. This computer chip generates unique payment data for each and every transaction, so if a hacker intercepts the transaction data, it can’t be used successfully in subsequent transactions.
EMV chip card payment technology has been commonplace in other countries for many years but is new to the U.S. The use of EMV chip cards has had a great impact on the reduction of card-present fraud in the countries where it's employed. During this same time, card-present fraud in the U.S. has risen because we have still been using outdated magnetic stripe card technology. In order to come in line with this new global payment standard, the U.S. needed to adopt EMV technology. The official start date of the U.S. implementation of EMV technology was October 1, 2015. Many merchants (and financial institutions) are still lagging behind when it comes to having the necessary components in place to make sure this technology is fully implemented.
Now is the time to make sure your business has upgraded all of its payment terminals to be able to accept EMV chip cards. If you haven’t done so, and certain types of fraud occur at one of your locations, your business could be held financially and legally liable for the fraud-related losses. Take this important step to secure your business systems—not to mention your brand and reputation—against a fraud attack.
Making sure your networks are secure
No matter your business size, you need to take the time to make sure all of your business networks are secure—including all networks that handle and transmit processing data. If you have an IT specialist in-house, they should work with your payments processor to make sure your networks are all secure. Or, if you’re a small business without dedicated in-house support, call upon the services of an IT firm that specializes in data security for small merchant businesses.
Here are some basic ways to make sure your networks are secure:
- You should make sure firewalls are implemented and operational at all times.
- You should make sure all computers and terminals on your networks are equipped with anti-virus software, and install updates regularly.
- You should make sure to regularly test your systems for vulnerabilities, so that they can be corrected before a hacker discovers them.
Use the above tips as a starting point, but it’s important you work closely with an IT specialist with experience in securing processing systems to help protect your systems.
Making data security a top priority
You—as well as your payments processor—must make data security a top priority at all times to ensure you are processing electronic payments securely. Here are a few of the technologies that today’s top processors offer to help protect your and your customers’ sensitive data:
- Encryption. This technology protects sensitive data as it travels across the network during the course of the transaction. Instead of transmitting plain text containing sensitive data such as the card number, this technology encrypts the data while it is in transit. In this way, if a fraudster intercepts the data at any point in the transaction process, the data will be useless since it is not the actual sensitive payment data. The data is not decrypted until it reaches the final destination (often the acquiring bank) for settlement.
- Tokenization. This technology also protects sensitive data so that, if intercepted, it is useless to hackers. Instead of using true data, this technology replaces the card number with a “token.” Only the token is transmitted across the network to complete the transaction, rather than the true payment data. In this way, if a hacker gets his hands on the payment data he will only have a token—useless when he attempts to authorize a fraudulent transaction. Tokenization protects data at rest and is especially useful for recurring payments.
- EMV chip cards. As discussed above, EMV chip cards help prevent fraud by generating unique payment data for each transaction. It's important to note that EMV technology helps to reduce card-present fraud but does not protect against card-no-present fraud, such as online transactions. As with encryption and tokenization, stolen EMV transaction data cannot be used to successfully initiate subsequent transactions.
Processors, the card networks and other players in the payments industry are constantly working on developing new technology that protects sensitive data. Speak with your payment processor to see what other data security measures they offer that would be helpful to your business type and systems.
Making sure your physical security is up to snuff
You might spend a lot of time and effort securing your computers, systems and networks—but are your employees trained on how to implement security in their day-to-day tasks? Here are some ways you can help secure payments at your business with physical security:
- Regularly inspect your POS terminals, card readers and PIN pads to ensure they have not been tampered with. Devices such as card skimmers can be easily attached to these devices to enable fraudsters to capture valuable payments data.
- Train your front-line staff to never write down full card numbers and related sensitive data, for any reason. Don’t risk leaving such information in plain view of the public. When it comes to your back-office staff, make sure they avoid printing reports with full card numbers, for example, except with absolutely necessary for their job task. And then, require that they immediately shred and destroy the document.
- Teach your staff the tell-tale signs of fraudulent cards. Here are some indicators to watch out for:
- Font of the printed card number that is not lined up or unevenly printed
- Magnetic stripe that appears to have been purposely damaged, forcing your associate to key enter the card number
- No signature on the back of the card – always require your associates to check for photo identification before running a payment card
Use the guidelines above to help protect your business with a merchant account that provides you with secure payments. Nothing is more important to the growth and success of your business that protecting your reputation and brand through secure credit card processing.