Find secure merchant payment solutions for retail
It's no secret that sophisticated data security threats make today’s retail businesses nervous – especially when they're considering adoption of new merchant payment solutions. If big brands can get hacked, how are smaller companies supposed to protect their customers' data? Small and medium-sized businesses are smart to think about the real security threats they face every day. Here are a few tips on what to look for when choosing a provider with top-notch security – and picking better security practices of your own.
Starting at the beginning is important. All card-accepting businesses have obligations under PCI DSS, or the Payment Card Industry Data Security Standard. This is a very important standard to which all qualified merchant service providers must adhere. PCI DSS details the minimal best practices for accepting, storing and using financial data from your company and your customers. Both merchants and merchant payment solution providers are covered by the standards.
Consider choosing a merchant payment solutions provider that offers your business the tools and processes for attaining and maintaining PCI compliance. Just because your business is smaller, don’t make the mistake of thinking you can avoid PCI compliance. Make sure you understand what PCI compliance assistance programs are available directly through your merchant payment solutions.
Chip cards and EMV
Another common pass/fail test for service providers is whether or not they offer you chip card (EMV) readiness, which include payment devices or terminals ready to read chip cards. Much has been written about whether or not chip card readiness is a requirement of smaller businesses. Let's look at some of the realities.
There is no absolute EMV mandate. You can continue to have customers swipe cards as they always have. That said, effective October 1, 2015, if a charge made with you is later disputed as a fraudulent charge, you could be left holding the bag. The so-called fraud liability shift that went into effect pushes responsibility for fraudulent charges away from the card issuing banks (who've typically borne the liability) and toward the merchant business (you) that accepted a fraudulent card.
Partnering with a merchant service provider that will help your business transition to EMV acceptance is important because a customer using a fraudulent or unauthorized card at your business means you could be held liable. EMV chip card acceptance is closely connected to PCI compliance (as EMV chip readers have finally become a common requirement in U.S. retail), but it's an easier metric for external companies to apply during their search for a payments processor. Are there EMV chip readers? Does my service account provider offer any information on EMV that I can use in my business? While EMV doesn't offer 100% security, these questions ensure that the provider has stayed up-to-date on the technology and is committed to helping merchants protect themselves against fraud.
Data Collection and end-to-end security
While PCI compliance and EMV chip readers are good signs that a merchant service provider cares about security, it's only the start. Examine their data collection policies and how they handle end-to-end security. Ask the following questions:
- What sort of customized security options do they offer for your business?
- If you want to encrypt card data the moment it enters your POS system, can the provider offer you an ideal solution?
- What are their own data collection policies?
Qualified account service providers offer multiple merchant payment solutions for upgrading data security, and have a robust data security policy of their own that minimizes how much sensitive data is transmitted and silos sensitive data to minimize the risks of hacking.
Secure online processing
If your retail business has an online component, then you should also examine online payment options to make sure this aspect of your payments processing is secure. A secure internet portal is vital for safe management of online payments. Options such as eChecks also provide a safer payment option, particularly for B2B sales. If you're worried about the collection and storage of online card information – and how it relates to overall CRM – find a service provider that can walk you through the process and offer advice on the safeguards you should be using. Solutions such as tokenization are often extremely valuable to businesses conducting a heavy volume of online payments, particularly if card data is used repeatedly for monthly or periodic payments. Tokenization helps protect card data while it's at rest, i.e. being stored for future use.
You may have noticed the common theme for most of these important security points: Knowing and recommending best practices, as well as providing the necessary devices to maintain those best practices. Ultimately, that's what you need to look for in a provider: one that consistently understands current best practices, stays on top of them and engages in discussions concerning your workplace, employee data access and the latest methods of data management on both sides of the relationship.