Is your payment service provider protecting you? Find out!
Whether your business accepts credit cards online, in person or a combination of these, you need to know that your payment service provider has your back. If you underestimate the importance of protecting your customers’ sensitive data, you risk costing your company thousands of dollars and its reputation among consumers.
Here are some key ways that a payment service provider can help protect the credit card transactions that you run in-store.
- Encryption. Encryption is used to translate plain text sensitive data into an encrypted code before it is sent across the network for processing. This way, if fraudsters intercept the data it will not be useful. You may choose to encrypt the data itself, the transmission path along the processing network or both depending on the solution.
- Tokenization. Tokenization is the process by which real credit card data is replaced with a “token”—also known as an alias—to be used throughout the transaction process. When tokenization is used, the real card data is saved (in case it’s needed in the future for a return or void, for example) in a highly secure server that is completely separate from the rest of the payments system. However, in most cases, this real information never needs to be retrieved and thus remains in that server. It’s important to note that, with tokenization in place, you can limit your employees’ view of sensitive data so that certain employees only have access to tokens rather than full card number view. For many cashiers who only ever process initial transactions—versus managers who may sometimes ring returns—seeing tokens in your payments system will be enough information to complete their daily job tasks. In this way, you are protecting not only your customers’ sensitive data but also the liability of your individual employees.
- EMV chip cards. By now you’ve surely heard about the introduction of EMV chip cards to the United States. U.S. merchants and financial institutions have begun transitioning all credit and debit cards from traditional magnetic stripe cards to the new cards with an embedded chip in accordance with the October 1, 2015 mandate. As part of this shift, merchants must upgrade their POS terminals to accept the new payment method or risk liability for card-present fraud involving a chip card. Choosing a payment service provider that is committed to staying abreast of the latest technologies, including EMV chip card acceptance terminals is a great way to protect your business.
Here are a couple types of payments protection that a payment service provider can offer your business to safeguard your data and your customers’ valuable information.
- Secure sockets layer (SSL). Quite common in the world of eCommerce, SSL is a standard security technology for creating an encrypted link between a web server (your website) and a browser (where your customer does his or her shopping). When you have an SSL in place, your website can safely transmit sensitive data including credit card numbers, expiration dates and customer names. Since the SSL encrypts the data in transit, it isn’t sent in plain text like data between websites normally would be. When you have a SSL on your website, your URL will begin with “https” instead of the standard “http”—a feature that many of today’s savvy consumers are coming to associate with secure online shopping.
- Address verification system (AVS). If you ever shop online, you have probably used AVS and not even realized it. AVS is a system that verifies the address of a person attempting to use a credit card. AVS checks the “billing address” that a customer enters on an eCommerce website against the billing address that the credit card company has on file for the cardholder. It’s important to note that AVS only verifies the numeric portion of the address, such as the house number and ZIP code. However, it can still be a great way to help combat online payments fraud since thieves armed with stolen credit cards often don’t have the complete address associated with that card.