Security starts with your processor: Select a secure payment service
Payment security is a primary concern for many shoppers. The past few years show a pattern where, after a major data breach occurs, consumer confidence in electronic payments goes down. For instance, after Target revealed its 2013 security issue threatened over 70 million customers, many claimed they wouldn't buy from the company again. Regardless of whether or not the threats held true, Target's reputation was damaged by the incident. The same could happen to any company in the event of a massive data breach.
Card security isn't a new issue. It's been a concern since the beginning of electronic payments, but the idea came to the forefront of consumer consciousness with the dawn of eCommerce. With the advent of mobile payments, security concerns are more prevalent than ever. Businesses must choose a secure payment service to keep consumer information protected.
Why use a secure payment service?A third-party provider helps alleviate some of the burden of maintaining PCI compliance . Without one, a company assumes all the risk of incurring fraud-related fees. The business acquires, stores and transmits all payment information through its own servers, so it's liable for any data breaches that may occur. Generally, only large businesses are able to support a dedicated security staff can afford to handle payment data by themselves. Instead, smaller businesses should choose a service that is PCI compliant and one that offers encryption and/or tokenization, based on how card data is transmitted and/or needs to stored during sale transactions.
Standards for securityThe Payment Card Industry Data Security Standard is the go-to for maintaining customer information. It began in September 2006 when several payment card providers recognized the need for a single set of standards in the face of fraud and identity theft. The measures apply to all businesses that accept card payments.
PCI standards are different depending on the amount of transactions a company processes. Level 1 retailers see the most payments and have the strictest rules. That doesn't mean smaller merchants can take it easy, however. If a business isn't PCI compliant, card brands and banks can issue a fine, increase fees or stop working with the company.
Compliance isn't a one-time event. Rather, it's a three-step review process combined with an annual assessment. Businesses should make sure their payment service regularly surveys the state of its security, checking for vulnerabilities, fixing any arising issues and submitting necessary reports.
PCI compliance requires payment services use a secure network protected by a firewall to store information. Default, vendor-supplied passwords are prohibited while anti-virus software is required. Meanwhile, cardholder data is encrypted before it's transmitted and stored. Payment services keep only the most necessary information and limit access to a need-to-know basis.
Security is an important issue, and working with a secure payment processing company helps businesses keep customer data safe.