Payment Processing Companies Hold the Key to Your Security
Those who want to steal customers' data are constantly working on new ways to go about doing so, but you can't be expected to know where card criminals will go next or how they'll get there. There's no denying, however, the powerful effects of both card data theft and the downstream fraud that occurs as a result. Equally undeniable—the lengths to which criminals will go in pursuit of both. Whether you are a small business in online or physical, you should be able to find your strongest security partner in the payment processing company that serves you.
Building the Right Kind of Barriers
If you're not familiar with words like encryption and tokenization, it's entirely understandable. While payment and tech people often talk about these words in over-complicated ways, they can be life savers—both in keeping credit card data safe as it travels and as it's stored at rest. In the unfortunate event of a data breach they can further help in the protection of your business and your reputation. You should look for payment processing companies able to offer you a wide array of services for security, even if you don't end up using them all. Essentially encryption puts a second layer of security into your payment systems while tokenization alleviates your keeping the data in your systems. Even if your company does suffer from a breach, the actual data may remain protected as unreadable code to a thief. Many small businesses choose the benefits of tokenization because they don't want the responsibility of storing card data on their own machines, while keeping access to the information should they need it. Some small online businesses go a step further, by essentially sourcing out all card data touch points. Using hosted paypages generally send your customers off of your site and onto the payment processing companies sites so that data is never entering or even touching your systems.
The New Standard In-Store Chip Card Terminals
News of card data and other consumer record breaches has been growing over the last several years. While Vantiv research suggests that a data breach can threaten the very livelihood of a small business, damage goes far beyond that to your reputation and the real expense associated with a breach. Stolen card data resurfaces online and in-person at the point-of-sale in the form of fraudulent presentation. This is a key driver behind the U.S. push for chip card, or EMV, enablement. And, as if the data theft damage weren't enough, the fraud liability shift associated with EMV, and effective October 1, 2015, means that if you're not prepared to accept chip cards, you could lose if a fraudulent card is presented for payment. As of the liability shift, responsibility for covering the financial expense of chargebacks for point-of-sale transactions moves away from card issuing banks and towards the businesses accepting the payments. The party least prepared to accept chip cards bears the brunt of responsibility. So if you don't have EMV-enabled and ready terminals, you could be responsible for fraudulent charges made in your store.
In addition to these two big areas in the fight against fraud and for safer, more secure payment systems, good payment processing companies should be able to help you with the basics, starting at PCI compliance. Often the bane of smaller businesses' payment acceptance, adherence with PCI-DSS standards are the smartest start in safeguarding sensitive customer and card data. Talk to your provider about what fraud measures and card data security measures are right and best for your business.