10 security tips for small biz online payment acceptance
The following is a guest post by John Rampton, founder and CEO, Due.
Despite the headlines reporting so many data breaches among major retail brands, it’s still small businesses that are hit more frequently by online fraud during the payment process.
Whether it is a lack of resources or knowledge about the type of fraud and crimes now being committed online, small businesses are the most vulnerable, according to the data gathered by PYMNTS in its Global Fraud Attack Index Report. PYMNTS reported that nearly 80 percent of businesses have no controls in place to protect themselves or their customers against cybercrimes.
This can be quite costly on a financial level as well as on a reputation level. For example, the Association of Certified Fraud Examiners found that businesses could lose approximately 5 percent of their annual revenue to fraud. This amount can be even larger for small businesses, with an average loss of $147,000 a year due to fraudulent activity. The losses to their bank account and brand equity are often difficult to recoup, leaving a small business in a position where they may never recover and have to close their doors forever.
Just because some small businesses are not taking action doesn’t mean you can’t create a proactive and thoughtfully developed security program for your online payment acceptance methods.
Here are 10 security tips that you can start to employ immediately to protect your customers, their data, and your business:
Continually update all antivirus software and antispyware on all business computers. This can help protect you against malicious code and viruses that have been developed for the sole purpose of stealing sensitive information from your databases and computer records related to these online transactions.
Conduct a security audit on an annual basis. Using an outside security expert can help you spot any vulnerabilities in your hardware and software that you may not have realized. It’s good to do this security audit each year because criminals develop new tactics that translate into potentially new security issues for your business.
Know the tactics used to identify any suspicious activity. There are different tactics that criminals like to use when trying to get free merchandise online. For example, they may use a different billing and shipping address, make larger than normal purchases than previously ordered if a returning customer, and their IP address may be located in a different country than the actual customer information. Phone numbers on file may also not match or there may be numerous attempts to enter certain order form information that may indicate potential guessing on the part of the fraudster. Any of these situations should be cause for further investigation before completing online payment acceptance, including calling the customer to make sure it is really them.
Use strong passwords and frequently update them. While seemingly simple, regularly updating passwords and using passwords that include numbers, letters, and special characters can provide enough of a barrier that it will deter those criminals that are looking for easy prey.
Implement multifactor authentication. This involves having a process that goes beyond just entering a password but that can then require entering a code that is sent to an email address or text messaging system. By making authenticating the customer’s identity more than one step, it can quickly deter many criminals who know they can’t correctly answer the next step in the authentication process.
Apply other security layers to the online payment process. Tokenization and encryption are two more layers that you can add to your security measures. While tokenization removes data from your system and replaces it with “tokens,” or data that has an associated value that the criminal cannot decipher, encryption essentially scrambles the data in a way that also deters them.
Incorporate biometrics. Using identifiers that are unique to the individual are becoming one of the strongest ways to deter fraudsters from online and mobile payment systems. One of the more commonly used biometric tools now used is fingerprint identification, which has become a feature in apps for PayPal, CapitalOne, and other issuing companies that provide online and mobile payment features.
Work with your payment processing partner to ensure you have the latest anti-fraud and security tools available. If your partner can’t offer those to you, this may be the time to consider another payment processing partner that can give you these additional security layers. They should also be able to ensure you are PCI compliant and have the equipment and processes you need to migrate to EMV, which are the more secure chip cards now being adopted on a worldwide basis.
Control physical access to computers and company network. You can’t always assume that those seeking to commit crimes are external; many businesses have found numerous employees responsible for internal data breaches. Make sure you secure computers from being taken from the company and create separate user accounts for each employee. Only trusted personnel should have administrative privileges to anything related to your online payment acceptance process.
Establish clear security policies for your business. This provides a framework for how you and your employees will handle and protect any sensitive information involved in these online payments. Create specific cybersecurity policies for all aspects of online and mobile transactions and regularly hold meetings to remind and refresh everyone’s memories on what they need to be doing in relation to these security policies.
All of these payment security measures can be easily implemented within your small business with little to no external assistance or any huge investment in technology. The most important thing you must do is to never think you have done enough in regards to security because you haven’t and you never will.
Think of security for online payments as an ongoing process and you will increase the likelihood that you will keep your customers, their data, and your business safe.
About the Author
John Rampton is an entrepreneur, investor, online marketing guru, and startup enthusiast. He is the founder of the online invoicing company Due. John is best-known as an entrepreneur and connector. He was recently named #2 on Top 50 Online Influencers in the World by Entrepreneur Magazine and a Blogging Expert by Time. He currently advises several companies in the San Francisco Bay area.