Your customers trust that when they submit their credit card details over the internet that they won't be pilfered and pirated by hackers snooping on the transaction. That customer trust is vital for your business. If your customers’ credit card details are stolen on your watch, you can kiss their business goodbye. If you operate an online business, it's imperative that you implement the necessary solutions for secure online payments.
Fortunately, there are ways you can make payments more secure. Here are three things you can do to frustrate any would be thieves.
Make sure your payment provider is PCI compliant
In 2004, the major credit card companies, along with payment services, created the Payment Card Industry Security Standards Council (PCI SSC). They came up with 12 requirements for all merchants that accept card payments to implement to ensure they are protecting sensitive cardholder data. The PCI standards are thorough and cover not just the security of data during transmission, but also when it's being stored and verified.
PCI matters to all merchants that accept card payments, as well as every other entity in the payments industry. Achieving and maintaining compliance is not a one-time event, but instead requires ongoing due diligence. Not adhering to PCI mandates exposes a merchant to the risk of a card data breach, which can be devastating and diminishes the credibility of other online transactions.
Encrypt all transactions
While your provider may use strong encryption to process payments, there's a step where they have no control over the data: when you send it to them. That data – chock full of sensitive information – can be intercepted between your system and theirs. To prevent that, you need to use a payment solution that encrypts the data.
Encryption protects data in transit and fortunately, many good encryption solutions are available and affordable for most merchants. Your best course of action is to ask your payment processing provider about the options that are best for your business.
Use strong authentication
There's a step even before encryption comes into play: when your customers log in to your site to place an order. Maintaining user accounts is vital to payment security. However, user credentials can be stolen and faked like any other piece of data. So you should use what's called strong authentication – any authentication method that is inherently secure because it can withstand most attacks – to verify system users. Most strong authentication uses multiple independent authentication factors. Usually, that means something you have and something you know. Occasionally, this includes something you are – biometric data such as a fingerprint- but this won’t work online for obvious reasons.
In the physical world, the most common multi-factor system is the credit/debit card with a PIN number. You have the card and know the PIN. Online, this may mean adding a token stored on the user's computer in addition to requiring usernames and passwords/secret questions, which they can only get after receiving a one-time code in their email. They have access to the email and know the password.
Because payments are both the most important and most risky piece of conducting business online, merchants need to take all the necessary steps to ensure they are keeping data safe and secure. In addition to the steps mentioned in this article, contact your trust payments provider for additional solutions to secure online payments for your business.