How to Take Credit Card Payments and Mitigate the Risks of Remote Access
As a small business owner, you have enough to worry about running a business. Added worries about the risks that come with payments acceptance can be headache, which can turn far worse when risks become reality. Managing fraud and data security are the two biggest risks that small businesses face today as they take credit card payments. For some businesses, today's data security environment is enough to have you considering whether you even want to take credit card payments. But that old adage, penny wise and pound foolish, comes to mind. It's probably a bigger risk to forego a plan to take credit card payments because you think the risks are too great. Doing so potentially leaves a lot of customers, sales and revenue in someone else's register.
Truth told, it's faster, simpler, and easier to take the precautions that will help protect your business from risks associated taking credit card payments today. Preparation and risk readiness doesn't need to be a headache. Start with knowing the risks.
First, know the risks
In-store or online, your business faces two great risks: 1) fraud, in its many forms; and, 2) data breaches or intrusions, where card data and/or other personally-identifiable information is inappropriately accessed. Data breaches, of course, have the downstream effect of creating fraud, as obtained card data is used fraudulently downstream.
Second, assess and apply those risks to your business
Whether you're selling online or in-store, adherence with PCI standards, and compliance there, is your basic start. The standards that you apply to who handles card data and transactions, how those are handled, and what security points are in place to secure your infrastructure gets you started on the right foot. Next, look at your business.
In-store selling and card transactions means you're going to focus on how transactions are processed in-person and what protection is in place to secure your business and your customers. For example, to thwart fraudulent card presentation at the point of sale, you should be accepting and processing chip card transactions through EMV enabled terminals. If you've not already upgraded to EMV terminals and chip card acceptance, it deserves your serious consideration. The risks are real. And, the so-called fraud liability shift, which went into effect on October 1, 2015, is also real. If you're not ready, you could face chargebacks. Point-to-point encryption is also a serious consideration. This process essentially encrypts card data from the moment that payment initiation occurs (i.e. dip or swipe) through to its reaching the processor for authorization. It's becoming more common for payment providers to bundle security solutions, such as OmniShield Assure, to help you create surround sound for in-store protection.
Selling online? Well, you have some unique considerations. First, online payments are so-called card-not-present transactions. Your customers aren't presenting you with physical cards for swiping or dipping. In these transactions, the likelihood of fraud increases. And on the data security front, growing numbers of online transactions are driven by card data stored on your systems for use in recurring transactions or repeat visits. Your goals and needs are two-fold: 1) mitigate the risk of fraud; and, 2) think about how to solve for data security needs. Of course, PCI establishes the basics so get and stay compliant. Next, look at your needs on the fraud front. From very basic services such as address verification system (AVS) to more advanced fraud detection and protection services, including identifying where transactions are generated from, can help save you thousands or more in fraud losses. Read more about the kinds of fraud tools you should have at your disposal for online payments. Your card data security needs are paramount in online payments. Whether your transaction volume is mostly one-time or if you take payments from the same customers over-and-over again using the same card data, you should consider the role of services such as tokenization, which can replace real card data with proxy data and protect the data while it's stored. You can learn more about tokenization and hosted checkout solutions, which virtually remove card data from your systems on Vantiv.com.
However, wherever, whenever you're selling, protecting your business from the threats of fraud and card data compromise doesn't need to be as frightening as it might seem. Start investigating your options for safer, more secure payments in-store or online today.