Today, it’s almost impossible to run a business without accepting credit cards. The convenience of credit makes it an attractive option for giving online customers the option to pay however they choose. But like most conveniences, there’s a price to pay–namely, security risks.
Ensure PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) outlines 12 requirements designed to protect credit card information. Failure to comply could cost you thousands of dollars per month in fines. More importantly, if there’s a security breach at your company, you risk losing the trust of your customers. This standard was created by the major credit card companies (Visa, Mastercard, Discover, American Express, JCB) and went into effect in 2004.
Here’s a brief overview of the 12 requirements:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for employees and contractors
Educate Your Employees In Cybersecurity
The well-known Equifax data breach in 2017 occurred because an employee failed to install a security patch that would have prevented personal information from being leaked. Ensuring that employees at all levels know industry best practices when processing credit cards will limit mistakes and help prevent fraud. A cybersecurity awareness training program can address this, along with more specific training from credit card vendors.
Make Sure You Actually Need To Store Their Data
If you’re a business owner, you’re probably aware of the security issues that come with storing your customer’s credit card data. If you don’t currently store your customers’ credit cards, or only store it briefly for the purpose of making a sale, you are already ahead of the game. If your business doesn’t deal with recurring billing or have active account users who purchase frequently, there are few arguments for why you should store credit card data on your servers.
Don’t Collect Card Information Through A Regular Web Form
Using a form builder like the ones offered by Hubspot, Mailchimp, or JotForm is not a suitable method for collecting payment information. These forms are alright for collecting things like names, email addresses, and phone numbers but you should always use a dedicated payment gateway when collecting credit card details.
Use A Third Party Payment Service To Store Card Information
Partnering with a PCI-compliant payment processing system like Square, Stripe, or PayPal prevent you from having to handle card data directly and lets a third party take care of encryption. These companies are much more well-equipped to handle sensitive customer information than you are, and this prevents employees at the business from having access to the full card numbers. Only having the last 4 digits visible to staff can prevent any information from escaping the business.
Tokenization
The process of tokenizing credit card data is becoming increasingly important for small businesses that accept credit cards as a form of payment. Tokenization is the process of converting sensitive data into a unique string of numbers called a “token.” The token doesn’t contain any meaningful information such as the card number, expiration date, or CVV code. If you tokenize your customer’s names and their credit cards numbers, then the hacker will only see a random set of characters, making it much more difficult to commit fraud. It’s also much harder for hackers to crack open tokens than it is to break encryption methods.
Conclusion
These 6 tips should help you to secure your credit card information, and they likely won’t require a ton of time or money on your end. It’s necessary to use your own discretion when it comes to protecting yourself, since every business is unique. But as long as you keep potential payment security problems in mind and continually reassess your current setup, you can go a long way towards keeping payments secure while still being convenient for customers.
