3 Security Flaws Integrated Payment Processing Fixes
As more and more financial operations happen online, data security has very quickly landed itself at the front of our collective consciousness. Many business owners shy away at the prospect of using a software plugin for their payment processing for fear of reduced security, but, did you know that using such a plugin can actually improve your transaction security?
There’s a stigma about the internet these days, a thought that anyone with a computer can simply break into a business – and, your business, at that – and commit cybercrime if you so much as think of keying a credit card number into your computer on a virtual gateway. While this is possible, security solutions exist to actively prevent malicious folks from doing anything with your customers’ info, and they’re mostly encompassed in integrated payment processing. If you’re unfamiliar, it’s a far cry from running cards through a terminal. Rather than force an unfamiliar concept down your throat, we’ll break down the security flaws in terminals and show how integrated solutions are unequivocally better.
What’s Wrong With the Old Way?
It’s perfectly possible to use a standard terminal to key in credit card information and be completely safe. Possible is the operative word here, and, there are a few things you might be doing that you didn’t know were detrimental to your security. Things like:
- Copying down a customer’s credit card information to enter into your terminal later because it’s too much of a process to run over to the other side of the warehouse.
- Not entering additional line item detail for business-type cards transactions because it’s not possible to do so with a standard terminal, or it’s too much of a process through your current virtual gateway.
- Not using a tokenized payment system because you don’t understand it or don’t think it would benefit your business.
Since all three of these common problems come from a simple lack of knowledge about payment processing, they can be solved easily with a little bit of information about how things work.
Flaw #1: Copying Down Someone’s Information
Wanting to copy down a customer’s information for later use is completely understandable. Many B2B credit card processing businesses are situated in warehouses, and, sometimes accessing a credit card terminal means walking to the other side of a big building, or even running up or down a flight of stairs. People take shortcuts and do the hard work later, and that makes sense.
In a perfect world, you’d be able to copy sensitive information down for later use, throw it away, and never have to worry about it again. Unfortunately, the world we live in is far from perfect, and people’s moral fibers far from scrupulous. If you ever write down someone’s credit card information in the name of convenience, even if you crumple that paper or rip it in half a satisfactory number of times, someone somewhere has the ability to fish through your trash and piece that information together. It usually happens right inside the workplace, too.
Integrated payment processing eliminates this flaw entirely, because you’re only working at your Quickbooks merchant services, not on the other side of the room. By entering credit card information directly into your accounting system, you save a trip to the other side of the office and never have to write any credit card information down to use later.
Flaw #2: Not Entering Additional Information
As someone who accepts B2B or GSA credit cards, you’re either in one of four camps of people. Two of them pay a lot to accept cards, and one of them pays less. We have:
- The people who take B2B or GSA cards just like any other credit cards, keying them into terminals and accepting their exorbitantly high costs as part of doing business.
- The people who take B2B or GSA cards the same way as camp #1 but use virtual gateways instead of terminals. They still pay exorbitant fees.
- The people who take B2B or GSA cards and enter additional line item detail with each transaction. They pay less.
- The people who take B2B or GSA cards and don’t have to enter any additional data. They pay less as well.
Here’s what’s going on. Card-issuers appreciate seeing extra information entered with each B2B or GSA card transaction because it makes that transaction much, much less likely to be fraudulent. Fraudulent transactions cost processors and data networks millions of dollars each year, and any time a merchant can avoid credit card fraud helps them. Thus, Visa and MasterCard reward businesses that provide extra information along with their transactions a lower set cost to accept those specific business-type cards and government spending cards.
- Camp number one can’t take advantage of this because physical terminals can’t take more information than just a simple credit card number.
- Camp number two can’t either because their virtual gateways (like Net, for example) aren’t designed to accommodate the extra information.
- Camp number three can take advantage because they use virtual gateways that are designed to accept the extra line item detail necessary to obtain the lower costs, or they use an integrated payment processing solution designed to do the same.
- Camp number four can take advantage as well because their integrated payment solution passes the necessary line item detail automatically, so they get lower costs and better security without doing any extra work.
The moral of the story? Use a virtual gateway that can give you a lower cost, preferably one that can connect directly to your accounting system. Talk to your processor about a solution that can help you with this.
Flaw #3: Not Utilizing Tokenization
Of the three flaws mentioned, this one is probably the easiest to remedy if you’re already using a computer-based processing solution. Tokenization improves the security of stored data tremendously by turning real credit card information into a stream of meaningless characters called a token. The token can be called upon for reuse if necessary, but, if a server containing tokens is breached, the would-be data thieves wouldn’t have anything useful at their fingers. Unfortunately, many business owners simply aren’t aware of tokenization as a concept in credit card processing, so their data remains vulnerable. (If you want to learn more about how tokenization is changing the payments industry, you can check out this handy white paper.)
The easiest way to get around this one is to ask your processor about tokenized credit card processing options that also integrate to your accounting system. If you use a physical terminal to process card orders, know that you won’t be able to use that anymore, but, you’ll probably have a couple of much better options before you.
Integrated Payment Processing Fixes All Three Flaws
To tie this all together, let’s take a look at how an integrated payment processing system takes care of those three problems at once:
- Integrated payment processing means you never have to copy anyone’s information because you enter it all directly into your accounting system at the time of the order (and you remain PCI compliant).
- Integrated payment processing gives owners the ability to lower their costs for B2B and GSA-type credit cards because of the extra information passed by the software plugin.
- An integrated payment processing system can potentially be tokenized, adding yet another layer of security to your operation – one that can singlehandedly thwart data breaches.