As a business owner, it’s your duty to protect your company. Surviving 2019 requires businesses to stay up-to-date on security advances. As technology evolves, so do digital threats. It’s more important than ever before that you make payment security a priority.

Outlined below are five of the biggest oversights companies make when it comes to payment security. Keep reading to find out if you are making any of these 5 costly payment security mistakes.


Not Implementing Tokenization

Tokenization is becoming increasingly popular.

If you’ve ever purchased anything from Amazon or Apple Pay, you’ll notice that your credit card information from previous transactions is saved on the payment page. After a long row of X’s, you can view the last four digits of your credit card. The X’s you see are a result of tokenization. When your credit card is tokenized, a string of seemingly random letters and numbers, called a token, is created to represent your 16-digit card number. Once your credit card data is made into a token, that token is then used to complete your transactions.

If your business is not tokenizing customer credit card data, then you’re at risk of exposing that data to hackers, vendors, suppliers, or opportunistic employees. Fraudulent activity destroys businesses. Not only are businesses responsible for paying back financial losses, they will also lose a lot of customers. When Target suffered a data breach in 2013, many shoppers felt unsafe using their credit cards there, and store traffic significantly declined.

tokenization process

Beyond concealing sensitive data, tokenization simplifies the process of becoming PCI compliant. Only a customer’s token is stored on-site, not the actual card information, reducing your liability in protecting credit card data. Meanwhile, the actual data is safely tucked away in an off-site vault with your payment processor—which brings up our next warning.


Failing to be PCI DSS Compliant

PCI compliance imposes strict standards on businesses that can be difficult to meet. Many small businesses struggle to find the time and resources to implement and maintain these high standards of compliance. In fact, Verizon’s 2017 Payment Security Report found that “nearly half (44.6%) of companies failed to protect payment card data on an ongoing basis.” This number is frightening, because ignoring PCI DSS requirements can result in data breaches that tarnish a company’s reputation or even cause financial ruin.

Although it may be difficult to believe, the payment card industry created the data security standards with good intentions—to protect consumers’ payment data. You’re probably glad these standards exist every time you swipe your card. Allow your customers to experience the same level of security from your business by becoming PCI compliant.

Streamlined Payment Workflow


Not Utilizing EMV-Compliant Terminals 

EMV, which stands for Europay, MasterCard, and Visa, is a global standard created by the three card brands that enforces the use of chip card technology. As of October 2015, all businesses are required to use EMV-compliant terminals (physical terminals that process chip cards). Since these regulations went into effect, any business that continues to use magnetic card readers when processing chip cards is automatically held responsible for fraudulent transactions.

If you haven’t switched your old terminal out for an EMV-compliant one, then consider the potential losses you could face and weigh them against the cost of upgrading your terminal.


Not Using Fraud Prevention Modules

Fraud modules protect your online eCommerce store from scams and fraudulent activity. The modules can significantly decrease chargebacks by inspecting and validating each order placed. Customizable features allow you to adjust security intensity in specific areas, like transaction amount, to fit your business’ needs. For example, you can choose to:

  • Set transaction limits
  • Flag orders with different shipping and billing addresses
  • Block duplicate transactions
  • Block transactions from risky countries
  • Block by IP address

Your payment gateway should provide fraud prevention features. You can also download fraud prevention modules online to work in conjunction with your eCommerce platform.


Storing Customer Credit Card Data On-Site

If someone hacked into your computer, what would they find? Would there be an Excel sheet or file detailing your customers’ payment information? If you answered yes, then you could face staggering fines should you experience a cyber breach.

Hackers are always searching for cybersecurity weaknesses. So storing unprotected credit card data on your computer is extremely risky for both you and your customers.

But storing credit card data on your system can save a lot of time when running transactions, especially for recurring payments. So what should you do?

Use encryption or tokenization to safely store credit card data. Find a payment gateway that offers these features. That way, the credit card data will be secure and you won’t be responsible for stolen data.


Are you making any of these 5 costly payment security mistakes? Many business owners fall short in one area or another. Unfortunately, hackers, fraudsters, and cyber criminals are continually searching for ways to exploit businesses.

Make the adjustments needed to protect your business from those who would seek to destroy you. If you don’t, you risk heavy losses, a tarnished reputation, and maybe even your business.

Want Help?

Operating your business is your specialty. Payment security is ours. Give us a call to speak with a live, in-house support member so we can help protect your business.