The rise of data breaches in the U.S.
According to Bloomberg and the Identity Theft Resource center, U.S. companies reported a record 1,093 data breaches in 2016—a 40% increase over 2015.
In light of such figures, merchants must learn how to secure credit card transactions online.
As data breaches become more common, consumers are becoming more wary with their online shopping habits. They’re unlikely to purchase from eCommerce stores that look small or unprofessional, and even when they purchase from big-name stores like Amazon or Walmart, they’re always thinking about data security.
If your online store doesn’t have the security necessary to protect customer data, then consumers won’t buy. They’ll avoid your store in favor of more established brands with better security.
There are three main reasons why merchants should worry about online data security:
- To give your customers peace of mind
- To improve your trustworthiness and therefore your sales
- To protect yourself from liability and damages
With that in mind, here are 3 methods that can help bolster your online security measures.
How to secure credit card transactions online: 3 methods
1. PCI compliance
If you’re a merchant, then you need to comply with PCI standards. Any business that accepts, stores, transmits, or interacts with credit cards in any way must adhere to PCI standards.
So what are the PCI standards? They’re a set of data security guidelines that include standards such as using encryption, restricting access to cardholder data, and maintaining a security policy for all personnel.
As the Verizon 2015 PCI Compliance Report noted, PCI compliance is merely a “baseline, an industry-wide minimum acceptable standard.” While following the PCI standards can help your company discover holes in your security, the standards are by no means a magic bullet. Every company must do its due diligence in safeguarding their network and data to prevent breaches.
Being PCI compliant is not legally required, but there are penalties for not following the standards. If you’re not PCI compliant and your site is compromised, you can face a hailstorm of penalties, fines, and costs ranging from a few thousand to a few hundred thousand dollars, including the loss of sales or customers, a damaged reputation, legal or regulatory fees, class action lawsuits, and more. In addition, your bank may end your relationship or raise the cost of transaction fees. The penalties incurred may vary, and can be devastating for small online businesses. It’s always best to maintain PCI compliance and be proactive with security to avoid expensive fines.
2. Secure Sockets Layer (SSL)
Put simply, SSL is a system of rules that protects communication between your website and your customer’s browser.
How do you enable SSL on your website? You can buy an SSL certificate from your web hosting provider or a certification authority. Once you have the certificate, your site is using SSL.
SSL works with your website’s server and the customer’s browser to do two important things:
a. Identify/verify sites as trustworthy (or untrustworthy)
Have you ever noticed a little green lock in the address bar of your browser? That lock means the site you’re visiting is protected with SSL protocol. Many consumers expect to see a green lock whenever they visit your site, and especially when they buy something from your site.
When a customer visits a site, their browser will check to see if the site has an SSL certificate. This certificate verifies that the site is what it claims to be—it’s been researched and verified. If the site does have a valid SSL certificate, then the browser will display a green lock or other trust symbol in the address bar. The green lock tells customers the site they’re browsing is safe. If there’s no green lock, then the customer knows the site is potentially unsafe.
Using SSL on your site shows that you’re trustworthy. SSL sites put customers at ease and encourage them to buy because they know their credit card information will be safe.
b. Encrypt information between the server and browser
Sites that use SSL automatically encrypt information between the server and the browser.
How does encryption work?
Remember when you made up a secret language as a kid and used it to pass notes with your friends? Only you and your friends could read the secret messages because only you had the key to the language—you knew which letters to substitute to turn the gibberish into English.
Encryption is a similar process. You start out with sensitive information, like credit card data, and use a specific key to turn it into a coded message. The coded message is sent over the internet, and once it’s received, the receiving party uses the key to decode the message.
When a customer visits a site protected by SSL, the browser and the server perform what’s called a handshake to determine which key to use to encrypt the information they share.
Once they agree upon the key, the browser and the server can send coded messages back and forth. Any information that passes between the browser and the server—like credit card information, addresses, phone numbers, and more—is encrypted. If a hacker gained access to that information, they wouldn’t be able to read it because they wouldn’t have the key—the information would be useless to them.
Encryption is another layer of security that protects your customers and reduces the risk of fraud.
Tokenization is a method to protect credit card data when it’s in use or in storage.
How does it work? The customer’s credit card data is replaced with a token—an arbitrary string of numbers and letters—that stands in for the original information. The merchant stores this token on their system, while the true information is usually stored off-site, in a secure data vault. That way, if the merchant’s online store is hacked, the thieves will only find valueless tokens that they can’t use.
When combined with encryption, which protects credit card data while it’s traveling, tokenization helps prevent fraud and protect your customers’ data from attacks.
To make sure your customers’ information is tokenized when they buy from your online store, look for a payment gateway that uses tokenization.
These days, security is more important than ever. As data breaches become more common, and more and more people are buying online, it’s up to the merchant to take the first step toward protecting customer data. We hope these tips help you to secure credit card transactions online and build a secure network that customers can trust.