Celebrating National IT Professionals Day: 5 Credit Card Payment Security Tips for Small Businesses
National IT Professionals Day (observed every third Tuesday in September) honors the professionals of the IT world who keep our businesses secure. From desktops to laptops, mobile devices to servers or networks, IT professionals help keep our data safe.
Without proper information security, sensitive data such as credit card information could be at risk. Protecting sensitive payment information benefits both businesses and customers—but there’s often a lack of understanding when it comes to payment security, and that can be costly.
In honor of our dependable IT professionals, here are five credit card payment security tips to help small businesses keep sensitive payment information secure.
1. Choose a PCI-compliant payment gateway
A PCI-compliant payment gateway, such as EBizCharge, helps your business stay compliant with the mandatory regulations set by the Payment Card Industry Security Standards Council. The gateway should provide off-site data storage, which means credit card data is stored on your payment gateway’s system instead of your own. This lowers your liability in the event of a data breach.
If your payment gateway is not PCI compliant, you’re putting your customers and your business at risk. Without the protection of PCI compliance, your business could be vulnerable to costly attacks and data breaches.
If a data breach occurs and you’re not PCI compliant, your business will have to pay penalties and fines ranging between $5,000 and $500,000. You also run the risk of losing your merchant account, which means you won’t be able to accept credit cards. Processing payments with a PCI-compliant payment gateway guarantees your business adheres to PCI requirements, so you don’t have to worry about it on your end.
2. Do not store credit card information yourself
Unfortunately, running credit card transactions can take a lot of time. To make the process less time-consuming, businesses sometimes copy down their customers’ payment information and store it somewhere easily accessible, like a spreadsheet on their personal computer.
Storing credit card numbers on your own computer puts both you and your customers at risk. If your system is compromised, sensitive credit card data could be stolen. Your customer will likely report the incident to their credit card provider, which could prompt an investigation from the Payment Card Industry. Since storing card information yourself violates the PCI standards, your business could be fined hundreds of thousands of dollars.
3. Tokenize your data
Instead of storing data on your own system, use tokenization as a security measure. Tokenization is a method to protect credit card data when it’s in use or in storage. Tokenization replaces customers’ credit card data with a token—a unique string of numbers and letters—that stands in for the original information. The merchant stores this harmless token on their system, while the true information is usually stored off-site in a secure vault. That way, if the merchant’s system is hacked, the thieves will only find valueless tokens they can’t use.
When combined with encryption, which protects credit card data while it’s traveling, tokenization helps prevent fraud and protects your customers’ data from attacks. To make sure your customers’ information is tokenized when they buy from you, choose a payment gateway that uses tokenization.
4. Upgrade to TLS 1.2
All communication and processing in a payment gateway occurs through Transport Layer Security (TLS). TLS is a security protocol that safety transports data across online networks. TLS ensures privacy between communicating applications and their users on the internet. The protocol is especially important in digital payment transactions, where sensitive credit card information is at stake.
To comply with PCI standards, businesses must upgrade to TLS 1.2. If you don’t upgrade to TLS 1.2, you’re putting your business and your customers in danger. If a data breach occurred due to known vulnerabilities in TLS, your business could face penalties from the PCI Security Standards Council for being non-compliant. Your bank could end your relationship and you could lose your ability to process credit cards.
Making the upgrade to TLS 1.2 should be handled by your trusted IT professional. For additional tips, read this guide from the PCI Security Standards Council on how to successfully upgrade to TLS 1.2.
5. Use fraud prevention modules
Processing credit card payments comes with benefits—such as improving cash flow, boosting sales, and increasing credibility—but it also brings potential risks. Online credit card transactions, for example, carry a greater risk of fraud because merchants have to trust that the actual cardholder is authorizing the transaction. Fraud prevention modules help prevent thieves from stealing sensitive credit card information.
Each module controls a different aspect of security, so merchants can choose which modules to include in the fraud prevention stack. Merchants can choose modules like duplicate transaction control, block by country, block by IP address, and many more. The stack design allows merchants to add or change modules depending on their unique security needs.
Fraud prevention modules also allow merchants to apply different fraud settings to different keys or sources. For example, a merchant may want higher security for their online shopping cart, but a lower level on the point of sale console for their own employees.
A full suite of fraud prevention modules will help detect fraud faster and protect your business.
A commitment to security
Ultimately, credit card payment security matters a great deal for both you and your customers. If your business accepts credit cards, then you must maintain proper payment security. As data breaches become more common, it’s up to businesses to protect customer credit card data. With the help of these five tips, your trusted IT professionals can be on the frontline of security and ensure the safety of sensitive customer information.