Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

Payment Security Best Practices

March 31, 2016 No Comments

Featured article by Kristen Gramigna, Chief Marketing Officer, BluePay

Accepting a variety of payment forms — including credit and debit cards, and mobile and Web-based payments — is beneficial to all business owners. Not only does payment flexibility give customers the right to choose how to pay, based on the size and nature of their purchase, it can level the playing field between small business owners and well-established competitors.

However, accepting such forms of payment also requires that you take additional steps to ensure data is kept secure throughout all phases of the transaction. Here are payment security best practices all merchants should follow.

Ensure payment processing hardware is current. As of October 2015, merchants (with the exception of gas stations) that accept customer credit and debit cards as a form of payment are expected to have point-of-sale systems that can process EMV (Europay, MasterCard and Visa)chip cards. Though many EMV cards include a functional magnetic stripe on the back, the experts at EMV Connection explain that the metallic square on the front of an EMV-enabled card acts as a microprocessor that improves transaction security, and makes it difficult for thieves to create counterfeit cards.

Though affixed point-of-sale EMV terminals can cost several hundred dollars, many mobile payment providers offer EMV-enabled processing devices for less than $50. In short, EMV is the new normal of payment processing in the United States, and your business must comply, for the security of customers and its own risk management. If a breach were to occur and your business wasn’t equipped to process payments using EMV technology, it could be held liable for the payment of fines, fees and lawsuits that may follow.

Choose payment processors that guarantee PCI compliance. When a payment processor says that it is“PCI compliant,” it follows the current set of standards established by the Payment Card Industry throughout all phases of payment processing. PCI compliance was first established in 2006, but the standards and best practices it entails continually evolve as data thieves and cybercriminals invent new ways of breaching data and creating fraudulent transactions. PCI compliance and standards are in place to protect both merchants that accept sensitive data as a means of accepting payment and customers.

Educate yourself on tokenization. Though the tokenization process is complex, it essentially assigns random numbers (the token) in order to send, receive and verify transaction data during the purchase and approval process. Instead of referencing the customer’s 16-digit personal account number in transaction processing, the token conceals the customer’s identity and sensitive financial data. While the financial institution, payment processor and merchant systems can make sense of the token during processing in order to approve transactions, it’s meaningless to anyone else. If thieves intercept a transaction that uses tokenization, they won’t have access to the information they need to identify the account owner, or the account number. Ask detailed questions of any payment processors you consider about how they use tokenization in payment processing, and whether their approach may be customized to create optimal security for your business transactions. For example, if customers want you to retain their payment information for recurring billing, the experts at PCI Compliance Guide say you may retain the token to satisfy the request of customers, while ensuring their sensitive information isn’t accessible by staff members or vendors.

Audit your internal processes. Audit your business processes consistently (ideally, at least once a quarter) to ensure that you’re following the latest payment security protocols based on your current business model and its demand. For example, PCI-compliance standards differ based on the payment cards you accept, and the amount of transactions you process. If you introduce a new form of payment, or start processing significantly more payments from one quarter to the next, review PCI compliance based on those variables to ensure you’re still following security best practices.

Likewise, educate employees who process payments to keep them aware of security standards. If they accept mobile payments, for example, they should understand that payment data is to be processed from a secure connection only (not public Wi-Fi), and that their mobile device’s operating system and security firewalls should be kept current. Inspect point-of-sale devices at least once each business day to ensure that no tampering or manipulation of terminals has occurred.

Payment security is critical to managing your business’s exposure to risk. Choose payment processors that follow PCI industry standards, educate yourself and your team on secure payment processing on all devices, and audit your internal processes consistently to ensure you remain proactive in keeping sensitive data safe.

Kristen Gramigna is Chief Marketing Officer for BluePay, a credit card processing firm. She has over two decades of experience in the bankcard industry in direct sales, sales management and marketing. Follow her on Twitter at @BluePay_CMO.

 

Leave a Reply

(required)

(required)


ADVERTISEMENT

DTX ExCeL London

WomeninTech