Credit card processing for small business can be an expensive and intimidating aspect of owning a company. As financial transactions and retail payments become increasingly digitized, it creates an opening for hackers to take advantage of the digital landscape for their own criminal activities. As a small business owner, you need to ensure that any sensitive financial data a customer entrusts with you remains protected and secure. Without adequate security measures for credit and debit transactions, you run the risk of exposing your customer’s data to cybercrimes as well as driving away those very same customers.
Here are six tips for guaranteeing all sensitive financial data is safely stored:
- Ensure your POS system is PCI compliant
The Payment Card Industry Security Standards Council created a data security standard framework that helps protect merchants and customers. This security process can prevent, detect and react to security incidents immediately, creating an active digital buffer zone. Furthermore, PCI SSC also provides self-assessment questionnaires, as well as validated payment applications and training. Not all POS systems are PCI compliant, so be sure to check with the POS vendor before making your choice on which one to incorporate into your small business.
- Don’t store customer payment data
Storing customer’s payment data in your system increases the chances of a hacker gaining access to this sensitive information and using it for criminal activity. Securely dispose any payment information immediately following a transaction to deter individuals from trying to gain access to it.If you must store it, use a private network or a cloud-based storage system, since many cloud storage providers maintain bleeding edge encryption programs to safeguard their data. If possible, consider encrypting the data yourself so if a hacker does infiltrate your system, the data will be unreadable.
- Eliminate information
If you must store financial information in your system, eliminate unnecessary data such as entire credit card numbers or expiration dates. Store only enough information to properly identify returning customers such as the last four or five digits of their card number. By removing the superfluous information, you increase the chance of a hacker being unable to do anything with the information even if they do manage to infiltrate your system.
- Constantly update your tech
With technology evolving at a rapid pace, you need to ensure your systems stay up to date. Outdated systems and technology that have been on the market for a considerable amount of time pose a greater risk of being hacked, since hackers have had longer time to learn how to infiltrate them. Follow the maintenance schedule for your POS systems and be sure to keep the antivirus and malware software installed and updated.
- Tokenize the data
Instead of using the actual numbers of a credit card account, tokenization inserts a random alphanumeric code instead. This code is used to process the transaction, which makes any information stored in the system worthless for hackers who manage to infiltrate the POS system.
- Utilize EMV
EMV refers to Europay, Mastercard and Visa. Commonly called chip-and-pin, the cards have a microchip embedded in them that replace the traditional magstripe used in older cards. The chip is then authenticated using a personal identification number. These cards make it significantly more difficult for hackers to breach the system, which adds further security to the payment transaction.EMV cards are so secure that industry regulations mandate at least 75 percent of all transactions must be processed using EMV by October 2015. If merchants do not follow this new industry standard, they will be held liable for any fraudulent transactions that occur on their non-EMV terminals.
