What Small Businesses May Not Know About Payment Processing Security



The headlines in recent years have been filled with disturbing stories about large-scale data breaches and hacks that have affected millions of U.S. customers. As a small business owner, you too are vulnerable to hacks and other criminal activities that can compromise your customers’ data and ultimately cost you a great deal of money.

Because knowledge is power, take the time to learn crucial facts that every entrepreneur should know about credit card processing for small businesses security.

Magnetic Strip vs. EMV Processing

In October 2015, the change-over from magnetic stripe to Europay MasterCard and Visa (EMV) cards went into full swing. Long used in Europe, parts of Asia and Canada, this new technology promised greater security for merchants and account processors because of tokenization.

Here’s how it works: When a customer swipes his old-school credit card that is equipped only with a magnetic stripe containing the 16-digit account number, it can be easily copied or cloned either by the merchant or on its way to being processed. By contrast, when an EMV card is used, the software automatically assigns the transaction with a one-time-only token code. No account data are exchanged; in most cases, the merchant or their employee does not even touch the customer’s card. If hacking does occur, the criminals have no way to identify the customer in order to commit further fraud.

Security Begins with You

It’s easy to fall into the trap of believing that all data breaches are the result of high-powered hacks originating in faraway countries. While some certainly fall into this category, it’s also crucial to understand that you may be failing to take simple precautions that may be setting you up for victimization and fraud.

For instance, all of us are guilty at one time or another of choosing blatantly obvious passwords. What’s more, we often write them down and leave them within public view. After all, they are easy to forget, and who has time to fiddle around for extended periods of time trying to figure them out? While taking these shortcuts may be a time-saver in the here and now, it could open you up to unscrupulous intrusions into your database and accounting systems.

To be safe, don’t post passwords near your point-of-sale systems or computers, and be sure to change them every couple of weeks. Your passwords should consist of at least eight characters made up of lower and upper case letters, numbers and symbols.

In addition, keep in mind that the people you hire should be trustworthy, since they will have opportunities to access your company and customer information. Set up limitations for your non-administrative employees, particularly those who are using their own personal mobile devices at work. Be sure you know who is running which applications from what devices.

Make Your Staff Part of the Solution

Promoting the security of your credit card transactions is a team effort, and it starts with your staff. Hiring honest, competent people is a start, but you also must give them on-going training in the use of your equipment. By its very nature, the learning process involves making mistakes. Isn’t it better for these errors to happen during the instruction process as opposed to during checkout?

Furthermore, make it a policy to never store customers’ credit card numbers. Although buyers might be slightly annoyed by the inconvenience of providing them for each new purchase, most will understand when you explain that you are taking these measures for their protection. Note that secure recurring billing is available through many online billing or virtual terminal services.

When you are processing mobile payments, be sure to only do so using your mobile provider’s hardware and software using a secure connection. Be sure that the mobile device (iPhone or Android) and/or payment device you are using has been recently updated, as this can protect you from security vulnerabilities.

Size Doesn’t Always Matter

You might think that because your company is small, you are much less likely to be the victim of a security breach. Unfortunately, this is a myth. In fact, an estimated 20 percent of small businesses fall prey to these crimes. Worse still, most owners don’t know the breaches have happened until it is too late, resulting in an average of $36,000 in payment security practice audit costs.

If you have not made the transition to accepting EMV payments, you are in even more jeopardy because you are offering only low-security transaction options. Now that the October 2015 deadline has passed, you may be held financially responsible for the costs associated with fraudulent transactions. These costs include fines, legal fees, card reissuance charges and identity protection services for your customers.

Be Proactive With Payment Security

EMV cards have afforded customers and merchants a new level of safety, but don’t be lulled into a false sense of invulnerability. You also should take other actions to ensure your own security.

Be sure to choose a processing company that guarantees PCI-compliant processing. Bolster your fortifications by conducting quarterly audits of your internal systems. These include software, hardware, firewalls and networks. Consider installing specialized security software that safeguards you against attempted logins from unknown devices or locations and monitors unusual web traffic.

Finally, consider purchasing a cyber-insurance policy that will protect your sensitive customer account and credit card data against hackers. The costs you may incur from a breach will usually not be paid under general coverage, making these policies increasingly popular in recent years. If these tasks seem overwhelming, it is in your long-term best interest to hire a consultant who can help you to carry them out.

Protecting your business against data breaches is just as important as installing solid locks and security systems. Paying close attention to every aspect of your company’s credit card processing infrastructure is one of the best things you can do to protect both yourself and your customers. A few proactive steps today can save you a great deal of grief tomorrow.