Do you still jot down customer credit card details on a piece of paper before entering them into your point-of-sale (POS) system? Or do you store them without considering security on a spreadsheet?
It can be easy to overlook old habits and business methods when it comes to securely processing card payments. The problem is, you could be putting yourself at risk of a costly data breach.
To help you avoid the worst-case scenario, here are four ways to maximise payment security online and offline:
1. Know your PCI DSS obligations as a service provider
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard. It helps businesses protect cardholder data while processing payments via multiple payment methods.
There are some aspects of PCI DSS compliance handled by your payment provider. But your business has obligations, too.
The first step in maximising your payment security is reviewing the following four core areas of PCI DSS compliance:
Your phone system
Ensure your phone system does not capture and record credit card data.
Your physical records
Destroy or shred physical copies of customers’ information when they are no longer needed.
Sent and received emails
Delete emails that contain payment information. Then, give your customers an alternative and more secure way of sending their details.
Your hardware and software
Use antivirus software, firewalls, and other fraud protection tools to protect your business’ network from a security breach. Keep all software up-to-date and follow the latest cybersecurity best practices.
2. Select a reliable payments provider for secure payment solutions
Your payments — including real time, BPAY, direct debit, and EFTPOS — are only as secure as the provider that processes them. If you’ve been with the same provider for years, take this opportunity to review their security offerings. Do they give you access to the latest security technology? Are they Level 1 (the highest accreditation) PCI DSS compliant?
Read more: Customer Spotlight: Talking data breaches and security with ACS Computers
3. Leverage payment technology to protect cardholder data
Cybercriminals are getting crafty with their sophisticated hacking strategies. Although security technologies are also evolving alongside this new wave of threats.
The short of it: your business must be leveraging the latest in payment security innovation to fight off fraudsters.
Network tokenisation removes sensitive card data from the entire payment process, converting it into a random string of characters that has no meaningful value to cybercriminals.
These credentials are then stored centrally by Visa and Mastercard. This means any changes to the payment information are automatically updated across the network. This reduces the rate of declined transactions and makes life easier for your customers.
Read more: How to keep your customers’ information secure when taking payments online
4. Maintain an information security policy
An effective and updated information security policy ensures safe, compliant, and low-risk online and offline payments. Here are a few best practices to help you shape a practical and actionable policy:
- Set out authority and access controls to enable fast action in the event of a breach;
- Classify data according to access and sensitivity. For example, your classifications might be top secret, confidential, and public;
- Establish a secure and compliant data backup process;
- Educate staff on cyber risks and how to mitigate them;
- Make updates in response to staffing changes, new threats, new technology partners, and other shifts in your overall security position.
This article has been republished with permission from Ezidebit.
If you enjoyed reading this article and would like to be notified when future articles are posted, please sign up for our email newsletter.
Leverage Ezidebit’s payment technology to protect cardholder data
At Ezidebit, they know that small-to-medium-sized businesses are often the most vulnerable to attacks. They also know they are the least equipped to deal with them. That’s why, in addition to having PCI DSS Level 1 compliance, Ezidebit developed the Merchant Trust Initiative. This program provides Ezidebit clients access to a sophisticated anti-fraud toolkit for a fraction of the price.
Ezidebit removes complexity from the payments process, but doesn’t compromise on security. They maintain the highest level of PCI DSS compliance, developed industry-leading security initiatives, and implemented technologies like network tokenisation to maximise payment security for your customers.
Learn more about Ezidebit’s secure payment solutions.