The recent hack of Barnes and Noble’s credit card processing system illustrates the need for companies both small and large to go that extra mile to ensure that their customers’ data is protected. Customers need to trust a business, and once that trust has been violated, it’s hard to get it back. Identifying theft is not always easy in the modern world, but its underlying factor has always existed as long as people have been doing business. As a merchant, you need to go that extra mile to protect your customers from attacks when processing credit cards.
All businesses that engage in credit card transactions should be familiar with the Payment Card Industry (PCI) 12-part data security mandatory guidelines that assist merchants with increasing cardholders credit card security. These common sense guidelines are designed to protect consumers’ data from misuse. All businesses are required to abide by these guidelines, but some choose to take consumer protection a step further by implementing the following five additional security standards.
Routinely Updating Payment Processing Software
As a business owner it is your responsibility to ensure that your security software is always up to date. Merchants are required to be PCI-DSS certified which means that the business follows industry best practices to ensure their customers’ data is protected. The PCI Security Standards Council recently implemented a program that provides a list of preferred and certified technical specialists to assist with installing payment applications, see our latest blog PCI Releases Risk Assessment Guidelines for Merchants for further information.
Routinely Check Equipment for Modifications/Tampering
Thieves often use sophisticated and camouflaged devices to siphon credit card information directly from the PIN pad. These devices are designed to be virtually invisible and can look like part of the pad. Training employees to spot these devices is vital to ensuring customer security.
In the event of a security breach, it’s important that you are able to quickly identify where the breach occurred. Keeping accurate records and actively monitoring transactions will allow you to identify suspicious activity and minimize the damage.
Encrypt the Data from Start to Finish
The use of end-to-end encryption greatly improves the overall security of a business’ credit card processing system. It protects a customer’s data from the time he swipes his card until the payment is processed. This technology can be expensive but many businesses believe the additional security is worth the cost. End-to-end encryption also has the added benefit of helping a business to become PCI certified.
Never Store Credit Card Information
Merchants use a variety of payment applications to store, process or transmit card data electronically. Always ensure these applications have been scanned by an approved vendor or that you store customer data off site preventing the possibility of a security breach . Many payment processing companies offer to store customer data in their own data vaults and provide the business with an encrypted ID. That ID is used whenever a repeat customer makes a purchase.
Protecting your customers’ data is essential to maintaining that trust that is so important for the business-customer relationship. By following the steps outlined in this guide you will be ahead of the proverbial curve when it comes to credit card information security.