You may already be accepting card payment transactions at your small business or you may just be dipping your toe in the water. Either way, you should know that the way in which you accept credit and debit cards is vital to the security of your business. Credit card theft and fraud is so common today that we hear about a large credit card data breach and immediately forget about it. Home Depot, Target, and Walgreen’s are some of the major retailers who lost credit card data to hackers in the past several years. Even as individuals we often get notices from our bank that someone tried to use our card in some distant city.
It’s so rampant that we have become numb to it. However, if you own a business, you can’t afford to slack off when it comes to card payment security. If hackers decide to target your business and you didn’t have the proper security measures in place to protect your customers’ data, there could be some nasty legal ramifications.
Your customers are displaying their trust in your establishment when they give you their card to swipe. It is your responsibility to make the safety of their information one of your biggest priorities as a small business owner.
Here are some quick tips to safely taking card payments:
1. Make sure that you are PCI compliant before taking a card payment.
According to the PCI website, “the Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.” We’ll be honest, the road to PCI compliance can be a confusing and messy process. There are many rules, tests, and fixes to be done in order to become compliant and the fines for noncompliance are high. Luckily, catmandu is highly experienced in helping other businesses become compliant. To get started with PCI compliance, read this blog, and then contact us.
2. Avoid storing credit card information if at all possible.
It’s best to run a credit card and immediately dispose of any information instead of storing it in your system. When it’s stored, you have an increased risk of it being seen and stolen by the wrong people. If you absolutely must store credit card data you should adhere to the following tips:
Use a private network with a good quality firewall.
Make sure the data is encrypted so that employees can’t see it.
Store it on external drives that aren’t connected to the internet.
Educate employees on proper handling of data
3. Make sure you can accept EMV cards.
EMV cards are the new cards with a chip, rather than a magnetic strip. While they don’t protect you during storage, they do protect the customer during the transaction. Magnetic strip cards are easy for thieves to duplicate or steal the number from while chip cards are significantly more secure.
4. Use only approved equipment and software.
Not all Point of Sale terminals and card payment software companies are PCI compliant. You might use a point of sale terminal hooked up to your computer, you might accept payments through your website, or you might swipe cards using a reader connected to a tablet or mobile phone. Whichever route you take, it is your responsibility to make sure it is PCI compliant. You can find a list of approved hardware here and a list of approved software here.
5. Use only approved service providers.
If you don’t want to run credit cards yourself you can use a third party payment processor to handle it for you. These companies have to undergo rigorous testing for PCI compliance and security so you know you can trust them.