If you accept payments from customers, it’s important to understand the responsibility your business absorbs as a result. Here are the most important aspects of payment security to know in order to keep your customers’ sensitive information adequately protected.
The Importance of PCI Compliance
PCI compliance refers to a set of security standards established in 2006 by the Payment Card Industry. They were developed to ensure that any organization that processes, stores or transmits sensitive payment data maintains certain security protocols. The details of those standards are frequently adapted based on the latest data breach-related activity, and vulnerabilities detected as a result. Because PCI compliance standards differentiate security measures for merchants based on the type and volume of their payment transactions, it’s important for any business to understand the specific requirements that apply to their business model and the channels in which they sell, including affixed and mobile point-of-sale terminals, mobile payments and online payment gateways.
The Importance of EMV Chip Card Technology
Though most credit and debit cards issued to cardholders in the United States include an EMV chip on the card’s front and a magnetic strip on the back for choice in payment processing, EMV chip card technology was adapted into payment cards because it offers greater payment security throughout processing, and for the card itself. Unlike magnetic strips, the EMV chip on the card’s front is difficult for payment thieves to “skim” or replicate. EMV chip card technology also conceals sensitive account information with encryption and tokenization. The Department of Justice estimates that 86 percent of identity theft cases originate with existing account information. With encryption and tokenization, meaningful information is protected from cyber thieves. Should they intercept information during EMV payment processing, the numbers they will see are ambiguous “tokens” that have been assigned to replace the real account numbers.
The Importance of Internal Controls
PCI compliance involves the security of hardware, software, point-of-sale terminals, mobile devices and internal payment processes related to customer payment data. Payment security breaches do not only originate with cyber security issues. In fact, they often include the physical manipulation of a point-of-sale device, a dishonest employee who abuses his or her access to company systems, or an identity thief posing as a customer to compromise another customer’s payment security from afar. Educate your staff on the importance of following security standards and being aware of how their actions impact payment security. For example, a customer’s credit card number should never be written down on paper or otherwise retained at your business, even if the customer requests that a member of your team do so. Mobile payments should be processed using only private password-protected Internet connections, and devices should use the most current operating system available. Point-of-sale terminals and card readers should be checked as part of standard business opening and closing procedures, and firewalls, network connections, software and hardware should be checked at least once a quarter, per PCI compliance standards.
Accepting credit and debit card payments is part of doing business, but it also means your business has the responsibility of providing adequate payment security — for the protection of customers and your business.