You may know that you could increase the likelihood that customers will buy from your startup by giving them the option to pay with credit cards, debit cards and mobile payments. However, do you know how to protect your customers’ sensitive data, and your business’s exposure to the risk you inherently bear in those transactions? Here are the important points startups need to know about payment processing as well as payment processing methods. After all every startup needs all its payment processing jobs run smoothly without any probable hurdle.
Choose a PCI-compliant payment processor.
Though payment processors vary in the rates they charge to securely process each credit and debit card transaction associated with your business, choosing a payment processor based solely on the rates they charge could be a classic case of being “penny smart and pound foolish,” should a breach occur. So choosing right payment processing solutions actually plays vital role. In fact, security firm Kaspersky Lab reports that 75 percent of small business security incidents result in unintended expenses, averaging about $8,000 per incident. Choose a payment processor that guarantees“PCI-compliant” standards throughout transaction processing. PCI compliance is a set of standards established by the Payment Card Industry in 2006 to protect businesses and customers, but continue to evolve as data thieves become more sophisticated. PCI compliance is important for all businesses to understand and adhere to, but it’s particularly beneficial to startups that may not have a sophisticated IT infrastructure that can proactively scan for and detect all payment security vulnerabilities.
Know that your point-of-sale terminals play a critical role in payment security.
While eWeek reports that 72 percent of small business owners responding to a survey conducted by ACI Worldwide prioritize payment security as a key feature when selecting payment processing devices, less than half are now equipped to process EMV (Europay, MasterCard and Visa) enabled credit cards. Aside from the fact that most merchants are expected to be equipped to process EMV chip cards as of October 2015 and could bear responsibility if a breach does occur, not using EMV chip cards means foregoing important security protections used in payment processing.
To minimize payment processing risks, EMV chip cards use encryption and tokenization to protect sensitive data during and after transaction processing. Instead of transmitting the customer’s 16-digit personal account number (PAN) over payment networks, tokenization conceals the data by masking it with a token that replaces it. Though all involved in the payment ecosystem (like financial institutions, payment processors and merchant systems) can make sense of the token to verify, approve and/or deny a payment transactions, it’s meaningless to anyone who is not authorized to intercept the transaction.
Protect your business with internal security protocols.
While the payment processing partners and point-of-sale equipment you use can protect your business and customers from the threat of a security breach, the PCI Security Standards Council also outlines the internal measures businesses should follow to mitigate the likelihood of a breach, and to manage the impact of one that does occur. Educate yourself and your staff on the PCI-compliance standards based on your business, the forms of payment you process, and the volume of transactions you conduct each year. Require your team to use secure passwords that include at least eight characters made of case-sensitive letters, numbers, and symbols to access any software or hardware related to your business, and that they update them regularly.
If you use software or apps provided by third-party vendors to run your business, update the assigned passwords so that you have control over who can access the information. Conduct consistent audits of your firewalls and network security (ideally, at least once a quarter). Train your point-of-sale team to check terminals for signs of tampering as part of your daily business processes. If you use mobile payments, ensure that any member of your team who processes them initiates transactions over password-protected Internet connections only.
Payment processing is a critical business function in meeting customer expectations for payment flexibility, but it also requires that you understand the risk it presents in order to proactively protect your startup and customers. The more you choose your payment processing company as partners wisely and remain informed on the latest payment security standards, the better protected your startup becomes.
- 7 E-Commerce Rules By Which Every Entrepreneur Should Abide - July 27, 2016
- Smart Payment Processing: Everything Startups Need To Know - June 3, 2016