Virtually every business today processes online payments. This year many of them will also suffer devastating security breaches. That leaves owners and managers wondering what steps they can take to prevent them from becoming the next cybercrime victim. The key is to lock down payments using the most secure strategies, systems, and technologies available.
The Payment Card Industry Data Security Standards (PCI DSS) Council is a worldwide partnership that develops and implements best practices for securing financial data. The organization sets standards for online payment processing security. Businesses whose payment systems are non-compliant set themselves up for severe consequences. A recent study of online payment breaches found that approximately 70 percent of the victimized businesses were not PCI compliant. But once a non-compliant business is breached, they face audits, fines, and potential lawsuits that can bankrupt them within a matter of weeks. The simplest, easiest, and best solution is to use a reputable payment processing vendor that strictly follows stringent PCI guidelines.
Another advantage of using a top-quality PCI-compliant payment processor is that they can also handle cloud-based storage of highly sensitive credit and debit card information. No business should ever store any of that customer data on their own computers or servers. Doing so just burdens them with extraordinary legal and financial responsibility, and sets them up as a high-risk target. In fact, PCI compliance now states that online merchants with browser-based checkouts must engage a PCI-certified third party vendor to store their cardholder data. Last year the FTC filed a complaint against a website that didn’t follow proper security protocols. Ultimately the company was forced to comply with a long list of FTC-imposed rules, plus submit an annual certification of compliance.
Looking to Switch Payment Systems?
new payment processing partner.
The Federal Trade Commission (FTC) also recommends that online merchants deploy encryption software to safeguard cardholder information. Encryption scrambles sensitive digital data to make it unreadable, and quality payment processing platforms utilize encryption. The FTC warns consumers to confirm encryption protection on websites, before sharing personal data. When a business uses this kind of technology a padlock icon appears on the internet browser’s status bar. Consumers can verify it at a glance, so merchants who expect to attract sales should definitely use encryption.
Tokenization adds another powerful layer of security. It’s a complex digital process that substitutes sensitive payment data for a randomly generated code or token comprised of numbers or characters. The actual data is encrypted and then stored in a virtual vault by the merchant’s payment processor. The only way to access that secured vault is to use the special token. This kind of multiple-phase security, involving encryption, tokenization, and a PCI-compliant third party has the potential to thwart even the most determined cyber thieves. For especially large transactions, a business should also take advantage of what’s known as Level 3 payment processing. That’s the highest standard of payment data security.
The Bottom Line
Seamlessly integrated payment security solutions are available to businesses of all sizes. They don’t require on-site IT experts, expensive infrastructure, or technical training. But they do give merchants and their customers added confidence that their payments and data are safe. That can translate into a competitive online marketplace advantage, valuable customer loyalty, and business brand integrity.