Best Security Questions to Ask a Payment Processor

Payment processors have always played a crucial security role for their business clients. But today the demand for their services is expanding exponentially, to facilitate electronic transactions and ensure safe physical distancing during the COVID-19 pandemic. But not all payment processors have a depth of proven experience and dependable expertise. That makes it more important than ever to carefully vet a payment processor, and due diligence should begin with key questions about security.

Are They PCI Compliant?

The fastest way to weed-out unqualified payment processors is to ask about their PCI compliance. If they cannot verify that they follow strict PCI standards, look elsewhere. These standards are set by the Payment Card Industry Data Security Standards (PCI DSS) Council, and represent best practices in financial data protection. Recent history shows that a lack of PCI-compliance contributes to approximately seven out of every 10 security breaches. When cardholder data or other sensitive, confidential information is stolen because of a lack of PCI-compliant security, the merchant can face stiff penalties, fines, and lawsuits. They may also lose their right to continue accepting credit cards.

Do They Offer Secure Mobile Processing?

Payment processing also needs to be secure across diverse platforms, including mobile devices like iPads and smartphones and payment apps such as Apple Pay and Google Pay. That means that the payment processing vendor must offer not just EMV chip acceptance, but also tokenization and dynamic encryption of credit card transactions. Businesses should never store any cardholder data on their own systems, because that represents extreme liability exposure and the potential for fraud. But if the payment processor utilizes state-of-the-art security technology such as cloud-based security and Level 3 processing, a business can eliminate those risks. They can have the payment processor conveniently and securely store customer credit card information off-site, in the cloud. That reassures valued customers while providing them with seamlessly smooth, lightening fast transactions.

Interested in Surcharging?

Download our FAQs for answers and links to Card Association guidelines.

Is Tech Support Available 24/7/365?

There are many technological features available, with new innovations being introduced all the time. So it pays to have a payment processor who offers outstanding tech support. Ask if they are always accessible, day and night, all year long. Businesses gain exceptional value when their payment processor is also a reliable and collaborative strategist. Explore the payment processors willingness and capability to go above and beyond as a genuine business success partner. Find out if they can help integrate, configure, and test payment applications─and recommend solutions that allow for scaling up for sustainable growth. Having an experienced payment processing partner is like having a dedicated IT team. They can, for example, provide the business with technological platforms like Converge, which offers features such as $250,000 in breach reimbursement assistance coverage. Payment solutions can also operate as turnkey systems requiring no additional tech training or infrastructure investment.

What is Their Verifiable Track Record?

Last but not least, study the track record of the payment processor. Confirm that they and their customers have a clean record of security and/or expert responsiveness to attempted breaches and hacks. A payment processor with a weak or questionable record may be the greatest vulnerability for a business. But those who can satisfactorily answer these preliminary questions can deliver robust, redundant, adaptable layers of defense and security. They’ll also have the resources and expertise to offer a host of other value-adding features.