BluePay is pleased to bring you this valuable information from our partner, Due, makers of a free digital wallet that allows users to easily make and accept payments online.
As a small business, the Internet has given you the ability to compete on a much larger scale – even leveling the playing field with bigger retailers by putting you out there to differentiate your unique products or services and personalized experience. While it has its advantages, there are also many more concerns as far as building trust with your customer base than there would be with a physical storefront where they could see and know you are keeping their payment information safe. The concerns are valid, considering how much online fraud has grown in the last few years.
Online, customers can’t see you so they may be less likely to trust that you will protect their credit card and personal data. However, there are ways that you can reassure them that you are a secure and trustworthy small business for conducting online payments.
In fact, here are 8 great tips related to online payment security that will benefit your small business and brand as well as build trust with your customers and prospects:
1) Know your vulnerabilities and existing schemes.
It’s well worth it to take the time and learn more about what type of fraud is committed because you are the target, why it’s so attractive to criminals, how it is done, and how it can be stopped. If you do have any employees, they should also educate themselves or go through training you provide. The more you know, the better able you will be to identify suspicious activity and transactions, which you can then shut down before they become a problem, and the more likely you will be to discourage criminals from attacking your online payment system. The most important part here is that you have to make this into a continual learning process because criminals keep coming up with new schemes.
2) Become PCI-DSS compliant.
This set of regulations was created by the Payment Card Industry Security Standards Council to help standardize the process of processing, transmitting, and storing payment data. While the standards may seem complex and are constantly being revised, they are providing beneficial assistance in stopping fraud. Many payment processing companies offer tools related to these compliance regulations that are helpful since, as a small business, you can’t just hire full-time experts to work in-house on compliance. Along with partnering with your payment processing company, you will also need to consider getting an annual data security assessment and even take a training course to understand what the compliance means.
3) Put your equipment on lockdown.
As a small business owner you may be accustomed to leaving your computer, laptop, tablet, and smartphone laying around to use at your discretion for processing orders and payments. However, you are putting yourself and business at great risk, especially if you start adding employees. You want to make sure that every device is password protected and that you don’t give administrative access to just anyone. Also, you want to regularly change your password and use a combination of numbers, letters, and special characters. If you start to add more devices for any staff that you bring on board or have them tap into your network as remote workers, then also make sure you have everything on lockdown. Educate any employees on the need to protect their own devices, especially if they are given access to the network or cloud-storage platform.
4) Don’t hang onto customer data.
This means don’t store any type of payment and credit card data on a database, network, or cloud-based storage system. First, it’s a compliance no-no and second, it makes that data vulnerable to hacking. If you do experience a breach, then it will be your responsibility in terms of fees, penalties, and damages incurred from it. The best way to protect yourself is to just get rid of this data as soon as the transaction is complete.
5) Add more steps to the transaction verification process.
The idea here is to verify and then verify again and then verify further. This includes doing an address verification match to see that billing and shipping address line up, requesting the card security card (the three- or four-digit number on the back of the credit or debit card), using geolocation to verify the IP address of the purchaser, and assessing any larger sized orders that are outside the normal purchase behavior of a regular customer. You can also employ a filter that tracks how many times a person entered the wrong information and shut them down say after three or four rounds of incorrect data entry.
6) Regularly update all software and security tools.
Criminals essentially practice how they will break in using existing systems and know that as soon as a new software version is released they will have to start over. That’s why when they come across someone who is using outdated software, they immediately go to work on busting into it. This includes everything from your database and c-panel to your WordPress version to your antivirus software. While many types of software are set to automatically update, you can’t rely on that. Instead, you will need to manually check each one and stay on top of this process. With more software moving to a subscription-based model, you can sign up for reminders or set your system to search for the latest updates.
7) Pile on the security layers and features.
Security for online payments is all about building a fortress with numerous layers that keep the data inside the actual transaction safe from being penetrated and stolen. Some of the security measures that work as these layers include encryption and tokenization as well as a firewall, SSL certification, and even an intrusion-detection system and intrusion-prevention system. Both encryption and tokenization work to scramble the data and make it unusable to hackers should they even get close to it. Instead, the fraudsters would have to know a key or code to unscramble the data to make it valuable. And, most of the time, no criminal wants to put that effort into it so they will just move on to a small business whose online presence can be penetrated.
8) Stay vocal and report suspicious activity and cyberattacks.
One of the best things you can do is share any suspicious activity or attacks with others, including local authorities as well as the Internet Crime Complaint Center and even the FBI, if necessary. Sharing intelligence on situations and equipment that may have been infected or attacked in some way, such as a data breach, can help you and the rest of your small (and big) business community. If you have been attacked, bring in a professional to assess what has happened and provide solutions to fortify your payment system. While you may not see the people behind the crimes or suspicious activity, you are providing important information that can help everyone stay alert and vigilant.
As you can see, these security tips do not cost a lot of money or require a significant investment that is well beyond your budget. If anything, it’s more about your time and knowledge that becomes critical to creating a safer online payment environment to take advantage of the huge opportunities to grow your customer base.