Credit & Debt
5 Ways to Protect Your Customers' Credit Card Swipes
Because a Secure Business Helps Drive Business
When your customers make a credit card payment, they're not just supporting your business, they're also trusting you to keep their sensitive information safe. And as a few big-box retailers can attest, no business owner wants to be responsible for a breach. Here's what you can do to protect your customers' data.
1. Practice Safe Networking
"It's the small things that make a huge difference," says Sean McQuay, credit card associate for NerdWallet.com. That includes changing passwords frequently to protect your network and deter hackers, and training your employees to be on the lookout for suspicious activity—both from customers and from fellow employees.
2. Assess Your Payment Device
When you're choosing which device you'll use to process plastic business transactions—whether it's the standard terminal you see in almost every store or a portable card reader that plugs into a smartphone—make sure it's PCI-compliant, meaning it conforms to the Payment Card Industry Data Security Standard. If it does, McQuay says, "The merchant can rest assured that the processor [companies which can authorize and process the credit card transaction] will handle a lot of the risk for them."
If you're unsure whether a device meets the standards, McQuay recommends hiring a Qualified Security Assessor to evaluate compliance. (The PCI Security Standards Council maintains an online directory to help you locate one near you.)
3. Invest in Point-to-Point Encryption
Data protection should begin as soon as your customer swipes their credit card, so make sure your payment processing system is protected by point-to-point encryption. That means "encrypting the data from the moment the credit card is swiped, all the way up through the payment processor," McQuay explains. "It's washing the merchant's hands of seeing the data at any point. Because the merchants are really the weakest link. They don't have the same protections that the major processors have." On that note . . . .
4. Let Someone Else Handle the Data
Business owners have two options for accepting credit card payments: They can apply for a merchant account, which deposits credit card transactions directly into their business bank account or they can use a payment solution like PayPal or Intuit, which handles every step of the process.
Traditional merchant accounts have lower transaction fees, but the business owner bears the burden of ensuring the customer's data is safe throughout the acceptance and authorization process. Companies like PayPal charge higher per-transaction fees to the business owner, but, for many small businesses, still makes financial sense, since they handle the weighty task of safeguarding customer data. Becoming PCI compliant is a costly endeavor, so "it's estimated you'll end up paying half as much by outsourcing to one of these players, at least for small businesses," McQuay says.
5. Chip Your System into Shape
EMV card terminals—which read credit and debit cards embedded with computer chips—are one simple way to improve security.
To use these new readers, customers "dip" their card instead of swipe. "Every time you dip your EMV chip into a payment terminal, it creates a one-time use payment code," McQuay explains. "So if somebody did steal that payment information, they wouldn't ever be able to use it." (Of course, one should never say “never," but this technology definitely makes it less likely.)
This is far more secure than swiping, during which the reader records the number on the front of the credit card—allowing for that card number to easily be copied onto a fake card (even a hotel room card!). Mobile wallet technology—like Apple Pay, Android Pay, Samsung Pay and the upcoming Chase Pay—also creates a one-time payment code for each transaction, so you may want to consider investing in technology that will allow you to accept these types of payments.
If you're running a small business, data security may seem like yet another expense, but with the growing threat of data breaches, it's crucial to protect your customers and your livelihood. Even a small breach can result in a lawsuit if you were the weakest link in the payment system, McQuay notes. And data security can actually boost your bottom line.
"We want to make the overall payment system healthier and work better for everyone," McQuay says. "I know that sounds utopian and high-minded, but as long as consumers feel confident using their cards, study after study has shown that consumers will pay more. If a store can create a reputation for helping create a secure and safe payment environment, consumers will spend more there."
Chip cards won't get "double-dipped" by unauthorized users. Learn more about how EMV cards provide your customers with added security at Chase.com.
Kara Wahlgren is a full-time freelance writer based in New Jersey. She specializes in health writing, entertainment coverage, and personal finance. Her work has appeared in Women's Health, HGTV, Fine Living, MSN, Yahoo and more.