Top 5 Merchant Services Security Tips
Merchant Services security is a big deal today. Frankly, it always was, but advances in technology by the good guys AND the bad guys makes it an even bigger deal today.
If you own a business, it’s prudent to pay close attention to this area. Additionally, consumers are increasingly sensitive to their data and are also paying more attention to your business systems than you might think. Luckily, there are steps any business can take to shore things up from a merchant services security standpoint.
1. Use chip ready hardware and software at your point of sale
But, what makes EMV different than the traditional magnetic stripe card payment?
Simply put, EMV (also referred to as chip technology) is the most recent advancement in a global initiative to combat fraud and protect sensitive payment data in the card-present environment. Payment data is more secure on a chip-enabled payment card than on a magnetic stripe (magstripe) card, as chip cards support dynamic authentication, while the magstripe cards do not (the data is static). Consequently, data from a traditional magstripe card can be easily copied (skimmed) with a simple and inexpensive card reading device – enabling criminals to reproduce counterfeit cards for use in both the retail and the CNP environment. Chip (EMV) technology is effective in combating counterfeit fraud with its dynamic authentication capabilities (dynamic values existing within the chip itself that, when verified by the point-of-sale device, ensure the authenticity of the card).
2. Accept Apple Pay and other similar mobile contactless payments
In case you hadn’t noticed, your customers are increasingly “living” on their mobile phones.
With this widening trend, combined with the rapid adoption of Apple Pay, you’ll be providing a popular convenience to your customers, but also adding extra layers of encryption to all of your credit card transactions. Two factors are in play here - First, the Apple Pay (and Android and Samsung Pay) services make use of a technology called payment tokenization, which converts your credit card number into a cryptogram that’s worthless to hackers. Ordinarily, hackers just need your credit card number, CVV, and expiration date to commit fraud, and those are a lot easier to come by. Secondly, the biometrics required by these applications (Touch/fingerprint ID, retina recognition, etc.) on mobile devices adds additional assurance that somebody other than the device’s owner would be able to make purchases using the device/application. With that said, I’m sure that somebody is working feverishly in a lab somewhere learning how to replicate a fingerprint with tissue that comes from a spinach leaf, so there will always be a technology race between the good guys and the bad guys.
3 & 4. Ensure your Firewall or Security Appliance supports the following layered security features:
•Data Loss Prevention (DLP) - Prevents Sensitive data like Credit Card Info from leaving the network
•Intrusion Prevention System (IPS) - Blocks Malicious Targeted Attacks
OK, this part can get a little technical- so we’ll boil it down this way. Your internet provider leaves you with an off the shelf modem/router that has very basic programming and functionality - in most cases it’s a residential grade piece of equipment. For a fairly minimal investment, business class equipment that can be installed and configured to address the specific dynamic network requirements and traffic segmentation that provides additional layers of security. For example, your customers using the wifi access that you provide as a convenience would be walled off from the parts of the network where sensitive data is being transported.
5. Work with a processor that knows and understands your business.
There are lot’s of choices that any business has when it comes to merchant services.
Historically, looking closely at a few options could give even the most curious business owner an ice cream headache, but don’t fret. All of the recent advancements in technology have inadvertently forced more and more transparency in payment processing pricing, and in turn have caused sales organizations to take a greater interest in their merchants on a broader scale, which serves the business owner well.
Adopting these tips isn’t the be-all and end-all, but will serve you well as the card issuing banks shift more liability onto merchants.
Merchant services for small business is a rapidly changing arena, and consumer behavior trends would suggest that it’s an area that warrants paying close attention to.