credit card fraud hasbecome a $6 billion problemfor businesses, increasing by 87 percent since 2010. As incidents of data breaches and credit card fraud continue to grow, businessesmust be more aware in protecting themselves.
To help businesses guard against such issues, Rob Bertke, senior vice president of research and development at Sage North America, offers the followingtips to businesses of all sizes to help them stay protected.
Immediately deal with any breach — It's critical to understand that even if all cautious, conservative steps are taken, and the best payment-processing securityis installed, a breach can still occur.
If it does, you must have detailed credit card sales records to refer back to as a means of retracing your steps. This will help in determining when and where the breach took placeand therefore mitigate the potential for additional losses. Furthermore, a properassessment of the initial attack may ultimately provide a trail back to the source of the data breach .
Maintain PCI Compliance — Not only is it against card brand regulations if you're not Payment Card Industry (PCI)-compliant when accepting credit or debit cards, but it's also an absolute must in today's economic climate.
Make certain your payment-processing software security is current and is PA-DSS (Payment Application Data Security Standard)-certified, and that your business receives its PCI-DSS (Payment Card Industry Data Security Standard) certification.
PCI certification provides a level of confidence and assurance that a processor has followed and passed a robust set of best practices for securing the information being processed when credit card payments are made.
Use end-to-end encryption for all sensitive data — End-to-end encryption (E2EE) essentially boils downto scrambling the data sent from one device to another. It starts with your payment capture devices, and goes allthe way to the transaction being authorized.
E2EE technology prevents the card account data from being stolen electronically and lessens the cost and impact for your business to become PCI-certified. A company's mobile payment devices, credit card terminals, software applications and online payment portals need built-in encryption functionality when transmitting customer information.
Prevent tampering — Make certain all employees tasked with the responsibility of accepting credit and debit cards from customers have a working understanding of the looks and functionality ofthe payment processing equipment they're using.
Scammers often try to tamper with a business's payment processing equipment in an effort to steal credit card information. Altered equipment usually consists of a small piece of hardware physically attached to the terminal itself.
An attentive employee who knows what to look for should be able to easily identify an extra attachment to the device or oddly functioning software.
Refrain from storing credit card numbers — To avoid one of the biggest PCI compliance risks, you shoulddo everything in your powerto not store credit card numbers. Look for a payments provider whose platform is designed so credit card information is never stored at your business site or on your business software.
Your provider should be able to process the transaction and then store your customers' card information in a secure vault in the cloud. They should provide you with an encrypted ID,