Every day we hear about systems being hacked—on both small and large scales. Unfortunately, it seems most people know someone who has had their credit card compromised, or have read about a massive breach of customer information in the news. The people affected by these breaches assumed their information was safe because it was in the possession of a major corporation with significant resources to devote to security. But it wasn’t.
We know that the absolute safety of data is always in doubt, yet there are lessons to be learned, and measures to be taken, and we want to share them with you. A merchant account can never be 100% un-hackable. We also know that cyber thieves, hackers, and fraudsters are becoming more and more sophisticated with each passing day. So, what can you do to ensure your payment system doesn’t get hacked, or worse?
Some of the suggestions presented below are aimed at individual cardholders, but they work just as well for corporations processing massive amounts of sensitive information every day.
1. Make Sure You Choose a Secure Platform
Ensuring that your business and your payment provider are both PCI compliant should be Step One. PCI compliance ensures that sophisticated, data-oriented security systems are regularly updated. It’s important to remember that PCI-compliant services provide more security than you can possibly put in place on your own, no matter how tech-savvy you think you are.
2. Do Not Store Data in Formats that Can Be Stolen or Hacked
Do not store sensitive data. This includes credit card information, passwords for data retrieval, information on your security licenses, and other essential data. Do not store this type of information on paper, in Excel files, or on computers, no matter how secure you think they are. These items can be stolen relatively easily by sophisticated thieves. In fact, according to PCI standards, you are not permitted to store such data using non-secure methods. There are a variety of cloud-based encryption services your payment provider should be making use of.
If you are not sure whether the most cutting-edge systems are being implemented for you and your business, ask your payment provider. If you do not know what questions to ask, or if you are not sure of the answers once you get them, contact Merchant Broker. We can help you sort out what can sometimes be very tech-heavy and sometimes downright confusing information that uses industry-specific jargon.
You should also seek out providers who offer advanced security methods, including tokenization or point-to-point encryption. And never be afraid to ask your payment provider tough questions. It’s your information you are protecting, as well as that of your customers and suppliers; if the information is compromised, this could present a significant problem for your day-to-day business, or much worse.
3. Train Your Employees, And Update Their Training
It’s essential that you provide regularly updated safety and security training for all employees involved in the daily or scheduled transactions of your business. Employees should be aware that they should never send emails, text messages, or chat messages containing private customer information including, but not restricted to, credit card numbers. All businesses should educate their employees on the policies and laws that affect customer data, and offer training on the measures that must be taken to keep such information safe.
These policies and protocols should be put in writing, so that there is never any guesswork on the part of your employees as to what should or should not be done when it comes to such important data. Make sure you update these training sessions as often as you need to — both for new employees, and for those who have received training in the past, but may require a refresher course.
4. Ensure the Use of Strong Passwords
Everyone throughout your operation should appreciate the importance of strong passwords and the need to change them on a regular basis. For customers accessing parts of your system that are password-protected, insist they to use a minimum of 8-20 characters, including at least one symbol and one number, which can make passwords harder to crack. It’s actually quite simple: longer and more complex login passwords make it harder for criminals to penetrate your systems. Your customers will thank you for your insistence on secure passwords, because it’s a measure you’re taking on their behalf.
5. Put Transaction Monitoring and Tracking Numbers in Place
Whether you are running a B2B enterprise or are in the retail space, you should be using tracking numbers for all orders. This is especially worthwhile if you don’t want to experience endless chargebacks. You should also monitor your site regularly, and insist that your hosting service does so as well. Make sure your website host regularly monitors its servers for malware, viruses and other types of harmful software. Additionally, don’t be shy about asking your website host about a plan which includes at least daily scanning, and systems that can detect and remove malware and viruses.
Breaches become much easier if you’re using a six-month-old version of your coding language; thieves are becoming very good at detecting such lapses. Many of the most current comprehensive security services are cloud-based, and can make your life a bit less stressful. Not stress-free, but certainly more secure, as the patches can be installed instantaneously. One last thing about your hosting service: Make sure it has a disaster recovery plan. A breach without a recovery plan can have serious and potentially catastrophic repercussions for your business.
6. Employ Multiple Layers of Security
In order to keep your systems as secure as possible, consider a range of tiered security procedures and protocols. Firewalls are essential to stopping attackers before they are able to breach your network and gain access to your data and other important information. You can then add extra layers of security, such as contact forms, login boxes and a list of search queries. These and similar measures will help you sleep calmly at night.
7. Watch Those Terminals!
Lastly, keep your eye on your terminals! Replacing terminals that have been compromised or damaged is a given; but it is also important to have your employees keep their eyes on the terminals when they are handed to customers. We know of several businesses that have had their terminals compromised because employees weren’t watching them properly, and customers quickly switched them to terminals they then used to tap into the company’s systems!
Don’t forget: Successful thieves are successful for a reason. Make sure you don’t give them opportunities to gain access to your business’ secure data. Sometimes a low-tech, steal-or-swap operation can be almost as devastating as a high-tech approach. When you decrease the opportunities for thieves and fraudsters, the customers and businesses you work with regularly will appreciate the benefits.