When customers make a purchase from your online storefront can they trust you to protect their credit card information? If not, why would they continue to support your business? That’s why ensuring that your customers’ payment data should always be a priority. When customers trust you, it will ultimately benefit your bottom line.
For small business owners, that may seem overwhelming and complicated, but it’s actually easier than you may think by following these 8 security tips when accepting online payments.
1. Be compliant with PCI-DSS.
PCI-DSS is a collection of compliance regulations that are mandated by the Payment Card Industry Security Standards Council. If you accept, process, store, or transmit credit card data then these regulations apply to you in order to ensure that your customers’ payment information is kept safe and secure.
One of the biggest headaches that PCI-DSS gives business owners is that they can be complex – especially if you don’t have IT specialists on-hand. At the very least, being compliant with PCI-DSS means you must undergo an on-site data security assessment annually, such as using of SSL authentication on your website and Secure Sockets Layer (SSL).
To find out if you comply with these regulations, I would take the Self-Assessment Questionnaire (SAQ).
2. Don’t store customer payment data.
There are strict standards in place regarding the customer’s data that you store, like not storing CVV data. And, that’s because 95% of credit card breaches come from small businesses. The easiest way around this is to dispose of any payment information once a transaction is complete. If you do need to store information, such as a customer’s name and account number then take measures to protect this information like using a private network or cloud-based storage or encrypting the data so that intruders can’t read it.
Also, under the Fair and Accurate Credit Transaction Act of 2003 (FACTA) you’re not allowed to include the full credit card number and expiration date of your customer’s credit card when emailing them a receipt. You’re only permitted to display the last five digits.
3. Choose a secure eCommerce platform and processor.
Despite the regulations that have been put in place, not all eCommerce platforms and processors take security as serious as others….