4 Must-Have Tips To Keep Your Customer Credit Cards Safe
Running a business is often a matter of trust: When customers make a purchase, can they count on you to keep their information safe? Protecting your customers’ payment data from point of sale to the bank (and beyond) should be one of your highest priorities as a small business owner. It also ensures the longevity of your business and reputation in the community. The good news is that this is easier to accomplish than you might expect. Here are some of the ways small business owners safeguard their customers’ payment information and their business.
1). Avoid Storing Customer Payment Card Data
When you hold on to cardholder data, you run the risk of that information being seen by people who shouldn’t have access to it. That’s one reason why it’s preferable to securely dispose of any payment information immediately following a transaction. That said, it’s a good idea to establish a policy for situations where storing information is necessary. Be sure to ask your merchant services provider if it offers guidance or materials that may help, and follow these additional security tips and tricks:
To safeguard sensitive customer payment information:
- Ensure PCI Security compliance of payment card devices
- Take advantage of new security technology, such as EMV capable payment devices
- Check the compliance status of your current provider
- Educate staff on all preventive measures and security standards
You can safeguard other customer information by:
- Using a private network or cloud-based storage with restricted access
- Encrypting any stored information so it’s unreadable to a system intruder
2). Truncate Credit/Debit Card Information
Years ago, credit card information on a sales receipt typically included the full credit card number alongside the expiration date, providing identity thieves and fraudsters with immediate access to customer finances. A "golden ticket" in a manner of speaking.
Then, in 2003, the Federal Trade Commission (FTC), the nation's consumer protection agency, began requiring all businesses to truncate, or shorten, the account information indicated on all electronically printed sales receipt (no more than the last five digits of the card number can be included on a receipt, and the expiration date must be deleted). By truncating such information, the customer is protected from credit/debit card crime and your business can avoid lawsuits and FTC law enforcement action.
3). Employee Policy for Handling Card Data
An easy way to reduce the risk of fraud for your business is through employee management. One suggestion is to create and implement an employee policy on proper handling of customer card data by use of unique employee pin codes. These pin codes can then be used to track sales and refunds made by employees. While many payment devices and terminals are capable of tracking transactions by employees, not all providers enable this feature.
4). Compliance Consultation, Tools and Assessment
Many merchant services providers offer compliance information and assessments for merchants and service providers worldwide. But not all of these companies have good education programs for their customers. To ensure your customers’ payment card data is kept safe and secure, compliance through annual completion of the assessment is recommended or even required by your acquirer or payment brand for all merchants who accept credit cards, online or offline. If you don’t know your compliance status, call your provider.
The PCI Standards Committee offers these additional pointers for small business owners:
- "Your merchant provider or payment brand" should advise on required PCI Data Security Standard (PCI DSS) validations.
- "The size of your business will determine the specific compliance requirements that must be met."
- Enforcement of "merchant compliance is managed by the individual payment brands and not by [PCI] � the same is true for non-compliance penalties."
To learn about more payment options for your business, get a free analysis from a Staples® Payment Specialist.