By Don Weary, VP of Product Management, Sage Payment Solutions
After numerous high-profile data breaches in 2014, businesses and consumers continue to be concerned about cyberattacks. Cybercrime costs the U.S. economy more than $120 million each year and, according to a recent Gallup poll, Americans’ number one crime worry is hackers stealing credit card information.
On January 12, President Obama sent a cybersecurity bill to Congress, saying, “We’ve got to stay ahead of those who would do us harm.” Following payments best practices can help you stay ahead of fraudsters.
Payment processing comes with two liabilities. First, you need to process payments securely to protect your business and customers. Second, managing the payments process—from transaction to reconciliation—can be time-consuming and prone to error.
Handling payments safely, effectively, and efficiently is essential to your success. Here are eight ways you can do that.
1. Be Prepared
Keep detailed and complete records of every transaction your business completes. Obvious details like dates and times, and less-obvious items, such as applicable employee names and customer contact information, are essential in taking swift action to identify and notify affected customers in the event of a breach.
2. Be Alert
During phone and e-commerce orders, the customer’s card is not visible to you at the time of the transaction; this is known as a card-not-present transaction, Research firm Javelin Strategy and Research predicts card-not-present fraud will double point of sale (POS) fraud by 2018. The following scenarios could indicate risk of fraud with card-not-present transactions:
- Order is larger than normal
- Order includes several of the same item
- Items are being shipped to an international address
- Transactions include similar account numbers
- Transactions are placed using multiple credit cards
- Multiple transactions are placed on one credit card during a short time period
- Sales are processed through the Deaf Relay System
- Cardholder asks for Wires or funds through Western Union
- Sale seems “too good to be true”
3. Be Diligent
You must ensure your business’ payment security practices are compliant with the Payment Card Industry (PCI) Security Standards Council. This includes keeping up-to-date with your payment software, which lets you maintain the highest security standards for all transactions. Make sure your software also is certified by the Payment Application Data Security Standard (PA-DSS). As of January 1, new PCI 3.0 regulations are in place. More details can be found on the PCI Security Standards Council site.
4. Be Sensitive
Respect and protect your and your customers’ sensitive data with end-to-end encryption anytime sensitive or personal information is sent from one device to another. This is just as important as data scrambling.
5. Be Informed
Make payment processing an important part of your employee training process. Each employee should be an asset in safely processing payments and identifying threats and possible fraud. Teach employees to:
- Check for address verification (AVS) match and shipping to the AVS-verified billing address
- Verify the 3-digit CVV security code
- Check payment batches daily, especially for e-commerce
- Inspect POS hardware to ensure no malicious equipment, like “skimmers” which can steal credit card data, has been added
To reduce the time you spend processing payments and minimize mistakes, look for ways to help your business decrease redundant data entry, credit card verification, and reconciliation.
6. Be Smart
Regardless of how secure your site or software is, storing credit card numbers is unnecessary and risky to your customers and your business, so just don’t do it.
7. Be Integrated
The payments world is complex and fragmented, with a vast ecosystem, including banks, payment processors, integrators, developers, and payment networks—and the list goes on. With so many moving parts, the payments process quickly becomes cumbersome.
As SMBs grow and transaction volumes increase, many spend too much time manually entering and reconciling payments information with their various business management solutions. More small business owners are moving to an integrated payments environment—connecting their accounting, enterprise resource planning (ERP), and other business applications to payments processing.
8. Find a Good Partner
Many small businesses can’t invest the time and resources to identify, evaluate, and integrate payments on their own. Fortunately, you probably already have a trusted business partner who can do it for you. The value-added reseller (VAR) or independent software vendor (ISV) that provides the core applications keeping your business running can likely get you set up with a secure, compliant, and integrated payments environment.
If we learned one thing from 2014, it’s to be better at protecting our customers and our businesses. A security breach could cost you a fortune in lost business, so it pays to take precautions and have trusted partners to help you run your business more efficiently and profitably.
This year, make payments a strategic business function, so you can free up time and resources to do what you love: growing your business and serving your customers.
As vice president of product management for Sage Payment Solutions the payments division for Sage North America, Don Weary guides the company’s overall payments product and service strategy. He joined Sage in 2010, and previously spent 12 years as an executive with an industry-specific enterprise resource planning (ERP) company. He also previously served as a management consultant with KPMG and as a captain in the United States Air Force (USAF). He received his bachelor of science in computer systems analysis from Miami University in Oxford, Ohio. Follow Sage at @SageNAmerica.