Data security is a hot topic for business owners and customers alike. No one wants their credit card information in the hands of a criminal, and no business wants to be the one that put it there. As an entrepreneur, what can you do to protect the payment information your customers entrust to you? It all comes down to PCI compliance. We know, you were wishing we’d say literally anything else. Don’t worry, it’s not as painful as it sounds. Here’s how to stay PCI compliant without going crazy.
Just Don’t Store Card Data
The easiest way to minimize your risk and stay on the right side of the PCI compliance line is to not store credit card data at all. Don’t write it down, don’t store it in a database, and don’t use a payment processor that requires you to keep a record of this information on your own systems. If you need recurring billing capabilities, ask your credit card processor if they can host this sensitive information for you. Payment processors are held to a higher PCI compliance standard, plus they do this stuff for a living! They can help take the risk off your shoulders. If that’s not an option, be advised that you will need to follow strict security procedures to ensure you’re remaining compliant. For example, you cannot store the card’s PIN or security code, or the entire stream of data from the magnetic stripe.
Make Sure Your Mobile Readers Are Compliant
If you’re one of the many business owners using a mobile card reader like Square or SumUp, make sure you are keeping a close eye on any data you process this way. Install a trusted antivirus app and keep it updated, and only download apps and software directly from your device’s app store. Never try to “jailbreak” your device or add external apps or code via a USB cable. Also, be careful of the network you’re connected to when taking payments. Don’t stand in the middle of a busy airport and use the free WiFi to process transactions – that’s data theft waiting to happen. Finally, keep your devices physically secure as well. Don’t leave them lying around at trade shows or even on your sales floors where someone could pick them up, and enable passcodes and two-factor authentication whenever possible.
Connect to A Phone Line Instead of the Internet
While it may seem like taking a trip back in time, hooking your credit card terminal up to a phone line instead of the internet is a great way to minimize the number and complexity of the components in your processing system. This approach will likely result in slower processing times and more failed transactions, however, since phone lines are less reliable and more outdated. If easy PCI compliance is a bigger issue for you than customer satisfaction and transaction processing time, it’s an option to consider. However, we’d recommend talking to your credit card processor about better ways to achieve the same goal.
Get a Second Network Just for Payment Processing
If feasible, setting up a new internet connection that’s dedicated solely to credit card processing and connects only to your credit card terminal can save you some hassle in the long run. Because you’ll be setting this network up from the start you can be sure it’s compliant from day one. Plus, you won’t have to worry about maintaining strict compliance standards on your main network, which can get tedious if you’re adding and modifying many different devices.
Don’t Forget Ecommerce
If you sell products and services online, you have one more area to inspect – your website. Start by taking a look at your web hosting plan. Many small businesses use a relatively inexpensive type of web hosting called shared hosting, in which multiple companies share one server. This can be problematic for PCI compliance. You can get around this by sending customers to a hosted payments page like PayPal when it’s time to pay, but that will have an adverse effect on your customer experience and may lead to lost sales. The safest bet, albeit the most expensive one, is to integrate your payment process into your website via a dedicated server. Your web hosting company and credit card processor can provide you with more information on the options available to you.
Help! This Makes No Sense
If this is all clear as mud, don’t worry. PCI compliance is important, but it doesn’t have to be terrifying or confusing. Give 360 Payments a call at 1-855-360-0360 or drop us a line on our website. We’ll take a look at your current setup and help you make any changes that might be required.
PS – Protect your business from forced transaction scams with these tips.
PPS – Employee fraud? Yes, it really does happen. Here’s how to protect your business.