If you think small businesses aren’t at risk of a major data breach, you’re wrong. Small businesses are increasingly becoming larger targets because of their lack of preparedness. To protect your customers and your business, you should fully understand the security measures that guard your payment systems.
All merchant account providers adhere to the same security standards, so you’ve likely heard many of them before. PCI compliance, EMV, point-to-point encryption, tokenization, etc. So you should not settle for anything less than at least these security prevention measures. To better understand the security behind them, and how they affect your payment processing, let’s dig a little deeper into each one.
As you likely know, the switch to EMV chip cards took effect October 1, 2015. EMV stands for Europay-Mastercard-Visa, which are the three companies that first created the standard. EMV technology has been used in European countries since the 1980’s, but is just making headway in the United States.
EMV chip cards are smart cards that store data on integrated circuits rather than magnetic strips. This is a preventative security measure, as financial data is much harder to steal from a chip. The key consideration that small business owners need to keep in mind is that as of October 1st, merchants can now be held responsible for fraudulent transactions if they do not use an EMV-enabled terminal. If you haven’t done so already, it’s time to make the switch. Your business could depend on it.
PCI-DSS (Payment Card Industry- Data Security Standards)
Next on the list, what are PCI standards all about? This is an important one for ensuring your business is processing secure payments.
The PCI Security Standards Council maintains the security standards for merchants and merchant service providers to adhere to in order to maintain PCI compliance.
The following chart outlines the requirements for merchants to remain PCI compliant:
For more information on PCI compliance, including steps to secure payment processing, visit the PCI Security Council’s website.
Tokenization and Point-to-Point Encryption
Let’s take a look at what both of these security measures do.
Tokenization works by replacing sensitive card data with unique ID symbols (tokens) that keep the essential data needed to process the transaction, but without compromising that data. In other words, transactions are processed with symbols that mean nothing to an outside hacker trying to obtain that information.
Point-to-Point encryption works by immediately encrypting sensitive card data from beginning to end so that no one else can read it.
Both are security measures that will be commonly heard when speaking with a merchant service provider about the security of their system.
These are some of the most common security measures that make up secure payment systems and that you will likely hear from merchant service providers. Do your research and be prepared to ask questions. Take the necessary steps to ensure your business and your customers are safe.