If your small business accepts credit cards, you know there are things you must do as a business owner to keep your customers’ data secure. The last thing any merchant wants is to be featured on the evening news following a security breach. Here are five things you can do to keep your credit card transactions secure and legal.
- One of the first stipulations of credit card acceptance is Payment Card Industry (PCI) compliance. No matter your business’s size, you must follows these standards if you accept credit cards as payment. Primary of these is the need for your customers’ data to be on a secure server behind a firewall. But not only will your data be secure, to be PCI compliant you must provide encryption for transmission of credit card data over your network.
- Restricting access is another important part of PCI for small business owners. Access to cardholder data should be strictly limited to those in your organization who have a legitimate business requirement to know it. Since many incidents of credit card theft come from the very employees trusted to keep data secure, the fewer employees you allow access to this critical data, the better. Among those employees who are allowed access, it is important to make sure each one uses his or her network ID to access the information. This will provide a paper trail in case something should go wrong.
- Setting up a secure server is only the beginning. Your company should put strict security policies in place that keep software updated, especially antivirus protection. Malware can give criminals access to your data, so it is vital you keep your systems updated and protected at all times.
- Don’t print full credit numbers. Many companies now refrain from printing the full number out, instead printing only the last few or first few numbers on the receipt. Having full credit card numbers printed out only puts your business and its customers in danger of theft. If full credit card numbers do appear on your receipts, your business will need to restrict access to those numbers, as well as safeguarding disposal of them should the time come. The data will need to be shredded to prevent tampering.
- Consider a software solution to meet your needs. Since most small businesses can’t afford a full-time IT staff to maintain PCI compliance, several software solutions can take care of your security for you. TrustKeeper PCI Manager not only outline what you’re required to do, but can scan your PC and monitor compliance. The provided to-do lists serve as reminders for the PCI tasks you have yet to do.
For today’s business, accepting credit cards is a mandatory part of getting and keeping customers. While the laws can be daunting, software solutions exist that can help make security your customers’ data easier. By following a few simple steps, you can give your customers the convenience of paying by credit card without having to sacrifice their privacy.