Brought to you by AVG Technologies, the provider of Internet and mobile security, privacy and optimization to 150 million active users. There’s nothing small about small business in our eyes. Get more information how AVG can help your small business stay protected – go to http://www.avg.com/us-en/internet-security-business .
Good businesses have good reputations. To ensure that you remain at the helm of a good business, you have to make sure that yours has the sterling reputation that keeps customers throwing cash at you. But what if they’re not throwing cash? What if they’re using plastic?
Credit card payments are a bit of a delicate matter, since not only is digital money being transferred, but there’s also customer data that’s going through those same wires. How can they be sure they trust you? As soon as a customer walks into the door, you’re expected to provide services without nasty surprises. Because of the fact that so many businesses “do it right,” they don’t bat an eyelash when they give you a debit or credit card. In reality, your customers probably don’t even realize how much trust they really are putting into you by tossing a seemingly innocuous piece of plastic over the counter. So now it’s up to you to keep their credit card transactions, and ultimately their personal information, secure.
In this day and age, you don’t need to convince someone that a debit/credit card transaction is safe. This means that the only thing left to do is prevent giving customers any reason to believe their lives will be ruined. In fact, there are regulations in place that make sure you’re doing just that. The Payment Card Industry Data Security Standard (PCI DSS) is such a regulation.
Here are a few ways you can ensure you remain compliant to financial transaction regulations:
- Minimize any handling and storing of customer data. Collect as little as possible and only what’s necessary.
- Bank card information shouldn’t be stored in your premises in the first place. Find a third-party payment processor and make sure that it is PCI DSS compliant. If it’s not compliant, you cannot trust it to handle data correctly.
- When transferring customer information from your premises to an external server, use an encrypted connection. The encryption must run end-to-end. TLS or SSL (both used in “https://” addresses) will work fine.
- Keep all computers free of viruses and other malware. Get an anti-virus and keep it up to date. Run it at least once a day, ideally about half an hour before opening.
- Every application you use to process customer data must use encryption when storing it.
- Have a talk with your employees about the meaning of “need to know.” They must understand that all customer data is to be accessed and used only if there’s no other way to complete a sale. All information is on a need-to-know basis, meaning that employees can only have access to relevant customer information if they must have it to complete their duties.
- Go to the PCI Security Standards Council’s website and download fact sheets and quick reference material related to PCI DSS and PA-DSS. These are generally helpful and give you an idea of how you should maintain a pristine transaction infrastructure.
Would you bet your entire business’ precious reputation that data thieves will not target it? I sincerely doubt that. If you don’t feel confident about gambling, the above advice will lead you in the right direction to keeping your credit card transactions impeccably safe!