When you acquire a merchant account, the terminal does most of the work involved in moving the customer’s funds from their bank to the one you do business with. There are still some precautions you must take in order to help absolve your business from the liability that comes with a data breach. Failure to prepare your business for such a breach could mean significant legal liabilities. Here is a quick guide on the basics of credit card safety for small businesses who might otherwise be unprepared.
Avoid Storing Data
Everyone wants to build an email list, but there is no reason to store more information than what you need. Especially not at the local level. There is simply too much liability storing credit card numbers and other data that could be stolen in a data breach.
The recommended storage procedure for most of this data is to secure it on a remote server (AKA, in the cloud), and to use strong encryption. Typically, when you use payment gateway services to move this type of data, encryption is part of the deal.
Make sure that you’re only using a payment processor that conforms to PCI standards for processing credit card transactions. For businesses, this means paperwork, but some merchant providers take care of this compliance for you. Be sure to ask about PCI compliance to guarantee you’re not breaking the law.
EMV Makes a Difference
If you’re a new business, purchase or rent EMV card readers. Businesses of age will want to consider paying the fees to upgrade to EMV. It’s safer for the customer, ultimately, and it takes some of the liabilities off the business owner’s shoulders. EMV makes cards harder to steal, because magstripe (the current and former system) was efficient but open to duplication.
In some countries, EMV is fast becoming law and businesses are expected to process the majority of their transactions with the chip. Failure to do so could lead to legal penalties, so check with your local government to see the rules for yourself.
The final stroke is to make sure you have a good policy for handling user information. Employees should not keep local copies of anything, and receipts should print out with a truncated card number. Employees should also have individual logins for a terminal, so you can track who authorized a certain transaction to take place.
Charge.com Payment Solutions Inc. helps businesses of all sizes get a merchant account with affordable rates. Visit Charge.com today to see why they have been voted top merchant account provider for six years running.