Vice President & Head of Payments
As we move to a more contactless world where a larger percentage of payments occur online, accepting credit cards can significantly increase your businesses sales. Accepting credit cards can seem tricky, especially in the B2B space where higher value transactions can add layers of additional risk.
There has been a significant rise in B2B payment volume, so we put together a 2-part series of best practices for mitigating risk and following proper data security measures when it comes to payment processing.
In part 1, we’ll cover best practices to ensure you are set up to mitigate chargebacks (specifically for those high value transactions). And in part 2 we’ll cover how you can protect cardholder data, increase customer confidence by building a trusted brand, and the basics of data security.
Before we get started let’s go over some frequently used terms with which you may not be familiar if you are new to accepting digital payments.
- Chargebacks: When a cardholder either didn’t authorize a charge or has an issue with the item or service for which they are charged and initiates a process with their card provider to dispute the payment transaction.
Let’s get started.
Part 2: PROTECTING CARDHOLDER DATA: DO’S AND DON’TS
In part 1 last week I covered some Payment Processing Best Practices, today we’re going to go over some Do’s & Don’ts around cardholder data security.
A great way to maintain customer confidence and keep your customers coming back is by protecting their sensitive card information. Using these Payment Card Industry Data Security Standards (PCI DSS) is the first step. Here’s a list of do’s and don’ts when it comes to PCI DSS.
- When accepting credit/debit cards online, ensure the proper firewalls are setup and your computer’s anti-virus software is up to date to mitigate the possibility of a data breach.
- Have your system scanned by a PCI DSS approved service provider annually to ensure you are taking all the proper precautions to prevent any kind of unauthorized access to your computer systems.
- If customer is present, validate the card with a valid government ID.
- Restrict employee access to “need to know” information only. For example, a sales representative typically doesn’t need access to credit card numbers or other personal cardholder information and access to it should be limited. Give each employee a unique login and password with permissions relating to their role, require passwords to be changed periodically and remove any access permissions immediately after an employee leaves your company. This will help maintain system security as well as track data activity by user. Have strict policies and vetting for those employees who do have access to customer information, including pre-employment and periodic background checks.
- Destroy anything with cardholder data on it, don’t just throw it in the trash.
- Don’t keep copies of cardholder data unsecured or unencrypted. All cardholder data should be kept in secured electronic storage locations I.e. the merchant’s payment portal or tokenized in a secure system that’s regularly scanned and audited for security.
- Don’t share passwords or use simple or easily guessed passwords that could be easily hacked.
- Never save AVS or CVV data as prohibited by card brand association rules.
- Don’t allow customer personally identifiable information to leave your offices or company owned and controlled equipment. It is also not recommended to allow the use of personal devices by employees for work activities.
If you have any questions or would like to speak with a Currency specialist to get started with CurrencyPay®, please reach out to us here.