Are your credit card transactions processed securely and are your servers safe to handle credit cards?
You may answer this question like this: "Sure my payment system is secure! Why wouldn't it be?". The truth is, even if you trust your payment provider for taking payments online, you still may wind up having trouble at some point.
What kind of trouble might you run into as a merchant?
Of course, there are even more issues that can arise as time moves on while using an insecure payment system. Instead of taking the risk, here are some safety measures you can implement today to ensure you have a secure payment environment set at your end.
Make sure your website where your clients shop is secured with an SSL certificate. This is identified by two signs, first is a padlock symbol in the address bar of your browser window when browsing your website. You should be able to click on the symbol which will tell you that your company is in fact the owner of the website, so that way the client knows you are who you say you are and that your certificate is current and active. Second is the "https://" in the address of your website.
Payment providers will require that you as a merchant have the SSL certificate properly installed on your website or at least on the actual payment page where you are collecting and forwarding credit card information to the payment gateway.
Using SSL is a step towards that already, however in addition your customers should also be given a login screen that protects their sensitive information from hackers. Properly identify the clients by asking them to enter at least their email and a password. Make sure all your login, forgot password forms and contact forms include a CAPTCHA code verifier field, which will prevent hackers to exploit your systems with methods such as SQL injection.
When a customer is ready to purchase, your checkout pages should only ask for information that is important and pertinent to the sale. You will need the customer's name, address, phone number, billing address and payment information. Anything other than this is information that can be potentially stolen and re-used, especially details such as customer birthday and social security number.
PCI is the standard when it comes to connecting payment systems together and there's a high chance your payment provider will demand that you are up to date with PCI compliance. To put it simply, this is the set of rules, best practice guidelines and technical requirements to assure your website servers and your payment environment are safe enough to handle sensitive data. You should make sure your payment system meets all of the necessary requirements which will make you "PCI compliant" - for most merchants this is done by performing a PCI scan of your server every 3 months which scans for vulnerabilities and fill out a self-assessement questionnaire form (SAQ Form) and send it to your payment provider once a year.
Payment providers also need to be fully PCI-DSS compliant. Only third-party providers that have been approved for this can be used to store cardholder information such as credit card CVV codes.
The sensitive information that is entered into the fields of your checkout page should be protected. Using the PCI guidelines is the only way to keep that info secure.
Whether you are building your e-commerce website or you have been up and running for awhile, you should evaluate the platform or CMS you are using. Is the platform safe and secure while easy to use? Do your research and speak to the platform provider to ensure they give you what you need. Some were created exclusively for e-commerce and have added security measures built-in for you. Other platforms were made for information sharing and have less security when it comes to sales. When choosing a platform, whether it is e-commerce focused or information focused, make sure you fill in the gaps accordingly.
It is crucial that your secure payment systems stay updated at all times on all areas. Test every now and then to check the process.
You should do an "audit" of your website, operations and your payment pages to make sure everything is running smoothly and safely. It is recommended this is done at least once per week to ensure optimum security.
Data encryption allows you to view your data, but make it unreadable to eyes that should not see it.
We already spoke about SSL, but additional database encryption of your customer important data is another step to take for your payment systems and backend to be safe from hackers and outside parties.
Although it may seem smart to save for your next newsletter, or big sale, it isn't.
Especially when it comes to credit card details. By PCI Compliance regulations the merchants are not allowed to store all card details. You should dispose of all payment information securely, unless the customer opts to create a secure account to come to later - and even in that case this information should not be kept at your side but instead saved on a PCI-DSS compliant gateway run by a regulated gateway provider, through tokenization.
You should create a system for what is saved and what is disposed of. This information should be given to your customers.
Outside of your payment system, you should also be aware of how information is used by your employees. From the warehouse to the sales floor, customer information is readily at hand. Receipts, invoices and other paper trails can contain info that should be properly stored or disposed of. Make sure your employees understand how to use this info and how to make sure your payment system stays secure in all areas - even on site.
Secure payment systems can bring your e-commerce website into the 21st century while creating an environment that is safe and easy to use. By using these safety measures, you can ensure that customer information will stay in the hands of those who need it: your customer and your sales page.
The bottom line is this: a customer will come back to a website that is secure. At MerchantScout, we take special care to ensure your merchant account solutions are run on secure PCI-DSS award-winning gateways. CONTACT US and let us partner with you in arranging the solid and secure online payment solution.