How to keep your customers information secure when taking payments online
Building and keeping your customers’ trust when it comes to online payments has become more important than ever.
85% of consumers will refuse to do business with a company if they have concerns about its security practices. This means ensuring you’re doing everything you can to keep your customers’ information secure needs to be a top priority.
Not only do you want to make sure your customers feel confident doing business with you, but you also want to avoid the severe repercussions a data breach can have on your business.
A cyberattack could come from a number of different sources, like viruses and malware that gain unauthorised access to your system. This places not only put customer data at risk, but also your revenue, important records, plus damage to your reputation and resulting loss in business.
The good news is there are a number of ways you can reduce the risk to your business and customers. Here’s what you can do today:
Implement security measures
These five measures will help your business stay strong against cyber threats.
- Update your applications, including anti-virus software, plugins and operating systems to protect you from potential vulnerabilities;
- Set up firewall security to protect your internal networks from the threats coming from the Internet and WiFi;
- Encrypt your data so only approved users can access it;
- Create strong passwords to protect access to your business devices, and ensure everyone’s passwords are unique and not shared with others;
- Consider cyber-insurance to protect your business in the event of a data breach.
For more detail, read information on setting these practices in place in your business, see article on The security measures you can do in under 10 minutes to protect your business.
Comply with the Payment Card Industry Data Security Standards (PCI-DSS)
Something that may escape your attention is that there is a set of security standards that all businesses that process or store credit card data electronically need to comply with. This is enforced by the PCI Standards Council.
The first step is to adopt a cybersecurity policy. If you don’t have one, now is the perfect time to create and implement one. It should outline the following:
- What data you will collect and how you will collect it;
- Where you will store the data;
- What measures you will put in place to keep it secure.
Make sure your business and all your employees understand your cybersecurity policy.
What your cybersecurity policy should cover:
- Who is responsible for cybersecurity in your business
- Your system and network configuration, including:
- IT change control policy – who can approve and make changes to computer systems
- Keeping details on systems processing credit cards and account data
- Patching of security vulnerabilities
- Security scanning of networks, websites and computers
- Keeping administration passwords secure and safe
- Data classification and handling:
- What types of data do you hold?
- What form is it in? Electronic? Paper?
- Where do you store it?
- User acceptable use policy:
- Password requirements
- Email standards
- Handling of sensitive data, removable media and technology like USB’s or portable harddrives
- Locking of devices
- Social media and internal access standards
- Data retention and data disposal – (customer’s contact and payment information)
- Paper and electronic media handling
- Firewall and network administration
- Anti-virus and endpoint protection
- Backups
- Encryption policy
- Remote access
- Cloud systems
- Incident Response Plan
- Protecting devices at point-of-sale
- Risk assessment process
- Supplier requirements:
- Use of PCI-DSS Level 1 suppliers to process cards
- Use of PA-DSS software for processing cards (Payment Application Data Security Standard)
- Approving and monitoring suppliers and contractors
***
This article has been republished with permission from Eway.
If you enjoyed reading this article and would like to be notified when future articles are posted, please sign up for our email newsletter.
Are you interested in reading articles on a particular payments topic, company, payments industry executive or author? Click the search icon, it’s that magnifying glass on the top right-hand side of the website, and type in the keywords that interest you. You will then be presented with a list of any articles that match your search criteria.
***
Data privacy and eWAY
eWAY has invested heavily in attaining the world’s highest payment security accreditation – PCI-DSS Level 1. Meaning that when your organisation is using their payments software to handle your customer payments, you can rest easy knowing all sensitive information is being handled with the highest level of payment security through their systems.
Eway’s MTI program can also help you make sure you’re doing everything you can on your end to protect your customers’ information and your business.
If this seems like a lot of information to process and a lot of work to implement, Eway can help. Eway’s Merchant Trust Initiative provides a tool to generate a cybersecurity policy that is appropriate for your business.
To talk to one of Eway’s online payment experts today, call 1800 762 623 or enquire here.