To keep safe, get card information out of the 'store'
When it comes to protecting your business from cyber threats, a well-rounded security strategy is critical.
This means paying attention not only to the defensive strategies necessary to bounce back after an attack occurs, but also to the offensive strategies that should be utilized to help prevent an attack in the first place.
How can we apply some good practices when it comes to payment processing?
Get your PCI certification. If you store or transmit cardholder data online, you are required to have external network vulnerability scans performed by an approved scanning vendor on the network or domain. This is basically a scan of your firewall to validate no one can “walk in” virtually to your business and steal information. You can then use a company such as ours to assist with fixing errors that show up by properly configuring the firewall. Ask your merchant processor for the one they accept or do a web search for “PCI compliance tester."
Don’t keep credit card information locally. Most merchant processors’ current point of sale software allows you to send the credit card information once and you capture a token versus the actual credit card number in return. If you’re unfortunately hacked and the bad guys get your data — there’s nothing there. They see a token and no credit cards. But you are still able to perform all transactions as before and your system will handle the token/credit card translation with the merchant processor in the back end.
Make sure your online web-cart is SSL enabled. If you’re not SSL then you’re not performing the very basic responsibilities of protecting your customers data. SSL certificates are very easy to purchase and depending who is hosting your site, relatively easy to set up. If you don’t understand them, call your hosting site. Don’t overpurchase; it’s easy to be sold on something you may not need or want.
Do not open a malware/cryptoware package. We all know it’s a hectic time of the year. Just make sure when dealing with emails that you don’t open a malware/cryptoware package that will immediately end your ability to transact business. One easy way to accomplish that is to update your operating system and have a good antivirus package.
Implementing these strategies can make sure your business enjoys the holidays with peace of mind and customers are well protected from hackers.