Exciting growth opportunities exist for small and medium businesses taking advantage of the ever-increasing holiday shopping season. However, amidst this positive backdrop, lurks the negative threat posed by hackers and cyber criminals that prey on holiday shoppers and businesses.

Small and medium businesses can’t ignore the fact that they’re, in many ways, an easier and more alluring target than big-box stores for a cyber attack. In fact, one study notes that one in five small and medium businesses will fall victim to a cyber criminal.

With the variety of payment options available to customers, the growth of mobile purchases, and the increased sophistication of cyber attacks, small and medium businesses must take extra precautions to ensure customer information is protected from all angles. Your customers need to know their personal and credit card information is safe when making a purchase from your business.

Here are eight payment security recommendations that all small and medium businesses should follow throughout this holiday season and beyond.

Be vigilant. Keep detailed records of all sales transactions, including the date, time, and names of employees involved in the sale. The contact information for the customer should also be recorded. Detailed notes will become invaluable if a data breach does occur.

Act fast.  In the event of a data breach, the key is to get to work right away to determine the cause of the breach and implement solutions. If you’ve taken detailed records, these notes will help you determine exactly when the breach occurred, allowing you to immediately take the necessary action to fix the situation and let affected customers know.

Communicate. A Bizrate Insights study from earlier this year found that the more than two-thirds of buyers worried about data security are more confident when making online purchases when a well-known trust symbol is visible. Tell your customers about the precautions your business is taking to protect their personal and credit card information. Communication, especially when it comes to data security, can go a long way to boost customer confidence.

Pay special attention to online orders. When a card isn’t present at the point of sale, such as during an over-the-phone or online transaction, they’re inherently riskier; thus, small and medium businesses should be even more aware of possible fraud. Be on the look-out if any of the following occur: the order is larger than normal; an order includes several of the same item; items are being shipped to an international address; transactions include similar account numbers; transactions are placed using multiple credit cards; multiple transactions are placed on one credit card during a short time period; sales are processed through the Deaf Relay System; cardholder asks for Wires or funds through a money transfer service, such as Western Union; or the sale seems “too good to be true.”

Train employees. Your employees are the eyes and ears of your business. Train them on your payment processing program so they’ll be able to detect when something doesn’t seem right. This will not only help prevent internal problems but also external threats. Consider having employees complete a payment checklist every time a purchase is made. The checklist should verify that address verification (AVS) is a match; confirm the 3-digit CVV security code; and ship to the AVS-verified cardholder billing address.

Don’t keep credit card information.  Storing credit card numbers at your business site or on your software is a breach waiting to happen. Don’t rely on data security to be completely safe. If you don’t store sensitive credit card data, you’ve already taken a major step toward lessening your fraud threat level.

Don’t slack on compliance.  Ensure your software is updated and that your businesses’ payment security programs are compliant with the Payment Card Industry (PCI) Security Standards Council. New PCI regulations came out earlier this year. To find out more about them, visit this PCI Security Standards Council site. Your software should also be certified by the Payment Application Data Security Standard (PA-DSS). And, don’t forget about EMV (Europay, MasterCard, and Visa) regulations, which went into effect on October 1. You can learn more about those in our Sage resource center.

Use end-to-end encryption. Keep sensitive information safe from hackers and cyber criminals with end-to-end encryption. Encryption is one of the best protectors small and medium businesses can use to keep importation information from getting into the wrong hands. This is especially important when sending sensitive information from one device to another as it can ensure the data is scrambled before transmission.

If you can’t implement these best practices before this holiday season comes to an end, make a point of focusing on payment security as one of your top business resolutions for 2016.

Paul Bridgewater is CEO of Sage Payment Solutions.