Six Key Features for Payment Processing Security

When deciding which payment processor will work best for your business, there are many factors to consider.  Arguably the most critical point of consideration is how secure a processor is.  Security measures are a vital part of payment processing for both businesses and their consumers; a breach at any point can spell disaster for all parties.  Therefore, security features deserve an especially critical review when investigating different processing options.  Here are a few key features to be on the lookout for when deciding on a processor.

All-in-One

More businesses, big and small, are finding themselves needing processing solutions for both in-person and online transactions.  If your business requires multiple payment processing options, it’s important to choose a processor that specializes in omni-channel solutions.  Choosing a processor that can manage all points of transaction—from in your brick-and-mortar to the checkout page of your website—means that all of your customers’ data goes to the same place.  Having multiple processors for your different points of payment means there are more connections the data has to go through.  More connections mean more opportunities for breakage and breach.  At Pineapple, omni-channel solutions are our specialty, so be sure to take a look at our solutions page to see how we can freshen up your processing needs in all areas.

EMV-Chip Readers

If you are processing payments in person, you need to be EMV-Chip equipped.  EMV technology and chip cards are designed to help stop counterfeit cards in-store at physical points of sale by using a dynamic cryptogram that makes each transaction unique. Following the creation and implementation of EMV chips cards, the liability for breach was shifted onto the business, rather than the processor or bank.  If your point of sale does not have the technology to process EMV chip cards and a breach occurs with EMV enabled cards, you will be held liable and will have to pay any costs incurred. By utilizing EMV technology, you enhance your protection from the potential fraud liability of accepting counterfeit cards.  This protection benefits both your business and your customer when implementing these extra safeguards to process payments securely.

SSL for Online Shopping

When shopping online, most customers will look to see if a site is SSL certified before entering their card information.  SSL (Secure Sockets Layer) is an encryption method used to secure data that is being transferred from the customer to the website. SSL certificates are marked for the customer to see by displaying a green address bar or showing a padlock.  SSL sites also begin with “https.”  When a consumer sees this, they know that their data will be safe.

PCI

When processing payments, PCI is absolutely crucial.  Payment Card Industry Data Security Standards (PCI DSS) provide guidelines for merchants on how to best secure sensitive customer data to avoid fraud in payment processing.  These guidelines are tiered according to how many card transactions a company processes per year.  PCI is an independent council which was formed in 2006 to standardize data security, and their standards remain the industry expectation.  Being PCI compliant is vital to protecting your customers and your business from risk. Most processors enforce penalties for being non-compliant to these standards.

Tokenization

When processing online payments, you should never store consumer card information on your server or other unsecured files. Cutting edge payment processors ensure that the customers’ data never touches your servers by using a process known as tokenization. This means it’s encrypted before it is stored on database servers. Tokenization works by replacing sensitive data with randomly generated characters.

Doing so reduces the risk associated with data breach. One of the best protection methods is using a token that represents a real credit card number so that when the transaction is authorized, the data is sent to the centralized server and stored securely. At the same time, your system receives a unique number (a token) which serves as a representation of that customer’s card info. The token can then be used as a substitute for the card’s data for future transactions. At Pineapple, we utilize a patented tokenization encryption method using CardConnect’s CardSecure suite of products.

Smartphone Processing

With the rapid rise of mobile payment options like Apple Pay and Samsung Pay, having a system equipped to process mobile wallets is becoming essential.  These mobile options are also increasingly popular for their convenience, but also for their added security advantages. Mobile pay apps utilize near-field communication (NFC), which allows customers to transmit their data by tapping their device to the terminal.  This method of transferring payment data comes with security advantages above and beyond what using a card provides.  And given the increasing popularity of this method, choosing a processor that can handle mobile payments at your point of sale is a must.