Retail Checklist: 8 Tips for Secure Payments Processing

Retail Checklist: 8 Tips for Secure Payments Processing

Retail Checklist: 8 Tips for Secure Payments ProcessingAs a retailer, deciding on a payments processor can be overwhelming. With the recent string of high-profile customer data breaches, security should be the focal point of your provider’s every service and function.

Here are eight security features to look for when selecting a payments processor:

1. VAULTING

What: A vault is used to set up recurring payments. With a vaulting mechanism, customers can enter their credit card information into the vault via the retailer’s website, and set up recurring payments. Stored information can also be used during the next transaction with the retailer. This is the “remember me” option most of us see when making online purchases.

Why: Vaulting makes you more secure as a retailer because you’re not tasked with the burden of securing that data yourself. That responsibility is left up to the payments processor, as is the case with SecureNet’s PCI compliant vault.

2. TOKENIZATION

What: Tokenization is the process of using a unique code to represent a credit card number, thereby mitigating the risk associated with the exposure of the actual credit card number. To give a simple example, if a credit card number was 1234, it may be tokenized as ABCD. ABCD has zero value for a fraudster because it’s meaningless. For the payment processor, however, ABCD references an actual card number.

Why: Rather than exchange credit card numbers, merchants and payments processors can pass tokens, minimizing visibility into a payment account number. And, while breaches can still occur, hackers who infiltrate a token system will find that information useless.

3. P2P ENCRYPTION

What: In point-to-point (P2P) encryption, the card reader at your point-of-sale reads the information on the magnetic stripe of a credit card and transmits an encrypted version of that data to your payments processor, ensuring sensitive information is encrypted at the earliest possible point in your POS system. The processor then is the only party with a device capable of decrypting the data, which it does to perform an authorization.

Why: Data encrypted end-to-end, from the point of swipe to the point of the payments processor, guarantees zero exposure of plain text, non-encrypted information on the part of the retailer. This protects card numbers from a variety of attacks.

4. ENCRYPTED MOBILE HARDWARE

What: Payments processors that offer P2P encryption must also offer mobile encrypted hardware. The actual point-of-sale device at the register, or the dongle that plugs into a smartphone, should support data encryption from the moment it’s obtained via a credit card’s magnetic stripe.

Why: With mobile encrypted hardware, retailers don’t have to rely on their own infrastructure to be as secure as possible because the data passing through is encrypted and useless to anyone who may gain access on the retailer side. Mobile hardware that encrypts the card data at swipe also offers additional protection against malicious mobile applications that may attempt to access the card data if it were present in plain-text form on the mobile device.

5. EMV

What: EMV stands for Europay, Mastercard and Visa. It’s also often referred to as “chip-and-pin,” in which a microchip is embedded on a credit card to serve as a continually changing data point. This makes the card virtually impossible to clone. Look for a payment processor that has the capability to support chip-and-pin on a worldwide basis. EMV is already widespread in much of Europe, and the technology is quickly coming to the United States.

Why: Cards in the U.S. are very easily cloned just by reading the magnetic stripe off of the back. Even if customer data is compromised, it is extremely difficult to duplicate and make copies of EMV credit cards.

6. PCI COMPLIANCE

What: The payment card industry sets a security standard for all companies processing, storing and transmitting credit card information to protect consumers. Standards are enforced on four levels, based on the volume of transactions processed by a single merchant. PCI compliance should serve as a baseline standard when looking for a payments processor.

Why: All processors are required to be PCI compliant, but retailers may require a level of PCI compliance beyond the minimum standard. It is important to look for a processor with the resources to help small retailers meet whichever PCI-compliant standards they may be subject to, rather than going at it alone or hiring a third party.

7. FRAUD PROTECTION

What: Advanced payment processors can now facilitate automated pre-authorization on fraud checks. Sophisticated analyses of behavioral profiling and multi-currency factoring allow real-time payment authorization, minimizing unnecessary voids and reversals. Self-learning machines even update fraud rules at a high frequency to make the process truly automated.

Why: If the payments processor can minimize fraud that is occurring through them, they won’t have to charge more to recoup from charge losses. A robust fraud protection program benefits both the processor and the retailer from a cost perspective.

8. OMNICHANNEL SECURITY

What: Just as omnichannel payments rely on one processor across all channels (mobile, in-store and online), omnichannel security involves one provider to protect sensitive information across all channels. The same, consistent set of security controls, no matter where your processing is occurring, is key.

Why:  By choosing a processor with omnichannel security capabilities, retailers are tasked with managing just one relationship, rather than three separate for each form of payment. Customer information is contained to just one provider, reducing risk and eliminating the need for data duplication across locations.

About the Author

Avery Buffington is an information security architect at SecureNet with over 13 years of experience in the information security and financial services industries.

Featured

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

Featured Cybersecurity

Webinars

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3