A Short Guide to Online Security for Credit Card Payments
You’ve probably heard some scary stories about phishing scams and identity theft. While it’s possible for someone to access your account through your credit card details, it’s just as possible to protect yourself (and your clients). First, common sense. Don’t share photos of your credit card, because it’s easy for somebody to zoom in and retrieve your details.
This is even easier if you show both the front and the back of the card. Even if you only show one side, a clever criminal can pick out your name and account number, then use some online sleuthing to retrieve the rest of your details. (It’s as simple as friending you on Facebook to check your mother’s maiden name or residential address).
When you swipe your card through an ATM or card reader, check for skimmers. Skimmers are artificial devices glued to the top of the card slot. They can later be removed and the data collected can be used to make dummy cards. These cards can then be used to access your account, because they’ll have seen the account number, account name, PIN, and possibly your e-Signature. Aside from skimming, phishing and hacking take a few seconds when you are redirected to a dummy site. This is why instant verification is a crucial security feature. It minimizes the duration window for criminal interference in any card transaction.
Credit card data needs to be encrypted every time it’s uploaded or downloaded. This means it’s encrypted and decrypted when you type it on the website, when it reaches the payment gateway, when it’s reviewed by the payment processor, and at both the issuing and acquiring banks. The decryption key is only circulated to relevant devices so even if someone manages to intercept the information, they’ll be unable to make any sense of it. There are different kinds of encryption, so double-check the type being used by your payment processor.
The Payment Card Industry Council generated a list of twelve recommendations for card security. It’s called the PCI DSS and is a mandatory for Visa payments. Visa has stated that it will block payments to any firm that doesn’t apply PCI DSS. These requirements cover both virtual and physical security. The details of the requirements delve into passwords, firewalls, user IDs, written security policies, encryption levels, and regular security testing.
Card security doesn’t stop at the point of purchase. A customer can later review their card statement and cancel a payment, leading to refunds and chargeback fees. To avoid this, businesses should make sure the name of their shop matches the name on their customers’ card statements. If not, businesses should issue a clear explanation of how the charge will appear on the customer’s credit card billing statement.
For more information on processing fees for a merchant account, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.