When you're an entrepreneur, trust is your most important currency. As an e-retailer, trust is imperative to earn and maintain for your business' success. Electronic payments--credit, debit, prepaid and mobile--are America's preferred way to pay. Accepting payments cards helps to grow your business, improves sales and enables quicker checkout for your customers. But sophisticated cyber criminals assume new online retailers are low-hanging fruit. Prove that you're not an easy target--protect your business, and your customers' data, through thoughtfully applying multiple levels of security to your startup.
Understand your obligations. Small and web-based businesses accepting electronic payments are contractually obligated to secure the payment information collected. The best protection you can offer your customers and provide for yourself is not to store any cardholder data and to comply with PCI (Payment Card Industry) Data Security Standards, including protecting card readers, point-of-sale systems, networks & wireless access routers, payment card data storage and transmission, and payment card data stored in paper-based records.
Lock it down. Use Secure Sockets Layer (SSL), a computing protocol using encryption that ensures the security of data sent over the Internet. You can raise your protection and prove reliability to customers by going a step further and acquiring an SSL Secure Site Seal or utilizing an Extended Validation Secure Sockets Layer (EV SSL) URL Green Bar.
Change your default password. The most common password consumers choose is, perhaps not surprisingly, PASSWORD. But if you run a business, the default password won't protect your customers. If you require that your customers select a difficult-to-crack password, they're safer, and so are you.
If you're keeping customer data, keep it secure. If you must collect data, know exactly what information you're collecting, and where it's stored. Think carefully about what you absolutely need to best serve your customers. What are you keeping--names, physical addresses, email addresses, payment card information, invoice numbers, account numbers, transaction history? Can you encode or encrypt the data? And where are you keeping the information--desk drawers, filing cabinets, home offices, servers, smartphones, tablets, USB drives or in a cloud server? Clean up any stored data regularly, ensuring that you're only keeping the bare minimum. Set a reminder to securely eliminate all outdated or no-longer-necessary data. And make sure your customers know what data you are collecting.
Scan and re-scan for viruses and malware. Keep your own systems free from viruses and spyware by employing a strong firewall using up-to-date antivirus protection. Pay attention to its alerts, and consider additional securities such as intrusion prevention and anti-spam technology. Run a full scan at least once a week.
Keep work and personal computers separate. Restrict computer use to business-only purposes. Viruses and malware can leak into your systems and impact your business if you allow yourself or your employees to use business computers for personal e-mailing, social networking or Internet browsing.
Train your staff. Know your employees. Confirm references or get background checks before hiring. Ensure that access to important data is granted only to employees who absolutely need access. Engage with trusted and certified processors and vendors: The ETA Certified Payments Professional (CCP) seal signifies that a payments industry professional has demonstrated the knowledge and skills required to perform competently in today's complex electronic payments environment.
Review and update your procedures regularly. Ensure you've checked ALL the boxes. Assess and address any vulnerability.
Practice protocol. Know what to do in the event of a data breach--You have an obligation to your customers, your investors, your employees, and yourself to handle it right, and right away. Have a plan in place allowing you to easily analyze what has been compromised. Report to the acquiring banks and payments card companies you do business with. Notify your customers in compliance with applicable law. Accountability and swift action are key to maintaining your customers' confidence.