Payment Security Tips for the New Year

By Don Weary

Considering the high-profile data breaches and the very recent Sony email leaks, 2014 could be labeled "The Year of the Hacker." According to a recent Gallup poll, Americans’ No. 1 crime worry is hackers stealing their credit card information. In addition, cybercrime certainly hurts the U.S. economy — to the tune of more than $120 million each year.

On Jan. 12, President Obama sent a cybersecurity bill to Congress, saying, "We've got to stay ahead of those who would do us harm." What follows are some payment security best practices that can help all merchants stay ahead of fraudsters:

1. Maintain PCI compliance. Do your due diligence to ensure your company's payment security practices are compliant with the Payment Card Industry (PCI) Security Standards Council. Update all of your software to maintain the latest security measures for all transactions. Be sure your software is certified by the Payment Application Data Security Standard (PA-DSS) as well. New PCI standards just went into effect on Jan. 1.

2. Deal with any breach immediately. Maintain detailed records of all sales transactions. Include obvious details like the date and time of the transaction, plus the names of employees who assisted in the sale as well as the contact information for the customer. Detailed records are invaluable in the event of a security breach. Copious detail allows you to pinpoint precisely when the breach occurred so you can immediately take the necessary action to rectify the situation and notify affected customers.

3. Don't store credit card numbers. Storing credit card numbers at your business site or on business software is a security breach waiting to happen. Even if your business site or software program seems to be safe and 100 percent secure, it's still in your best interest not to store credit card numbers.

4. Develop processes to screen for common fraud practices. Transactions involving shipping to a single address but billed on multiple credit cards could involve an account number generated using special software, or even a batch of stolen cards. Online transactions using multiple credit cards from a single IP address may also indicate a fraud scheme.

5. Take precautions with sensitive data. Keep sensitive data as protected as possible by using end-to-end encryption. If you need to send highly sensitive data from one device to another, end-to-end encryption is essential.

Don Weary is the vice president of product management at Sage Payment Solutions, a company that enables retailers to manage payment processing.