While the big data breaches make news, smaller businesses are more common targets of payment data attacks. So in this issue, we look at specific ways to minimize your exposure to these risks.

Reduce Your Risk

Any time unsecured payment card data is stored or transmitted, it is vulnerable to hackers. Reduce your risk and avoid expenses related to data breach, fraud, and chargebacks in these ways:

Choose a PA-DSS validated POS system. A PA-DSS validated POS system is an important step to reduce your risk. SpeedLine is validated against the current standard, and can help reduce the scope of your PCI audit and Self-Assessment Questionnaire. SpeedLine does not store any credit card data, and includes support for tokenization and End-to-End Encryption (E2EE). 

Tokenization replaces payment card information with a series of randomly generated numbers, so the information can be safely passed through the internet (for example, from your online ordering site to your store).

End-to-End Encryption (E2EE), protects cardholder data in transit (for example, from your store to the payment processor). Cardholder data is encrypted at the card reader and not decrypted until it reaches your payment processor. Encrypted card data is unreadable to unauthorized parties.

Used in combination, tokenization and E2EE substantially reduce your risk and PCI scope.

With EMV chip card readers at cashier stations for all of your card-present EMV transactions, the encrypted chip on the card protects against counterfeit fraud. While a chip transaction can be slower than a swiped payment, EMV PIN pads also support fast and convenient contactless "tap" payment.

One of  the drawbacks to EMV for many pizza and delivery operations was that the protection applied only to card-present transactions.

Today, adding SpeedLine Pay@ the Door with mobile EMV PIN pads extends protection against fraud and chargebacks to delivery orders too (including orders placed online). As a result, you pay lower card-present rates on every transaction to card-present rates. And your customers’ information is more secure, as they are not giving their credit card number over the phone or online, but paying in person with a chip transaction at the door. 

Security Takes Vigilance

Ensuring the security of your customers' payment card data is an ongoing responsibility.

Take these steps to keep data safe:

• Familiarize yourself with the PCI requirements.
• Train your staff in security awareness. 
• Keep your software up to date. If your POS vendor offers it, subscribe to software update alerts.
• Monitor system activity logs.
• Remove network and POS access for separated employees.
• Complete the PCI Self-Assessment Questionnaire as required.
• Schedule quarterly PCI network scans.