When it comes to POS credit card processing, security tops the list of many merchants’ concerns. This is likely due to high profile breaches as well as the recent EMV liability shift. Still, many SMB merchants are surprised to learn they are the most vulnerable to an attack.
Eighty percent of data breaches target small businesses, and 60 percent of those victims go out of business within six months of an attack. Payment card fraud cost the U.S. $7.9 billion in 2014 – a nearly 60 percent increase over the previous five years.
Although these stats are impressive, what they don’t relay is that each attack and merchant victim is unique. What do you need to do to secure POS credit card processing specifically for your business? Taking a closer look at the different aspects of payment security can help identify the areas you need to focus on.
EMV technology is inherently more secure than other POS credit card processing technologies, but it only protects against card-present transaction fraud. The impact of the EMV fraud chargeback liability shift, which holds merchants financially liable for certain types of card-present fraud, varies by business. When considering EMV, you should talk with your provider about the best course of action for your business.
End-to-end encryption (E2E)
E2E is one of the most valuable payment security measures. It protects card data in transit by encrypting it from the entry point of your point of sale to a point of secure decryption outside of your environment. Without E2E, when a card is swiped the card number is recorded in clear text for a split second before the POS encrypts it, making it vulnerable to data thieves.
Tokenization protects data at rest, and is useful for secure recurring billing and tip adjustment functions. Tokenization replaces sensitive payment data, so that merchants no longer need to store credit card numbers to complete payment transactions. Combining E2E with tokenization creates a comprehensive solution to protect sensitive card data.
Many SMB merchants think that if they have a POS solution equipped with EMV, E2E and tokenization technologies, they are not at risk. But these technologies alone are not enough. Merchants must also comply with security mandates set forth by the Payment Card Industry Data Security Standards (PCI DSS). Failure to comply can result in a breach and the ensuing negative fallout including fines, fees and lost business
There are a lot of factors to consider when deciding on a secure POS payment processing solutions. The good news is that customizable options are available. Consult your trusted payments partners to learn what solutions are best for your business.