As more and more businesses are accepting card payments, compliance with the Payment Card Industry Data Security Standard (PCI-DDS) is becoming increasingly important in protecting businesses and consumers from data theft and fraud. Security and fraud has been a growing concern in the card payments field. With the ever growing popularity of card payments, there has also been a rise in card fraud and data hacking. Most of this comes down to the storing of card information.
Wait, what’s PCI Compliance again?
First released in December of 2004, the Payment Card Industry Security Standards (PCI) were made to create an additional level of protection for card issuers by ensuring that merchants met required standards of security. This then evolved over the years into what is now known as PCI Compliance, which was designed to ensure secure card payments.
What does it do, and why is it important?
Simply put, PCI Compliance protects cardholder data by maintaining and constantly testing the security of a secure network. As you can imagine, this isn’t the cheapest thing in the world. That’s why SimplyPayMe App teamed up with Stripe.
Stripe allows individuals and businesses to take secure card payments over the internet, and are dedicated to security and fraud prevention. They are certified as a PCI SERVICE PROVIDER LEVEL 1, the highest rating a business can receive and are one of the leaders in online payment software. Stripe have a proven track record of protecting clients and customers.
The PCI-DSS is a set of practice standards designed to help protect businesses and consumers when using cards to make payments online or in person. Making yourself compliant reduces the chance of losses through fraud and helps protect your reputation with your customers.
Do you remember when the US store chain Target had a data breach last year? 40 million credit and debit card numbers were stolen, and 70 million sets of customer information were hacked as well. How did this affect Target? Their Q4 profits dropped by a whopping 46% from the previous year. It was so bad that the chief executive resigned. It should be obvious why using PCI standards is a must!
However, according to the SAGE PAYMENTS LANDSCAPE 2014 REPORT, only 38% of businesses thought they were PCI compliant—42% didn’t know if they were, and 21% admitted they were not. That’s a lot of businesses that are at risk, both for data theft and for a serious dent in their reputation.
Luckily, there are easy steps you can take to make sure your business is compliant with the PCI standards:
* Assess: make sure to identify cardholder data that you hold or come into contact with. Take an inventory of your IT assets and payment systems and examine them for any weaknesses that could expose your customer’s data.
* Remediate: fix any vulnerabilities and do not store cardholder data unless you absolutely need to. The less time you have a cardholder’s data, the less chance there is for it to be stolen.
* Report: submit amended records and compliance reports to your bank and the payment brands you do business with. This builds trust between everyone and helps make card payments safer for everyone.
At SimplyPayMe, we undertake every effort to ensure that we are compliant and that our users’ data is super secure. If you’d like to find out more about how you can make your business PCI compliant, you can check out this HANDY SELF-ASSESSMENT QUESTIONNAIRE.
Protect yourself and your customers
PCI Compliance is vital to your business’ integrity when dealing with customers and payments. It can set you apart from your competitors and helps build trust with your clients. The more a customer trusts you, the more likely they will not only come to you when they need your products or services, but they’re also more likely to recommend you to their personal networks.
By using SimplyPayMe App, you’re not only making your money tracking, invoicing, and payment collection easier, you’re also ensuring that both your business and your clients are protected by PCI Compliance. Your dedication to security will help build the trust that you want your customers to have with your business.
Warning! Writing down customers card details will get you fined
A study by the ICO (UK’s Information Commissioner’s Office) found that companies are being extremely careless with the storing of their card holders information. The most common mishaps were card details being written down on slips of paper or stored on web documents. One hacker was able to compromise a database with thousands of customer records, including names, DOB’s, billing addresses and card numbers, including the expiry date and CVC (3 digit security code on the back of the card). The ICO fined the company £175,000 as punishment for their carelessness.
These kind of data leaks reek havoc. The ICO are clamping down on companies who commit these malpractices, by dishing out heavy fines for any company caught carelessly recording their customers sensitive data. CLICK HERE FOR MORE INFORMATION
What can your company do to avoid this?
1. Use High Level Encryption When Storing Cards (Coming soon to SimplyPayMe App)
It can’t be stressed enough that encrypting data such as card payment details is vital. Some encryption methods however ARE NOT SAFE. If a hacker is able to access decryption keys from your servers where the encrypted details are held, this defeats the purpose.
Our card processor, Stripe, has a unique encryption method which is the most stringent out there:
Encryption of sensitive data and communication All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
2. NEVER record your customers card information on a piece of paper.
This is almost as bad as having the password to your computer written on a sticky note which is stuck to your keyboard. Don’t do this. Paper gets lost, stolen, copied and is almost impossible to track sometimes. This is also very illegal
3. Can’t take the payment immediately? Find another way to collect a payment from your customer.
You will be able to take a card payments face to face with most services. If, for some reason, you are not able to take the payment in person, services like SimplyPayMe App can help you massively. With SimplyPayMe App you have the ability to take a payment from your customer at any time. Either over the phone through a virtual terminal or through paylinks. Having a system with this kind of payment flexibility removes the need for recording data, and gets you paid faster!
If you have any questions about PCI Compliance and Security email email@example.com for further information.