This post was contributed by a community member. The views expressed here are the author's own.

Community Corner

Retail Checklist: 8 Tips for Secure Payments Processing

Retail Checklist: 8 Tips for Secure Payments Processing 

Retail Checklist: 8 Tips for Secure Payments ProcessingAs a retailer, deciding on a payments processor can be overwhelming. With the recent string of high-profile customer data breaches, security should be the focal point of your provider’s every service and function. 

Here are eight security features to look for when selecting a payments processor: 

1. VAULTING 

What: A vault is used to set up recurring payments. With a vaulting mechanism, customers can enter their credit card information into the vault via the retailer’s website, and set up recurring payments. Stored information can also be used during the next transaction with the retailer. This is the “remember me” option most of us see when making online purchases. 

Why: Vaulting makes you more secure as a retailer because you’re not tasked with the burden of securing that data yourself. That responsibility is left up to the payments processor, as is the case with SecureNet’s PCI compliant vault. 

2. TOKENIZATION 

What: Tokenization is the process of using a unique code to represent a credit card number, thereby mitigating the risk associated with the exposure of the actual credit card number. To give a simple example, if a credit card number was 1234, it may be tokenized as ABCD. ABCD has zero value for a fraudster because it’s meaningless. For the payment processor, however, ABCD references an actual card number. 

Why: Rather than exchange credit card numbers, merchants and payments processors can pass tokens, minimizing visibility into a payment account number. And, while breaches can still occur, hackers who infiltrate a token system will find that information useless. 

3. P2P ENCRYPTION 

What: In point-to-point (P2P) encryption, the card reader at your point-of-sale reads the information on the magnetic stripe of a credit card and transmits an encrypted version of that data to your payments processor, ensuring sensitive information is encrypted at the earliest possible point in your POS system. The processor then is the only party with a device capable of decrypting the data, which it does to perform an authorization. 

Why: Data encrypted end-to-end, from the point of swipe to the point of the payments processor, guarantees zero exposure of plain text, non-encrypted information on the part of the retailer. This protects card numbers from a variety of attacks. 

4. ENCRYPTED MOBILE HARDWARE 

What: Payments processors that offer P2P encryption must also offer mobile encrypted hardware. The actual point-of-sale device at the register, or the dongle that plugs into a smartphone, should support data encryption from the moment it’s obtained via a credit card’s magnetic stripe. 

Why: With mobile encrypted hardware, retailers don’t have to rely on their own infrastructure to be as secure as possible because the data passing through is encrypted and useless to anyone who may gain access on the retailer side. Mobile hardware that encrypts the card data at swipe also offers additional protection against malicious mobile applications that may attempt to access the card data if it were present in plain-text form on the mobile device. 

5. EMV 

What: EMV stands for Europay, Mastercard and Visa. It’s also often referred to as “chip-and-pin,” in which a microchip is embedded on a credit card to serve as a continually changing data point. This makes the card virtually impossible to clone. Look for a payment processor that has the capabilit

We’ve removed the ability to reply as we work to make improvements. Learn more here

The views expressed in this post are the author's own. Want to post on Patch?

More from Redlands-Loma Linda