A recent survey showed that 50% of online shoppers are concerned about their credit card details being stolen when shopping online. Yet a surprising number of small businesses fail to ensure their customers’ transactions are secure when they purchase online. As an online business merchant, you are obligated to safeguard your customer's credit card information (courtesy of PCI compliance). Here are a few tips on how your business can handle credit card account information securely and properly.
Use of approved software and equipment
No matter the software you use to collect customers’ credit card information, you are required to ensure that all your software is PCI compliant. Though you might perceive that anything already on the market is satisfactory to use, that's not always the case. There are many software and credit card readers that have vulnerabilities and security holes that could make them unsafe. That explains why software and hardware vendors undergo thorough testing to ensure the reliability of their products. Therefore, to safeguard customers and your business, use tested and approved products solutions.
Use of integrated service providers
If you want to avoid installing and running a credit card processing application yourself, you can make use of available service providers to develop account storage and manage credit card processing for your business. Service providers include the popular SaaS (software as a Service), IVR, and many other organizations that can outsource all payment processing functionalities.
Encryption of any recordings containing credit card numbers
Many digital systems track and record calls to keep proof of payment authorization and to monitor service quality. Doing so actually creates a database of credit card information (usually credit card numbers and their security code) that is susceptible to theft and misuse. If you store them digitally via a password protected directory space (like many VOIP systems do) you are expected to encrypt them immediately. You are also required to ensure that there is absolutely no software linked to the storage structure.
Encryption of online storage of credit cards account numbers/data
There are situations where online merchants prefer to store credit card numbers to retain proof of payment (written authorization for mail-order payment). If the merchant chose to do this, then they should always make sure that these information is stored in a secure place. Online businesses need to make sure that any storage is encrypted by vigorous encryption algorithms (HTTPS and SSL algorithms). That way, even if the computer is stolen or someone in their organization gain unauthorized access, then you are guaranteed the same level of protection for credit card numbers. Research by Blue Coat has revealed that encryption usually reduces insecurity by making electronic storage completely invisible. In fact, Blue Coat Systems found that the 10 most visited websites in the internet uses encryption, making them 100% invisible to all security devices unless decrypted.
Simply following these practical tips will go a long way toward fulfilling your contractual requirement of protecting and safeguarding credit card accounts and information.