Small commerce is a difficult playing field, and more so every day. In addition to the difficulties of scale, there are other challenges, not the least of which are credit and debit card payments. After all, we handle our customers’ private banking data with technological tools that are not always protected…
Hundreds of thousands of data breaches occur every year, mostly identity theft by external malicious actors. The numbers are alarming, and small businesses are increasingly affected. This is true whether the customer purchases by credit or debit card in person, through your website or over the phone.
To prevent many of the risks, the ICH points out 12 tips or best practices that you should apply in your business. Here is the complete list, in order of economic cost and technical difficulty of implementation (from least to most difficult). Keep it in mind!
1. Uses strong passwords
That is, combining alphanumeric symbols, upper and lower case letters, etc. Change them periodically. Don’t leave default passwords, and never, ever reveal them.
2. Store only the essential data
Also, check with your service providers about where the data you use is stored, and if there is data you cannot delete, apply encryption and tokenization techniques.
3. Check your payment terminals for tampering.
Look for obvious signs of tampering, keep them in a safe place and only allow repairs by authorized agents. If you see anything unusual, let your bank know as soon as possible!
4. Use reliable partners
You never know, so it’s best to know who you’re dealing with. Find out more about your different suppliers and ask them all the questions and doubts you may have.
5. Use your suppliers’ patches
Upgrade your software to the latest versions, and make sure it always comes from your official suppliers. All. You will avoid many problems.
6. Protect internal access to your data
Is your staff reliable? Probably yes, but it does not hurt to limit access to the data that are essential to perform the tasks entrusted to each one of us.
7. Take care of remote access to your system
Your suppliers can access your system remotely. That’s normal, but be informed and make sure they do it safely (and also as little as possible).
8.. Install an antivirus
Make it a quality program (it is worth a small investment), and keep it up to date with automatic updates: make it difficult for hackers!
9. Scan for vulnerabilities and fix problems.
You may need a specialized provider (known as PCI ASV) to obtain an integrated service tailored to your circumstances. It is better in the long run.
10. Use secure terminals and solutions
PCI-accredited terminals, PIN protection systems and payment application software are available. And, above all, secure telephone payment providers that are PCI DSS compliant, such as PAYbyCALL.
11 . Defend yourself from the Internet
The Internet is the biggest channel for cybercriminals to access the data you use. An activated firewall, a protected wifi and an isolated use of your payment system are the keys.
12 Encrypt, encrypt, encrypt
It can be costly in financial and technical terms, but making your data unusable to hackers with encryption technologies (such as SRED or TLS) is the safest bet.
Because you have a lot at stake, play it safe
At PAYbyCALL we are at your disposal to help you solve your doubts and to make your small business a fortress against the bad guys. Do not hesitate to contact us without obligation.