Get All Access for $5/mo

8 Security Tips for Small Businesses Accepting Online Payments in 2017 Consumers have high expectations that businesses will keep their credit card information secure.

By John Rampton Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Poike | Getty Images

When customers make a purchase from your online storefront can they trust you to protect their credit card information? If not, why would they continue to support your business? That's why ensuring that your customers' payment data should always be a priority. When customers trust you, it will ultimately benefit your bottom line.

For small business owners, that may seem overwhelming and complicated, but it's actually easier than you may think by following these 8 security tips when accepting online payments.

1. Be compliant with PCI-DSS.

PCI-DSS is a collection of compliance regulations that are mandated by the Payment Card Industry Security Standards Council. If you accept, process, store, or transmit credit card data then these regulations apply to you in order to ensure that your customers' payment information is kept safe and secure.

One of the biggest headaches that PCI-DSS gives business owners is that they can be complex - especially if you don't have IT specialists on-hand. At the very least, being compliant with PCI-DSS means you must undergo an on-site data security assessment annually, such as using of SSL authentication on your website and Secure Sockets Layer (SSL).

To find out if you comply with these regulations, I would take the Self-Assessment Questionnaire (SAQ).

2. Don't store customer payment data.

There are strict standards in place regarding the customer's data that you store, like not storing CVV data. And, that's because 95% of credit card breaches come from small businesses. The easiest way around this is to dispose of any payment information once a transaction is complete. If you do need to store information, such as a customer's name and account number then take measures to protect this information like using a private network or cloud-based storage or encrypting the data so that intruders can't read it.

Also, under the Fair and Accurate Credit Transaction Act of 2003 (FACTA) you're not allowed to include the full credit card number and expiration date of your customer's credit card when emailing them a receipt. You're only permitted to display the last five digits.

Related: The 15 Most Popular Online Payment Solutions

3. Choose a secure eCommerce platform and processor.

Despite the regulations that have been put in place, not all eCommerce platforms and processors take security as serious as others. When looking for an eCommerce platform or processor, choose trusted and reputable companies that have good reviews and are transparent about their security that they have in-place. The Better Business Bureau and Consumer Affairs are great places to research companies before you start working with them.

4. Educate yourself and your employees.

A majority of data breaches are due to human error. Even if you comply with regulations and have top-of-the-line security systems in-place, you're still putting your customers information in jeopardy if you and your employees aren't trained in basic security measures.

You can start by Informing them about the latest security risks and threats. Most importantly, however, everyone should verify transactions and realize the dangers of clicking on unsolicited e-mail attachments, sharing sensitive information with unauthorized individuals, and never leaving work-related USB drives or devices unattended.

Related: 25 Payment Tools for Small Businesses, Freelancers and Startups

5. Verify the transaction.

Speaking of verifying transactions, there are several ways that you can do this - even when a customer's card isn't present. This includes;

  • Always making sure that there's an address verification (AVS) match.
  • Requiring customers to enter their card security code, aka that 3 or 4 digit CVV number on the back of their cards.
  • Being suspicious of patterns that are of the norm, such as an exceptionally large order from returning customers. If so, call the customer immediately.
  • Reviewing smaller details like strange email addresses, products being shipping to areas known for instances of fraud, and the customer not taking advantage of deals like free shipping.
  • Considering accepting eChecks. Payments from bank accounts have to be verified through the ACH network.

6. Keep your IT environment protected your IT.

Even if you taken security precautions like having a SSL Certificate on your website and properly trained your employees, you're still not completely out of the clear. Everything from your web host to web server can get be comprised. Having a firewall solution can help decrease these threat, but you should also consider setting up an intrusion-detection systems/intrusion-prevention systems (IDS/IPS). This will monitor and block any malicious traffic.

7. Update all of your systems.

It's no secret that outdated systems are more prone to cyber-attacks. Whether if it's WordPress, Shopify, your server's c-panel, SQL, PHP, or your antivirus software, you need to make sure that when there's a new update it's downloaded immediately. Typically these updates occur automatically, but it's always best to err on the side of caution by making sure that you're running the latest version of any software that you use for your business.

Related: 5 Online Payment Tips That Improve Conversion

8. Use encryption and tokenization.

These are two of the most popular words in security. Despite being often lumped together, there are differences between the two. According to Adrian Lane, data analyst and CTO for Securosis, the main difference between tokenization and encryption is how they handle the data that they're attempting to replace. Tokenization will remove data from a system and replace it with an associated value. Encryption is an "obfuscation"? or "scrambling"? tool.This means that the original information if left intact, but makes it inaccessible without a proper key.

"With tokenization, you're not worried about someone coming along and having or breaking or being able to reverse engineer the system in the future, and you're not worried about admin keys being compromised and gaining access to the original data," says Lane.

When storing any sort of data, make sure that it's encrypted. You may also want start accepting payments via digital wallets, which encrypts data, or cryptocurrencies like bitcoin which uses tokens instead of a credit number or bank account.

John Rampton

Entrepreneur Leadership Network® VIP

Entrepreneur and Connector

John Rampton is an entrepreneur, investor and startup enthusiast. He is the founder of the calendar productivity tool Calendar.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Living

These Are the 'Wealthiest and Safest' Places to Retire in the U.S. None of Them Are in Florida — and 2 States Swept the List.

More than 338,000 U.S. residents retired to a new home in 2023 — a 44% increase year over year.

Growing a Business

Why Business Growth Plateaus — and 4 Proven Tips for Quickly Overcoming It

Is your business stuck in a frustrating plateau, with growth stalled and no clear path forward? Discover the surprising reasons why most companies hit this wall — and the game-changing strategies you need to break through and start scaling again!

Business News

Prime Bank: Empowering Growth as Kenya's Premier Banking Partner

Established in 1992, Prime Bank is one of Kenya's leading banks and a trusted partner for individuals, businesses, and communities across the country. With a nationwide network of 24 branches, Prime Bank offers clients a comprehensive suite of banking products and services tailored to meet their specific needs. The bank is also present in several regional markets, including Malawi, Mozambique, Botswana, Zambia, and Zimbabwe.

Leadership

How Entrepreneurs Can Create a More Inclusive Office Space

When you want your office to feel more inclusive, remember to consider the roles of design and layout.

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Leadership

10 Ways My Leadership Has Changed in 10 Years

Reflecting on the ways my approach to leadership has transformed over the past decade and the key lessons I've learned along the way.