Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant Taskforce has developed a set of payment protection resources for small businesses. In this series, we highlight security basics from the Guide to Safe Payments for protecting against payment data theft.
As a small business, you are a target for cybercriminals. Using the Internet, these hackers steal your customers’ payment (debit and credit) card data to commit fraud. This data is especially at risk when it travels to your merchant bank, and when it’s kept or stored on your computers and devices.
The best way to protect this data is to devalue it. ”Encryption” and “tokenization” technologies do this by replacing it with data that is useless to hackers. While this can be more complex to put in place, it can make security much easier to manage in the long-run, and it is the best way to reduce your risk. Here are a few tips to keep in mind:
Use encrypting devices: Check with your payment system vendor to make sure that the device you use to take customer card payments via swipe, dip, insert, tap or manual entry of the card number encrypts card data. Use the “List of PCI Approved PTS Devices” to identify devices that encrypt card data (hint: look for “SRED” on that list and ask your vendor if SRED is enabled and active).
Upgrade your solution: Talk with your payment system vendor or service provider to make sure you have a payment terminal that uses both encryption and tokenization technology to remove the value of card data for hackers. Discuss your options for adoption of PCI Point-to-Point Encryption solutions. Refer to the PCI Council’s “List of PCI P2PE Solutions”.
Ask the right questions: Refer to “Questions to Ask Your Vendors” for tips on how to get the information you need to make the best decision for your business.