Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant Taskforce has developed a set of payment protection resources for small businesses. In this series, we highlight security basics from the Guide to Safe Payments for protecting against payment data theft.
Just like the Internet provides your business with new customers and new ways to sell products, it provides hackers with new opportunities and methods to break into your system and steal your customers’ payment (debit and credit) card data.
As a small business, you may use personal computers and devices for business purposes, and vice versa. While convenient, if these devices are connected to the Internet, they can put you at risk. Anything used for card payments needs extra protection against cyber-attacks. Here are a few tips to keep in mind:
Keep payments separate: The device you use to take payments should only be used for payments, nothing else. For example, don’t surf the web, check email or post on your Facebook page from the same device or computer that you use for processing payments. Even if necessary for business purposes (updating your business’s Facebook page for example), do these activities on a different computer or device that is not used for payments.
Protect your “virtual terminal”: You have a “virtual terminal” if you enter customer payments via a web page that you access with a computer or tablet. Minimize your risk and avoid using an external card reader that attaches to your device. These readers store card data on your computer, and the less you have to protect, the safer you are!
Protect Wi-Fi networks: Ask your Wi-Fi provider for help with making sure your Wi-Fi is safely configured. Brick-and-mortar businesses that offer free Wi-Fi for customers need to use a separate network for processing payments (this is called “network segmentation”).
Use a “firewall”: A firewall is hardware and/or software that acts as a buffer to keep hackers and malware from getting access to your computers and information. Check with your payment terminal vendor or service provider to make sure you have one installed on your payment terminal, and ask them for help configuring it correctly.
