What You Need to Know to Ensure You’ve Got Secure Payment Processing


What You Need to Know to Ensure You’ve Got Secure Payment Processing

When you own a business, the last thing you want to worry about is fraud.

But sadly, even with all the technological advancements that have been made to mitigate this risk, it’s still a big problem for businesses around the world.

For example, in a Forbes Advisor poll, 33 per cent of small business owners said credit card fraud is a major issue for them.

And here in Canada, business owners have even more reason to be concerned.

According to a survey from PwC, while 51 per cent of organizations around the world reported experiencing some form of fraud, in Canada, that number is considerably higher, at 60 per cent.

What’s more, the survey found that although Canadian organizations tend to be better at detecting fraud than those in other countries, rates of fraud in Canada have actually increased.

Among other factors, part of this increase can be attributed to the fact that many more companies have now digitized their activities, not least due to the restrictions imposed during the pandemic.

At any rate, as you can see from the graph below, companies in Canada have been losing millions of dollars per year to these illegal activities.

loss by organizations graph

Losing this kind of money to fraud is an absolute nightmare scenario for business owners, but for many, it probably still seems pretty unlikely, especially for those who’ve never experienced it.

At the same time, trying to wrap your head around the issue of fraud can seem like an impossible task, and many business owners probably feel like there’s not much they can do about it.

But the truth is, when it comes to payment processing security and preventing fraud, there’s actually a lot you can do.

So, if you’re looking to find the most secure payment processing, or wondering what you can do to protect your business from things like credit card fraud, then you’re going to want to keep reading.

Because in this article, we’re going to let you in on what you need to know to ensure you’ve got the most secure payment processing, along with some simple strategies you can use to mitigate payment processing security risks yourself.


What You Can Do to Ensure Secure Payment Processing

Credit card fraud and other payment processing security issues can wreak havoc on your business in many different ways, putting customers’ data at risk, and leaving you vulnerable to theft, being fined, or losing your ability to process credit card transactions altogether.

But luckily, you can take practical steps to protect your business against these kinds of issues and ensure you’re choosing a secure payment processor.

With that in mind, below we’ve explained several things you can do to safeguard your business and reduce your risk of ever having to deal with this sort of thing.


Limit Card-Not-Present Transactions

Limit Card-Not-Present Transactions

In spite of all the security features we have to protect against these crimes, card-not-present transactions still offer one of the easiest ways for criminals to commit credit card fraud.

Card-not-present transactions include those done over the phone, online, or by mail, or fax, and the main reason why they’re so much less secure is they don’t require you to enter your PIN when you pay.

There are other safeguards in place, in lieu of entering your PIN, like address verification, which allows card issuers to decline a transaction if the billing address provided doesn’t match up with what they have on file, but not every merchant is going to have these protections in place.

So, if you were to lose your credit card, for example, and someone found it, they could use it to make purchases remotely, simply by entering the information found on the card.

That being said, one of the best ways to protect against credit card fraud is to simply limit the number of card-not-present transactions you accept, or refuse to accept this form of payment, if possible.

Now, for some companies, this just isn’t going to be possible, as they do most or all of their business remotely, which brings us to our next point.


Confirm That Proper Security Features Are in Place

If you have to accept card-not-present transactions, you should at least make sure that your virtual terminal includes all the latest security features, and the same goes for physical terminals, as well.

First of all, regardless of what kind of terminal you’re using, you should make sure it’s PCI-compliant, which means it’s been certified by the Payment Card Industry Security Standards Council (PCI SSC).

In addition, you should also ensure that it uses end-to-end encryption protocols, requires strong passwords, offers two-factor authentication, and has appropriate access controls in place, so only authorized individuals can use and manage the terminal.

There are also many other security features that can make your transactions even more secure. This includes things like:

  • Tamper-Evident Features – These features are there to make it obvious if someone has tampered with your terminal.
  • EMV Certification – This kind of certification is done through a partnership between Europay, Mastercard, and Visa, and ensures that your terminal meets the necessary security standards for processing chip-based transactions.
  • Secure PIN Entry – Your terminal should have an encrypted keypad in order to protect PIN data from being compromised.
  • Shielded Screens – This feature prevents people from seeing anything if they try to look over a customer’s shoulder while they’re entering their PIN.
  • Security Updates – You should ensure that your payment terminal’s software and firmware are always up to date.

Now, to be fair, every single company that processes credit card transactions in Canada is regulated by Visa and Mastercard, and if they don’t adhere to their standards, they can be subject to massive fines, or lose their ability to accept credit cards.

So, the chances of a company that offers payment processing not adhering to these standards are pretty low. But it never hurts to know this stuff so you can confirm it for yourself, just to be sure.

Make Sure to Batch Out Every Day

If your business uses payment terminals, then you’re probably well aware of what batching out means.

But for those of you who aren’t familiar with this term, batching out refers to the process of transmitting a batch of accumulated transactions from your payment terminal to your payment processor or acquiring bank for further processing.

In terms of security, the whole point of batching out is to limit the amount of time that cardholder data is stored in the payment terminal’s memory.

Merchants can decide to batch out at intervals of their choosing, but the longer you wait, the more at-risk customers’ data is on your payment terminal, as it will remain on the device until the batching out process is complete.

Furthermore, the longer you let this go, the more data is being stored on your device, and the more customers you’re putting at risk.

And if your terminal was to fall into the wrong hands, that person could get access to the credit card information associated with whatever transactions have yet to be batched out.

That being said, ideally, you should make a point of batching out at the end of every day, as this ensures your customers’ data is only stored on the device for one day or less.

It’s also important to point out that newer payment terminals typically offer an auto-batch feature, giving you convenience and peace of mind, knowing the terminal will execute this process itself, so even if you forget, it’s all good.

But if you’re using an old, outdated terminal, it’s not going to have this feature, so make sure to keep that in mind.


Consider How You Deal With Refunds

Consider How You Deal With Refunds

Having the ability to issue refunds with a payment terminal is crucial for many businesses, but unfortunately, this feature comes with its own set of security concerns.

To give you an idea of what kinds of issues this could cause, let’s look at an anecdote from one of our customers.

Before they signed up with us, this restaurant owner had hired a new server, and at the time, they’d been with the company for about a month.

This new employee had their friend eat at the restaurant, and because the refunds on their payment terminals weren’t password protected, they proceeded to give them a $500 refund on their bill, before quitting the next day.

So, if you want to protect your business from this sort of thing, you should make sure that the ability to offer refunds on your terminal is password protected, and that only you and/or trusted employees are privy to that password.

Moreover, it’s also important to ensure that the refund limit on your terminal is as low as possible, so you can soften the blow if something like this does happen.


Avoid Keeping Credit Card Info on Paper

In this day and age, you’d think this wouldn’t be happening anymore, but unfortunately, it is, and it’s more common than you might think.

For example, our founder, Surge Cumiskey, experienced this for herself just a couple of weeks ago.

She was looking to get something printed, and the printer she chose to work with sent her a sheet to fill out with her credit card information.

To avoid doing this, she ended up going down to the place to pay for it in person, and made a point of letting the owner know how insecure this is, and that the standards set by PCI SSC strictly prohibit merchants from storing information in this way.

That being said, you should never keep customers’ credit card info on paper like this, as it poses a massive security risk, both internally and externally.

And if you ever get caught doing this, you could face huge fines, or be banned from being able to accept payments with credit cards.


Are you searching for a secure payment processing provider? Give us a call today to learn more about what we can do for you.

What our clients say about us

Let’s Simplify Your Payment Processing