Erald, September 27, 2016
Security and fraud has been a growing concern in the card payments field. With the ever growing popularity of card payments, there has also been a rise in card fraud and data hacking. Most of this comes down to the storing of card information.
A study by the ICO (UK’s Information Commissioner’s Office) found that companies are being extremely careless with the storing of their card holders information. The most common mishaps were card details being written down on slips of paper or stored on web documents. One hacker was able to compromise a database with thousands of customer records, including names, DOB’s, billing addresses and card numbers, including the expiry date and CVC (3 digit security code on the back of the card). The ICO fined the company £175,000 as punishment for their carelessness.
These kind of data leaks reek havoc. The ICO are clamping down on companies who commit these malpractices, by dishing out heavy fines for any company caught carelessly recording their customers sensitive data. Click here for more information
What can your company do to avoid this?
1. Use High Level Encryption When Storing Cards (Coming soon to SmartTrade App)
It can’t be stressed enough that encrypting data such as card payment details is vital. Some encryption methods however ARE NOT SAFE. If a hacker is able to access decryption keys from your servers where the encrypted details are held, this defeats the purpose.
Our card processor, Stripe, has a unique encryption method which is the most stringent out there:
Encryption of sensitive data and communication All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
2. NEVER record your customers card information on a piece of paper.
This is almost as bad as having the password to your computer written on a sticky note which is stuck to your keyboard. Don’t do this. Paper gets lost, stolen, copied and is almost impossible to track sometimes. This is also very illegal
3. Can’t take the payment immediately? Find another way to collect a payment from your customer.
You will be able to take a card payments face to face with most services. If, for some reason, you are not able to take the payment in person, services like SmartTrade App can help you massively. With SmartTrade App you have the ability to take a payment from your customer at any time. Either over the phone through a virtual terminal or through paylinks. Having a system with this kind of payment flexibility removes the need for recording data, and gets you paid faster!
If you have any questions about PCI Compliance and Security email firstname.lastname@example.org for further information.