How to keep your customers information secure when taking payments online

Building and keeping your customers’ trust when it comes to online payments has become more important than ever in 2020.

85% of consumers will refuse to do business with a company if they have concerns about its security practices. This means ensuring you’re doing everything you can to keep your customers’ information secure needs to be a top priority.

Not only do you want to make sure your customers feel confident doing business with you, but you also want to avoid the severe repercussions a data breach can have on your business.

A cyberattack could come from a number of different sources, like viruses and malware that gain unauthorised access to your system. This places not not only customer data at risk, but also your revenue, important records, plus damage to your reputation and resulting loss in business.

The good news is there are a number of ways you can reduce the risk to your business and customers. Here’s what you can do today:

Implement security measures

These five measures will help your business stay strong against cyber threats.

  1. Update your applications, including anti-virus software, plugins and operating systems to protect you from potential vulnerabilities; 
  2. Set up firewall security to protect your internal networks from the threats coming from the Internet and WiFi;
  3. Encrypt your data so only approved users can access it;
  4. Create strong passwords to protect access to your business devices, and ensure everyone’s passwords are unique and not shared with others;
  5. Consider cyber-insurance to protect your business in the event of a data breach.

For more detail read information on setting these practises in place in your business see our article on The security measures you can do in under 10 minutes to protect your business.

Comply with the Payment Card Industry Data Security Standards (PCI-DSS)

Something that may escape your attention is that there is a set of security standards that all businesses that process or store credit card data electronically need to comply with. This is enforced by the PCI Standards Council.

The first step is to adopt a cybersecurity policy. If you don’t have one, now is the perfect time to create and implement one. It should outline the following:

  • What data you will collect and how you will collect it;
  • Where you will store the data;
  • What measures you will put in place to keep it secure.

Make sure your business and all your employees understand your cybersecurity policy.

What your cybersecurity policy should cover:

  • Who is responsible for cybersecurity in your business
  • Your system and network configuration, including:
    • IT change control policy – who can approve and make changes to computer systems
    • Keeping details on systems processing credit cards and account data
    • Patching of security vulnerabilities
    • Security scanning of networks, websites and computers
    • Keeping administration passwords secure and safe
  • Data classification and handling
    • What types of data do you hold?
    • What form is it in? Electronic? Paper?
    • Where do you store it?
  • User acceptable use policy
    • Password requirements
    • Email standards
    • Handling of sensitive data, removable media and technology like USB’s or portable harddrives
    • Locking of devices
    • Social media and internal access standards
    • Data retention and data disposal – (customer’s contact and payment information)
    • Paper and electronic media handling
    • Firewall and network administration
    • Anti-virus and endpoint protection
    • Backups
    • Encryption policy
    • Remote access
    • Cloud systems
    • Incident Response Plan
    • Protecting devices at point-of-sale
    • Risk assessment process
    • Supplier requirements
      • Use of PCI-DSS Level 1 suppliers to process cards
      • Use of PA-DSS software for processing cards (Payment Application Data Security Standard)
      • Approving and monitoring suppliers and contractors

    If this seems like a lot of information to process and a lot of work to implement, don’t worry we can help. Our Merchant Trust Initiative provides a tool to generate a cybersecurity policy that is appropriate for your business.

    Data privacy and eWAY

    eWAY has invested heavily in attaining the world’s highest payment security accreditation – PCI-DSS Level 1. Meaning that when your organisation is using our payments software to handle your customer payments, you can rest easy knowing all sensitive information is being handled with the highest level of payment security through our systems.

    Our MTI program can also help you make sure you’re doing everything you can on your end to protect your customers’ information and your business.

    To talk to one of our online payment experts today, call us on 1800 762 623 or enquire here.