Here’s what you should know about your credit card machine or point of sale system:
In the credit processing industry merchants rely on credit card processors that provide secure services in order to complete their transactions. But how secure are these services? Accepting credit cards is a major step for small businesses looking to grow and you need to know that you will receive payment for their goods and services. However, your current credit card machine is sending full card information over insecure networks that compromise your very livelihood. If the information that your credit card machine sends is intercepted, you will be liable for this breach. On average it costs a merchant $90,000 in fines and remediation to recover from a breach. Your credit card machine or point of sale system is simply not secure as it sends complete card numbers over phone and internet lines to your processor.
Even with new EMV chip technology, organizations need to work with processors that will be able to ensure an end-to-end secure transmission in order to prevent hackers from stealing card information. Regain control of your business by ensuring that each transaction is secure and your data is protected. Understanding threats to secure processing, as well as what credit card merchant services can do to create an end-to-end encryption solution, will help small businesses and processors achieve greater success moving forward.
Leap Payment’s Safe-T is the first end to end encrypted solution for credit card terminals as well as point of sale systems that ensures that every credit card number is 100% protected and encrypted as soon as it is swiped and transmitted completely encrypted, so that hackers cannot ever access card numbers.
EMV Doesn’t Solve Your Problems On Its Own
Your organization is responsible for protecting cardholder data within your payment environment, even after you have installed EMV chip readers in your businesses. Simply installing an EMV card reader will not keep hackers from attacking your systems. As EMV technology rolls out and customers incorporate more EMV-only cards into their wallets your business must do more than just accept them as a form of payment. In addition to compliance with PCI standards, it is up to you to make sure that your business is doing everything in its power to protect card data.
EMV technology is being adopted in the United States as a way to improve security and keep fraudsters from cloning magnetic stripe cards and impersonating legitimate customers. It is used as the top form of payment around the world for secure transactions and identity verification because card information and cardholder data is stored within a secure chip that requires multilayer verification. However, EMV transactions are still being intercepted by hackers that tap into Internet connections and dial-up systems to intercept data being transferred.
There are two factors related to the EMV transition that affect your business. First, you are on the hook for fraud and losses if your business does not have the equipment and processing services to accept EMV cards. Second, you must develop a secure solution that keeps customer payment data encrypted to protect against attacks and data breaches. There are a few variables that threaten to keep you from reaching your goals.
Your provider doesn’t want you to know that your transactions are not secure, because they don’t have a secure option for you.
Even if you have the latest EMV credit card machine it stills sends credit card data to your processor completely insecurely, so anyone can hijack the transaction and compromise your security. In fact, 99% of credit card machines currently send credit card data via an insecure phone line or Internet connection that can be easily “listened” to, making card data vulnerable.
According to the PCI Security Standards Council, more than 80% of attacks on organizations are on small businesses. This is due to the fact that small businesses are more likely to have lax security measures in place to protect credit card information. Once a customer swipes his or her card or pays with an EMV card, merchants think that they’ll get paid and that’s it.
Many small business owners believe that their current credit card processing partner is doing everything that they need to stay protected from losses and liability. However, this is not the case. While PCI-DSS compliance is the essential foundation for your business’ overall security, it does not protect you against the risks of a card data breach. Your goal should be to have top-level security for payment information and data during every step of the business cycle.
In addition to the types of credit card processing machines you use in your business it is also important to know the connection you have to your payment processor and how payment information is stored. The goal of a data breach is for a hacker to find a Primary Account Number (PAN) and other identifying information that allows them to use the data for personal gain. The reality is that while your card processor is helping you get paid for your products now, you need to make sure customer information is protected down the road as well. This is where end-to-end encryption for credit card merchant services comes into play for small business owners.
Invest in End-to-End Encryption NOW for Data Security
Only 1% of credit card machines and POS systems encrypt the credit card number at the initial swipe of the card, so your business is 100% protected from a security breach. This new Safe-T technology provides complete peace of mind that you are secure and is only supported by two of the top 20 credit card processors. In addition, with an encrypted terminal your PCI compliance questionnaire is reduced to only a few questions, as you have no risk of a data breach.
In the event of a data breach, an attacker is able to go in and collect account numbers and identifying information that allows them to create fake cards or access accounts. Organizations that do not have end-to-end encryption in place do not have the protections needed to thwart hackers. But what is end-to-end encryption in the first place?
End-to-end encryption is the continuous protection of payment data and sensitive information by encrypting it at the origin and decrypting it at the destination. For both magnetic stripe card and EMV chip cards, encryption would take place the second the card is run through a reader and remain encrypted through the entire payment process. According to the Smart Card Alliance, encrypted data would make it much harder for attackers to benefit from a network break-in. This is because they will be unable to read encrypted data, meaning that a customer’s card number and authentication credentials remain secure.
With encryption merchants are able to add a layer of security for EMV and magnetic stripe cards that they accept in their store. Attackers look to exploit weaknesses in point-of-interaction (POI) systems as well as in data storage, which means that merchants and credit card processors must work together to develop and maintain a strong and united end-to-end solution.
Fight Off Attackers with End-to-End Encryption and Tokenization
One of the ways businesses can implement end-to-end encryption of their customer payment data is by working with Leap Payments. Along with up-to-date card readers and the best rates on credit card merchant services, Leap Payments also offers Safe-T, a security solution for SMB merchants. Safe-T combines both end-to-end encryption and tokenization of data to keep payment card information secure so you can focus on running your business. The only way to ensure that your machine is encrypted and 100% secure is if it has the Safe-T sticker, as these are the only secure encrypted machines available.
With this setup, payment card encryption occurs at the point of interaction. Additionally, tokenization of PAN data takes place for follow-up transactions, such as voids or adjustments, so it stays out of the hands of those trying to bring your business down. By encrypting and tokenizing this data there is nothing left for criminals to steal because all sensitive information is protected. It is important to remember that just by being able to accept EMV cards as a form of payment your business is not off the hook for losses due to fraud. You are responsible for protecting cardholder data and must ensure that all aspects of your payment environment meet PCI compliance standards.
A benefit of working with Leap Payments for end-to-end encryption is that you get security built for your payment setup, whether that is through dial up or IP/Ethernet. Data breaches do not only occur when a hacker breaks into a server to steal information. They also take place when criminals intercept data across phone lines and unsecured communications when transactions are taking place. Taking into account as well the low cost of adding end-to-end encryption and tokenization to your payment processing solution, this move is something that you cannot afford to miss. Although there is an extra charge for this level of security, can your business survive a data breach that costs in excess of $90,000 in fines, penalties and fees?
In the credit processing industry there will always be those trying to exploit loopholes and find security weaknesses in order to steal payment information. Talk with your provider of credit card merchant services directly to see the ways that your business is staying secure and what you can do to protect data moving forward. Contact a Leap Payments representative today at 800-993-6300 to get started.
Sources:
