With fraud looming as an ever-present and sophisticated threat, it’s important to protect your business by equipping it with the most innovative technology available. Although PCI DSS requirements increase each year to meet new fraud techniques, you can always take your security a step further by staying informed about novel security features.
The following four technologies will help secure your credit card payments against today’s risks to protect your business and your customers.
Tokenization is a robust encryption method that replaces sensitive cardholder information with a randomly generated string of characters referred to as a token. For instance, the cardholder number 1234-5678-9123-4567 could become EO5L-X03K-S2LX-79BQ. Tokens have no value if breached and can only be decrypted by the token vault at the last step of the transaction process by the payment processor.
We recommend tokenization over point-to-point encryption as the data cannot be unmasked during the transaction to reveal their true values. After all, every payment provider that assists with transaction authorization is subject to fraud. With tokenization, cardholder data are protected even if one provider in the process is under attack.
Remote Signature Capture
You may be familiar with the option to email yourself a digital receipt when making an in-store payment. In the case of remote transactions, in which a signature was previously impossible to obtain, select providers are applying this concept to obtain card-not-present signatures.
With remote signature capture, you can simply email the digital receipt to be signed via your customer’s finger on a smartphone or mouse on a desktop. U.S. courts have ruled that digital signatures are legally binding, so they carry the same weight as traditional signatures in the event of a chargeback dispute.
Although obtaining a signature is becoming a less-required fraud-prevention measure, it’s still wise to do your due diligence and capture a customer’s signature, especially if you ship high-value items.
Terminal Cloud Control
You can greatly reduce your PCI scope by making this one decision: selecting a cloud-based terminal over one with middleware. Also referred to as software drivers, middleware requires the downloading of software onto your computer to communicate with your credit card terminal. With middleware, your computer and network process, store and transmit cardholder data. This puts you squarely within PCI scope.
When you choose a terminal that’s cloud-controlled, the terminal never interacts with your computer, reducing this vulnerability for your business. This can mean less money spent on PCI-related security and audits while reducing your liability.
IP Address Monitoring
Keep your eyes peeled for this security feature if you ship high-value items and cannot obtain signed authorization from your customers.
IP address monitoring can plot a customer’s shipping, billing, and IP addresses visually on a map. If the shipping address and IP address are in a different state or country than the billing address, you may want to rethink the transaction before shipping, as this may be a sign of fraud.
About the Author
As the Marketing Manager at PayJunction, Christina Lavingia delights in crafting content that empowers businesses to better advocate for themselves when it comes to their merchant services. PayJunction is a PCI Level 1 merchant service provider and payment gateway that leads its industry in green technology, security best practices, and innovation.