Payment Security Impacts All Of Us

Making it easy for your customers to pay is good business. That’s why ease-of-use on the billing section on your website is essential. It's also critical to your bottom line.

When we think cybersecurity, we tend to think of the biggest attacks such as Equifax or Target. The numbers are huge. And frankly, they make the biggest headlines; that’s why news media sources use them to lead.

But just as many small businesses are hit every day. And they cost a lot more than financial losses - in some cases, businesses shut down altogether, unable to recover from their losses.

While the typical cyberattack costs large businesses on average $861,000, for smaller business, the average is only $86,500. Ask a business owner what their likelihood of facing an IT security risk is, and you’ll find more than half feel it’s no longer if, but when.

Small-scale attacks on payment security systems occur every day. That’s why it’s more important than ever to keep your business and your customers safe with encryption solutions that secure data from the moment a credit card number is entered.

There’s also the need for ensuring HIPAA sensitive data is secure. While most medical offices have policies in place for ensuring electronic protected health information is fully compliant, they often overlook the payment process, and so it becomes a vulnerability point.

Payment Card Industry Data Security Standard (PCI DSS) and HIPAA rules require entities to maintain reasonable and appropriate safeguards for protecting all credit card information throughout the process.

What does that mean for you?

Ensure your processor doesn’t send SMS credit card receipts

Some credit card processors provide the option of sending receipts via text or SMS. Because these receipts contain protected health information, they can only be transmitted over secure technologies. SMS is not. Therefore, all receipts must either be delivered by a verified secure email, or be printed out in paper form.

Obtain a business associate agreement

If all your credit card company does is process credit cards, HIPAA requirements state you don’t need a business associate agreement with your processor. However, if your credit card processor does more - most do - like provide analysis, reporting, or other ancillary services such as offering gift cards, you’ll need a business associate agreement to stay in compliance.

Secure any physically stored card numbers

All businesses, not just health care, must comply with PCI DSS standards and protect the customer’s data against theft and fraud. One of the basic rules is to ensure security if you keep a written copy of a credit card authorization that lists the credit card number.

Is your practice doing all it can to protect your customers’ payment information? Are you putting your customers and your business at risk? We can help.

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.