Tax season is the taskmaster's dream, with an overabundance of year-end checklists to keep business owners checking and crossing off items well into the first quarter. Surprisingly, however, payment processing security fails to get any priority checklist, whether it's year-end or not.
[caption id="attachment_229661" align="alignright" width="301"]
We've developed a simple, three-point checklist to prioritize payment security that will keep your business out of the hands of fraudsters and hackers. The liability threats to business owners are financially substantial and need vigilant attention at least once a year.
Priority #1: Stop using outdated payment technology TODAY. Security is one of the most significant issues with traditional or legacy payment terminals and software. Outdated payment processing systems are especially susceptible to fraud. At the point of sale, older hardware counter terminals and software lack proper security protocols like encryption and authentication, thus leaving cardholder data available to steal.
You may have heard about the recent breach at the retail giant, Target and how hackers were able to steal information from over 40 million customers. But you might not know that these hackers weren't after credit card numbers—they were after the PINs associated with those cards. And they got them! The PINs were stored in unencrypted format on the company's servers, allowing the attackers to download them all at once and make purchases as if they were using real cards.
Replace legacy payment systems with EMV-compliant systems that use tokenized encryption.
If your payment terminal is over three years old, replace it with EMV-enabled software and the latest security updates.
Priority #2: Stop using weak or reused passwords. According to the 2019 Verizon's Data Breach Investigations report, 80% of hacking-related activities involve compromised or weak credentials. Typically, weak passwords are the result of using default passwords, such as "password," "welcome," and "12345," from third-party vendors. In many cases, store owners fail to remember or change the password assigned arbitrarily by a third-party vendor to gain first-time entry. Hackers exploit this vulnerability resulting in a potential data breach.
Use strong passwords with at least seven characters, numbers, symbols, and letters – at least one capitalized. And change it frequently, preferably every three months.
Priority #3: Failure to comply with PCI DSS payment processing security standards.
All merchants that accept electronic payment cards must follow the payment brands' rules to protect cardholder data, using their adopted standard requirements, referred to as the Payment Card Industry Data Security Standards (PCI DSS). These provide merchants with a unified approach to safeguarding sensitive data.
These requirements range from removing sensitive card data from your payment terminals and processing systems to implementing data security policies for your employees. Most processors make compliance a reasonably straightforward process by conducting an annual security assessment scan or questionnaire on your existing payment processing environment.
Pay attention to your payment processor emails related to PCI compliance assessment scans. Non-compliance can be costly. Get in the know by visiting the PCI DSS Merchant Resource Center here, https://www.pcisecuritystandards.org/merchants/
Bonus Tip: Remember to download your 1099-K revenue statement. Code §6050W requires your payments processor to track the gross amount of reportable payment transactions for all merchants and report those amounts to the Internal Revenue Service (IRS) on Form 1099-K.
In addition, your Taxpayer Identification Number (TIN) and Legal Name on Form 1099-K must match IRS records or you could be subject to Federal backup withholding and applicable State backup withholding.
For more information on payment security and PCI standards and what it means for your business, contact us at Global Merchant Partners at (877) 230-0012.
Aprile Parella is the director of operations at Global Merchant Partners.