For small businesses, it is necessary to understand the basics around security and payments. In order to accept payments securely, there are many regulations that need to be followed. Not knowing the basic rules on how to process sensitive payment information can put a small business at risk, and expose them to potential fees or fines. The more payment security tools small businesses use, the less risk they could face in the long run. 


Here are six issues small businesses may not be familiar with in regards to payment security:  


1. The Importance of Becoming PCI Compliant
Small businesses need to comply with the PCI Compliant Security Standards that are set in place by the PCI Security Standards Council. These rules help protect sensitive transaction information and cardholder data and eliminate data security violations. Small businesses that do not become PCI compliant and experience a breach could face hefty fines and liability costs. All small businesses that accept credit card payments need to become PCI compliant to protect the safety of their business and customers.


Small businesses can work with a payment processor who can provide the expertise in the critical areas of security and validate PCI Compliance, allowing them to rest easy by having the appropriate PCI security solutions set in place. 


2. The Importance of Auditing
Small businesses need to make sure and regularly audit a variety of solutions to help safeguard their business. A small business should manage internal audits to determine where certain weaknesses or loopholes are within their security system. Internal audits of software, firewalls, hardware, and networks should be conducted quarterly within the PCI-compliant processing regulations to help manage risks. 


3. The Importance of Employee Training
Payment security begins with a small businesses internal staff. Having ongoing training with employees will help strengthen payment procedures and educate staff members on security awareness. Some important techniques all small businesses should inform their staff on includes: 


  • Any mobile device that processes payments should be updated with the most recent operating system available for increased security.
  • Mobile payments should only be processed on a connection that is secured with password-protection.
  • A customer’s card number should never be kept on file or written down.
  • All passwords should be stored securely and updated every 90 days. 


4. The Importance of Internal Procedures
According to a report by Computerworld, the 2013 Target breach occurred because hackers were able to obtain valid log in information that belonged to an HVAC company who was contracted by Target. These credentials were not properly secured, giving hackers access to Target’s POS systems. 


Small businesses internal procedures considerably influence payment security. Passwords should be changed every 90 days, employees should not post passwords at point-of-sale systems or on computers, and all passwords should contain a variety of numbers, letters, and characters for ultimate protection. 


5. The Importance of EMV
Although the liability shift occurred last October and most consumers’ now carry chip cards, many small businesses are not aware of the security differences between magnetic stripe cards versus an EMV chip card. 


When a consumer uses their EMV chip card within an EMV terminal, the transaction is processed using a security feature known as tokenization. Tokenization replaces confidential cardholder data with a token that contains a random sequence of numbers that process the payment. If the transaction is seized or compromised in the instance of a breach, the information is useless to hackers, as they cannot replicate the unique codes transmitted via a token. A traditional magnetic card swipe does not include the heightened security features that EMV offers, so it is important that merchants begin implementing EMV-capable solutions for added security. 


6. The Importance of the EMV Liability Shift
Now that the EMV liability shift has passed, small businesses that do not implement EMV-compliant solutions will be held fully accountable in an instance of counterfeit fraud at the point of sale. Many small businesses are still not aware of the implications that could happen by not upgrading their solutions to accommodate EMV chip cards, nor feel they will be impacted since they are a small business.


Payment security is an essential issue all small businesses should take into account. With breaches and instances of fraud on the rise, it is important for small businesses to learn and educate themselves on unfamiliar terms and rules they may not be completely familiar with. In return, they will face less risk and be able to provide the best security for their customers.