Arrow Blog : The 4 Most Dangerous Things Merchants Do

May 16, 2012 4:10 PM

The 4 Most Dangerous Things Merchants Do

It’s a scary thought, but you could be PCI non-compliant without even realizing it. Protect your business and your customers by avoiding the following bad processing practices:

Scenario 1: You want to save your regular customers time by keeping their credit card numbers on file so they can get in, get out, and everyone’s happy.

Well, not everyone. While storing credit card numbers can save time, it also puts you at serious risk of a security breach. You should never write down credit card numbers to store them in a file on site or on your computer. Instead, utilize a gateway that allows merchants to store credit card details, including level 2 and level 3 data, in a secure cloud server offsite.

Scenario 2: A customer makes a payment offsite, and emails you his payment details—credit card number, expiration date, CVV code, the whole shebang.

Never receive or send payment card details via email. Even split up into multiple emails, the truncated card number can still be easily accessed by computer-savvy data thieves—or anyone with access to your email. The Arrow Payments gateway allows you to send your customers invoices via email, which they can pay by completing a secure payment form linked to the emailed invoice. It’s just as easy as submitting card details by email, but 100% safer.

Scenario 3: All of your employees are able to access terminals and gateways through one main login and password.

You may not have even considered it, but employee theft is always a possibility. To protect your business and customers from credit card data theft, never use terminals and gateways without user-specific logins and passwords. If employee theft does occur, you will be able to isolate the breach by identifying the employee’s login. Make sure all of your employees have individual logins, and customize accounts so that you control how much access they have.

Scenario 4: To insure that your employees provide the best customer service possible, you have set up a system that records all calls made to your business.

If your business is utilizing a call recording system, you may not verbally transmit credit card details over the phone. That doesn’t mean you have to get rid of the recording system, it just means you can’t take payments over the phone. Using an e-invoicing tool (like the one on our gateway) will make taking payments quick, easy, and phone call free.

If any of the above scenarios hit a little too close to home, it’s time to get out of the danger zone and onto PCI compliant processing. Still not clear on what PCI compliance is? No worries, there’s a blog for that.

Arrow Payments provides a Simply Better solution for processing payments online. Have a question? Tweet Antonia at @ArrowPayments

Home Archive RSS