One of our recent blog posts discussed what merchants can do to protect payment card data and help prevent fraud in the face of rising ecommerce sales that make stealing card information increasingly easy and tempting to bad actors. All told, online sellers will lose $130 billion to payment fraud between 2018 and 2023, Juniper Research estimates.
But payment processors play an even more critical role in data protection. Any processor a merchant is considering should have robust security, encryption, and redundancy measures in place to keep data safe and ensure network operations. Here are five questions you should ask your payment processor to support you and your customers to maximize protection against data theft and fraud.
Are you PCI compliant? PCI compliance means following the Payment Card Industry Security Standards Council rules to protect customer payment card data. Maintaining payment security is required for all entities that store, process, or transmit cardholder data, including payment processors. Any business or merchant that accept credit card payments also must maintain PCI compliance and ensure the compliance of any vendors that supply them with software or services, including those same payment processors. Guidance for maintaining payment security is provided in PCI security standards.
Does your organization participate in SOC (System and Organization Controls) assessments? SOC assessments evaluate service providers to see whether they are operating in an ethical and compliant manner. In a SOC assessment, independent third-party auditors examine various aspects of a company, such as security, availability, and processing integrity.
How do you make sure data is transmitted safely? To securely transmit data, payment processors need to adhere to multiple standards and protocols:
What kind of network redundancy do you have in place? Redundancies work by connecting multiple channels of power, communication, and storage within network infrastructure. Redundancies are a form of insurance against failures. Multiple paths of connection and multiple places to store data minimize the potential loss of both. They also can mitigate attempts to render a network inoperable, because data centers can reroute services in case of an attack.
Ideally, a payment processor will maintain redundant connectivity to multiple Tier 1 Internet Service Providers (ISPs). Tier 1 providers are the big guns – AT&T and Verizon, for example – that offer broader reach and reliability than smaller networks.
What kind of support do you provide to customers to help them with their security programs? In addition to being PCI-compliant themselves, a payment processor should be able to assist you with your compliance.
While payment card fraud affects all businesses, large organizations are able to absorb losses more easily than small- to medium-size ones. But whether your business is large or small, ensuring that your payment processor does everything it can to guard against data theft is essential. Before entering into any payment processing relationship, ask the provider the right questions about data security – and make sure you get the right answers to them.
Ensuring the privacy and security of data entrusted to us is at the core of MerchantE's mission.