A survey by TSYS revealed that 54% of Americans preferred to pay by debit card and 26% by credit card. Only 14% indicated they’d choose to pay by cash. While electronic transactions means lower risk from the loss or physical theft of money, it increases the chances of personal information being hacked and used fraudulently. So, the importance of security in taking payments from your clients is paramount.
Credit card companies and banks have kept in step with the shift towards electronic payments. They’ve created a number of security requirements for vendors and businesses that take credit, debit or online payments to comply with in order to ensure their customer’s data is protected. Here are some of these requirements.
Developed by Europay, MasterCard and Visa, EMV – also known as a chip, or smart, card – has higher security features than the more traditional magnetic stripe credit and debit cards. Upgrading your EFTPOS machines to accept these types of payments means you’re offering an added level of security for your clients during and after the transaction.
PCI DSS Compliance
PCI DSS stands for Payment Card Industry Data Security Standard. This is a set of security standards developed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment. It’s a universal standard for how to handle, use and store credit card information. There are twelve steps you must take to become PCI DSS compliant.
Tokenization provides a way for you to not have to collect or store sensitive data, such as credit card details. Instead, it takes the sensitive data and replaces it with a randomly generated string of characters. An authorized party can then match this to the original data. Tokenization also helps you become PCI DSS compliant, as you’re no longer storing the sensitive credit card information on your system.
SSL (Secure Socket Layer)
If you take online payments or collect personal or sensitive information through your website, it’s important to activate SSL. It creates an encrypted link between a web server and a browser and ensures the information between the two remains private.
To help facilitate payment security compliance at your practice, it’s important to pick the right payment processing system. Some, like those offered by approved Covetrus vendors, are already EMV and PCI DSS certified. This makes two fewer criteria for you to worry about. And, Covetrus practice management software also supports tokenization, allowing you to ‘store’ credit card information securely. To find out more about how to choose a vendor that can help you meet payment security requirements, contact us.