Security is a major consideration for most small business, and liability for fraudulent activity could come back to bite you if you do not meet the strict standards of the Payment Card Industry. However, with the right security processes in place, taking payments over the phone is extremely safe for both you and your customers.
Standard security measures
Almost all virtual terminals will request the same standard security measures when taking payments. As well as the long card number and expiry date, you will be prompted for the CVV or card security code. One level of the approval of your transaction requires the inputted CVV code to match the CVV code on your card issuer’s file for you.
A secondary level of approval may come in the form of AVS or address verification system. This anti-fraud program matches the numerical portion of your billing address (including postcode) against the address your card issuer has on file for you.
PCI compliance is the single most important thing that your small business can do to maximise the security of all of your card transactions. PCI DSS stands for Payment Card Industry Data Security Standard, a worldwide standard that was established to help businesses process card payments securely and reduce fraud.
The way that PCI compliance works is that it sets certain requirements for the storage, transmission and processing of cardholder data. This includes a variety of steps that involve the people, policies and technologies that your business uses to process payment.
As you can imagine it is impossible to fit all of the rules and regulations onto this article, but to find out more about what PCI compliancy entails, check out The UK Cards Association website. The most important for a small business taking phone payment is to make sure that the payment provider is PCI DSS certified.
You may also like: How to take payments over the phone
Create a business culture of security
Unfortunately one of the weakest links in your company could be your staff – you included! Small business owners have a tendency to trust their employees more easily, and assumptions about your people can be very easy to make. However this is when standards can often slip. Annual security awareness training and regular checks can help ensure that your staff know how to be safe and secure when processing transactions.
You should also consider conducting background checks as a pre-condition to employment to ensure that staff who seem perfect on paper don’t have any criminal skeletons lurking in their closets.
Pick your payment provider carefully
While most payment providers have the infrastructure in place to ensure that they are compliant with PCI rules and regulations, some take additional steps to ensure comprehensive fraud protection is provided as standard.
For example, Payleven applies a £1000 limit to any phone transactions. This means that as well as all the usual fraud prevention tools such as AVS and CVV, if a con artist managed to slip through the early security measures, the amount he would be able to spend in one transaction would be limited. Spending caps have only been introduced by a few virtual terminal providers, but they add an additional level of security to your transactions.
Use your common sense
A lot of payment card security really does come down to common sense. Some of our top tips include:
- Never write down card numbers or security codes, either by hand or in an electronic document.
- Make sure that your merchant receipts are not printed with your customer’s full card details on them. Normally this will not be a problem as most payment providers will make sure that only the last four digits are displayed.
- Create separate log-on accounts for each of your staff so that you can identify who processed what transactions.
- Run regular malware and spyware checks on your computer or mobile device and make sure your antivirus protection is robust and regularly checked.
- Ensure anything printed with customer or payment details is properly destroyed – ideally cross-shredded.
- Encourage your staff to be vigilant. If anything seems ‘off’ about a payment, they shouldn’t be afraid to flag it up for concern.
Although it can be daunting making or taking a phone payment there are steps you can take to safeguard your client’s data and give them, and you, peace of mind.