How can businesses ensure cashless customer payments are secure?

However, according to research by Paypal, small and medium sized businesses are losing out on more than £800m of sales a year by not accepting card payments.

Any SME can tangibly improve their bottom line by taking card payments simply by encouraging impulse purchases. It can also set your business apart from the competition. Put yourself in your customers’ shoes: if you have no cash in your wallet and the choice to buy a bunch of roses is between a florist that accepts cards and one that requires a detour to a cash point, which would you choose?

Now, whether your business is already set up for accepting card payments or you’re still thinking about it, doing your homework to ensure your customers’ payments are secure, at the point of sale or over the phone, is crucial.

First things first, should you wish to accept debit or credit card payments from customers you need a merchant account. This allows you to process credit and debit cards as your standard business account cannot offer this facility. A merchant account works as a link between your chip & pin card machine or EPOS system and your business account. When a customer payment is put through, it is processed through the merchant account.

When choosing a merchant account, you can take steps to protect your customers by making sure the merchant complies with the Payment Card Industry (PCI) Data Security Standards – a global security initiative designed to prevent fraud by protecting cardholder details.

Your customers depend on you to keep their information safe. Compliance with data security standards has major benefits to businesses of all sizes, while failure to comply could have serious financial and reputational consequences. So if you’ve already got card payments enabled, make sure your provider is PCI DSS compliant. If you haven’t, pick a provider that is.

It’s a business’s responsibility to ensure cardholder information is properly protected and small businesses are more susceptible to fraud as they tend to have less sophisticated security in place.

You can make yourself compliant by filling in a self-assessment form on the PCI Security Standards Council website and proving that you meet 12 key requirements, or you can use an online PCI portal to guide you through the process.

Online payments

If your business would benefit from online payments, this is straightforward to set up. Regardless of what type of website you have, you should be able to easily accept card payments online using a hosted payment page. All you need is an internet merchant account and a business bank account to where your funds can be transferred.

An SME’s online payment provider must be able to maintain a secure network (including the installation and maintenance of a firewall), encrypt transmission of cardholders data across public networks, utilise and frequently update anti-virus software.

Individual computer users must also be given their own unique ID and access to cardholder data must be limited to only those who need to know, whilst security systems and processes need to be checked and tested regularly.

Time to act

The payment industry continues to evolve. A survey by reviewing consumer expectations of the future shows 42 per cent of Brits believe they won’t need a purse or wallet in 2025. And the UK’s Card Association published a report showing that card payments in the UK are expected to almost double from 9.9 billion in 2012 to 17.3 billion in 2022. Meanwhile, the technology behind mobile payments is advancing. That’s why it’s so important to make sure your business is set up for secure cashless payments now.

By David Maisey, managing director of card payment specialists Chip & PIN Solutions