Guest post by Credit.com.
As the number of payment options grows, so does the number of possible fraud scenarios. With mobile payments and credit cards figuring heavily into transactions, thieves are finding more innovative ways to steal sensitive financial data. In keeping customer’s personal financial information safe, there should be no corner-cutting whatsoever. From putting your customers’ safety at risk to ruining your company’s reputation, weak financial security has serious ramifications. Below are four steps that you can take to better protect your customers’ financial data.
Step 1: Employee training and accountability
The best way to start a fire from spreading is to not light it in the first place. Work from within your company to tighten security and create an atmosphere of accountability. When hiring employees, be sure to conduct thorough pre-employment screenings possible. You should rule out any candidates who have previous criminal convictions for matters such as fraud or embezzlement. Speak with their previous employers and references and ask them specific questions about the applicant’s trustworthiness.
Make sure that your employees are trained in safe online practices, both on and off the clock. Ensure that your work computers do not allow access to unsecured sites that could potentially be infected with malware. Additionally, make sure that your computers have strong protection against potentially hazardous sites. If necessary, create a policy that computers can only be used for business matters and that specific requests must be approved by certain departments (such as IT). It doesn’t matter how large or small your business is; in fact, smaller-scale businesses are the most prone to attacks. They’re also more likely to trim security spending, making them even more potentially vulnerable.
Step 2: Identify and Minimize Risks
Any device or program pertaining to your company that your customers interact with should be as secure as possible. Web pages that involve the sharing of sensitive information, such as credit card or social security numbers, should be properly encrypted.
A weak password system is a surefire way to put customer security at risk. If necessary, revise your system so that the guidelines for password creation, such as implementing special characters and not repeating consecutive characters, are meticulous. Design the system so that employees are required to change their passwords at certain intervals (such as once every 90 days) to further minimize risk.
Mobile payments are becoming a primary method of payment, especially with the younger demographics, but they’re also a higher risk for fraud. Although financial losses from corporate and commercial card fraud decreased from 21% in 2015 to 15% in 2016, it doesn’t help that mobile devices, along with the information inside, are easily stolen. Biometric security is one of your best bets, particularly if you’re operating on a mobile platform, as a fingerprint or facial recognition is much more protective than a password alone. In fact, when given the option, 52% of consumers would choose anything but a traditional username and password account to secure their data.
When it comes to keeping financial data secure, there’s no such thing as being too careful. Go as far as you possibly can and implement security keys, two-step authentication, tokens, and airtight encryption protocols. You should also have anti-virus protection software installed already, but make sure that it is updated regularly and able to protect you against any new threats. Have your IT department or a company cybersecurity team take responsibility for conducting routine checks for indicators of compromise (IOCS) and encourage all members of your staff to speak up if something seems amiss. Even if turns out to not be an issue, treat potential instances of threats as learning opportunities and do not make the same mistakes twice.
Step 3: Payment Security
One of the most sensitive financial data is your customers’ credit card information. PCI-compliant payment gateways filter out fraudulent transactions using anti-fraud tools like AVS (Address Verification System). However, all of the hardware and software you use should be PCI-compliant and be tested as often as possible, in order to ensure there are no weak entry points that could lead to compromise.
While you’ll need to store credit card numbers, they should be properly encrypted (if stored electronically) or kept in a secure location (if stored physically). Phone calls where card information is shared should be properly encrypted as well. You should not keep a customer’s card security code stored at all — make sure that all credit and debit card numbers are properly secured immediately.
Step 4: Security Breach Support
Part of financial security means being prepared for the possibility of an emergency. You need to have a protocol in the unfortunate event of a breach. Have a process in place for securing compromised systems and bringing everything back to a general working order. It won’t be back 100% immediately, but you should be pragmatic. Designate specific duties to an incident response team comprised of capable employees and conduct routine drills.
Transparency is an absolute necessity if something goes wrong. Be in constant communication with your customers and offer follow-up support such as credit report monitoring to show your dedication to their security.
Taking full steps to protect the financial data of your customers may seem overwhelming, but it’s absolutely necessary. Your customers will feel grateful knowing that you value their personal security as much as you value their business. Remember to keep tabs on all matters of financial security and to act swiftly and decisively in the case of a breach.
About the Author
Beth Kotz is a contributing writer to Credit.com. She specializes in covering financial advice for female entrepreneurs, college students, and recent graduates. She earned a BA in Communications and Media from DePaul University in Chicago, Illinois, where she continues to live and work.
Choose Privacy Week starts May 1. Learn more here.