The Payments Security Minefield: Keeping Your Data Safe & Your Customers Protected

by Erick Kobres 0

Network connection of data with 0 and 1 number - 3d render

For business owners and consumers, the payments-security landscape is a minefield of highly-publicized, daily data breaches. With numerous threats confronting businesses and their customers, it’s important to stay ahead of the security curve and maintain a proactive strategy to offer the best data and privacy protection.

Software and Network Connections

With any transactional business, it’s important to know how to safeguard your payment processes and maintain your customers’ data and trust. This includes ensuring that you’re up to date with your payment processing software, and all software, including: operating system, POS application, third party software, etc. All are potential areas of vulnerability. One of the first lines of defense is ensuring you’re synced with the latest software updates. These typically include security advancements and patches that can shield vulnerabilities from hackers and help businesses stay one step ahead of the latest threats.

When possible, use an Ethernet connection for payment transactions – this is often more secure than Wi-Fi. To prevent inbound threats, businesses offering customers public Wi-Fi should ensure that payments systems are connected through a separate, secured network that is solely used for business purposes. Also, control who has access to your network equipment as far as possible and inspect your network to ensure no new devices appear.

Hardware Protection

Although payment software vulnerabilities are common, some of the biggest threats to merchants are actually physical attacks on payment hardware, such as fake fascias that can replicate overlays or keyboards, and skimmers which are essentially malicious card readers. Small handheld skimming devices are also common and unscrupulous employees are one of the biggest sources of card data breaches. During the first six months of 2017, the number of compromised ATMs and POS devices jumped 21 percent, compared to the first six months of 2016, according to data from FICO. (, 2017)

To mitigate the risk of security attacks, businesses should opt for PCI-Validated, EMV (chip card) payment hardware and service providers. The PCI (Payment Card Industry) set of security standards ensures that customer card data is never exposed to the POS or payments provider and is encrypted using specialized hardware in the payment device from the time the card is dipped, tapped or swiped until it reaches the bank.

Hiring trustworthy employees is also critical. Thorough background checks are critical and using a POS that monitors employee use of the payments terminal encourages employee integrity.

Safeguarding Data

Choose your payments and security partners wisely, after all you are entrusting third party companies with some of your most sensitive needs – your data and that of your customers. In addition to ensuring your payments providers are PCI validated, look at other important factors like how sensitive data is handled in the cloud; e.g. does your POS provider use high-security data centers with strong physical and digital access controls? Ideally your payments transactions should be seamless and uninterrupted even if you drop your connection. It’s crucial to know that you have a trusted payments partner who is constantly, and working in the background to protect you from security vulnerabilities.

As an iOS-based POS provider, at Revel we also consider the integrity of our partners. For example, we know that Apple takes data privacy and information security very seriously for all its products and maintains strict control of the software ecosystem, including how companies use their frameworks, like ApplePay. They also provide vital tools for developers to manage security and data integrity; e.g. iOS devices can be locked down, preventing them from being used for non-business purposes. The ability to track the location of individual devices and remotely wipe and disable them if they are removed from the business is an invaluable tactic in the fight against hacks and fraud.

Cryptocurrency and Beyond

Since virtual currency is currently a hot topic, and some larger stores are experimenting with  it, many retailers are curious about where it fits within their business and how secure it is. However, the primary interest around bitcoin and cryptocurrency, at this point, is largely speculative and not advisable for mainstream use as a day-to-day cash replacement. The primary advantages of an unregulated cryptocurrency marketplace tend to favor grey-market and black-market scenarios more than day-to-day consumer transactions. Its use may be relevant in certain markets where some degree of anonymity is desired, but for the typical merchant conducting cash and electronic transactions with consumers, the disadvantages clearly outweigh the advantages at this stage of its life cycle. For example, today a bitcoin transaction takes hours to clear and charges at least a seven percent fee for each transaction. Within that processing timeframe, the value could swing dramatically in relation to the original transaction price.

There is currently no consumer or merchant protection built into an unregulated cryptocurrency market, so a data breach could mean you lose every virtual token in your possession. Due to the lack of regulation, there is currently no bank or network who will recompense a merchant or customer in the event of an error or an act of bad faith. When we get to a point where cryptocurrencies are regulated, they will be safer and more commonplace in the retail setting, and when we’re there, payments processors and merchants will accommodate this new currency as a more trusted method of exchange.

In closing, although data and payments security may not seem to be the most interesting or urgent thing that occupies the busy minds of retail business owners, it is just as important as the way you handle cash or trade secrets. 82% of consumers agree that “banks, retailers, and other organizations involved in the credit/debit card industry need to do more to protect their personal card data.” (Bank Innovation, 2017) The bottom line? If payments security is a top consumer concern, it should be a top concern for retail businesses.

About the Author

Erick Kobres is the Chief Technology Officer of Revel Systems with 27 years of experience in the Consumer Transaction Technology space. He began his career developing back-of-house and POS applications for the convenience/petroleum space using the first generation of Intel-based open-systems retail technology. Erick has been a serial innovator and has a portfolio of 38 published and granted US and international related patents.

Featured Content