If you are processing or storing credit card information in your business, you are responsible for card data security. Here are a few tips to keep your business and customer’s credit card data secure:
1. Make sure your EFTPOS terminal software is certified and up-to-date.
Security and compliance updates keep your terminal ahead of the scammers. Each time you take an EFTPOS payment, transaction data is scrambled before it even leaves the terminal. Once it is sent over the network, Paymark use Point-to-point encryption (P2PE) standards to protect the data as it moves through the process. These standards change from time to time but if you lease a terminal with Smartpay we will help you with this by providing software updates and hardware upgrades when required.
2. Keep your EFTPOS hardware safe and check for tampering
You should check your terminal regularly for any tampering. Ask yourself these questions when inspecting your terminal:
- Have any stickers been removed, replaced or damaged?
- Does any part of the cabling look different?
- Are any additional or unknown items of electronic equipment connected to the EFTPOS terminal?
If you notice anything suspicious, disconnect the terminal immediately and contact us on 0800 476 278.
3. Keep your electronic equipment and Internet connection secure
Keeping the network that your terminal connects to safe and secure will make it more difficult for criminals to access card information. The following tips will help you have a more secure network:
- Use up-to-date anti-virus software
- Always change passwords from their factory defaults – use strong passwords that include a variety of characters and update them regularly (e.g a combination of uppercase, lowercase, special characters and numbers).
- Don’t use unsecured networks or public Wi-Fi for your terminal.
When the terminal is not in use, make sure it is stored probably and can’t be accessed from unauthorised people.
4. Surveillance cameras
If you have surveillance cameras installed, make sure you get a good view of those who have access to your EFTPOS terminal. However, make sure that they can’t record your customer’s PIN entry.
5. Protect card data
If you must collect or store credit card data, make sure it is held securely in a locked location or secured files. Have a policy on how to handle credit card information and only allow access to people who really need it. Don’t keep data for longer than necessary and always dispose of card data carefully and thoroughly. In addition, you should also try to store any credit card information in separate locations.
6. Stay alert
Make sure you and your staff are alert to possible card fraud and suspicious behaviour.