The Washington Hospitality Association’s payments processing system is backed by U.S. Bank/Elavon. Elavon is an industry leader in payments security, providing encryption and tokenization of card data both “in transit” and “at rest.” Click here to learn more about the program.
This article was originally published in Elavon’s Payment Smart newsletter
Increasingly, small and medium-size businesses are targeted by cybercriminals because of ease of access to customer payment data due to lack of effective tools and processes to address risks from cyberattacks. As cyberattacks become more frequent and more sophisticated, it’s critical for anyone that accepts payments online to take steps to protect themselves and the customers who place their trust in them.
Here are four best practices to deter a cyberattack and protect your customers from cybercrime.
1) Develop a 360-degree view of your risk
Cyber crooks tend to use the same kinds of attacks on similar kinds of organizations. That’s why it’s important to stay up to date with the latest trends in your business sector. The motivations of bad actors vary from industry to industry, as do their methods.
To stay ahead of cybercriminals, it’s important to partner with vendors, government, law enforcement and industry to develop a 360-degree view of your unique risks and possible responses. Keep in mind that when security tightens in one sector, criminals may just exploit another, so this should not be a one-time activity.
2) Take steps to avoid being a victim
There are a number of common sense steps you can take to reduce the risk that your organization will be the next target. These include keeping your software current by applying updates and running regular security checks with antivirus software, implementing secure passwords and requiring they be changed regularly, tightening up security settings on web browsers and social media accounts to prevent malicious software from infecting your network, warning your employees about the risks of clicking on suspicious links in emails, and regularly backing up your data.
3) Create a response plan
Taking steps to prevent a cyberattack doesn’t mean an attack will never happen. If your organization was the victim of a cyberattack, would you be prepared to respond quickly? A good response plan should not only include employee training and business continuity, but also clearly identify your internal and external response team and communications processes — to your vendors, customers and the public. You may also have to answer some hard questions, such as in what — if any — case would you be willing to pay a ransom?
4) Protect your payment data using a layered approach
There’s no one-size-fits-all approach for protecting an organization from fraud, but a layered approach that includes EVM, encryption, tokenization and PCI-validated point-to-point encryption (P2PE) ensures attackers have nothing to steal if they do break in.
As the global standard for authenticating chip-based credit and debit transactions, EMV helps prevent card-present fraud at the point of sale. Encryption translates sensitive card data into an unreadable code to provide protection for card data when it’s in transit from the payment device to the payment processor. Tokenization, the companion to encryption, hides sensitive card data in transit back to the organization in a form that can be securely stored in a payment system. Finally, PCI-validated P2PE involves a rigorous validation process that verifies the security of payment devices, applications and processes. When combined, they will ensure valuable card data isn’t compromised as a result of a data breach.